CN104301286A - User login authentication method and device - Google Patents

User login authentication method and device Download PDF

Info

Publication number
CN104301286A
CN104301286A CN201310295620.8A CN201310295620A CN104301286A CN 104301286 A CN104301286 A CN 104301286A CN 201310295620 A CN201310295620 A CN 201310295620A CN 104301286 A CN104301286 A CN 104301286A
Authority
CN
China
Prior art keywords
user
data set
input
behavior
abnormal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310295620.8A
Other languages
Chinese (zh)
Other versions
CN104301286B (en
Inventor
李冰
顾健
王雅文
李宏昌
迟建德
付载国
李佳记
于志卓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Heilongjiang Co Ltd
Original Assignee
China Mobile Group Heilongjiang Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Heilongjiang Co Ltd filed Critical China Mobile Group Heilongjiang Co Ltd
Priority to CN201310295620.8A priority Critical patent/CN104301286B/en
Publication of CN104301286A publication Critical patent/CN104301286A/en
Application granted granted Critical
Publication of CN104301286B publication Critical patent/CN104301286B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Input From Keyboards Or The Like (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a user login authentication method and device. The method comprises the following steps: capturing input behavior characteristic data of a user according to a preset user behavior indicator when the user inputs login information; judging whether the user behavior is abnormal according to the input behavior characteristic data; verifying the login information when the user behavior is normal; when the user behavior is abnormal, verifying the identity of the logined user,and judging whether the login operation is performed by a legal user; verifying the login information when the login operation is performed by the legal user; or sending alarming information to the legal user when the login operation is not performed by the legal user. The invention further provides a user login authentication device for realizing above method.

Description

User log-in authentication method and device
Technical field
The present invention relates to business support technical field, particularly relate to a kind of user log-in authentication method and device.
Background technology
Heilungkiang is moved provides the Internet VPN access interface to enterprise's application such as comprehensive customer service system (CRM), the office automation systems (OA), enterprises user, nearly 15000 people of third party user, the double factor authentication pattern that login authentication pattern mainly adopts static password+dynamic note password to combine.
As shown in Figure 1, prior art handling process is described below:
1, user is by access Web page https: //vpn.hl.chinamobile.com login system, and Firepass4300 VPN IAD returns SSLVPN system login page after receiving user's request.
2, user inputs user name and static password in login page, submits to and waiting system checking.
3, password trigger server receives user name and static password inside the province, and sends to group Radius certificate server;
4, the user profile of the user name received, static password and user's management platform database is compared checking by group Radius certificate server, is proved to be successful, and triggers dynamic password and generates; Authentication failed, returns information, requires that user re-enters user name and static password.
5, after SMAP dynamic password generation server generates random 6 dynamic passwords, the dynamic password of generation is returned to group's Radius certificate server and store, trigger short message server simultaneously and send dynamic password to user.
6, user uses the dynamic password received to carry out secondary login authentication.
7, password trigger server receives user name and dynamic password and sends to group Radius server inside the province.
8, group Radius carries out user name and verifying dynamic password, is proved to be successful, user's Successful login application system; Authentication failed, returns information, requires that user re-enters dynamic password and carries out secondary login authentication.
As shown in Figure 2, SSLVPN system in existing system topological structure uses the dynamic note password based on static password to carry out certification to user, the hardware configuration of Verification System is 3 Firepass4300, is wherein configured to cluster mode of operation by the fault-tolerant of 2 firepass4300 configurations to the 3rd.
In sum, current login system authentication mode is the certification of user name code data coupling, mainly there is following technology drawback:
1. traditional Verification System cannot carry out monitoring analysis to whole verification process, and then effectively cannot judge authentication result.After traditional certificate server is verified user profile, if checking logins successfully, enter system, otherwise log in page will point out the information of " user name or code error " to user.The shortcoming of this authentication techniques is: when 1. Bad user name or password is repeatedly inputted exploration by disabled user, and system will freeze process to this user name, then cause normal login user also cannot use immediately.If 2. validated user is stolen by others when have input correct username and password, disabled user can imitate validated user and carry out system login, thus steals its capsule information, and thus security assurance level is lower.
2., when the illegal login of generation or log-on message are stolen, keeper can only carry out passive maintenance.Because the conventional authentication method of prior art application is relatively simple to the mode of user rs authentication, cause system login threshold lower, potential safety hazard is numerous, very easily grasped the lawless person of certain crime means or hacker clique utilize.Be stolen once the illegal login of generation or log-on message, system manager cannot be found by prior art in the very first time, can only carry out passive maintenance by the feedback of user, and the safety now having caused system information is revealed, so this drawback is urgently improved.
Summary of the invention
In order to solve illegal in prior art login or the stolen technical problem causing Information Security to reduce of log-on message, the present invention proposes a kind of user log-in authentication method and device.
One aspect of the present invention, provides a kind of user log-in authentication method, comprising:
While user inputs log-on message, catch the input behavior characteristic of user according to the user behavior index preset;
Judge that whether user behavior is abnormal according to input behavior characteristic;
When user behavior is normal, log-on message is verified; When user behavior is abnormal, authentication is carried out to the user logged in, determines whether the register that legitimate user himself carries out;
When be legitimate user himself carry out register time, log-on message is verified; When be not legitimate user himself carry out register time, send a warning message to legitimate user himself.
Another aspect of the present invention, provides a kind of user log-in authentication device, comprising:
Capture module, while inputting log-on message user, catches the input behavior characteristic of user according to the user behavior index preset;
Characteristics analysis module, for judging that according to input behavior characteristic whether user behavior is abnormal;
Authentication module, when user behavior is abnormal, carries out authentication to the user logged in, determines whether the register that legitimate user himself carries out;
Login authentication module, for when user behavior is normal, verifies log-on message; When be legitimate user himself carry out register time, log-on message is verified;
Alarm module, for when be not legitimate user himself carry out register time, send a warning message to legitimate user himself.
User log-in authentication method of the present invention and device, input behavior during by logging in user is analyzed, and determines whether the input operation that user carries out.The profound behavioural analysis based on user characteristics custom achieved when user logs in detects, and improves logging in system by user safe class further, to ensure Operational Visit quality, to improve user's experience.Meanwhile, reduce system safety maintenance cost, reduce failure rate.
Accompanying drawing explanation
Fig. 1 is prior art login method schematic flow sheet;
Fig. 2 is prior art login system structural representation;
Fig. 3 is the flow chart of user log-in authentication embodiment of the method for the present invention;
Fig. 4 is the dependence schematic diagram between user behavior index of the present invention;
Fig. 5 is the flow chart of user behavior anomaly analysis embodiment of the present invention;
Fig. 6 is the flow chart that the present invention calculates the abnormal probability embodiment of user behavior;
Fig. 7 is the structure chart of user log-in authentication device embodiment of the present invention;
Fig. 8 is the structure chart of capture module embodiment of the present invention;
Fig. 9 is the structure chart of characteristics analysis module embodiment of the present invention;
Figure 10 is the structural representation of login system of the present invention;
Figure 11 is the schematic flow sheet of login method of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in detail.
As shown in Figure 3, user log-in authentication embodiment of the method for the present invention comprises the following steps:
Step 302, while user inputs log-on message, catches the input behavior characteristic of user according to the user behavior index preset;
According to input behavior characteristic, step 304, judges that whether user behavior is abnormal; When user behavior is normal, perform step 308; When user behavior is abnormal, perform step 306;
Step 306, carries out authentication to the user logged in, determines whether the register that legitimate user himself carries out; When be legitimate user himself carry out register time, perform step 308; When be not legitimate user himself carry out register time, perform step 310;
Step 308, verifies log-on message;
Step 310, sends a warning message to legitimate user himself.
User behavior index of the present invention mainly comprises following four:
(1) input character time interval index
Input character time interval index is a time range, may be defined as a mean value in the time interval of login user when multiple character such as input login username and static password etc.Say to a certain extent, this index can be used as the one of a kind of user to the user name set and static password familiarity and judges thus have actual using value.
(2) alphabet time index is inputted
Input alphabet time index is a time period, in whole login process, user carries out the critical field of input operation temporal summation, is defined as from user clicks input through keyboard operation to the time inputted last character.This index can be used for weighing user to the qualification of logon operation.
(3) button frequency index
Button frequency index is the summation of all touch potentials in the whole login process of user, and the beginning and ending time is input alphabet time range, comprises all touch potentials such as correct, mistake and rollback.This index can be used for weighing user to the qualification of logon operation.
(4) number of times index is changed
Change number of times index is the summation of rollback touch potential in the whole login process of user, and the beginning and ending time is input alphabet time range.This index can be used for weighing user to the qualification of logon operation.
Above four indices is all user in certain hour section and carries out the desired value of normal register acquisition through what accumulate, analyze and refine and formed, has very strong data validity and actual operability.
In the present invention, catch mainly for the input character time interval, input alphabet time, the button frequency and these four user behavior indexs of change number of times, fully take into account user's issuable this key character of input change behavior in practical operation, contemplate input alphabet time, the button frequency these two simultaneously and there is the important indicator value that obvious personal characteristics has summation attribute concurrently, and by very not large for this meaning of key time durations secondary index desalination, thus more rationally, catch the importance of user behavior feature all sidedly.User's input habit and style are carried out record by the form of index put on record, catching action process is transparent unaware to user, can not experience cause any inconvenience to the service application of client.
The input behavior characteristic captured comprise capture the input character time interval, input the alphabet time, the button frequency and change number of times numerical value.
Above-mentioned steps 302, the concrete mode catching the input behavior characteristic of user is as follows:
When detecting that user to position a cursor in input field and to push button, be judged to be that user inputs beginning, record input initial time Time_InputBegin and user key-press time Time_Press;
When detecting that user presses " logging in ", key carries out data submission, is judged to be that user inputs and terminates completely, record input termination time Time_InputEnd, and is 1 by button frequency Num_Sum assignment;
When not detecting that user presses " logging in ", key carries out data submission, and be judged to be that user continues in input state, user often presses the button once except " logging in " key, is increased progressively by the numerical value of button frequency Num_Sum and adds 1;
When user being detected often by a rollback button, the numerical value of change times N um_Change being increased progressively and adds 1;
Input alphabet time Time_Sum=Time_InputEnd-Time_InputBegin is calculated according to input initial time and input termination time;
Input character time interval Time_Dwell=(Time_Sum-Time_Press*Num_Sum)/(Num_Sum-1) is calculated according to input alphabet time, user key-press time and the button frequency;
So far, catch algorithm to terminate.Four indices numerical value according to getting: user inputs character time interval Time_Dwell, user input alphabet time Time_Sum, user key-press frequency Num_Sum, user changes the process that times N um_Change carries out subsequent step.
According to the data target characteristic that the present invention relates to business, Bayesian Classification Arithmetic can be adopted to carry out user behavior analysis.
Bayesian Classification Arithmetic is that a class utilizes probability statistics knowledge to carry out the Statistical Classification method of classifying, in the method system that it is huge, naive Bayesian (Naive Bayesian, NB) sorting algorithm is the basic algorithm be widely adopted that can compare favourably with decision tree and neural network classification algorithm, this algorithm can apply in large database, and method is simple, classification accuracy is high, speed is fast.
But because Bayes' theorem supposes that a property value is on the value of the impact of given class independent of other attribute, and this hypothesis is often invalid in a practical situation, especially in the present invention in practical problem to be dealt with, the Feature Dependence relation of various data target is stronger, independence is relatively weak to each other, and its classification accuracy can be caused to decline.Therefore, the present invention adopts a kind of Bayesian Classification Arithmetic reducing independence assumption of more realistic problem in Bayesian Classification Arithmetic system: TAN (Tree Augmented Bayes Network) algorithm.
TAN algorithm by find attribute between dependence reduce in NB and independently suppose between any attribute, be increase on the basis of NB network configuration attribute between association (limit) realize
As shown in Figure 4, in figure, node represents attribute, represent the dependence between attribute with directed edge, the limit between attribute Ai and Aj means that attribute Ai also depends on the value of attribute Aj to the impact of class variable C, and class variable C is normal category user object and abnormal class user object herein.
As shown in Figure 5, according to input behavior characteristic, above-mentioned steps 304, judges that whether user behavior is abnormal and specifically comprises:
Step 502, the abnormal user catch history and the input behavior characteristic of normal users generate abnormal behaviour data set and normal behaviour data set respectively, input behavior characteristic when user at every turn being inputted is as a behavioural characteristic character string (hereinafter referred to as TOKEN string), such as, input character time interval Time_Dwell=0.8s, input alphabet time Time_Sum=15s, button frequency Num_Sum=16, change times N um_Change=2 etc. are as a TOKEN string;
Step 504, obtains one or more TOKEN go here and there from capturing the current input behavior characteristic of user;
Step 506, calculates the probability of occurrence P that TOKEN goes here and there at normal behaviour data set and abnormal behaviour data set 1(t i) and P 2(t i);
Step 508, according to P 1(t i) and P 2(t i) calculate the abnormal probability P (A/t of user behavior i);
Step 510, by P (A/t i) compare, as P (A/t with the probability threshold value preset i) when exceeding probability threshold value, judge that this user is as abnormal user.
As shown in Figure 6, above-mentioned steps 508 specifically comprises:
Step 602, calculates length L1, the L2 of normal behaviour data set and Hash table corresponding to abnormal behaviour data set;
Step 604, adds up occurrence number F1, F2 that TOKEN goes here and there at normal behaviour data set and abnormal behaviour data set;
Step 606, calculates the probability of occurrence of TOKEN string at normal behaviour data set: P 1(t i)=F1/L1; TOKEN string is at the probability of occurrence of abnormal behaviour data set: P 2(t i)=F2/L2.
Step 608, calculates the abnormal probability of user behavior:
wherein, A represents that active user is abnormal event, t irepresent behavioural characteristic character string, for working as P (A/t from user i) front input behavior characteristic obtains behavioural characteristic character string t itime, the abnormal probability of this user behavior, P 1(t i) for behavioural characteristic character string is at the probability of occurrence of normal behaviour data set, P 2(t i) for behavioural characteristic character string is at the probability of occurrence of abnormal behaviour data set; Or
P(A/t 1,t 2,...t n)=P(A/t 1)*P(A/t 2)*...P(A/t n)/
{ P (A/t 1) * P (A/t 2) * ... P (A/t n)+[1-P (A/t 1)] * [1-P (A/t 2)] * ... [1-P (A/t n)] wherein, P (A/t 1, t 2... t n) for obtain n behavioural characteristic character string t from the input behavior characteristic that user is current 1, t 2... t ntime, the abnormal probability of this user behavior.
Above-mentioned TAN algorithm be have employed to user behavior analysis, fully taken into account in user behavior feature the specific object dependence of the multinomial data targets such as the input character time interval, input alphabet time, the button frequency and input change number of times, it is comparatively accurate to make user behavior analysis.
Normal behaviour data set or abnormal behaviour data centralization are stored into, as the foundation of subsequent analysis according to behavioural analysis result for the input behavior characteristic captured.
When determining the operation that legitimate user himself carries out after above-mentioned steps 306, the input behavior characteristic this user logged in includes normal behaviour data set in.User is individual as living nature natural person, behavioural characteristic can not be unalterable, will inevitably at a time, a certain period occur fluctuation situation, in view of this changeability and fluctuation feature, for improving the applicability of the data set set up for it, the data value comprising wave characteristic must be included in data set scope in time, participate in follow-up behavioural analysis in the lump.Such as: within user A days, forget wear a pair of spectacles when carrying out register and visual unclear, slow a lot of than usual when causing its input username and password, this by directly affect the seizure value of user behavior capture module to its four indices deviate from its usual time normal data scope then trigger abnormal behaviour audit, and after the fluctuation data under analogue being included in time in the analysis of its data set scope participative behavior, the second time when analogue occurs user A can be avoided to trigger abnormal behaviour audit, then improve Consumer's Experience.
Based on same inventive concept, the present invention also provides a kind of user log-in authentication device, and as shown in Figure 7, this device comprises: capture module 71, characteristics analysis module 72, authentication module 73, login authentication module 74 and alarm module 75.
Capture module, while user inputs log-on message, catches the input behavior characteristic of user according to the user behavior index preset.According to input behavior characteristic, characteristics analysis module judges that whether user behavior is abnormal.When user behavior is abnormal, authentication module carries out authentication to the user logged in, and determines whether the register that legitimate user himself carries out.When user behavior is normal, login authentication module is verified log-on message; When be legitimate user himself carry out register time, login authentication module is verified log-on message.When be not legitimate user himself carry out register time, alarm module sends a warning message to legitimate user himself.
As shown in Figure 8, the concrete structure of capture module comprises: detection sub-module 81, timing submodule 82, counting submodule 83 and calculating sub module 84.
Detection sub-module detects user and to position a cursor in input field and the behavior pushed button, and the behavior of key carries out data submission that user presses " logging in ", user presses the behavior of the button except " logging in " key, and user presses the behavior of rollback button.
When detecting that user to position a cursor in input field and to push button, be judged to be that user inputs beginning, timing submodule record input initial time and user key-press time; When detecting that user presses " logging in ", key carries out data submission, is judged to be that user inputs and terminates completely, the timing submodule record input termination time.
When detecting that user presses " logging in ", key carries out data submission, and button frequency assignment is 1 by counting submodule; When not detecting that user presses " logging in ", key carries out data submission, and user often presses the button once except " logging in " key, and the numerical value of the button frequency increases progressively and adds 1 by counting submodule; When user being detected often by a rollback button, the numerical value of change number of times increases progressively and adds 1 by counting submodule.
Calculating sub module calculates the input alphabet time according to input initial time and input termination time; The input character time interval is calculated according to input alphabet time, user key-press time and the button frequency.
As shown in Figure 9, the concrete structure of characteristics analysis module comprises: data set generates submodule 91, text string generation submodule 92, calculating sub module 93 and comparison sub-module 94.
The abnormal behaviour of this user that history catches by data set generation submodule and the input behavior characteristic of normal behaviour generate abnormal behaviour data set and normal behaviour data set respectively, and input behavior characteristic when user at every turn being inputted is as a behavioural characteristic character string;
Text string generation submodule obtains one or more behavioural characteristic character string from capturing the current input behavior characteristic of user;
Calculating sub module calculates the behavioural characteristic character string probability of occurrence at normal behaviour data set and abnormal behaviour data set, and calculates the abnormal probability of user behavior according to behavioural characteristic character string at the probability of occurrence of normal behaviour data set and abnormal behaviour data set;
Abnormal for user behavior probability compares with the probability threshold value preset by comparison sub-module, when the abnormal probability of user behavior exceedes probability threshold value, judges that this user is as abnormal user.
As shown in Figure 10, during specific implementation, the improvement that the present invention carries out the login system residing for user log-in authentication device is as follows:
1, before Firepass4300 works cluster, arrange front end processor region, in region, the initial stage fixes tentatively and arranges two front end processors: wherein a front end processor is Web load-balanced server, is responsible for web load balancing traffic distribution; Another front end processor is password trigger server inside the province, is responsible for transmitting user name and static password to group Radius server, obtains Radius server authentication state, represents a series of functions such as proofing state information in time.
2, set up two user behavior capture servers, catch the four indices data that login user inputs the character such as user name, static password in real time, then complete the record to user's Entered state, behavioural characteristic.This server requirement possesses high stability and high robustness.
3, set up a user feature analysis Modeling Server, finishing analysis is carried out, the foundation of completing user behavioural characteristic model then to the desired value caught.This server requirement possesses the high efficiency of operational performance aspect.
4, abnormal behaviour audit and warning information trigger module are optimized again, promote Consumer's Experience.
As shown in figure 11, during specific implementation, the handling process of login system is as follows:
1, user is by access Web page https: //vpn.hl.chinamobile.com login system.
2, the Web load-balanced server in front end processor region carries out traffic distribution to the access of this user.
3, Firepass4300VPN IAD returns SSLVPN system login page after receiving user's request.
4, user inputs user name and static password in login page, submits to and waiting system checking; Meanwhile, user behavior capture server catches the indices of user inputs character in real time.
5, user feature analysis Modeling Server logs in behavior indices to user's whole process and arranges and analyze, then according to modeling standard, and confirmation modeling.If meet modeling standard, enter into the 6th step and continue flow process; If do not meet modeling standard, direct triggering abnormal behaviour audit server carries out authentication to this operator: if judging is the operation that legitimate user himself carries out, then this user can be logged in behavioural characteristic and include its model data scope in, then user feature analysis Modeling Server is according to indices aggregate-value, upgrade legal value (user habit value) scope, thus upgrade modeling standard, require that user re-enters user name and static password simultaneously, submit to and waiting system checking; If judge it is not the operation that legitimate user himself carries out, then can be rapidly to legitimate user himself and send short message alarm prompting, whether oneself account-related information leaks to require it to check.
6, user feature analysis Modeling Server sets up personal behavior model according to above-mentioned analysis result, and meanwhile, password trigger server receives user name and static password and sends to group Radius server inside the province.
7, the user profile of the user name received, static password and user's management platform database is compared checking by group Radius certificate server, be proved to be successful, triggering dynamic password generates, the result is returned to password trigger server inside the province to judge: if the match is successful simultaneously, inform user " trigger dynamic password, please short message be receive! ", if it fails to match, inform that " user name code error, please logs in user again.", namely return information, require that user re-enters user name and static password.
8, after SMAP dynamic password generation server generates random 6 dynamic passwords, the dynamic password of generation is returned to group's Radius certificate server and store, trigger short message server simultaneously and send dynamic password to user.
9, user uses the dynamic password received to carry out secondary login authentication.Password trigger server receives user name and dynamic password and sends to group Radius server inside the province.Group Radius server carries out user name and verifying dynamic password, is proved to be successful, user's Successful login application system; Authentication failed, returns information, requires that user re-enters dynamic password and carries out secondary login authentication.
User log-in authentication method of the present invention and device embodiment, input behavior during by logging in user is analyzed, and determines whether the input operation that user carries out.The profound behavioural analysis based on user characteristics custom achieved when user logs in detects, and improves logging in system by user safe class further, to ensure Operational Visit quality, to improve user's experience.Meanwhile, save human resources, reduced system safety maintenance cost, reduce failure rate.
It is noted that above embodiment is only in order to illustrate the present invention and unrestricted, the present invention is also not limited in above-mentioned citing, and all do not depart from technical scheme and the improvement thereof of the spirit and scope of the present invention, and it all should be encompassed in right of the present invention.

Claims (11)

1. a user log-in authentication method, is characterized in that, comprising:
While user inputs log-on message, catch the input behavior characteristic of user according to the user behavior index preset;
Judge that whether described user behavior is abnormal according to described input behavior characteristic;
When described user behavior is normal, described log-on message is verified; When described user behavior is abnormal, authentication is carried out to the user of described login, determines whether the register that legitimate user himself carries out;
When be legitimate user himself carry out register time, described log-on message is verified; When be not legitimate user himself carry out register time, send a warning message to described legitimate user himself.
2. method according to claim 1, is characterized in that, described user behavior index comprises:
The input character time interval, input alphabet time, the button frequency and change number of times;
Described input behavior characteristic comprise capture the input character time interval, input the alphabet time, the button frequency and change number of times numerical value.
3. method according to claim 2, is characterized in that, while user inputs log-on message, the input behavior characteristic catching user according to the user behavior index preset comprises:
When detecting that user to position a cursor in input field and to push button, be judged to be that user inputs beginning, record input initial time and user key-press time;
When detecting that user presses " logging in ", key carries out data submission, is judged to be that user inputs and terminates completely, the record input termination time, and is 1 by described button frequency assignment;
When not detecting that user presses " logging in ", key carries out data submission, and be judged to be that user continues in input state, user often presses the button once except " logging in " key, is increased progressively by the numerical value of the described button frequency and adds 1;
When user being detected often by a rollback button, the numerical value of change number of times being increased progressively and adds 1;
Calculate the described input alphabet time according to described input initial time and input termination time, calculate the described input character time interval according to described input alphabet time, described user key-press time and the button frequency.
4. according to the method in claim 2 or 3, it is characterized in that, judge whether described user behavior comprises extremely according to described input behavior characteristic:
The abnormal behaviour of this user catch history and the input behavior characteristic of normal behaviour generate abnormal behaviour data set and normal behaviour data set respectively, and input behavior characteristic when user at every turn being inputted is as a behavioural characteristic character string;
One or more behavioural characteristic character string is obtained from capturing the current input behavior characteristic of user;
Calculate the behavioural characteristic character string probability of occurrence at described normal behaviour data set and abnormal behaviour data set, calculate the abnormal probability of user behavior according to described behavioural characteristic character string at the probability of occurrence of described normal behaviour data set and abnormal behaviour data set;
When the abnormal probability of described user behavior exceedes default probability threshold value, judge that this user is as abnormal behavior user.
5. method according to claim 4, is characterized in that, calculates behavioural characteristic character string and comprises at the probability of occurrence of described normal behaviour data set and abnormal behaviour data set:
Calculate the length of described normal behaviour data set and Hash table corresponding to abnormal behaviour data set;
Add up the occurrence number of described behavioural characteristic character string at described normal behaviour data set and abnormal behaviour data set;
Calculating described behavioural characteristic character string at the probability of occurrence of described normal behaviour data set is described behavioural characteristic character string in the occurrence number of described normal behaviour data set divided by the length of Hash table corresponding to normal behaviour data set;
Calculating described behavioural characteristic character string at the probability of occurrence of described abnormal behaviour data set is described behavioural characteristic character string in the occurrence number of described abnormal behaviour data set divided by the length of Hash table corresponding to abnormal behaviour data set.
6. method according to claim 5, is characterized in that, comprises according to the abnormal probability of probability of occurrence calculating user behavior of described behavioural characteristic character string at described normal behaviour data set and abnormal behaviour data set:
wherein, A represents the dystropic event of active user, t irepresent behavioural characteristic character string, P (A/t i) for obtain behavioural characteristic character string t from the input behavior characteristic that user is current itime, the abnormal probability of this user behavior, P 1(t i) for described behavioural characteristic character string is at the probability of occurrence of described normal behaviour data set, P 2(t i) for described behavioural characteristic character string is at the probability of occurrence of described abnormal behaviour data set;
Or
P (A/t 1, t 2... t n)=P (A/t 1) * P (A/t 2) * ... P (A/t n)/{ P (A/t 1) * P (A/t 2) * ... P (A/t n)+[1-P (A/t 1)] * [1-P (A/t 2)] * ... [1-P (A/t n)] wherein, P (A/t 1, t 2... t n) for obtain n behavioural characteristic character string t from the input behavior characteristic that user is current 1, t 2... t ntime, the abnormal probability of this user behavior.
7. a user log-in authentication device, is characterized in that, comprising:
Capture module, while inputting log-on message user, catches the input behavior characteristic of user according to the user behavior index preset;
Characteristics analysis module, for judging that according to described input behavior characteristic whether described user behavior is abnormal;
Authentication module, when described user behavior is abnormal, carries out authentication to the user of described login, determines whether the register that legitimate user himself carries out;
Login authentication module, for when described user behavior is normal, verifies described log-on message; When be legitimate user himself carry out register time, described log-on message is verified;
Alarm module, for when be not legitimate user himself carry out register time, send a warning message to described legitimate user himself.
8. device according to claim 7, is characterized in that, described user behavior index comprises: the input character time interval, input alphabet time, the button frequency and change number of times; Described input behavior characteristic comprise capture the input character time interval, input the alphabet time, the button frequency and change number of times numerical value;
Described capture module comprises:
Detection sub-module, to position a cursor in input field and the behavior pushed button for detecting user, the behavior of key carries out data submission that user presses " logging in ", and user presses the behavior of the button except " logging in " key, and user presses the behavior of rollback button;
Timing submodule, for when detect that user to position a cursor in input field and to push button, is judged to be that user inputs beginning, record input initial time and user key-press time; When detecting that user presses " logging in ", key carries out data submission, is judged to be that user inputs and terminates completely, the record input termination time;
Described button frequency assignment, for when detect that user presses " logging in ", key carries out data submission, is 1 by counting submodule; When not detecting that user presses " logging in ", key carries out data submission, and user often presses the button once except " logging in " key, is increased progressively by the numerical value of the described button frequency and adds 1; When user being detected often by a rollback button, the numerical value of change number of times being increased progressively and adds 1;
Calculating sub module, calculates the described input alphabet time according to described input initial time and input termination time; The described input character time interval is calculated according to described input alphabet time, described user key-press time and the button frequency.
9. device according to claim 7, is characterized in that, described characteristics analysis module comprises:
Data set generates submodule, generate abnormal behaviour data set and normal behaviour data set respectively for the abnormal behaviour of this user that history caught and the input behavior characteristic of normal behaviour, input behavior characteristic when user at every turn being inputted is as a behavioural characteristic character string;
Text string generation submodule, for obtaining one or more behavioural characteristic character string from capturing the current input behavior characteristic of user;
Calculating sub module, for calculating the probability of occurrence of behavioural characteristic character string at described normal behaviour data set and abnormal behaviour data set, and calculate the abnormal probability of user behavior according to described behavioural characteristic character string at the probability of occurrence of described normal behaviour data set and abnormal behaviour data set;
Comparison sub-module, for being compared with the probability threshold value preset by abnormal for described user behavior probability, when the abnormal probability of described user behavior exceedes described probability threshold value, judges that this user is as abnormal user.
10. device according to claim 9, is characterized in that, described calculating sub module, for calculating the length of described normal behaviour data set and Hash table corresponding to abnormal behaviour data set; Add up the occurrence number of described behavioural characteristic character string at described normal behaviour data set and abnormal behaviour data set; Calculating described behavioural characteristic character string at the probability of occurrence of described normal behaviour data set is described behavioural characteristic character string in the occurrence number of described normal behaviour data set divided by the length of Hash table corresponding to normal behaviour data set; Calculating described behavioural characteristic character string at the probability of occurrence of described abnormal behaviour data set is described behavioural characteristic character string in the occurrence number of described abnormal behaviour data set divided by the length of Hash table corresponding to abnormal behaviour data set.
11. devices according to claim 9, is characterized in that, described calculating sub module, as follows for calculating the abnormal probability of user behavior:
wherein, A represents the dystropic event of active user, t irepresent behavioural characteristic character string, P (A/t i) for obtain behavioural characteristic character string t from the input behavior characteristic that user is current itime, the abnormal probability of this user behavior, P 1(t i) for described behavioural characteristic character string is at the probability of occurrence of described normal behaviour data set, P 2(t i) for described behavioural characteristic character string is at the probability of occurrence of described abnormal behaviour data set;
Or
P (A/t 1, t 2... t n)=P (A/t 1) * P (A/t 2) * ... P (A/t n)/{ P (A/t 1) * P (A/t 2) * ... P (A/t n)+[1-P (A/t 1)] * [1-P (A/t 2)] * ... [1-P (A/t n)] wherein, P (A/t 1, t 2... t n) for obtain n behavioural characteristic character string t from the input behavior characteristic that user is current 1, t 2... t ntime, the abnormal probability of this user behavior.
CN201310295620.8A 2013-07-15 2013-07-15 User log-in authentication method and device Active CN104301286B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310295620.8A CN104301286B (en) 2013-07-15 2013-07-15 User log-in authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310295620.8A CN104301286B (en) 2013-07-15 2013-07-15 User log-in authentication method and device

Publications (2)

Publication Number Publication Date
CN104301286A true CN104301286A (en) 2015-01-21
CN104301286B CN104301286B (en) 2018-03-23

Family

ID=52320858

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310295620.8A Active CN104301286B (en) 2013-07-15 2013-07-15 User log-in authentication method and device

Country Status (1)

Country Link
CN (1) CN104301286B (en)

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980279A (en) * 2014-10-16 2015-10-14 腾讯科技(深圳)有限公司 Identity authentication method, and related equipment and system
CN105306496A (en) * 2015-12-02 2016-02-03 中国科学院软件研究所 User identity detection method and system
CN105577692A (en) * 2016-02-03 2016-05-11 杭州朗和科技有限公司 Website login authentication method and device
CN106127400A (en) * 2016-06-29 2016-11-16 北京奇虎科技有限公司 Work behavior analyzes method and device
CN106372470A (en) * 2016-08-30 2017-02-01 维沃移动通信有限公司 Method for reminding of inputting password and mobile terminal
CN106453205A (en) * 2015-08-07 2017-02-22 阿里巴巴集团控股有限公司 Identity verification method and identity verification device
CN106656978A (en) * 2016-10-19 2017-05-10 广东欧珀移动通信有限公司 Account login method and server
CN106650350A (en) * 2016-10-21 2017-05-10 中国银联股份有限公司 Identity authentication method and system
CN106817342A (en) * 2015-11-30 2017-06-09 北京计算机技术及应用研究所 Active identity authorization system based on user behavior feature recognition
CN106878323A (en) * 2017-03-13 2017-06-20 山东浪潮云服务信息科技有限公司 A kind of identity identifying method, device and system
CN106888090A (en) * 2015-12-16 2017-06-23 阿里巴巴集团控股有限公司 A kind of user authentication method, apparatus and system
CN106919816A (en) * 2015-12-24 2017-07-04 北京搜狗科技发展有限公司 A kind of user authen method and device, a kind of device for user authentication
CN107093076A (en) * 2016-02-18 2017-08-25 卡巴斯基实验室股份制公司 The system and method for detecting fraudulent user transaction
CN107104973A (en) * 2017-05-09 2017-08-29 北京潘达互娱科技有限公司 The method of calibration and device of user behavior
CN107330128A (en) * 2017-07-24 2017-11-07 上海众人网络安全技术有限公司 Certification abnormality judgment method and device
CN107612922A (en) * 2017-09-30 2018-01-19 北京梆梆安全科技有限公司 User ID authentication method and device based on user operation habits and geographical position
CN107623696A (en) * 2017-09-30 2018-01-23 北京梆梆安全科技有限公司 A kind of user ID authentication method and device based on user behavior feature
CN107632722A (en) * 2017-09-30 2018-01-26 北京梆梆安全科技有限公司 A kind of various dimensions user ID authentication method and device
CN107657156A (en) * 2017-09-30 2018-02-02 北京梆梆安全科技有限公司 User ID authentication method and device based on user operation habits and contact pressure area
CN107657157A (en) * 2017-09-30 2018-02-02 北京梆梆安全科技有限公司 A kind of auth method and device based on input time interval
CN107786349A (en) * 2016-08-24 2018-03-09 腾讯科技(深圳)有限公司 A kind of method for managing security and device for user account
US9917848B2 (en) 2015-04-21 2018-03-13 Alibaba Group Holding Limited Method and system for identifying a human or machine
CN108011863A (en) * 2017-08-23 2018-05-08 北京车和家信息技术有限责任公司 Identify the method and device of Brute Force
CN108711013A (en) * 2018-05-24 2018-10-26 深圳市买买提信息科技有限公司 Abnormal behaviour determines method, apparatus, equipment and storage medium
CN108965291A (en) * 2018-07-11 2018-12-07 平安科技(深圳)有限公司 Registration login method, system and the computer equipment of mixed application
CN109660453A (en) * 2019-01-24 2019-04-19 太仓红码软件技术有限公司 A kind of safety monitoring method and its system
CN109873813A (en) * 2019-01-28 2019-06-11 平安科技(深圳)有限公司 Text input abnormality monitoring method, device, computer equipment and storage medium
CN109889507A (en) * 2019-01-24 2019-06-14 太仓红码软件技术有限公司 It is a kind of for monitoring the monitoring method and its system of mailbox safe operation
CN110427971A (en) * 2019-07-05 2019-11-08 五八有限公司 Recognition methods, device, server and the storage medium of user and IP
WO2020000346A1 (en) * 2018-06-29 2020-01-02 Huawei Technologies Co., Ltd. Intruder detection method and apparatus
CN110781487A (en) * 2019-09-27 2020-02-11 广西英腾教育科技股份有限公司 Safety auxiliary verification method, system, medium and equipment
CN111209551A (en) * 2020-01-15 2020-05-29 国网河北省电力有限公司信息通信分公司 Identity authentication method and device
CN111416809A (en) * 2020-03-13 2020-07-14 国网河北省电力有限公司信息通信分公司 Continuous authentication method and device based on keystroke recognition
CN111491300A (en) * 2020-03-11 2020-08-04 中移(杭州)信息技术有限公司 Risk detection method, device, equipment and storage medium
CN111737668A (en) * 2020-08-18 2020-10-02 广东睿江云计算股份有限公司 Security authentication method and system based on user input behavior characteristics
CN112037818A (en) * 2020-08-30 2020-12-04 北京嘀嘀无限科技发展有限公司 Abnormal condition determining method and forward matching formula generating method
CN112699369A (en) * 2021-01-12 2021-04-23 安芯网盾(北京)科技有限公司 Method and device for detecting abnormal login through stack backtracking
CN113179281A (en) * 2021-05-26 2021-07-27 中国银行股份有限公司 Method, device, equipment and storage medium for determining database collision attack
CN113641971A (en) * 2021-08-20 2021-11-12 武汉极意网络科技有限公司 Exception handling system based on behavior verification

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050223234A1 (en) * 2002-01-19 2005-10-06 Mcowan Peter W Authentication systems
CN1957355A (en) * 2004-04-01 2007-05-02 道夫·雅各布森 Mouse performance identification
CN101159715A (en) * 2007-11-16 2008-04-09 腾讯科技(深圳)有限公司 Safety information checking method and safety information checking device and client terminal
CN101557287A (en) * 2008-04-07 2009-10-14 冀连有 Method for identity identification according to characteristics of user keystroke
CN101674184A (en) * 2009-10-19 2010-03-17 北京微通新成网络科技有限公司 Identity recognition method based on user keystroke characteristic
CN101833619A (en) * 2010-04-29 2010-09-15 西安交通大学 Method for judging identity based on keyboard-mouse crossed certification
CN102509044A (en) * 2011-10-17 2012-06-20 镇江金钛软件有限公司 Mouse behavior characteristic-based password authentication method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050223234A1 (en) * 2002-01-19 2005-10-06 Mcowan Peter W Authentication systems
CN1957355A (en) * 2004-04-01 2007-05-02 道夫·雅各布森 Mouse performance identification
CN101159715A (en) * 2007-11-16 2008-04-09 腾讯科技(深圳)有限公司 Safety information checking method and safety information checking device and client terminal
CN101557287A (en) * 2008-04-07 2009-10-14 冀连有 Method for identity identification according to characteristics of user keystroke
CN101674184A (en) * 2009-10-19 2010-03-17 北京微通新成网络科技有限公司 Identity recognition method based on user keystroke characteristic
CN101833619A (en) * 2010-04-29 2010-09-15 西安交通大学 Method for judging identity based on keyboard-mouse crossed certification
CN102509044A (en) * 2011-10-17 2012-06-20 镇江金钛软件有限公司 Mouse behavior characteristic-based password authentication method

Cited By (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980279A (en) * 2014-10-16 2015-10-14 腾讯科技(深圳)有限公司 Identity authentication method, and related equipment and system
US10404720B2 (en) 2015-04-21 2019-09-03 Alibaba Group Holding Limited Method and system for identifying a human or machine
US9917848B2 (en) 2015-04-21 2018-03-13 Alibaba Group Holding Limited Method and system for identifying a human or machine
CN106453205B (en) * 2015-08-07 2019-12-10 阿里巴巴集团控股有限公司 identity verification method and device
CN106453205A (en) * 2015-08-07 2017-02-22 阿里巴巴集团控股有限公司 Identity verification method and identity verification device
CN106817342A (en) * 2015-11-30 2017-06-09 北京计算机技术及应用研究所 Active identity authorization system based on user behavior feature recognition
CN105306496A (en) * 2015-12-02 2016-02-03 中国科学院软件研究所 User identity detection method and system
CN105306496B (en) * 2015-12-02 2020-04-14 中国科学院软件研究所 User identity detection method and system
CN106888090A (en) * 2015-12-16 2017-06-23 阿里巴巴集团控股有限公司 A kind of user authentication method, apparatus and system
CN106888090B (en) * 2015-12-16 2020-01-21 阿里巴巴集团控股有限公司 User verification method, device and system
CN106919816A (en) * 2015-12-24 2017-07-04 北京搜狗科技发展有限公司 A kind of user authen method and device, a kind of device for user authentication
CN105577692A (en) * 2016-02-03 2016-05-11 杭州朗和科技有限公司 Website login authentication method and device
CN107093076A (en) * 2016-02-18 2017-08-25 卡巴斯基实验室股份制公司 The system and method for detecting fraudulent user transaction
CN107093076B (en) * 2016-02-18 2021-07-13 卡巴斯基实验室股份制公司 System and method for detecting fraudulent user transactions
US10943235B2 (en) 2016-02-18 2021-03-09 AO Kaspersky Lab System and method of software-imitated user transactions using machine learning
CN106127400A (en) * 2016-06-29 2016-11-16 北京奇虎科技有限公司 Work behavior analyzes method and device
CN107786349B (en) * 2016-08-24 2021-06-25 腾讯科技(深圳)有限公司 Security management method and device for user account
CN107786349A (en) * 2016-08-24 2018-03-09 腾讯科技(深圳)有限公司 A kind of method for managing security and device for user account
CN106372470A (en) * 2016-08-30 2017-02-01 维沃移动通信有限公司 Method for reminding of inputting password and mobile terminal
CN106656978A (en) * 2016-10-19 2017-05-10 广东欧珀移动通信有限公司 Account login method and server
CN106650350B (en) * 2016-10-21 2020-02-07 中国银联股份有限公司 Identity authentication method and system
CN106650350A (en) * 2016-10-21 2017-05-10 中国银联股份有限公司 Identity authentication method and system
CN106878323A (en) * 2017-03-13 2017-06-20 山东浪潮云服务信息科技有限公司 A kind of identity identifying method, device and system
CN107104973A (en) * 2017-05-09 2017-08-29 北京潘达互娱科技有限公司 The method of calibration and device of user behavior
CN107330128A (en) * 2017-07-24 2017-11-07 上海众人网络安全技术有限公司 Certification abnormality judgment method and device
CN107330128B (en) * 2017-07-24 2020-12-08 上海众人网络安全技术有限公司 Authentication abnormity judgment method and device
CN108011863A (en) * 2017-08-23 2018-05-08 北京车和家信息技术有限责任公司 Identify the method and device of Brute Force
CN108011863B (en) * 2017-08-23 2020-12-15 北京车和家信息技术有限责任公司 Method and device for identifying brute force cracking
CN107632722A (en) * 2017-09-30 2018-01-26 北京梆梆安全科技有限公司 A kind of various dimensions user ID authentication method and device
CN107612922A (en) * 2017-09-30 2018-01-19 北京梆梆安全科技有限公司 User ID authentication method and device based on user operation habits and geographical position
CN107623696B (en) * 2017-09-30 2020-11-24 北京梆梆安全科技有限公司 User identity verification method and device based on user behavior characteristics
CN107657157A (en) * 2017-09-30 2018-02-02 北京梆梆安全科技有限公司 A kind of auth method and device based on input time interval
CN107657156A (en) * 2017-09-30 2018-02-02 北京梆梆安全科技有限公司 User ID authentication method and device based on user operation habits and contact pressure area
CN107657156B (en) * 2017-09-30 2021-03-19 北京梆梆安全科技有限公司 User identity authentication method and device based on user operation habit and touch area
CN107623696A (en) * 2017-09-30 2018-01-23 北京梆梆安全科技有限公司 A kind of user ID authentication method and device based on user behavior feature
CN108711013A (en) * 2018-05-24 2018-10-26 深圳市买买提信息科技有限公司 Abnormal behaviour determines method, apparatus, equipment and storage medium
WO2020000346A1 (en) * 2018-06-29 2020-01-02 Huawei Technologies Co., Ltd. Intruder detection method and apparatus
US11393306B2 (en) 2018-06-29 2022-07-19 Huawei Cloud Computing Technologies Co., Ltd. Intruder detection method and apparatus
US10783759B2 (en) 2018-06-29 2020-09-22 Futurewei Technologies, Inc. Intruder detection method and apparatus
WO2020010726A1 (en) * 2018-07-11 2020-01-16 平安科技(深圳)有限公司 Registration and login method for hybrid application program, system, and computer device
CN108965291B (en) * 2018-07-11 2021-04-16 平安科技(深圳)有限公司 Registration login method and system of hybrid application program and computer equipment
CN108965291A (en) * 2018-07-11 2018-12-07 平安科技(深圳)有限公司 Registration login method, system and the computer equipment of mixed application
CN109889507A (en) * 2019-01-24 2019-06-14 太仓红码软件技术有限公司 It is a kind of for monitoring the monitoring method and its system of mailbox safe operation
CN109660453A (en) * 2019-01-24 2019-04-19 太仓红码软件技术有限公司 A kind of safety monitoring method and its system
CN109889507B (en) * 2019-01-24 2021-08-06 印象(山东)大数据有限公司 Monitoring method and system for monitoring mailbox operation safety
CN109873813A (en) * 2019-01-28 2019-06-11 平安科技(深圳)有限公司 Text input abnormality monitoring method, device, computer equipment and storage medium
CN110427971A (en) * 2019-07-05 2019-11-08 五八有限公司 Recognition methods, device, server and the storage medium of user and IP
CN110781487A (en) * 2019-09-27 2020-02-11 广西英腾教育科技股份有限公司 Safety auxiliary verification method, system, medium and equipment
CN111209551B (en) * 2020-01-15 2022-10-14 国网河北省电力有限公司信息通信分公司 Identity authentication method and device
CN111209551A (en) * 2020-01-15 2020-05-29 国网河北省电力有限公司信息通信分公司 Identity authentication method and device
CN111491300B (en) * 2020-03-11 2023-04-28 中移(杭州)信息技术有限公司 Risk detection method, apparatus, device and storage medium
CN111491300A (en) * 2020-03-11 2020-08-04 中移(杭州)信息技术有限公司 Risk detection method, device, equipment and storage medium
CN111416809A (en) * 2020-03-13 2020-07-14 国网河北省电力有限公司信息通信分公司 Continuous authentication method and device based on keystroke recognition
CN111737668B (en) * 2020-08-18 2020-12-11 广东睿江云计算股份有限公司 Security authentication method and system based on user input behavior characteristics
CN111737668A (en) * 2020-08-18 2020-10-02 广东睿江云计算股份有限公司 Security authentication method and system based on user input behavior characteristics
CN112037818A (en) * 2020-08-30 2020-12-04 北京嘀嘀无限科技发展有限公司 Abnormal condition determining method and forward matching formula generating method
CN112699369A (en) * 2021-01-12 2021-04-23 安芯网盾(北京)科技有限公司 Method and device for detecting abnormal login through stack backtracking
CN113179281A (en) * 2021-05-26 2021-07-27 中国银行股份有限公司 Method, device, equipment and storage medium for determining database collision attack
CN113641971A (en) * 2021-08-20 2021-11-12 武汉极意网络科技有限公司 Exception handling system based on behavior verification

Also Published As

Publication number Publication date
CN104301286B (en) 2018-03-23

Similar Documents

Publication Publication Date Title
CN104301286B (en) User log-in authentication method and device
US10764297B2 (en) Anonymized persona identifier
US10044731B2 (en) System and method for validating users using social network information
US20230237134A1 (en) Biometric identification platform
EP3510516B1 (en) Computer user authentication using machine learning
US20210152555A1 (en) System and method for unauthorized activity detection
WO2019228004A1 (en) Identity verification method and apparatus
US10542021B1 (en) Automated extraction of behavioral profile features
Traore et al. Combining mouse and keystroke dynamics biometrics for risk-based authentication in web environments
Serwadda et al. Examining a large keystroke biometrics dataset for statistical-attack openings
US8843754B2 (en) Continuous user identification and situation analysis with identification of anonymous users through behaviormetrics
US8856892B2 (en) Interactive authentication
CN104202339B (en) A kind of across cloud authentication service method based on user behavior
US11775623B2 (en) Processing authentication requests to secured information systems using machine-learned user-account behavior profiles
CN110602021A (en) Safety risk value evaluation method based on combination of HTTP request behavior and business process
CN116957049B (en) Unsupervised internal threat detection method based on countermeasure self-encoder
US11968184B2 (en) Digital identity network alerts
Stanić Continuous user verification based on behavioral biometrics using mouse dynamics
RU2659736C1 (en) System and method of detecting new devices under user interaction with banking services
CN110445790A (en) A kind of account method for detecting abnormality logging in behavior based on user
Monschein et al. SPCAuth: scalable and privacy-preserving continuous authentication for web applications
CN116032501A (en) Network abnormal behavior detection method and device, electronic equipment and storage medium
Bicakci et al. Analysis and evaluation of keystroke dynamics as a feature of contextual authentication
CN108241803B (en) A kind of access control method of heterogeneous system
Vassallo et al. Privacy-preserving behavioral authentication on smartphones

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant