CN105678157A - System and method for data property right protection based on application environment identification - Google Patents

Abstract

The invention discloses a system and method for data property right protection based on application environment identification and belongs to the technical field of software analysis. The system mainly comprises an environment sample set extraction module, a neural network optimization module, a data access module, a to-be-detected sample extraction module, a classification and identification module and a data access processing module. The environment sample set extraction module points out target characteristics and establishes a feature library of an environment sample set; the neural network optimization module performs optimization training on a neural network according to the feature library; the data access module points out a data access mode; the to-be-detected sample extraction module extracts a to-be-detected device environment sample; the classification and identification module processes sample data to obtain an identification result; and the data access processing module determines the identification result and carries out data matching. A single machine and the network environment can be identified automatically, the system has certain elasticity, the environment identification result serves as certification, and a series of pain spot problems are solved.

Description

A kind of data property right protection system and method based on applied environment identification

Technical field

The invention belongs to software analysis technology field, relate to a kind of unit for data use and Network Recognition technology.

Background technology

Along with developing rapidly of information technology, network has been deep in our life, global IT application has become the main trend of human development, the thing followed is the quickening of all trades and professions IT application process, applications of computer network field is widened rapidly, and the success of enterprise also becomes increasingly dependent on the various network application increased rapidly. But, along with developing rapidly of this application, substantial amounts of relevant information is dispersed in various distributed system, thus having caused current and potential various safety problems. Go deep into the information age of huge numbers of families at cyber-net, information security has become as global problem, it is ensured that safety when user uses, and is just being subject to increasingly serious challenge.

Authentication refers to and confirms the process whether operator's identity is legal in computer system, identity identifying method can be divided into three major types in computer systems: the first kind is the legal identity that the information known to user proves user, such as password etc., the legal identity of the validation of information operator that this mode is known by verifying active user; Equations of The Second Kind is the legal identity that the certificate having according to user proves user, for instance identity card etc. This mode is shown corresponding certificate by active user and is verified the identity of user; 3rd class is the legal identity that the physical trait according to user proves user, for instance palm and facial characteristics etc.

According to the condition needing checking in authentication procedures, authentication is divided into single-factor certification and double factor authentication. Wherein, single-factor certification refers to by verifying that a condition just may certify that the legal identity of active user; Double factor authentication refers to by verifying that condition two kinds different just can prove that the legal identity of active user. According to whether user uses hardware to be divided into software authentication and hardware identification in authentication procedures, it is divided into static certification and dynamic authentication according to the information required for certification. The evolution of identity identifying technology is to develop into hardware identification from software authentication, develops into double factor authentication from single-factor certification and develops into dynamic authentication from static certification.

Dual identity checking provides better mechanism than single-factor certification, and our mailbox, social media, bank account etc. every aspect all should enable the checking of this dual identity.But enable the problem that dual identity checking can bring checking excessively loaded down with trivial details. Each user wants to log in a website, must draw out mobile phone, then unlock, find identifying code, then input on website. If action is too slow, identifying code is expired, must heavily come one time. Owing to a lot of user of above reason is reluctant to enable the checking of this dual identity, no matter the account of oneself is in the desperate situation being likely at any time be hacked. No matter being single-factor certification or double factor authentication, will obtain key, then input key could obtain data, and this causes very big trouble undoubtedly.

Summary of the invention

The invention provides a kind of data property right protection system and method based on applied environment identification; it is intended in authentication procedures and automatically identifies the unit residing for user and network environment; simplify authentication procedures; there is certain elasticity; result according to Context awareness, as certification, solves a series of pain spot problem.

The present invention is to solve above-mentioned technical problem, by the following technical solutions:

A kind of data property right protection system based on applied environment identification, it is characterised in that including:

Environmental samples collection extraction module: obtain the environmental samples collection of sample stand-alone environment and network environment, extract the eigenvalue of target characteristic in each environmental samples, set up the feature database of environmental samples collection;

Neural Network Optimization module: set up the ANN Evolutionary model that part connects, feature database according to environmental samples collection, each connection utilizing the ANN Evolutionary model that described part connects by genetic algorithm is optimized calculating, it is thus achieved that the ANN Evolutionary model that optimum part connects;

Data access module: when device request to be detected accesses data-interface, it is judged that whether equipment to be detected successfully installs driving, drives if successfully installing, and allows calling interface to access data, does not otherwise allow to use this interface;

Sample to be tested extraction module: obtain the environmental samples of equipment to be detected, and extract the equipment eigenvalue to be detected of target characteristic in each environmental samples;

Classification and identification module: the ANN Evolutionary model that optimum for equipment eigenvalue to be detected input part is connected, the ANN Evolutionary models treated connected through optimum part is identified result;

Data access processing module: judge the recognition result obtained in identification module, if identifying satisfactory unit and network environment, namely produce correct key, it is allowed to access data, if not can recognize that satisfactory unit and network environment, then denied access data.

A kind of data property right protection method based on applied environment identification, it is characterised in that comprise the following steps:

Step 1: obtain the environmental samples collection of sample stand-alone environment and network environment, extract the eigenvalue of target characteristic in each environmental samples, set up the feature database of environmental samples collection;

Step 2: set up the ANN Evolutionary model that part connects, feature database according to environmental samples collection, each connection utilizing the ANN Evolutionary model that described part connects by genetic algorithm is optimized calculating, it is thus achieved that the ANN Evolutionary model that optimum part connects;

Step 3: when device request to be detected accesses data-interface, it is judged that whether equipment to be detected successfully installs driving, drives if successfully installing, and allows calling interface to access data, does not otherwise allow to use this interface;

Step 4: obtain the environmental samples of equipment to be detected, and extract the equipment eigenvalue to be detected of target characteristic in each environmental samples;

Step 5: the ANN Evolutionary model that optimum for equipment eigenvalue to be detected input part is connected, the ANN Evolutionary models treated connected through optimum part is identified result;

Step 6: judge the recognition result that step 5 obtains, if identifying satisfactory unit and network environment, namely produces correct key, it is allowed to access data, if not can recognize that satisfactory unit and network environment, then and denied access data.

In such scheme, described step 1 includes following step:

Step 1.1: build test in LAN, obtains the environmental samples collection of sample stand-alone environment and network environment, and described environmental samples collection is made up of M satisfactory environmental samples and N number of undesirable environmental samples;

Step 1.2: preset H target characteristic;

Step 1.3: extract target characteristic eigenvalue in each environmental samples, set up the feature database of environmental samples collection.

In such scheme, described step 2 includes following step:

Step 2.1: set up the ANN Evolutionary model that part connects, wherein, the input layer of the ANN Evolutionary model that described part connects is provided with H neuron, and each neuron of described input layer may be coupled to 2 neurons in intermediate layer; The intermediate layer of the ANN Evolutionary model that described part connects is provided with 10 neurons, and each neuron in described intermediate layer is connected to 2 neurons of non-input layer; The output layer of the ANN Evolutionary model that described part connects is provided with 1 neuron, and the neuron in the neuron of described output layer and 2 intermediate layers connects;

Step 2.2: environmental samples is concentrated all eigenvalues of each environmental samples input the ANN Evolutionary model that described part connects respectively;

Step 2.3: calculate the fitness value of the ANN Evolutionary model that first generation part connects:

$F=\frac{1}{\[\mathrm{\α}\underset{i=1}{\overset{M}{\Σ}}\underset{t=1}{\overset{T}{\Σ}}{\left(M_i\right(t)-p)}^2+\mathrm{\β}\underset{j=1}{\overset{N}{\Σ}}\underset{t=1}{\overset{T}{\Σ}}{\left(N_j\right(t)-q)}^2\]}$

Wherein, F is fitness, the actual output that Mi (t) is satisfactory environmental samples, the actual output that Nj (t) is undesirable environmental samples, i and j is integer variable, and M is satisfactory environmental samples number, and N is undesirable environmental samples number, p is the desired output of positive example, q is the desired output of counter-example, and T is the sum of " tick ", and T=10, α, β are the factor of balance positive example and counter-example, wherein α M=β N;

Step 2.4: the fitness threshold value stopping optimizing the ANN Evolutionary model that part connects is set;

Step 2.5: connect the ANN Evolutionary model that part of evolving connects by changing the weights, cut-out connection and the foundation that connect;

Step 2.6: calculate the fitness value of the ANN Evolutionary model that the part after step 2.5 processes connects;

Step 2.7: if less than the fitness threshold value in step 2.4, then repeat step 2.5-2.6, otherwise enters step 2.8;

Step 2.8: choose the ANN Evolutionary model of fitness the best part connection as optimal solution, it is thus achieved that the ANN Evolutionary model that optimum part connects.

In such scheme, in described step 3 for equipment to be detected provide access data-interface be SDK SDK.

In such scheme, described step 6 includes following step:

Step 6.1: judge the recognition result that step 5 obtains, if recognition result OP>=0.1, then the stand-alone environment and the network environment that define current detected equipment are satisfactory environment, can be used as key and obtain the data specified; If recognition result OP≤-0.1, then the stand-alone environment and the network environment that define current detected equipment are undesirable environment, denied access data; If the recognition result OP acquired is between-0.1 and 0.1, namely-0.1<OP<0.1, then whether the stand-alone environment of the current detected equipment of definition and network environment cannot be identified is satisfactory environment, enters step 6.2;

Step 6.2: simplify the stand-alone environment of current detected equipment and the quantity H of network environment characteristics value extraction, the eigenvalue of acquisition is identified as new input, further according to the service condition defining data with the definition in step 6.1 of recognition result.

In sum, owing to have employed technique scheme, the invention has the beneficial effects as follows:

The ANN Evolutionary model that the present invention will connect based on part, it is intended in authentication procedures and automatically identifies the unit residing for user and network environment, simplify authentication procedures, there is certain elasticity, result according to Context awareness, as certification, solves a series of pain spot problem.

Accompanying drawing explanation

Fig. 1 is unit and the network environment identification process schematic diagram of the present invention;

Fig. 2 is neural network structure schematic diagram;

Fig. 3 is the data structure of the ANN Evolutionary model that part connects.

Detailed description of the invention

All features disclosed in this specification, or the step in disclosed all methods or process, except mutually exclusive feature and/or step, all can combine by any way.

Below in conjunction with Fig. 1, the present invention is elaborated.

By describing the technology contents of the present invention, structural feature in detail, being realized purpose and effect, below in conjunction with embodiment and coordinate accompanying drawing to be explained in detail.

The present invention proposes a kind of data property right protection system and method based on applied environment identification, and this system and method is applied in authentication procedures automatically identify the unit residing for user and network environment. The schematic flow sheet of whole algorithm such as Fig. 1, this system includes:

Environmental samples collection extraction module: obtain the environmental samples collection of sample stand-alone environment and network environment, extract the eigenvalue of target characteristic in each environmental samples, set up the feature database of environmental samples collection;

Neural Network Optimization module: set up the ANN Evolutionary model that part connects, feature database according to environmental samples collection, each connection utilizing the ANN Evolutionary model that described part connects by genetic algorithm is optimized calculating, it is thus achieved that the ANN Evolutionary model that optimum part connects;

Data access module: when device request to be detected accesses data-interface, it is judged that whether equipment to be detected successfully installs driving, drives if successfully installing, and allows calling interface to access data, does not otherwise allow to use this interface;

Sample to be tested extraction module: obtain the environmental samples of equipment to be detected, and extract the equipment eigenvalue to be detected of target characteristic in each environmental samples;

Classification and identification module: the ANN Evolutionary model that optimum for equipment eigenvalue to be detected input part is connected, the ANN Evolutionary models treated connected through optimum part is identified result;

Data access processing module: judge the recognition result obtained in identification module, if identifying satisfactory unit and network environment, namely produce correct key, it is allowed to access data, if not can recognize that satisfactory unit and network environment, then denied access data.

The specific implementation process of native system includes step:

Step 1: obtain the environmental samples collection of sample stand-alone environment and network environment, extract the eigenvalue of target characteristic in each environmental samples, set up the feature database of environmental samples collection;

Step 1.1: build test in LAN, obtains the environmental samples collection of sample stand-alone environment and network environment, and described environmental samples collection is made up of M satisfactory environmental samples and N number of undesirable environmental samples;

Step 1.2: preset H target characteristic;

Step 1.3: extract target characteristic eigenvalue in each environmental samples, set up the feature database of environmental samples collection.

Step 2: set up the ANN Evolutionary model that part connects, feature database according to environmental samples collection, each connection utilizing the ANN Evolutionary model that described part connects by genetic algorithm is optimized calculating, it is thus achieved that the ANN Evolutionary model that optimum part connects;

Step 2.1: with reference to the neural network structure shown in Fig. 2, set up the ANN Evolutionary model that part connects, wherein, the input layer of the ANN Evolutionary model that described part connects is provided with H neuron, and each neuron of described input layer may be coupled to 2 neurons in intermediate layer; The intermediate layer of the ANN Evolutionary model that described part connects is provided with 10 neurons, and each neuron in described intermediate layer is connected to 2 neurons of non-input layer; The output layer of the ANN Evolutionary model that described part connects is provided with 1 neuron, and the neuron in the neuron of described output layer and 2 intermediate layers connects; The data structure of the ANN Evolutionary model that part connects is as shown in Figure 3.

Step 2.2: environmental samples is concentrated all eigenvalues of each environmental samples input the ANN Evolutionary model that described part connects respectively;

Step 2.3: calculate the fitness value of the ANN Evolutionary model that first generation part connects:

$F=\frac{1}{\&lsqb;\mathrm{\&alpha;}\underset{i=1}{\overset{M}{\&Sigma;}}\underset{t=1}{\overset{T}{\&Sigma;}}{\left(M_i\right(t)-p)}^2+\mathrm{\&beta;}\underset{j=1}{\overset{N}{\&Sigma;}}\underset{t=1}{\overset{T}{\&Sigma;}}{\left(N_j\right(t)-q)}^2\&rsqb;}$

Wherein, F is fitness, the actual output that Mi (t) is satisfactory environmental samples, the actual output that Nj (t) is undesirable environmental samples, i and j is integer variable, and M is satisfactory environmental samples number, and N is undesirable environmental samples number, p is the desired output of positive example, q is the desired output of counter-example, and T is the sum of " tick ", and T=10, α, β are the factor of balance positive example and counter-example, wherein α M=β N;

Step 2.4: the fitness threshold value stopping optimizing the ANN Evolutionary model that part connects is set;

Step 2.5: connect the ANN Evolutionary model that part of evolving connects by changing the weights, cut-out connection and the foundation that connect;

Step 2.6: calculate the fitness value of the ANN Evolutionary model that the part after step 2.5 processes connects;

Step 2.7: if less than the fitness threshold value in step 2.4, then repeat step 2.5-2.6, otherwise enters step 2.8;

Step 2.8: choose the ANN Evolutionary model of fitness the best part connection as optimal solution, it is thus achieved that the ANN Evolutionary model that optimum part connects.

Step 3: when device request to be detected accesses data-interface, it is judged that whether equipment to be detected successfully installs driving, drives if successfully installing, and allows calling interface to access data, does not otherwise allow to use this interface;

Step 4: obtain the environmental samples of equipment to be detected, and extract the equipment eigenvalue to be detected of target characteristic in each environmental samples;

Step 5: the ANN Evolutionary model that optimum for equipment eigenvalue to be detected input part is connected, the ANN Evolutionary models treated connected through optimum part is identified result;

Step 6: judge the recognition result that step 5 obtains, if identifying satisfactory unit and network environment, namely produces correct key, it is allowed to access data, if not can recognize that satisfactory unit and network environment, then and denied access data.

Step 6.1: judge the recognition result that step 5 obtains, if recognition result OP >=0.1, then the stand-alone environment and the network environment that define current detected equipment are satisfactory environment, can be used as key and obtain the data specified;If recognition result OP≤-0.1, then the stand-alone environment and the network environment that define current detected equipment are undesirable environment, denied access data; If the recognition result OP acquired is between-0.1 and 0.1, namely-0.1 < OP < 0.1, then whether the stand-alone environment of the current detected equipment of definition and network environment cannot be identified is satisfactory environment, enters step 6.2;

Step 6.2: simplify the stand-alone environment of current detected equipment and the quantity H of network environment characteristics value extraction, the eigenvalue of acquisition is identified as new input, further according to the service condition defining data with the definition in step 6.1 of recognition result.

Preferably, in described Data access module for equipment to be detected provide access data-interface be SDK SDK.

In present application example, the general detection feature quantity of M+N the environmental samples that the environmental samples that the H bar feature preset can be given is concentrated, the target characteristic preset under stand-alone environment may is that the size of internal memory, the utilization rate of internal memory, operating system, cpu type and efficiency, video card type and size, operating system and hard disk size; The target characteristic preset under network environment may is that the geographic range of covering whether message transmission rate in the scope of some regulation, under network environment in certain interval,

Whether the bit error rate of data transmission is less than certain value defined, whether the response time of network is in the scope specified, whether the handling capacity of network meets the requirement that data use, within the limits prescribed whether the utilization rate of network, whether the confidentiality under network environment meets requirement, whether the IP residing for current network is in the scope specified, whether the gateway address of current network is in the scope specified, whether the initial address of current network is in the scope specified, whether the netmask of current network is in the scope specified, the gateway MAC address of current network and network neighbor's MAC Address group whether all conformance with standard, whether the agreement that current network conditions uses meets the requirements. except features above, it is also possible to carry out the extension of feature kind according to practical situation.

Claims (6)

1. the data property right protection system based on applied environment identification, it is characterised in that including:

Environmental samples collection extraction module: obtain the environmental samples collection of sample stand-alone environment and network environment, extract the eigenvalue of target characteristic in each environmental samples, set up the feature database of environmental samples collection;

Neural Network Optimization module: set up the ANN Evolutionary model that part connects, feature database according to environmental samples collection, each connection utilizing the ANN Evolutionary model that described part connects by genetic algorithm is optimized calculating, it is thus achieved that the ANN Evolutionary model that optimum part connects;

Data access module: when device request to be detected accesses data-interface, it is judged that whether equipment to be detected successfully installs driving, drives if successfully installing, and allows calling interface to access data, does not otherwise allow to use this interface;

Sample to be tested extraction module: obtain the environmental samples of equipment to be detected, and extract the equipment eigenvalue to be detected of target characteristic in each environmental samples;

Classification and identification module: the ANN Evolutionary model that optimum for equipment eigenvalue to be detected input part is connected, the ANN Evolutionary models treated connected through optimum part is identified result;

Data access processing module: judge the recognition result obtained in identification module, if identifying satisfactory unit and network environment, namely produce correct key, it is allowed to access data, if not can recognize that satisfactory unit and network environment, then denied access data.

2. the data property right protection method based on applied environment identification, it is characterised in that comprise the following steps:

Step 1: obtain the environmental samples collection of sample stand-alone environment and network environment, extract the eigenvalue of target characteristic in each environmental samples, set up the feature database of environmental samples collection;

Step 2: set up the ANN Evolutionary model that part connects, feature database according to environmental samples collection, each connection utilizing the ANN Evolutionary model that described part connects by genetic algorithm is optimized calculating, it is thus achieved that the ANN Evolutionary model that optimum part connects;

Step 3: when device request to be detected accesses data-interface, it is judged that whether equipment to be detected successfully installs driving, drives if successfully installing, and allows calling interface to access data, does not otherwise allow to use this interface;

Step 4: obtain the environmental samples of equipment to be detected, and extract the equipment eigenvalue to be detected of target characteristic in each environmental samples;

Step 5: the ANN Evolutionary model that optimum for equipment eigenvalue to be detected input part is connected, the ANN Evolutionary models treated connected through optimum part is identified result;

Step 6: judge the recognition result that step 5 obtains, if identifying satisfactory unit and network environment, namely produces correct key, it is allowed to access data, if not can recognize that satisfactory unit and network environment, then and denied access data.

3. the data property right protection method based on applied environment identification according to claim 2, it is characterised in that described step 1 includes following step:

Step 1.1: build test in LAN, obtains the environmental samples collection of sample stand-alone environment and network environment, and described environmental samples collection is made up of M satisfactory environmental samples and N number of undesirable environmental samples;

Step 1.2: preset H target characteristic;

Step 1.3: extract target characteristic eigenvalue in each environmental samples, set up the feature database of environmental samples collection.

4. the data property right protection method based on applied environment identification according to claim 2, it is characterised in that described step 2 includes following step:

Step 2.1: set up the ANN Evolutionary model that part connects, wherein, the input layer of the ANN Evolutionary model that described part connects is provided with H neuron, and each neuron of described input layer may be coupled to 2 neurons in intermediate layer; The intermediate layer of the ANN Evolutionary model that described part connects is provided with 10 neurons, and each neuron in described intermediate layer is connected to 2 neurons of non-input layer; The output layer of the ANN Evolutionary model that described part connects is provided with 1 neuron, and the neuron in the neuron of described output layer and 2 intermediate layers connects;

Step 2.2: environmental samples is concentrated all eigenvalues of each environmental samples input the ANN Evolutionary model that described part connects respectively;

Step 2.3: calculate the fitness value of the ANN Evolutionary model that first generation part connects:

$F=\frac{1}{\&lsqb;\mathrm{\&alpha;}\underset{i=1}{\overset{M}{\&Sigma;}}\underset{t=1}{\overset{T}{\&Sigma;}}{\left(M_i\right(t)-p)}^2+\mathrm{\&beta;}\underset{j=1}{\overset{N}{\&Sigma;}}\underset{t=1}{\overset{T}{\&Sigma;}}{\left(N_j\right(t)-q)}^2\&rsqb;}$

Wherein, F is fitness, the actual output that Mi (t) is satisfactory environmental samples, the actual output that Nj (t) is undesirable environmental samples, i and j is integer variable, and M is satisfactory environmental samples number, and N is undesirable environmental samples number, p is the desired output of positive example, q is the desired output of counter-example, and T is the sum of " tick ", and T=10, α, β are the factor of balance positive example and counter-example, wherein α M=β N;

Step 2.4: the fitness threshold value stopping optimizing the ANN Evolutionary model that part connects is set;

Step 2.5: connect the ANN Evolutionary model that part of evolving connects by changing the weights, cut-out connection and the foundation that connect;

Step 2.6: calculate the fitness value of the ANN Evolutionary model that the part after step 2.5 processes connects;

Step 2.7: if less than the fitness threshold value in step 2.4, then repeat step 2.5-2.6, otherwise enters step 2.8;

Step 2.8: choose the ANN Evolutionary model of fitness the best part connection as optimal solution, it is thus achieved that the ANN Evolutionary model that optimum part connects.

5. the data property right protection method based on applied environment identification according to claim 2, it is characterised in that in described step 3 for equipment to be detected provide access data-interface be SDK SDK.

6. the data property right protection method based on applied environment identification according to claim 2, it is characterised in that described step 6 includes following step:

Step 6.1: judge the recognition result that step 5 obtains, if recognition result OP>=0.1, then the stand-alone environment and the network environment that define current detected equipment are satisfactory environment, can be used as key and obtain the data specified; If recognition result OP≤-0.1, then the stand-alone environment and the network environment that define current detected equipment are undesirable environment, denied access data; If the recognition result OP acquired is between-0.1 and 0.1, namely-0.1<OP<0.1, then whether the stand-alone environment of the current detected equipment of definition and network environment cannot be identified is satisfactory environment, enters step 6.2;

Step 6.2: simplify the stand-alone environment of current detected equipment and the quantity H of network environment characteristics value extraction, the eigenvalue of acquisition is identified as new input, further according to the service condition defining data with the definition in step 6.1 of recognition result.