CN107018138B - Method and device for determining rights - Google Patents
Method and device for determining rights Download PDFInfo
- Publication number
- CN107018138B CN107018138B CN201710232975.0A CN201710232975A CN107018138B CN 107018138 B CN107018138 B CN 107018138B CN 201710232975 A CN201710232975 A CN 201710232975A CN 107018138 B CN107018138 B CN 107018138B
- Authority
- CN
- China
- Prior art keywords
- question
- historical
- position information
- geographic position
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 230000004044 response Effects 0.000 claims abstract description 19
- 230000008569 process Effects 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 6
- 230000002787 reinforcement Effects 0.000 claims description 5
- 230000006870 function Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 7
- 238000012795 verification Methods 0.000 description 6
- 230000009471 action Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000012549 training Methods 0.000 description 4
- 230000003068 static effect Effects 0.000 description 3
- 230000007704 transition Effects 0.000 description 3
- 239000000835 fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
Abstract
Methods and apparatus for determining permissions are disclosed. One embodiment of the method comprises: responding to a received login request of a request terminal for a target account, and acquiring a historical geographic position information set; the following authentication steps are performed: selecting historical geographic position information from a historical geographic position information set, generating a question related to the selected historical geographic position information, sending the question to a request terminal, and determining a frequency threshold value for sending the question to the request terminal based on whether answer information aiming at the question sent by the request terminal is matched with the question; responding to the times of sending the problems to the request terminal not reaching the times threshold value, and continuing to execute the authentication step; determining the accuracy of the answer information in response to the number of times of sending the question to the request terminal reaching a number threshold; and if the accuracy is greater than a preset accuracy threshold, determining that the request terminal has the login authority for the target account. This embodiment improves the accuracy of the authentication.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to the field of internet technologies, and in particular, to a method and an apparatus for determining permissions.
Background
With the development of internet technology and network virtual space, how to effectively verify the identity of a user becomes an important issue. Currently, various user account authentication methods are also actively researched and developed by each internet enterprise, user identity verification has an important and wide application scene, and the method has important significance for user account system perfection and account safety management of each internet company.
At present, there are many forms of widely used authentication methods, including static passwords, dynamic passwords, biometric identification, and the like. The static password means that after a user sets a specific password, a service party and the user verify the password by an appointed method; the dynamic password is that the password is not fixed every time of authentication, but only a service party and a user can obtain the password, and the service party can send the password to the user in a dynamic token, short message service and other modes; the biometric identification refers to taking the specific biometric features of the user as a verification method, and comprises face identification, fingerprint identification, voice print identification and the like.
However, the above authentication methods all have certain drawbacks, for example, in the case of forgetting the password, the user cannot use the static password mode to perform the authentication; the dynamic password mode requires the help of auxiliary equipment (such as a dynamic token or a mobile phone, etc.), and cannot realize the identity authentication of the user independently; biometric identification requires specific high-precision identification devices (e.g., cameras, sensors, etc.) and can only be used in specific application scenarios.
Disclosure of Invention
The present application aims to propose an improved method and apparatus for determining rights that solves the technical problems mentioned in the background section above.
In a first aspect, an embodiment of the present application provides a method for determining a right, where the method includes: in response to receiving a login request of a request terminal for a target account, acquiring a historical geographic position information set, wherein the historical geographic position information set comprises historical geographic position information uploaded by an associated terminal associated with the target account; the following authentication steps are performed: selecting historical geographic position information from a historical geographic position information set, generating a question related to the selected historical geographic position information, sending the question to a request terminal, and determining a frequency threshold value for sending the question to the request terminal based on whether answer information aiming at the question sent by the request terminal is matched with the question; responding to the times of sending the problems to the request terminal not reaching the times threshold value, and continuing to execute the authentication step; determining the accuracy of the answer information in response to the number of times of sending the question to the request terminal reaching a number threshold; and if the accuracy is greater than a preset accuracy threshold, determining that the request terminal has the login authority for the target account.
In some embodiments, selecting historical geographic location information from a set of historical geographic location information comprises: and selecting historical geographic position information in the next authentication step from the historical geographic position information set based on whether historical geographic position information associated with the question sent to the request terminal in the current authentication step and answer information aiming at the sent question are matched with the sent question.
In some embodiments, the historical geographic location information includes description information for describing at least one of the following geographic locations corresponding to the historical geographic location information: building type, resident population number and people stream density; and selecting the historical geographic position information in the next authentication step from the historical geographic position information set based on whether the historical geographic position information associated with the question sent to the request terminal in the current authentication step and the answer information aiming at the sent question are matched with the sent question, wherein the historical geographic position information comprises the following steps: acquiring description information of a geographical position corresponding to historical geographical position information aiming at each piece of historical geographical position information in a historical geographical position information set, and determining the similarity between the description information of the geographical position corresponding to the historical geographical position information and the description information of the geographical position corresponding to the historical geographical position information related to the problem sent to a request terminal in the current authentication step; if the answer information aiming at the sent question is matched with the sent question, selecting historical geographic position information associated with description information with the similarity smaller than a preset first similarity threshold value from the historical geographic position information set as the historical geographic position information in the next authentication step, or selecting the historical geographic position information associated with a first preset number of description information as the historical geographic position information in the next authentication step according to the sequence of the similarity from small to large.
In some embodiments, selecting the historical geographical location information in the next authentication step from the set of historical geographical location information based on whether the historical geographical location information associated with the question sent to the requesting terminal in the current authentication step and the answer information for the sent question match the sent question, further comprises: if the answer information aiming at the sent question is not matched with the sent question, selecting historical geographic position information associated with description information with similarity larger than a preset second similarity threshold value from the historical geographic position information set as historical geographic position information in the next authentication step, or selecting the historical geographic position information associated with a second preset number of description information as the historical geographic position information in the next authentication step according to the sequence of similarity from large to small.
In some embodiments, determining the threshold number of times the question is sent to the requesting terminal based on whether answer information sent by the requesting terminal for the question matches the question comprises: if the answer information for the question sent by the request terminal does not match the question, the threshold value of the number of times of sending the question to the request terminal is increased.
In some embodiments, selecting historical geographic location information from a set of historical geographic location information, generating a question related to the selected historical geographic location information, comprises: and selecting historical geographic position information from the historical geographic position information set by utilizing a pre-trained problem generation and decision model, and generating a problem related to the selected historical geographic position information, wherein the problem generation and decision model is established by applying a Markov decision process and is trained by utilizing a reinforcement learning method.
In some embodiments, determining a threshold number of times to send the question to the requesting terminal includes: and determining a threshold value of the times of sending the problems to the request terminal by using the problem generation and decision model.
In some embodiments, determining that the requesting terminal has the right to use the target account includes: and determining that the request terminal has the use authority of the target account by using a problem generation and decision model.
In a second aspect, an embodiment of the present application provides an apparatus for determining a right, where the apparatus includes: the system comprises an acquisition unit, a processing unit and a display unit, wherein the acquisition unit is configured to respond to a received login request of a request terminal for a target account, and acquire a historical geographic position information set, wherein the historical geographic position information set comprises historical geographic position information uploaded by an associated terminal associated with the target account; an authentication unit configured to perform the following authentication steps: selecting historical geographic position information from a historical geographic position information set, generating a question related to the selected historical geographic position information, sending the question to a request terminal, and determining a frequency threshold value for sending the question to the request terminal based on whether answer information aiming at the question sent by the request terminal is matched with the question; a feedback unit configured to continue to perform the authentication step in response to the number of times of sending the question to the request terminal not reaching the number threshold; a first determination unit configured to determine a correct rate of the answer information in response to a number of times of sending the question to the request terminal reaching a number threshold; and the second determining unit is configured to determine that the request terminal has the login authority for the target account if the accuracy is greater than a preset accuracy threshold.
In some embodiments, the authentication unit is further configured to: and selecting historical geographic position information in the next authentication step from the historical geographic position information set based on whether historical geographic position information associated with the question sent to the request terminal in the current authentication step and answer information aiming at the sent question are matched with the sent question.
In some embodiments, the historical geographic location information includes description information for describing at least one of the following geographic locations corresponding to the historical geographic location information: building type, resident population number and people stream density; and an authentication unit including: a determining module configured to acquire, for each piece of historical geographical location information in the historical geographical location information set, description information of a geographical location corresponding to the historical geographical location information, and determine a similarity between the description information of the geographical location corresponding to the historical geographical location information and description information of a geographical location corresponding to historical geographical location information associated with a problem sent to the requesting terminal in the current authentication step; and the first selection module is configured to select historical geographic position information associated with description information with similarity smaller than a preset first similarity threshold value from the historical geographic position information set as historical geographic position information in the next authentication step if answer information for the sent question is matched with the sent question, or select the historical geographic position information associated with a first preset number of description information as the historical geographic position information in the next authentication step according to the sequence of similarity from small to large.
In some embodiments, the authentication unit further comprises: and the second selection module is configured to select historical geographic position information associated with description information with similarity greater than a preset second similarity threshold value from the historical geographic position information set as historical geographic position information in the next authentication step if the answer information for the sent question is not matched with the sent question, or select the historical geographic position information associated with a second preset number of description information as the historical geographic position information in the next authentication step according to the sequence of similarity from large to small.
In some embodiments, the authentication unit is further configured to: if the answer information for the question sent by the request terminal does not match the question, the threshold value of the number of times of sending the question to the request terminal is increased.
In some embodiments, the authentication unit is further configured to: and selecting historical geographic position information from the historical geographic position information set by utilizing a pre-trained problem generation and decision model, and generating a problem related to the selected historical geographic position information, wherein the problem generation and decision model is established by applying a Markov decision process and is trained by utilizing a reinforcement learning method.
In some embodiments, the authentication unit is further configured to: and determining a threshold value of the times of sending the problems to the request terminal by using the problem generation and decision model.
In some embodiments, the second determining unit is further configured to: and determining that the request terminal has the use authority of the target account by using a problem generation and decision model.
In a third aspect, an embodiment of the present application further provides a server, including: one or more processors; the storage device is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors implement the method for determining the authority provided by the application.
In a fourth aspect, the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method for determining rights provided in the present application.
According to the method and the device for determining the authority, historical geographic position information associated with a target account requested by a request terminal is obtained, the historical geographic position information is combined into a historical geographic position information set, then the historical geographic position information is selected from the historical geographic position information set to generate a question, and finally whether the request terminal has the login authority for the target account is determined based on the answer condition of a user to the generated question, so that the historical geographic position data of the target account is effectively utilized, the accuracy of verifying the identity of the user is improved, auxiliary equipment is not needed, and the verification method is simple.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow diagram of one embodiment of a method for determining permissions according to the present application;
FIG. 3 is a schematic diagram of one application scenario of a method for determining permissions according to the present application;
FIG. 4 is a flow diagram of yet another embodiment of a method for determining privileges according to the present application;
FIG. 5 is a schematic diagram illustrating an embodiment of an apparatus for determining permissions according to the present application;
FIG. 6 is a schematic block diagram of a computer system suitable for use in implementing a server according to embodiments of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 shows an exemplary system architecture 100 to which embodiments of the method for determining rights or the apparatus for determining rights of the present application may be applied.
As shown in fig. 1, the system architecture 100 may include requesting terminals 1011, 1012, 1013, networks 1021, 1022, associated terminals 1031, 1032, 1033, and a server 104. A medium in which a network 1021 provides communication links between requesting terminals 1011, 1012, 1013 and the server 104; the network 1022 is a medium used to provide communications links between the associated terminals 1031, 1032, 1033 and the server 104. The networks 1021, 1022 may include various types of connections, such as wire, wireless communication links, or fiber optic cables, to name a few.
The server 104 may interact with the requesting terminals 1011, 1012, 1013 over the network 1021 to receive or send messages or the like; the server 104 may also interact with the associated terminals 1031, 1032, 1033 via the network 1022 to obtain historical geographic location information and the like. The requesting terminals 1011, 1012, 1013 and the associated terminals 1031, 1032, 1033 may have installed thereon various client applications, such as social platform software, instant messaging tools, mailbox clients, etc.
The requesting terminals 1011, 1012, 1013 and associated terminals 1031, 1032, 1033 may be various electronic devices having display screens and supporting information interaction including, but not limited to, smart watches, smart phones, tablets, laptop and desktop computers, and the like.
The server 104 may be a server providing various services, such as obtaining historical geographical location information uploaded by the associated terminals 1031, 1032, 1033 and providing a back-end authentication server supporting questions presented on the requesting terminals 1011, 1012, 1013. The background authentication server may analyze and otherwise process the received data such as the login request, and feed back a processing result (e.g., a generated problem) to the requesting terminal.
It should be noted that the method for determining the authority provided in the embodiment of the present application is generally performed by the server 104, and accordingly, the apparatus for determining the authority is generally disposed in the server 104.
It should be understood that the number of requesting terminals, networks, associated terminals and servers in fig. 1 is merely illustrative. There may be any number of requesting terminals, networks, associated terminals, and servers, as desired for implementation.
With continued reference to FIG. 2, a flow 200 of one embodiment of a method for determining permissions in accordance with the present application is shown. The method for determining the authority comprises the following steps:
In this embodiment, an electronic device (for example, a server shown in fig. 1) on which the method for determining an authority is executed may receive, through a wired connection manner or a wireless connection manner, a login authority request of a user for a target account from a requesting terminal with which the user performs identity authentication, and when detecting the login authority request for the target account sent by the requesting terminal, the electronic device may obtain historical geographic location information uploaded by an associated terminal associated with the target account, and form the obtained historical geographic location information into a historical geographic location information set. The target account is an account which the user claims to be the owner of the account and wants to log in. The related terminal associated with the target account may be a terminal on which the target account logs in a historical period of time. The historical geographic location information may be information of a geographic location visited by the associated terminal in a historical time period, such as a name of the geographic location, where the geographic location may be a point of interest (POI) that is a dotted geographic entity in map data; the geographic location may also be AOI (area of interest), which refers to a regional geographic entity in the map data; the geographical location may also be a city, province, country, or the like.
In this embodiment, when the user forgets the password corresponding to the target account, the request terminal may send a login request for the target account to the electronic device by clicking a "retrieve password" icon on a screen of the request terminal; when the user logs in the target account by using the request terminal, a login request aiming at the target account can be sent to the electronic equipment by the request terminal.
In this embodiment, the owner of the target account may upload the visited geographic location information through the associated terminal, for example, the geographic location information of the owner of the target account may be uploaded through a map application, a takeaway application, a social application, or another application that needs to upload a geographic location; and then, receiving the geographical position information uploaded by the associated terminal in real time, or acquiring the geographical position information uploaded by the associated terminal in a historical time period from a background server of other applications to generate a historical geographical position information set.
In this embodiment, after acquiring the historical geographic location information set in step 201, the electronic device may perform the following authentication steps: firstly, at least one piece of historical geographic position information can be selected from the historical geographic position information set; then, generating a question related to the selected historical geographic position information, and sending the generated question to the request terminal; finally, after receiving the answer information for the question transmitted by the requesting terminal, the threshold number of times of transmitting the question to the requesting terminal may be determined based on whether the answer information matches the correct answer to the question.
In this embodiment, the electronic device may randomly select at least one historical geographic location information from the historical geographic location information set to generate a question; or based on the crowd density of the historical geographic position corresponding to each piece of historical geographic position information of the visit or the number of the visiting crowd, selecting at least one piece of historical geographic position information from the historical geographic position information set to generate a problem, for example, selecting geographic position information corresponding to the historical geographic position with low crowd density or with small number of the visiting crowd; and selecting at least one piece of historical geographic position information from the historical geographic position information set to generate a problem based on the word frequency reverse file frequency of each piece of historical geographic position information in the historical geographic position information set, for example, selecting the historical geographic position information with high word frequency reverse file frequency. The Term Frequency-Inverse file Frequency can also be called Term Frequency-Inverse file Frequency (TF-IDF), and the main idea of the Term Frequency-Inverse file Frequency method is that if the Frequency (Term Frequency, TF) of a certain historical geographic position information appearing in the historical geographic position information set is high and rarely appears in other historical geographic position information sets (historical geographic position information sets uploaded by terminals associated with other accounts), the historical geographic position information is considered to have good category distinguishing capability and is suitable for classification.
In this embodiment, the generated questions may be selection questions and/or judgment questions, and the selection questions may be single-choice questions or multiple-choice questions. For example, when the selected historical geographical location information is "garden of circle", the above-described problem generated by the electronic device may be the selection question "which of the following four areas did you visit in the past month? A. Tiananmen B, Wangfu well C, Yuanmingyuan D and Yiheyuan; the problem generated by the electronic device may also be a judgment question "do you visit a garden in the past month? ".
In this embodiment, the electronic device described above may first set a minimum number threshold and a maximum number threshold for the number of times a question is sent to the requesting terminal. When the electronic device determines that the answer information for the question sent by the request terminal matches the correct answer to the question, the threshold of the number of times the question is sent to the request terminal may be reduced. The electronic device may further determine whether the number threshold is equal to the minimum number threshold, and if the number threshold is equal to the minimum number threshold, the number threshold is not adjusted again after it is determined that the answer information for the question transmitted by the requesting terminal matches the correct answer to the question. When it is determined that the answer information for the question transmitted by the request terminal matches the correct answer to the question, the electronic device may not process the value of the time threshold.
In some optional implementation manners of this embodiment, when the electronic device determines that the answer information for the question sent by the requesting terminal does not match the correct answer to the question, the threshold of the number of times of sending the question to the requesting terminal may be increased. The electronic device may further determine whether the number threshold is equal to the maximum number threshold, and if the number threshold is equal to the maximum number threshold, after it is determined again that the answer information for the question sent by the requesting terminal does not match the correct answer to the question, the electronic device may not adjust the number threshold any more.
In some optional implementations of the embodiment, the electronic device may train a problem generation and Decision model using a Markov Decision Process (MDP). Specifically, the electronic device may first determine a quadruple constituting the markov decision process, the quadruple including a set of states (S) describing the external environment, a set of actions (a) taken per step of the decision, a state transition function (P), and a reward function (R).
In some alternative implementations of the present embodiment, the set of states describing the external environment includes an intermediate state and a final state, the intermediate state being one of a description of a series of questions already asked and a user responseThe termination state refers to a termination state which the system enters after the user answers all questions. If N questions are asked, the intermediate state is an N-tuple<S1,S2,…,SN>Wherein each S in the N-tupleNFor a description pair<D,Boolean>The D is description information of a geographical location corresponding to historical geographical location information corresponding to the question, the Boolean records whether the user correctly answers the question, and the Boolean value includes the following three values: true, False and NIL. When the user correctly answers the question, the Boolean value is True; when the user answers the question wrongly, the Boolean value is False; when the user has not answered the question, the Boolean value is NIL. As an example, when the system presents two questions, the first question being answered correctly by the user, the set of states at that time may be<<D1,True>,<D2,NIL>,NIL,NIL,…>。
In some alternative implementations of this embodiment, in one state, the system will typically take two actions, one is how to select the next historical geographic location information to generate the question, and the other is to bring the system state to the above-mentioned termination state after all questions are asked. As an example, in one state, the system may select a set of historical geographic location information in a next question according to the description information of the geographic location corresponding to the historical geographic location information corresponding to the question in the current state and whether the user correctly answers the question, so as to enter the system into the next state.
In some alternative implementations of the present embodiment, the state transition function may describe the probability of transitioning to another state after taking an action in one state, where a deterministic state transition function may be employed. When the system state is the final state, a reward function can be given to the system according to the correctness of the judgment of the system on whether the user is the owner of the target account or not and other factors. As an example, if the goal of training the generation and decision model is to correctly identify the user, the system is given the same reward function when correctly identifying the real user and correctly rejecting the malicious user; if the goal of the training is to emphasize the correct rejection of malicious users, then a larger reward function may be given relative to the correct identification of real users when the system correctly rejects malicious users.
In some optional implementations of this embodiment, after the quadruple of the markov decision process is set, a training sample set may be acquired through an experimental method, and then the generation and decision model may be trained using a reinforcement learning method to find the optimal parameters of the model. For example, model training may be performed using a robust learning method such as Q-learning, which is a robust learning method based on value function estimation, and Policy Gradient, which is a strategy search robust learning method.
In some optional implementations of the embodiment, the electronic device may use the trained question generation and decision model to select historical geographic location information required to generate a question in a next state, and then generate a question related to the selected historical geographic location information. The quality of problem generation can be optimized by using the problem generation and decision model, and the accuracy of identity verification is improved.
In some optional implementation manners of this embodiment, the electronic device may determine a threshold of the number of times of sending the question to the request terminal by using the question generation and decision model, and the question generation and decision model may analyze each intermediate state in the state set to determine whether the system state may be brought into the termination state; if not, the frequency threshold value can be increased; if so, the numerical value of the frequency threshold may not be processed.
In some optional implementation manners of this embodiment, the electronic device may analyze each intermediate state in the state set by using the problem generation and decision model, determine whether there is enough description information to identify a real user or reject a malicious user, if so, bring the system into a termination state, and determine whether the request terminal has a usage right for the target account.
In this embodiment, after determining the threshold of the number of times of sending the question to the requesting terminal in step 202, the electronic device may detect whether the number of times of sending the question to the requesting terminal reaches the threshold of the number of times. If the number of times of sending the question to the request terminal is detected to be less than the number threshold, the step 202 can be continuously executed; if it is detected that the number of times of transmission of the question to the requesting terminal reaches the number threshold, step 204 may be executed.
And step 204, determining the accuracy of the answer information.
In this embodiment, if it is detected that the number of times of sending the question to the request terminal reaches the number threshold, the electronic device may obtain the number of times of correctly answering the question by the user who answers the question through the request terminal and the number of times of sending the question to the request terminal, divide the number of times of correctly answering the question by the number of times of sending the question to the request terminal, and use the obtained quotient as the accuracy of the answer information, and then execute step 205. For example, when 4 questions are sent to the user and the user answers 3 questions correctly, the accuracy rate is 0.75.
In this embodiment, after determining the accuracy of the answer information in step 204, the electronic device may determine whether the accuracy is greater than a preset accuracy threshold, and if the accuracy is greater than the accuracy threshold, may determine that the requesting terminal has the login authority for the target account, that is, it is determined that the user answering the question using the requesting terminal is the owner of the target account, and has the usage authority and the setting authority for the target account.
In this embodiment, after the electronic device determines that the requesting terminal has the login authority for the target account, a password resetting request may be sent to the requesting terminal, so that an owner of the target account can reset the target account through the requesting terminal.
According to the method provided by the embodiment of the application, historical geographic position information associated with a target account requested by a request terminal is obtained, the historical geographic position information is combined into a historical geographic position information set, then the historical geographic position information is selected from the historical geographic position information set to generate a question, and finally whether the request terminal has login authority for the target account is determined based on the answer condition of a user, so that the historical geographic position data of the target account is effectively utilized, more accurate identity authentication is realized, auxiliary equipment is not needed, and the authentication method is simple.
With continued reference to fig. 3, fig. 3 is a schematic diagram of an application scenario of the method for determining a right according to the present embodiment. In the application scenario of fig. 3, a user first sends a login request for a target account through a request terminal; then, the background authentication server may obtain, in the background, a historical geographic location information set uploaded by the associated terminal associated with the target account, where the obtained historical geographic location information set includes, for example, singapore china embassia, qinghua university, national theater, Changbai mountain, great connecting port, and the like; then, the "Changbai mountain" can be selected, and a question 301 related to the "Changbai mountain" is generated and sent to the requesting terminal; when the answer selected by the user is "Changbai mountain", the answer information of the user is matched with the question, and the background authentication server can select historical geographic location information "mansion building" associated with the description information with the minimum similarity to the description information of "Changbai mountain" from the historical geographic location information set as the historical geographic location information of the next question, and generate a question 302.
With further reference to FIG. 4, a flow 400 of yet another embodiment of a method for determining permissions is shown. The process 400 of the method for determining permissions includes the steps of:
In this embodiment, an electronic device (for example, a server shown in fig. 1) on which the method for determining an authority is executed may receive, through a wired connection manner or a wireless connection manner, a login authority request of a user for a target account from a requesting terminal with which the user performs identity authentication, and when detecting the login authority request for the target account sent by the requesting terminal, the electronic device may obtain historical geographic location information uploaded by an associated terminal associated with the target account, and form the obtained historical geographic location information into a historical geographic location information set. The target account is an account which the user claims to be the owner of the account and wants to log in. The related terminal associated with the target account may be a terminal on which the target account logs in a historical period of time. The historical geographic location information may be information of a geographic location visited by the associated terminal in a historical time period, such as a name of the geographic location, and the geographic location may be a POI, which is a dotted geographic entity in map data; the geographic position can also be AOI, and refers to a regional geographic entity in map data; the geographical location may also be a city, province, country, or the like.
In this embodiment, when a user forgets a password corresponding to the target account and makes an account declaration, the request terminal may send a login request for the target account to the electronic device by clicking a "retrieve password" icon on a screen of the request terminal; when the user logs in the target account by using the request terminal, a login request aiming at the target account can be sent to the electronic equipment by the request terminal.
In this embodiment, the owner of the target account may upload the visited geographic location information through the associated terminal, for example, the geographic location of the owner of the target account may be uploaded through a map application, a takeaway application, a social application, or another application that needs to upload a geographic location; and then, receiving the geographical position information uploaded by the associated terminal in real time, or acquiring the geographical position information uploaded by the associated terminal in a historical time period from a background server of other applications to generate a historical geographical position information set.
In this embodiment, after acquiring the historical geographic location information set in step 401, the electronic device may randomly select at least one piece of historical geographic location information from the historical geographic location information set to generate a question; or based on the crowd density of the historical geographic position corresponding to each piece of historical geographic position information of the visit or the number of the visiting crowd, selecting at least one piece of historical geographic position information from the historical geographic position information set to generate a problem, for example, selecting geographic position information corresponding to the historical geographic position with low crowd density or with small number of the visiting crowd; and selecting at least one piece of historical geographic position information from the historical geographic position information set to generate a problem based on the word frequency reverse file frequency of each piece of historical geographic position information in the historical geographic position information set, for example, selecting the historical geographic position information with high word frequency reverse file frequency. The word frequency-reverse file frequency can also be called as word frequency-reverse file frequency, and the main idea of the word frequency-reverse file frequency method is that if the frequency of a certain historical geographic position information appearing in the historical geographic position information set is high and the frequency of the certain historical geographic position information appearing in other historical geographic position information sets (historical geographic position information sets uploaded by terminals associated with other account numbers) is low, the historical geographic position information is considered to have good category distinguishing capability and is suitable for classification.
In this embodiment, the electronic device may generate a question related to the historical geographical location information selected in step 402, and transmit the generated question to the requesting terminal. The generated questions can be selection questions and judgment questions, and the selection questions can be single-choice questions or multi-choice questions. For example, when the selected historical geographical location information is "mansion building" and "liaoning building", the problem generated by the electronic device may be a multiple choice question "which of the following four locations you visited in the past month? A. Liaoning building B, Hubei building C, Shanxi building D, Xiamen building.
In this embodiment, after receiving the answer information for the question sent by the requesting terminal, the threshold number of times of sending the question to the requesting terminal may be determined based on whether the answer information matches with the correct answer to the question.
In this embodiment, the electronic device may first set a minimum number threshold and a maximum number threshold. When the electronic device determines that the answer information for the question sent by the request terminal matches the correct answer to the question, the threshold of the number of times the question is sent to the request terminal may be reduced. The electronic device may further determine whether the number threshold is equal to the minimum number threshold, and if the number threshold is equal to the minimum number threshold, the number threshold is not adjusted again after it is determined that the answer information for the question sent by the requesting terminal matches the correct answer to the question. When it is determined that the answer information for the question transmitted by the request terminal matches the correct answer to the question, the electronic device may not process the value of the time threshold.
In this embodiment, after sending the question to the requesting terminal, the electronic device may count the number of times of sending the question to the requesting terminal, then detect whether the number of times reaches the threshold number of times determined in step 404, and if the number of times reaches the threshold number of times, execute step 412; if the number threshold is not reached, step 406 is executed.
In this embodiment, the historical geographic location information may further include description information, where the description information is used to describe at least one of the following historical geographic locations corresponding to the historical geographic location information: building type, resident population number, and traffic density. The building types of the historical geographic positions can be industrial buildings, agricultural buildings, civil buildings (residential buildings, public buildings and the like) and the like; continuous variables in the resident population number and the people stream density can be discretized, and for example, the resident population number and the people stream density can be divided into three grades, namely high grade, medium grade and low grade. The description information may also include the nature of the geographic location, such as POI, AOI, city, province, country, etc. As an example, the description information of a hundredth building may be: the properties are as follows: POI, building type: civil buildings (office buildings), density of people stream: high, resident population: low.
In this embodiment, for each historical geographic location information in the historical geographic location information set, the electronic device may first obtain description information of a geographic location corresponding to the historical geographic location information, such as a building type, a resident population number, a people flow density, a nature, and the like; then, the similarity between the description information of the geographic position corresponding to the historical geographic position information and the description information of the historical geographic position information related to the problem currently sent to the request terminal can be determined. If all items described by the description information are different, it can be determined that the similarity between the description information of the geographical position corresponding to the historical geographical position information and the description information of the historical geographical position information related to the problem currently sent to the request terminal is low; if all items described by the description information are the same, it can be determined that the similarity between the description information of the geographical position corresponding to the historical geographical position information and the description information of the historical geographical position information related to the problem currently sent to the request terminal is high. The electronic device may count the number of the same items in the description information, and obtain the similarity by dividing the number of the same items by the number of all items, for example, if the description information of the a geographic location information and the B geographic location information includes building types, resident population numbers, people flow density and properties, and only the building types in the description information of the a geographic location information and the B geographic location information are the same, it may be determined that the similarity between the a geographic location information and the B geographic location information is 0.25.
Step 407 determines whether the answer information for the transmitted question matches the transmitted question.
In this embodiment, after determining the similarity in step 406, the electronic device may determine whether the answer information matches with a correct answer to the question, and if so, execute step 408 or step 409; if not, go to step 410 or step 411.
As an example, when the generated question is "which of the following four locations you visited within the past month? A. Liaoning building B, Hubei building C, Shanxi building D, Xiamen building, when the correct answer of the question is "A, Liaoning building", if the answer information of the user is "A, Liaoning building", then it can be determined that the answer information matches the sent question; otherwise, the answer information is determined not to match the transmitted question.
Step 408, selecting historical geographic position information associated with the description information with the similarity smaller than a preset first similarity threshold value from the historical geographic position information set as historical geographic position information.
In this embodiment, when it is determined in step 407 that the answer information matches the correct answer to the question, historical geographic location information associated with description information having a similarity smaller than a preset first similarity threshold may be selected from the historical geographic location information set as historical geographic location information.
And 409, selecting the historical geographic position information associated with the first preset number of pieces of description information from the historical geographic position information set as historical geographic position information according to the sequence of similarity from small to large.
In this embodiment, when it is determined in step 407 that the answer information matches the correct answer to the question, historical geographic location information associated with a first preset number of pieces of description information may be selected from the historical geographic location information set according to a descending order of similarity as historical geographic location information.
Step 410, selecting historical geographic position information associated with the description information with the similarity greater than a preset second similarity threshold value from the historical geographic position information set as historical geographic position information.
In this embodiment, when it is determined in step 407 that the answer information does not match the correct answer to the question, historical geographic location information associated with description information having a similarity greater than a preset second similarity threshold may be selected from the historical geographic location information set as the historical geographic location information.
In this embodiment, when it is determined in step 407 that the answer information does not match the correct answer to the question, historical geographic location information associated with a second preset number of pieces of description information may be selected from the historical geographic location information set according to the descending order of similarity as historical geographic location information.
In step 412, the accuracy of the response message is determined.
In this embodiment, if it is detected in step 405 that the number of times of sending the question to the request terminal reaches the number threshold, the electronic device may obtain the number of times of correctly answering the question by the user who answers the question through the request terminal and the number of times of sending the question to the request terminal, divide the number of times of correctly answering the question by the number of times of sending the question to the request terminal, and use the obtained quotient as the accuracy of the answer information, and then execute step 413.
In step 413, if the accuracy is greater than the preset accuracy threshold, it is determined that the requesting terminal has the login authority for the target account.
In this embodiment, after determining the accuracy of the answer information in step 412, the electronic device may determine whether the accuracy is greater than a preset accuracy threshold, and if the accuracy is greater than the accuracy threshold, may determine that the requesting terminal has the login authority for the target account, that is, it is determined that the user answering the question using the requesting terminal is the owner of the target account, and has the usage authority and the setting authority for the target account.
In this embodiment, after the electronic device determines that the requesting terminal has the login authority for the target account, a password resetting request may be sent to the requesting terminal, so that an owner of the target account can reset the target account through the requesting terminal.
As can be seen from fig. 4, compared with the embodiment corresponding to fig. 2, the flow 400 of the method for determining authority in the present embodiment highlights the step of selecting historical geographic location information from the historical geographic location information set. Therefore, the scheme described in the embodiment can generate better quality problems, thereby further improving the accuracy of identity verification.
With further reference to fig. 5, as an implementation of the method shown in the above-mentioned figures, the present application provides an embodiment of an apparatus for determining an authority, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 5, the apparatus 500 for determining rights of the present embodiment includes: an obtaining unit 501, an authentication unit 502, a feedback unit 503, a first determination unit 504 and a second determination unit 505. The obtaining unit 501 is configured to, in response to receiving a login request of a requesting terminal for a target account, obtain a set of historical geographic location information uploaded by an associated terminal associated with the target account; the authentication unit 502 is configured to perform the following authentication steps: selecting historical geographic position information from a historical geographic position information set, generating a question related to the selected historical geographic position information, sending the question to a request terminal, and determining a frequency threshold value for sending the question to the request terminal based on whether answer information aiming at the question sent by the request terminal is matched with the question; the feedback unit 503 is configured to continue to perform the authentication step in response to the number of times of sending the question to the requesting terminal not reaching the number threshold; the first determining unit 504 is configured to determine a correct rate of the answer information in response to the number of times of sending the question to the requesting terminal reaching a number threshold; the second determining unit 505 is configured to determine that the requesting terminal has the login authority for the target account if the accuracy is greater than a preset accuracy threshold.
In this embodiment, the obtaining unit 501 of the apparatus 500 for determining an authority may receive, through a wired connection manner or a wireless connection manner, a login authority request of a user for a target account from a requesting terminal with which the user performs identity authentication, and when detecting the login authority request for the target account sent by the requesting terminal, the electronic device may obtain historical geographic location information uploaded by an associated terminal associated with the target account, and form the obtained historical geographic location information into a historical geographic location information set. The target account is an account which the user claims to be the owner of the account and wants to log in. The related terminal associated with the target account may be a terminal on which the target account logs in a historical period of time. The historical geographic location information may be information of a geographic location visited by the associated terminal in a historical time period, such as a name of the geographic location, and the geographic location may be a POI and refers to a dotted geographic entity in the map data; the geographic position can also be AOI, and refers to a regional geographic entity in map data; the geographical location may also be a city, province, country, or the like.
In this embodiment, after the obtaining unit 501 obtains the historical geographic location information set, the authenticating unit 502 may perform the following authentication steps: firstly, at least one piece of historical geographic position information can be selected from the historical geographic position information set; then, generating a question related to the selected historical geographic position information, and sending the generated question to the request terminal; finally, after receiving the answer information for the question transmitted by the requesting terminal, the threshold number of times of transmitting the question to the requesting terminal may be determined based on whether the answer information matches the correct answer to the question.
In this embodiment, after the authentication unit 502 determines the threshold of the number of times of sending the question to the requesting terminal, the feedback unit 503 may detect whether the number of times of sending the question to the requesting terminal reaches the threshold of the number of times. If the number of times of sending the question to the requesting terminal is detected to be less than the number threshold, the authentication step may be continuously performed by the authentication unit 502.
In this embodiment, if it is detected that the number of times of sending the question to the requesting terminal reaches the number-of-times threshold, the first determining unit 504 may obtain the number of times of correctly answering the question by the user who answers the question by the requesting terminal and the number of times of sending the question to the requesting terminal, and then divide the number of times of correctly answering the question by the number of times of sending the question to the requesting terminal, and use the obtained quotient as the accuracy of the answer information.
In this embodiment, after the first determining unit 504 determines the accuracy of the answer information, the second determining unit 505 may determine whether the accuracy is greater than a preset accuracy threshold, and if the accuracy is greater than the accuracy threshold, may determine that the requesting terminal has the login authority for the target account, that is, it is determined that the user answering the question using the requesting terminal is the owner of the target account, and has the usage authority and the setting authority for the target account.
In some optional implementations of this embodiment, the authentication unit 502 may select the historical geolocation information in the next authentication step from the historical geolocation information set based on historical geolocation information associated with the question sent to the requesting terminal in the current authentication step and whether the answer information to the sent question matches the sent question.
In some optional implementation manners of this embodiment, the historical geographic location information may further include description information, where the description information is used to describe at least one of the following historical geographic locations corresponding to the historical geographic location information: building type, resident population number, and traffic density. The building types of the historical geographic positions can be industrial buildings, agricultural buildings, civil buildings and the like; continuous variables in the resident population number and the people stream density can be discretized, and for example, the resident population number and the people stream density can be divided into three grades, namely high grade, medium grade and low grade. The description information may also include the nature of the geographic location, such as POI, AOI, city, province, country, etc.
In some optional implementation manners of this embodiment, the authentication unit 502 may further include a determining module 5021 and a first selecting module 5022. For each historical geographic location information in the historical geographic location information set, the determining module 5021 may first obtain description information of a geographic location corresponding to the historical geographic location information, such as a building type, a resident population number, a people flow density, a nature, and the like; then, the similarity between the description information of the geographic position corresponding to the historical geographic position information and the description information of the historical geographic position information related to the problem currently sent to the request terminal can be determined. If all items described by the description information are different, it can be determined that the similarity between the description information of the geographical position corresponding to the historical geographical position information and the description information of the historical geographical position information related to the problem currently sent to the request terminal is low; if all items described by the description information are the same, it can be determined that the similarity between the description information of the geographical position corresponding to the historical geographical position information and the description information of the historical geographical position information related to the problem currently sent to the request terminal is high. The electronic equipment can also count the number of the same items in the description information, and the similarity is obtained by dividing the number of the same items by the number of all the items. When the determining module 5021 determines that the answer information matches with the correct answer to the question, the first selecting module 5022 may select historical geographic location information associated with description information with similarity smaller than a preset first similarity threshold from the historical geographic location information set as historical geographic location information; the first selecting module 5022 may also select historical geographic location information associated with a first preset number of pieces of description information from the historical geographic location information set according to a descending order of similarity as historical geographic location information.
In some optional implementation manners of this embodiment, the authentication unit 502 may further include a second selecting module 5023. When the determining module 5021 determines that the answer information does not match the correct answer to the question, the second selecting module 5023 may select historical geographic location information associated with description information with similarity greater than a preset second similarity threshold from a historical geographic location information set as historical geographic location information; the second selecting module 5023 may also select, from the historical geographic location information set, the historical geographic location information associated with a second preset number of pieces of description information as the historical geographic location information according to a descending order of similarity.
In some optional implementations of this embodiment, when the authentication unit 502 determines that the answer information for the question sent by the requesting terminal does not match the correct answer to the question, the threshold of the number of times of sending the question to the requesting terminal may be increased. The authentication unit 502 may further determine whether the time threshold is equal to the maximum time threshold, and if the time threshold is equal to the maximum time threshold, the time threshold is not adjusted again after it is determined that the response information sent by the requesting terminal for the question does not match the correct answer to the question.
In some optional implementations of this embodiment, the authentication unit 502 may use the trained question generation and decision model to select historical geographic location information required for generating a question in a next state, and then generate a question related to the selected historical geographic location information. The quality of problem generation can be optimized by using the problem generation and decision model, and the accuracy of identity verification is improved.
In some optional implementation manners of this embodiment, the authentication unit 502 may determine a threshold of the number of times of sending the question to the requesting terminal by using the question generation and decision model, where the question generation and decision model may analyze each intermediate state in the state set to determine whether the system state may be brought into the termination state; if not, the frequency threshold value can be increased; if so, the numerical value of the frequency threshold may not be processed.
In some optional implementation manners of this embodiment, the second determining unit 505 may analyze each intermediate state in the state set by using the problem generation and decision model, determine whether there is enough description information to identify a real user or reject a malicious user, and if so, bring the system into a termination state, and determine whether the requesting terminal has a usage right for the target account.
Referring now to FIG. 6, a block diagram of a computer system 600 suitable for use as a server in implementing embodiments of the present invention is shown. The server shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU)601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. The computer program performs the above-described functions defined in the method of the present application when executed by a Central Processing Unit (CPU) 601. It should be noted that the computer readable medium mentioned above in the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software or hardware. The described units may also be provided in a processor, and may be described as: a processor includes an acquisition unit, an authentication unit, a feedback unit, a first determination unit, and a second determination unit. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves. For example, the first determination unit may also be described as a "unit that determines the correct rate of the answer information in response to the number of times of sending the question to the requesting terminal reaching the number threshold".
As another aspect, the present application also provides a computer-readable medium, which may be contained in the apparatus described in the above embodiments; or may be present separately and not assembled into the device. The computer readable medium carries one or more programs which, when executed by the apparatus, cause the apparatus to: in response to receiving a login request of a request terminal for a target account, acquiring a historical geographic position information set uploaded by an associated terminal associated with the target account; the following authentication steps are performed: selecting historical geographic position information from a historical geographic position information set, generating a question related to the selected historical geographic position information, sending the question to a request terminal, and determining a frequency threshold value for sending the question to the request terminal based on whether answer information aiming at the question sent by the request terminal is matched with the question; responding to the times of sending the problems to the request terminal not reaching the times threshold value, and continuing to execute the authentication step; determining the accuracy of the answer information in response to the number of times of sending the question to the request terminal reaching a number threshold; and if the accuracy is greater than a preset accuracy threshold, determining that the request terminal has the login authority for the target account.
The foregoing description is only exemplary of the preferred embodiments of the invention and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention according to the present invention is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is possible without departing from the scope of the invention as defined by the appended claims. For example, the above features and (but not limited to) features having similar functions disclosed in the present invention are mutually replaced to form the technical solution.
Claims (16)
1. A method for determining permissions, the method comprising:
in response to receiving a login request of a request terminal for a target account, acquiring a historical geographic position information set, wherein the historical geographic position information set comprises historical geographic position information uploaded by an associated terminal associated with the target account;
the following authentication steps are performed: selecting historical geographic position information from the historical geographic position information set, generating a question related to the selected historical geographic position information, sending the question to the request terminal, and determining a frequency threshold value for sending the question to the request terminal based on whether answer information aiming at the question sent by the request terminal is matched with the question;
responding to the times of sending questions to the request terminal not reaching the time threshold value, and continuously executing the authentication step;
determining the accuracy of the answer information in response to the number of times of sending the question to the request terminal reaching the number threshold;
if the accuracy is greater than a preset accuracy threshold, determining that the request terminal has the login authority for the target account; wherein,
selecting historical geographical location information from the historical geographical location information set, and generating a question related to the selected historical geographical location information, wherein the question comprises:
selecting historical geographic position information from the historical geographic position information set by utilizing a pre-trained question generation and decision model, and generating a question related to the selected historical geographic position information, wherein the question generation and decision model is established by applying a Markov decision process and is trained by utilizing a reinforcement learning method, and the generated question is related to the answer situation of a user for the historical question and the description information of the address position corresponding to the historical geographic position information corresponding to the historical question.
2. The method of claim 1, wherein selecting historical geographic location information from the set of historical geographic location information comprises:
and selecting historical geographic position information in the next authentication step from the historical geographic position information set based on whether historical geographic position information associated with the question sent to the request terminal in the current authentication step and answer information aiming at the sent question are matched with the sent question or not.
3. The method according to claim 2, wherein the historical geographical location information comprises description information, and the description information is used for describing at least one of the following geographical locations corresponding to the historical geographical location information: building type, resident population number and people stream density; and
the selecting historical geographical location information in the next authentication step from the historical geographical location information set based on whether the historical geographical location information associated with the question sent to the request terminal in the current authentication step and the answer information aiming at the sent question are matched with the sent question, includes:
acquiring description information of a geographical position corresponding to the historical geographical position information aiming at each historical geographical position information in the historical geographical position information set, and determining the similarity between the description information of the geographical position corresponding to the historical geographical position information and the description information of the geographical position corresponding to the historical geographical position information related to the problem sent to the request terminal in the current authentication step;
if the answer information aiming at the sent question is matched with the sent question, selecting historical geographic position information associated with description information with the similarity smaller than a preset first similarity threshold value from the historical geographic position information set as historical geographic position information in the next authentication step, or selecting the historical geographic position information associated with the description information with the first preset number as the historical geographic position information in the next authentication step according to the sequence of the similarity from small to large.
4. The method according to claim 3, wherein the selecting historical geolocation information in a next authentication step from the set of historical geolocation information based on historical geolocation information associated with a question sent to the requesting terminal in a current authentication step and whether answer information to the sent question matches the sent question, further comprises:
if the answer information aiming at the sent question is not matched with the sent question, selecting historical geographic position information associated with description information with similarity larger than a preset second similarity threshold value from the historical geographic position information set as historical geographic position information in the next authentication step, or selecting the historical geographic position information associated with a second preset number of description information as the historical geographic position information in the next authentication step according to the sequence of similarity from large to small.
5. The method of claim 1, wherein determining a threshold number of times to send a question to the requesting terminal based on whether answer information sent by the requesting terminal for the question matches the question comprises:
and if the answer information aiming at the question sent by the request terminal is not matched with the question, increasing the threshold value of the number of times of sending the question to the request terminal.
6. The method of claim 1, wherein determining the threshold number of times to send the question to the requesting terminal comprises:
and determining a threshold value of the times of sending the problems to the request terminal by using the problem generation and decision model.
7. The method according to claim 1 or 6, wherein the determining that the requesting terminal has the right to use the target account comprises:
and determining that the request terminal has the use authority of the target account by utilizing the problem generation and decision model.
8. An apparatus for determining permissions, the apparatus comprising:
the system comprises an acquisition unit, a processing unit and a display unit, wherein the acquisition unit is configured to respond to a received login request of a request terminal for a target account, and acquire a historical geographic position information set, wherein the historical geographic position information set comprises historical geographic position information uploaded by an associated terminal associated with the target account;
an authentication unit configured to perform the following authentication steps: selecting historical geographic position information from the historical geographic position information set, generating a question related to the selected historical geographic position information, sending the question to the request terminal, and determining a frequency threshold value for sending the question to the request terminal based on whether answer information aiming at the question sent by the request terminal is matched with the question;
a feedback unit configured to continue to execute the authentication step in response to the number of times of sending the question to the request terminal not reaching the number threshold;
a first determination unit configured to determine a correct rate of answer information in response to the number of times of sending the question to the request terminal reaching the number threshold;
the second determining unit is configured to determine that the request terminal has the login authority for the target account if the accuracy is greater than a preset accuracy threshold; wherein,
the authentication unit is further configured to:
selecting historical geographic position information from the historical geographic position information set by utilizing a pre-trained question generation and decision model, and generating a question related to the selected historical geographic position information, wherein the question generation and decision model is established by applying a Markov decision process and is trained by utilizing a reinforcement learning method, and the generated question is related to the answer situation of a user for the historical question and the description information of the address position corresponding to the historical geographic position information corresponding to the historical question.
9. The apparatus of claim 8, wherein the authentication unit is further configured to:
and selecting historical geographic position information in the next authentication step from the historical geographic position information set based on whether historical geographic position information associated with the question sent to the request terminal in the current authentication step and answer information aiming at the sent question are matched with the sent question or not.
10. The apparatus according to claim 9, wherein the historical geographic location information includes description information, and the description information is used to describe at least one of the following geographic locations corresponding to the historical geographic location information: building type, resident population number and people stream density; and
the authentication unit comprises:
a determining module, configured to acquire, for each piece of historical geographic location information in the historical geographic location information set, description information of a geographic location corresponding to the historical geographic location information, and determine a similarity between the description information of the geographic location corresponding to the historical geographic location information and description information of a geographic location corresponding to historical geographic location information associated with a problem sent to the requesting terminal in the current authentication step;
and the first selection module is configured to select historical geographic position information associated with description information with similarity smaller than a preset first similarity threshold value from the historical geographic position information set as historical geographic position information in the next authentication step if answer information for the sent question is matched with the sent question, or select historical geographic position information associated with a first preset number of description information as historical geographic position information in the next authentication step according to the sequence of similarity from small to large.
11. The apparatus of claim 10, wherein the authentication unit further comprises:
and the second selection module is configured to select historical geographic position information associated with description information with similarity greater than a preset second similarity threshold value from the historical geographic position information set as historical geographic position information in the next authentication step if the answer information for the sent question is not matched with the sent question, or select historical geographic position information associated with a second preset number of description information as historical geographic position information in the next authentication step according to the sequence of similarity from large to small.
12. The apparatus of claim 8, wherein the authentication unit is further configured to:
and if the answer information aiming at the question sent by the request terminal is not matched with the question, increasing the threshold value of the number of times of sending the question to the request terminal.
13. The apparatus of claim 8, wherein the authentication unit is further configured to:
and determining a threshold value of the times of sending the problems to the request terminal by using the problem generation and decision model.
14. The apparatus according to claim 8 or 13, wherein the second determining unit is further configured to:
and determining that the request terminal has the use authority of the target account by utilizing the problem generation and decision model.
15. A server, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
16. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710232975.0A CN107018138B (en) | 2017-04-11 | 2017-04-11 | Method and device for determining rights |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710232975.0A CN107018138B (en) | 2017-04-11 | 2017-04-11 | Method and device for determining rights |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107018138A CN107018138A (en) | 2017-08-04 |
CN107018138B true CN107018138B (en) | 2020-12-08 |
Family
ID=59445955
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710232975.0A Active CN107018138B (en) | 2017-04-11 | 2017-04-11 | Method and device for determining rights |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107018138B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108712413B (en) * | 2018-05-15 | 2021-08-31 | 上海掌门科技有限公司 | Identity verification method and equipment |
CN109684811B (en) | 2018-12-26 | 2021-04-13 | 巽腾(广东)科技有限公司 | Identity recognition method and device for fixed-point authorization and server |
CN110247808B (en) * | 2019-06-27 | 2024-04-09 | 深圳前海微众银行股份有限公司 | Information transmission method, device, equipment and readable storage medium |
CN110659500A (en) * | 2019-08-13 | 2020-01-07 | 平安国际智慧城市科技股份有限公司 | Server security detection method and device, computer equipment and storage medium |
CN111343162B (en) * | 2020-02-14 | 2021-10-08 | 深圳壹账通智能科技有限公司 | System secure login method, device, medium and electronic equipment |
CN112121412B (en) * | 2020-09-15 | 2024-05-17 | 北京智明星通科技股份有限公司 | Rapid login method and system of game account and game device |
CN112613020B (en) * | 2020-12-31 | 2024-05-28 | 中国农业银行股份有限公司 | Identity verification method and device |
CN115270169B (en) * | 2022-05-18 | 2023-06-13 | 蔓之研(上海)生物科技有限公司 | Decompression method and system for gene data |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101075985A (en) * | 2007-02-08 | 2007-11-21 | 腾讯科技(深圳)有限公司 | Instant telecommunication system, server and instant telecommunication method when safety access |
CN103532797A (en) * | 2013-11-06 | 2014-01-22 | 网之易信息技术(北京)有限公司 | Abnormity monitoring method and device for user registration |
CN104065619A (en) * | 2013-03-20 | 2014-09-24 | 联想(北京)有限公司 | Login method and device |
CN104519032A (en) * | 2013-09-30 | 2015-04-15 | 深圳市腾讯计算机系统有限公司 | Internet account safety policy and system |
CN105471581A (en) * | 2014-09-10 | 2016-04-06 | 阿里巴巴集团控股有限公司 | Identity verification method and device |
CN106453206A (en) * | 2015-08-07 | 2017-02-22 | 阿里巴巴集团控股有限公司 | Identity verification method and identity verification device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100306821A1 (en) * | 2009-05-29 | 2010-12-02 | Google, Inc. | Account-recovery technique |
-
2017
- 2017-04-11 CN CN201710232975.0A patent/CN107018138B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101075985A (en) * | 2007-02-08 | 2007-11-21 | 腾讯科技(深圳)有限公司 | Instant telecommunication system, server and instant telecommunication method when safety access |
CN104065619A (en) * | 2013-03-20 | 2014-09-24 | 联想(北京)有限公司 | Login method and device |
CN104519032A (en) * | 2013-09-30 | 2015-04-15 | 深圳市腾讯计算机系统有限公司 | Internet account safety policy and system |
CN103532797A (en) * | 2013-11-06 | 2014-01-22 | 网之易信息技术(北京)有限公司 | Abnormity monitoring method and device for user registration |
CN105471581A (en) * | 2014-09-10 | 2016-04-06 | 阿里巴巴集团控股有限公司 | Identity verification method and device |
CN106453206A (en) * | 2015-08-07 | 2017-02-22 | 阿里巴巴集团控股有限公司 | Identity verification method and identity verification device |
Also Published As
Publication number | Publication date |
---|---|
CN107018138A (en) | 2017-08-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107018138B (en) | Method and device for determining rights | |
US10587591B2 (en) | Generating a password | |
CN101517557B (en) | Methods and apparatuses for managing resources within a virtual room | |
TWI733217B (en) | Push and display method, device and equipment of login method | |
US11310236B2 (en) | Deriving confidence scores based on device sharing | |
US10939228B2 (en) | Mobile device location proofing | |
CN113268336B (en) | Service acquisition method, device, equipment and readable medium | |
CN104333530B (en) | Information credibility verification method and device | |
CN109698809A (en) | A kind of recognition methods of account abnormal login and device | |
CN109857943B (en) | Permission level determination method and device, computer equipment and readable storage medium | |
CN112311841A (en) | Information pushing method and device, electronic equipment and computer readable medium | |
US11665316B2 (en) | Obfuscation during video conferencing | |
US20200257788A1 (en) | Location-based, context-aware challenge-response authentication | |
CN104184709A (en) | Verification method, device, server, service data center and system | |
US20220343218A1 (en) | Input-Encoding with Federated Learning | |
CN113779550A (en) | Account verification method and device, electronic equipment and computer readable medium | |
US11283806B2 (en) | Adaptive security system | |
CN107256231A (en) | A kind of Team Member's identification equipment, method and system | |
US10685131B1 (en) | User authentication | |
CN113722738A (en) | Data protection method, device, medium and electronic equipment | |
CN113779346A (en) | Method and device for identifying one person with multiple accounts | |
CN109714770B (en) | Method and apparatus for transmitting information | |
CN110705635A (en) | Method and apparatus for generating an isolated forest | |
CN108234471B (en) | Group entry verification method, group entry verification device, computer device and computer-readable storage medium | |
US12114150B2 (en) | Authenticated communications device to tie real-world and digital identities |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |