CN107317682A - A kind of identity identifying method and system - Google Patents

A kind of identity identifying method and system Download PDF

Info

Publication number
CN107317682A
CN107317682A CN201710325270.3A CN201710325270A CN107317682A CN 107317682 A CN107317682 A CN 107317682A CN 201710325270 A CN201710325270 A CN 201710325270A CN 107317682 A CN107317682 A CN 107317682A
Authority
CN
China
Prior art keywords
user
information
fixed reference
reference feature
mouse
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710325270.3A
Other languages
Chinese (zh)
Inventor
史展
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Yi Tu Technology Co., Ltd.
Original Assignee
史展
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 史展 filed Critical 史展
Priority to CN201710325270.3A priority Critical patent/CN107317682A/en
Publication of CN107317682A publication Critical patent/CN107317682A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Abstract

The invention discloses a kind of identity identifying method and system, methods described includes obtaining the biological data of user, and the biological data includes shift action data of the user to mouse and the hammer action data to keyboard;By biological data analyzing and processing generation target signature information;The target signature information and fixed reference feature information are contrasted, if the target signature information and the fixed reference feature information have deviation, the deviation and the relation of multiple threshold ranges of setting is judged;The fixed reference feature information includes user and moves characteristic information corresponding with the behavioral characteristic tapped to keyboard to mouse;The identity of user according to judged result certification.The present invention can control access of the user to computer;Also, malicious intrusions behavior is further highly accurately monitored, the situation that user account number/password is stolen by the blabber of hacker or organization internal is constantly protected and monitor.In a word, the present invention can carry out network protection comprehensively and in real time.

Description

A kind of identity identifying method and system
Technical field
The present invention relates to technical field of data processing, more particularly to a kind of identity identifying method and system.
Background technology
The fast development of networking technology changes people and uses the mode of computer, and makes people more convenient in the whole world In the range of obtain information and resource anywhere or anytime, while this also increases malicious attack and invasion occur chance.Therefore, protect Demonstrate,proving the reliability of user identity in internet turns into an important problem.
Because of the development of computer and network technologies, traditional identity verification scheme can not be met in current network conditions For the security requirement of authentication;Existing identity identifying technology mainly includes three classes, has been utilized respectively different information: 1) recall info, such as password, PIN;2) auxiliary equipment, such as ID cards, token;3) biological characteristic, such as fingerprint, iris etc..This A little traditional identification technologies itself have defect, for user name cryptography scheme, and password is difficult to remember and easily mix up And leakage, ID card needs carry with and easily it is stolen or by crack cause failure, while this scheme does not ensure that user The uniqueness of identity, and in token having scheme, having is easily lost, and there is a possibility that to copy;It is i.e. any can It can be logged in the people for obtaining user name password on network with the identity of the user, and access its obtained resource; For the biometrics based on physical features, it is relatively complicated that these schemes implement process, and most of all needs The hardware devices for wanting some complicated, expensive, such as finger-print recognising instrument etc., its hardware cost is higher.While these authentication techniques It is most of all to may not apply under internet environment.
In consideration of it, researcher is still constantly looking for new authentication means and method.It is wherein defeated based on computer Enter the authentication method of behavioural characteristic, can be straight in current most computers system because extra equipment need not be added Socket part is affixed one's name to, and implements glitch-free monitoring, is increasingly becoming the new focus in authentication research.
The content of the invention
In order to solve the above-mentioned technical problem, the present invention proposes a kind of identity identifying method and system.
The present invention is realized with following technical scheme:
First aspect provides a kind of identity identifying method, and methods described includes:
Obtain the biological data of user, the biological data include user to the shift action data of mouse and To the hammer action data of keyboard;
By biological data analyzing and processing generation target signature information;
The target signature information and fixed reference feature information are contrasted, if the target signature information is believed with the fixed reference feature There is deviation in breath, then judge the deviation and the relation of multiple threshold ranges of setting;The fixed reference feature information includes user Characteristic information corresponding with the behavioral characteristic tapped to keyboard is moved to mouse;
The identity of user according to judged result certification.
Further, it is described to judge that the deviation and the relation of multiple threshold ranges of setting include:
First threshold scope is set, if the deviation is located at the first threshold scope, certification active user is true User;
Second Threshold scope is set, if the deviation is located at the Second Threshold scope, alarm signal is sent, certification is worked as Preceding user is user to be identified, proceeds the comparison of target signature information and fixed reference feature information;
The 3rd threshold range is set, if the deviation is located at the 3rd threshold range, certification active user is mistake User, sends locking signal, and the client end interface of user's current operation is locked
Further, the contrast target signature information and fixed reference feature information, include before:
Obtain the client user's a large amount of actions moved to mouse collected and keyboard is tapped it is a large amount of Action;
Believed by analyzing user's a large amount of action messages moved to mouse and a large amount of actions tapped to keyboard Breath, generates the fixed reference feature information.
Or including:
Obtain the Training scene of user on the client and be trained the training data drawn;
The fixed reference feature information is generated according to the information of the training data.
Further, the biological data for obtaining user, includes before:
Judge whether user have input biological data, if so, then gathering the biological data by client.
Further, in addition to:By user's identity judged result each time and the target signature information gathered each time Stored in the form of a list.
Inspect the passing log-on message and authentication information of the user.
Second aspect provides a kind of identity authorization system, including:Biological information acquisition module, the life for obtaining user Thing information data;The biological data includes shift action data of the user to mouse and the hammer action number to keyboard According to;
Biological information modular converter, by biological data analyzing and processing generation target signature information;
Feature comparing module, for contrasting the target signature information and fixed reference feature information, if the target signature is believed There is deviation in breath and the fixed reference feature information, then judge the deviation and the relation of multiple threshold ranges of setting;The ginseng Examine characteristic information and characteristic information corresponding with the behavioral characteristic tapped to keyboard is moved to mouse including user;
Identity judge module, the identity for the user according to judged result certification.
Further, the identity judge module includes:
First threshold judging unit, for setting first threshold scope, if the deviation is located at the first threshold scope, Then certification active user is real user;
Second Threshold judging unit, for setting Second Threshold scope, if the deviation is located at the Second Threshold scope, Alarm signal is then sent, certification active user is user to be identified, proceeds target signature information and fixed reference feature information Compare;
3rd threshold decision unit, for setting the 3rd threshold range, if the deviation is located at the 3rd threshold range, Then certification active user is erroneous user, sends locking signal, and the client end interface of user's current operation is locked.
Further, the feature comparing module includes:
Collection acts acquiring unit, for obtain a large amount of actions that the user that client is collected moves to mouse and The a large amount of actions tapped to keyboard;
First fixed reference feature generation unit, for by analyzing a large amount of action messages that user moves to mouse and right A large amount of action messages that keyboard is tapped, generate the fixed reference feature information.
Or including:
Training data acquisition module, obtains the Training scene of user on the client and is trained the training data drawn;
Second fixed reference feature generation unit, the fixed reference feature information is generated according to the information of the training data.
Further, the biological information acquisition module, including biological information input judging unit, for judging that user is It is no to have input biological data, if so, then gathering the biological data by client.
Further, in addition to:
First memory module, for the identity judged result of user each time to be stored in the form of a list;
Second memory module, for the target signature information gathered each time to be stored in the form of a list.
Information inspects module, passing log-on message and authentication information for inspecting the user.
The present invention has following beneficial effect:
(1) by technical scheme, company and tissue can monitor the whereabouts of user in internal network with it, And access of the user to computer, operation of the Organization Error Analysis user to computer can be controlled.
(2) by technical scheme, constantly user identity can be authenticated, constantly protects and monitor and use The situation that family account number/password is stolen by the blabber of hacker or organization internal.
(3) technical scheme, system manager can monitor user in current internal network by administration interface The login situation of account number, understands possible account and gives away secrets case in time, and then takes action and prevent the infringement row for the person of stealing secret information For.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, makes required in being described below to embodiment Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for For those of ordinary skill in the art, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings Accompanying drawing.
Fig. 1 is a kind of method flow diagram for identity identifying method that embodiment one is provided;
Fig. 2 is method flow of the server end according to the identity of user according to judged result certification in embodiment one Figure;
Fig. 3 is the server end contrast target signature information and include before fixed reference feature information one in embodiment one The flow chart of the method for kind;
Fig. 4 be in embodiment one server end contrast the target signature information with include before fixed reference feature information it is another A kind of flow chart of method;
Fig. 5 is a kind of method flow diagram for identity identifying method that embodiment two is provided;
Fig. 6 is a kind of system block diagram for identity authorization system that embodiment three is provided;
Fig. 7 is the system block diagram for another identity authorization system that embodiment three is provided.
In figure:110- biological information acquisition modules, 111- biological informations input judging unit, 120- biological information moduluss of conversion Block, 130- feature comparing modules, 131- collections action acquiring unit, 132- the first fixed reference feature generation units, 133- training numbers According to acquisition module, 134- the second fixed reference feature generation units, 140- identity judge modules, 141- first threshold judging units, 142- Second Threshold judging units, the threshold decision units of 143- the 3rd, the memory modules of 150- first, the memory modules of 160- second, 170- information inspects module.
Embodiment
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention Accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people The every other embodiment that member is obtained under the premise of creative work is not made, should all belong to the model that the present invention is protected Enclose.
It should be noted that term " comprising " and " having " and their any deformation, it is intended that covering is non-exclusive Include, for example, the process, method, system, product or the equipment that contain series of steps or unit are not necessarily limited to clearly arrange Those steps or unit gone out, but may include not listing clearly or solid for these processes, method, product or equipment The other steps or unit having.
Embodiment one:
Authentication is the first line of defence of computer security, network security, for a long time, and people are studying this side always The technology in face, it is intended to find a kind of safe, reliable, feasible identification authentication mode to meet demand for security.Biological identification It is user identity authentication technique popular in recent years, and is gradually paid close attention to.From initial fingerprint recognition, sound finally The identification of sound, gesture, palmmprint, iris and face etc., these biological identifications hardware installation and need on spend financial resources and Training, hardly enters general business and personal user field, is unfavorable for the implementation and popularization of system.
At present, the authentication method based on computer input behavioural characteristic, with salient feature, such as:Behavior is difficult to Imitate, behavior is without memory, and behavioral data amount is more, and behavior password does not have obvious feature;Without extras, and Can directly it be disposed in current most computers system;Keyboard is combined again and mouse popularity rate is high, so, by monitoring User's keyboard key stroke feature or mouse behavioural characteristic, new to one of user's progress identification as biological identification field Study hotspot.
As shown in figure 1, present embodiments providing a kind of identity identifying method, methods described includes:
S101. server end obtains the biological data of user by client, and the biological data includes using Shift action data of the family to mouse and the hammer action data to keyboard;
Particularly, client-side program, which is deployed in Intranet, needs on computer to be protected.After User logs in, client Program is by automatic start and starts to collect the biological data of user and send server to analyze.Wherein, number It is fully transparent to user according to the whole process collected and transmitted, and other programs or the performance generation that user will not be used Significant impact.
S102. biological data analyzing and processing is generated target signature information by server end;
User is acquired to mouse and keyboard by client first and trains behavioral data, then with the support optimized Vector machine SVM combined mouse keyboard Two indices carry out authentication to the user of the system.
S103. server real-time reception and calculate client transmissions come user target signature information data,
S104. server end contrasts the target signature information and fixed reference feature information, if the target signature information with There is deviation in the fixed reference feature information, then judge the deviation and the relation of multiple threshold ranges of setting;
The fixed reference feature information includes user and feature letter corresponding with the behavioral characteristic tapped to keyboard is moved to mouse Breath;
Wherein, it is contemplated that real user is with factors such as times, and it is likely to result in characteristic using the change of computer proficiency According to the deviation more than setting, to ensure the legitimacy of real user main body, user must apply for training again, to update server The fixed reference feature information data of the user at end.
S105. identity of the server end according to the user according to judged result certification.
Further, server end is according to the identity of the user according to judged result certification, as shown in Fig. 2 including:
S1051. first threshold scope is set, if the deviation is located at the first threshold scope, certification active user For real user;
S1052. Second Threshold scope is set, if the deviation is located at the Second Threshold scope, alarm signal is sent, Certification active user is user to be identified, proceeds the comparison of target signature information and fixed reference feature information;
S1053. the 3rd threshold range is set, if the deviation is located at the 3rd threshold range, certification active user For erroneous user, locking signal is sent, the client end interface of user's current operation is locked.
Specifically, the deviation between the target signature information and the fixed reference feature information has different degree, right Answer different identification results;Wherein, if the deviation is located at the first threshold scope, server-side certificate active user For real user, operation of the user to active client is met;If the deviation is located at the Second Threshold scope, announcement is sent Alert signal, server-side certificate active user is user to be identified, proceeds target signature information and fixed reference feature information Compare, until giving final judged result, it is real user or erroneous user to judge the user;It should be noted that If repeatedly there is the situation that the deviation is located at the Second Threshold scope, by ejecting problem dialogue box on the client, The form for allowing active user to answer a question further identifies the identity of user;If the deviation is located at the 3rd threshold range, Then server-side certificate active user is erroneous user, and now server end can directly transmit locking signal, and user is currently grasped The client end interface locking of work
Further, the server end contrasts the target signature information and fixed reference feature information, includes before, such as schemes Shown in 3:
S1041a. server end obtains client and collected, a large amount of actions that user moves to mouse and to key A large amount of actions that disk is tapped;And send it to server end;
S1042a. server end is by analyzing a large amount of action messages and struck to keyboard that user moves to mouse The a large amount of action messages hit, generate the fixed reference feature information.
Specifically, the behavioural characteristic of mouse-keyboard refers to that user operates the custom of mouse-keyboard.For each user, its All there is the pattern dramatically different with other users in mouse-keyboard operation;Each user is using because personal reason is likely to result in There are different customs during mouse-keyboard;Such as user is for the use of mouse, including left mouse button clicks behavior, right mouse button Click behavior, left mouse button and double-click behavior, mouse mobile behavior, left mouse button dragging behavior, right mouse button dragging behavior, mouse Movement adds left button to click, and behavior, mouse are moved plus right button clicks behavior, mouse movement and adds left button dragging behavior, mouse to move plus the right side Key pulls behavior and mouse movement plus left double click behavior.
It is further elaborated with, left mouse button, which clicks behavioural information, to be included:Click time and the displacement clicked on, The described click time refer to mouse down and mouse upspring between time interval, the displacement of described click refers to refer to Mouse down and mouse upspring between displacement;
Right mouse button, which clicks behavioural information, to be included:Click time and the displacement clicked on;
Left mouse button, which double-clicks behavioural information, to be included:Time, the displacement clicked on for the first time are clicked on for the first time, double-click interval Time, the displacement double-clicked spacing distance, click on time and second of click for second.
By the way that the analysis and processing of mass data to be drawn to the fixed reference feature information of user, preserve and be easy to follow-up tune With.
Or, mode is preferably carried out as one kind, it is special with reference that the server end contrasts the target signature information Reference ceases, and includes before, as shown in figure 4,
S1041b. obtain the Training scene of user on the client and be trained the training data drawn;
S1042b. the fixed reference feature information is generated according to the information of the training data.
Wherein, training must be carried out in the scene of setting, and each scene both corresponds to specific a mouse or key The behavioral indicator of disk.If system provides 9 scenes altogether to be used to train, the prompting that user need to provide according to current scene completes to specify Operation;The design of each scene is built upon on certain background, it is to avoid uninteresting and multiple during use It is miscellaneous.They are respectively:The sumptuous meal (double-click picture) of mother, (click by the number number test of chain-dotted line (mouse track related), younger sister Picture), strength building (mouse roller operation), the shopping (right click picture) of elder sister, oral arithmetic training (keyboard index of correlation), The big panic buying of pet market (mouse track is related), my password gesture (track is related), conventional cipher character (keystroke characteristic).Often One scene all corresponds to one or more specific behavioral indicators, during scene, and what user must provide according to scene carries Show the corresponding operation of completion, for non-designated operation, scene will provide the prompting of operational error, the behavior number corresponding to the operation According to will also be dropped.Scene index is all elected after test;When carrying out authentication with these indexs, it is necessary to sample Notebook data amount is small, and natural data acquisition time is also reduced accordingly, has so just been saved during training and certification much Time;These selected indexs, in identity differentiation test is carried out, their effect is also different.Therefore, with safety The use of these indexs carries out division classification when rank is to certification:For the relatively good index of effect, high safe level will be included into Not;For the general index of effect, general or relatively low level of security will be included into.So when being authenticated, user need to only lead to The scene corresponding to pre-set level of security is crossed, without by whole scenes, being reduced compared to the training time again It is many.
By using specific scene environment, in conjunction with global keyboard hook (WH_KEYBOARD_LL) and global mouse Hook (WH_MOUSE_LL), can accurately be collected into desired behavioral data.In scene environment, user is needed according to field Prompting given by scape completes a series of operation, such as single left button mouse click, a mouse click right button, double left button mouse click, rolling Predetermined password string of mouse roller, mobile cursor of mouse, input etc..In the scene, in single game scape every single stepping, field Switching between scape all has controllability, it is possible to which the behavioral data produced by accurately acquiring very much user's current slot is assorted , and then taxonomic revision can be carried out to these behavioral datas;The present embodiment is entered using the SVM algorithm of optimization to the data of collection Row is arranged.
Wherein, SVM algorithm shows many distinctive advantages in small sample, non-linear high danger pattern-recognition is solved, What is mainly solved is two class problems.Following object function is seen first:
W*X+b=0 (1)
This is straight line, it is determined that W values and b values under, only unique X values can meet (1) formula, other X values After bringing into, or more than zero, or less than zero, so others X values are just divided into two classes, and inseparable is to meet (1) formula X。
Above W and X value is one-dimensional situation, and SVM assigns whole new definition to this parameter on this basis, by original W values Multidimensional is expanded to X values, following object function is obtained:
X=(x1, x2, x3 ..., xn) n=1,2,3...n (2)
Y=(y1, y2, y3 ..., yn) n=1,2,3...n (3)
A=(a1, a2, a3 ..., an) n=1,2,3...n (4)
W=y1*a1*X1+y2*a2*X2+...+yn*an*Xn n=1,2,3...n (5)
<W,X>+ b=1-C*E C and E are real number (6)
Here two new value Y and A are defined, while being also not difficult to find out that X and W become multidimensional, (6) formula is equivalent to original (1) formula, the multidimensional X for being unsatisfactory for (6) formula is divided into two classes.
User is defined as the vectorial X of a n dimension, and value is user's mouse or keyboard operation feature, such as user=(left button list Hit time t1).Assuming that having two user's first and second.First has X1, X2, X3, one groups of samples of three groups of mouse-keyboard feature samples just right A formula (2) is answered, such as X1=(x1, x2, x3), X2=(x1, x2, x3), X3=(x1, x2, x3).It should note in different samples Xn values are not necessarily equal, but are all same type of value (such as mouses or keyboard features), and the data amount check in bracket is necessary It is equal.It is self-defined as data amount check, such as increases a double-click data and be designated as x4, then X1=(x1, x2, x3, x4), X1= (x1, x2, x3, x4), X1=(x1, x2, x3, x4).Similarly, second has three groups of mouse-keyboard feature samples X4, X5, X6.First and second samples This number can not be waited, but the mouse or keyboard features in sample must be corresponded, and present total number of samples is 6.
Referring again to (3) (4) formula, because total sample is 6, therefore, the n in (3) (4) formula bracket is 6, i.e., by total sample number It is determined that, the value in (3) (4) bracket will be corresponded with 6 samples, the y1 in such as X1 correspondences Y and the a1 in A, other samples By that analogy, above corresponding relation is now arranged as follows:
First:X1=(x1, x2, x3) y1 a1
X2=(x1, x2, x3) y2 a2
X3=(x1, x2, x3) y3 a3
Second:X4=(x1, x2, x3) y4 a4
X5=(x1, x2, x3) y5 a5
X6=(x1, x2, x3) y6 a6
As for the value in Y, such processing is done:All y of correspondence first assign 1, and correspondence second is -1, can also anti-mistake Come, i.e. y1=y2=y3=1, y4=y5=y6=-1;Or, y1=y2=y3=-1, y4=y5=y6=1.Value in A is Automatically generated after user trains each sample group of time-histories ordered pair user to calculate.This example is used as standard using the y of user's first as 1.
Referring again to (5) formula, it is found that the first and second relation datas arranged by more than are substituted on the right of (5) formula, just can draw the W on the left side It is worth.(5) formula be the W in the formula of certification, (6) formula be (5) formula W, b is that program is automatically generated when user trains, C and E is this algorithm self-defining value, and X represents one group of new samples of user to be certified.Note:Here user to be certified can only be determined W two users because (6) formula is as (1) formula, solution be in two class problems, such as this example W by first and second sample and Get, then can only authenticate first and second, data all bring (6) formula into afterwards, and more than the formula left side, certification passes through.
So, the behavioral data of acquisition is arranged, and they is converted into the form for meeting algorithm requirement.Due to SVM algorithm be solve two class samples classification problem, thus only with one classify line can distinguish two samples.For multi-purpose The differentiation at family, takes this mode to judge the identity of active user.Such as user 1 is judged, and the current user trained When sample has 6, then the training sample of user 1 and the training sample of remaining 5 user carry out classification line computation respectively, then Sample judgement is carried out with this 5 classification lines.It is noted herein that:Training sample must keep odd number, if active user Training burden deficiency odd number, system can call counterfoil sample to go to supply automatically.Surpass if classification line is thrown when judging to the poll of user 1 Cross half (a classification line is equivalent to single ballot), then it is determined that 1 user.The optimization situation of algorithm:Now again will be with It is as shown in table 1 that the parameter value of upper (2)~(6) formula determines that situation is arranged.Found out by table 1, can make what is changed in these parameters For X (having said that X can customize above, i.e., mouse index number is self-defined and mouse index is self-defined), C, (program is self-defined specific Value), or and remaining parameter is fixed, or calculated by other specification.
Due to the characteristic of SVM algorithm, system can provide an assessment according to the current training data of user, i.e., basis is worked as The data of preceding training, estimate the possibility passed through when carrying out Characteristic Contrast.Also, user can tie according to this assessment Fruit decides whether to be trained again.Under physical training condition, training mission of the user except completing whole scenes, in addition it is also necessary to according to working as The priority assignation level of security of preceding user.
Further, the biological data for obtaining user, includes before:
Judge whether user have input biological data by client, if so, then gathering the life by client Thing information data.
It should be noted that system employs the SVM algorithm after optimization, with flexible topology layout, it can allow for using Family carries out secondary development on the basis of application system is original, there is good transplantability.
Embodiment two:
A kind of identity identifying method is present embodiments provided, as shown in figure 5, methods described is except including institute in embodiment one Outside the method stated, further also include:
S106. server end by user's identity judged result each time and the target signature information gathered each time to arrange The form of table is stored;
S107. the passing log-on message and authentication information of the user is inspected by the control interface of server end.
It should be noted that providing the management platform of corresponding web interface, keeper can use the figure by server Control interface inspects the record of the passing login of user and authentication;Corporate operations personnel can check that user steps in current Intranet The real-time summary info of record, by checking that the form of list clearly obtains the knot that the login situation and identity of each user judge Fruit information.
Embodiment three:
A kind of identity authorization system is present embodiments provided, the system is completed jointly by client and server end. As shown in Figure 6 and Figure 7, specifically include:
Biological information acquisition module 110, the biological data for obtaining user;The biological data includes using Shift action data of the family to mouse and the hammer action data to keyboard;
Specifically, to mouse mobile data and the collection to the percussion data of keyboard are complete in the behavior act of user Into, each user for participating in data acquisition respective computer match one can with monitoring record user's mouse behavior and The module of the percussion of keyboard, and the data of collection are automatically sent to acquisition server.
It should be noted that in the mouse data collected more or less all can exist some interference or noise, to containing The data of this interference are analyzed, and inherently reduce the accuracy of identification.For example, there are different mouse in different computer users Click speed is marked, the mouse-click time interval of common people is about between 40~500ms, and difference may be bigger sometimes.Such as Fruit sets up unified filtering threshold to all users, and threshold value is fixed low, can filter the normal data of the slow people of some click speed Remove;The fixed height of threshold value, can bring very big error again, therefore respectively different user determines that different threshold value Li are more objective Selection.
Li=kMi (7)
Wherein, Mi is that the left button of i-th of user clicks time interval, and coefficient k can be determined by some optimization tools.
Biological information modular converter 120, by biological data analyzing and processing generation target signature information;
Feature comparing module 130, for contrasting the target signature information and fixed reference feature information, if the target signature There is deviation in information and the fixed reference feature information, then judge the deviation and the relation of multiple threshold ranges of setting;It is described Fixed reference feature information includes user and moves characteristic information corresponding with the behavioral characteristic tapped to keyboard to mouse;
Identity judge module 140, the identity for the user according to judged result certification.
Further, the identity judge module 140 includes:
First threshold judging unit 141, for setting first threshold scope, if the deviation is located at the first threshold model Enclose, then certification active user is real user;
Second Threshold judging unit 142, for setting Second Threshold scope, if the deviation is located at the Second Threshold model Enclose, then send alarm signal, certification active user is user to be identified, proceeds target signature information and fixed reference feature information Comparison;
3rd threshold decision unit 143, for setting the 3rd threshold range, if the deviation is located at the 3rd threshold value model Enclose, then certification active user is erroneous user, sends locking signal, the client end interface of user's current operation is locked.
Further, the feature comparing module 130 includes:
Collection acts acquiring unit 131, and for obtaining what is collected from client, it is big that user moves to mouse A large amount of actions that amount is acted and tapped to keyboard;
First fixed reference feature generation unit 132, for by analyzing a large amount of action messages that user moves to mouse With a large amount of action messages tapped to keyboard, the fixed reference feature information is generated.
Or including:
Training data acquisition module 133, obtains the Training scene of user on the client and is trained the training number drawn According to;
Second fixed reference feature generation unit 134, the fixed reference feature information is generated according to the information of the training data.
It should be noted that user before using the system, it is necessary to be first authorized to, it is afterwards, described as authorized user System sets up a unique fixed reference feature collection for the keyboard and mouse handling characteristics of each authorized user, that is, The first fixed reference feature generation unit of the present embodiment.
Further, the biological information acquisition module 110, including biological information input judging unit 111, for judging Whether user have input biological data, if so, then gathering the biological data by client.
Further, in addition to:
First memory module 150, for the identity judged result of user each time to be stored in the form of a list;
Second memory module 160, for the target signature information gathered each time to be stored in the form of a list.
Information inspects module 170, passing log-on message and authentication information for inspecting the user.
Specifically, the system provides the management platform of web interface, and keeper can be by the control interface of server end The record of the passing login of user and authentication is inspected, the real-time summary info of User logs in current Intranet can be checked, currently The login of time each user and the situation of authentication.
It should be noted that the present invention taps produced biology by collecting and analyzing the mouse movement and keyboard of user Information constantly computer user is identified.
Further illustrate, continue identity authorization system and can be combined with analysis to Abnormal network traffic, with advanced Heuritic approach detect the intrusion behavior in network;Also, identification and the Analysis of Network Intrusion of synthetic user account number, Further highly accurately monitor malicious intrusions behavior.
Further illustrate, if present invention application is on a personal computer, and currently used person is by calculating owner Operated under the agreement of people, i.e. now owner's real user can be conducted interviews the setting of authority, and the authority is limited It is processed to be cancelled, or owner is by the latch-release after screen locking.
The present invention has following beneficial effect:
(1) by technical scheme, company and tissue can monitor the whereabouts of user in internal network with it, And access of the user to computer can be controlled.
(2) by technical scheme, constantly user identity can be authenticated, constantly protects and monitor and use The situation that family account number/password is stolen by the blabber of hacker or organization internal.
(3) technical scheme, system manager can monitor user in current internal network by administration interface The login situation of account number, understands possible account and gives away secrets case in time, and then takes action and prevent the infringement row for the person of stealing secret information For.
In a word, the present invention can carry out net comprehensively and in real time from man-machine interaction and user's physiological behavior aspect Network is protected, with higher accuracy rate.
In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment The part of detailed description, may refer to the associated description of other embodiment.
The modules in technical scheme in the present invention can be realized by terminal or miscellaneous equipment.The meter Calculation machine terminal includes processor and memory.The memory is used to store programmed instruction/module in the present invention, the processing Device is stored in programmed instruction/module in memory by operation, realizes corresponding function of the present invention.
Part or the technical scheme that technical scheme in the present invention substantially contributes to prior art in other words All or part can be embodied in the form of software product, the computer software product is stored in storage medium, bag Some instructions are included to so that one or more computer equipment (can be personal computer, server or network equipment etc.) is held The all or part of step of each embodiment methods described of the row present invention.
The division of heretofore described module/unit, only a kind of division of logic function can have another when actually realizing Outer dividing mode, such as multiple units or component can combine or be desirably integrated into another system, or some features can To ignore, or do not perform.Some or all of module/unit therein can be selected according to the actual needs realizes this to reach The purpose of scheme of the invention.
In addition, each module/unit in each embodiment of the invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should It is considered as protection scope of the present invention.

Claims (10)

1. a kind of identity identifying method, it is characterised in that methods described includes:
The biological data of user is obtained, the biological data includes user to the shift action data of mouse and to key The hammer action data of disk;
By biological data analyzing and processing generation target signature information;
The target signature information and fixed reference feature information are contrasted, if the target signature information is deposited with the fixed reference feature information In deviation, then the deviation and the relation of multiple threshold ranges of setting are judged;The fixed reference feature information includes user to mouse The mobile characteristic information corresponding with the behavioral characteristic tapped to keyboard of mark;
The identity of user according to judged result certification.
2. according to the method described in claim 1, it is characterised in that described to judge the deviation and multiple threshold ranges of setting Relation include:
First threshold scope is set, if the deviation is located at the first threshold scope, certification active user is real user;
Second Threshold scope is set, if the deviation is located at the Second Threshold scope, alarm signal is sent, certification is currently used Family is user to be identified, proceeds the comparison of target signature information and fixed reference feature information;
The 3rd threshold range is set, if the deviation is located at the 3rd threshold range, certification active user is erroneous user, Locking signal is sent, the client end interface of user's current operation is locked.
3. according to the method described in claim 1, it is characterised in that the contrast target signature information is believed with fixed reference feature Breath, includes before:
Obtain user's a large amount of actions moved to mouse and a large amount of actions tapped to keyboard that client is collected;
It is raw by analyzing a large amount of action messages that user moves to mouse and a large amount of action messages tapped to keyboard Into the fixed reference feature information;
Or including:
Obtain the Training scene of user on the client and be trained the training data drawn;
The fixed reference feature information is generated according to the information of the training data.
4. according to the method described in claim 1, it is characterised in that obtain the biological data of user, include before:
Also include:Judge whether user have input biological data, if so, then gathering the biological information number by client According to.
5. according to the method described in claim 1, it is characterised in that also include:
User's identity judged result each time and the target signature information gathered each time are stored in the form of a list;
Inspect the passing log-on message and authentication information of the user.
6. a kind of identity authorization system, it is characterised in that including:
Biological information acquisition module, the biological data for obtaining user;The biological data includes user to mouse Target shift action data and the hammer action data to keyboard;
Biological information modular converter, for biological data analyzing and processing to be generated into target signature information;
Feature comparing module, for contrasting the target signature information and fixed reference feature information, if the target signature information with There is deviation in the fixed reference feature information, then judge the deviation and the relation of multiple threshold ranges of setting;The reference is special Reference breath includes user and moves characteristic information corresponding with the behavioral characteristic tapped to keyboard to mouse;
Identity judge module, the identity for the user according to judged result certification.
7. system according to claim 6, it is characterised in that the identity judge module includes:
First threshold judging unit, for setting first threshold scope, if the deviation is located at the first threshold scope, recognizes Card active user is real user;
Second Threshold judging unit, for setting Second Threshold scope, if the deviation is located at the Second Threshold scope, sends out Go out alarm signal, certification active user is user to be identified, proceeds the comparison of target signature information and fixed reference feature information;
3rd threshold decision unit, for setting the 3rd threshold range, if the deviation is located at the 3rd threshold range, recognizes Card active user is erroneous user, sends locking signal, and the client end interface of user's current operation is locked.
8. system according to claim 6, it is characterised in that the feature comparing module includes:
Collection acts acquiring unit, for obtaining a large amount of actions that the user that client is collected moves to mouse and right A large amount of actions that keyboard is tapped;
First fixed reference feature generation unit, for by analyzing a large amount of action messages that user moves to mouse and to keyboard The a large amount of action messages tapped, generate the fixed reference feature information.
Or including:
Training data acquisition module, obtains the Training scene of user on the client and is trained the training data drawn;
Second fixed reference feature generation unit, the fixed reference feature information is generated according to the information of the training data.
9. system according to claim 6, it is characterised in that biological information acquisition module includes:Biological information input is sentenced Disconnected unit, for judging whether user have input biological data, if so, then gathering the biological information number by client According to.
10. system according to claim 6, it is characterised in that also include:
First memory module, for the identity judged result of user each time to be stored in the form of a list;
Second memory module, for the target signature information gathered each time to be stored in the form of a list;
Information inspects module, passing log-on message and authentication information for inspecting the user.
CN201710325270.3A 2017-05-10 2017-05-10 A kind of identity identifying method and system Pending CN107317682A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710325270.3A CN107317682A (en) 2017-05-10 2017-05-10 A kind of identity identifying method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710325270.3A CN107317682A (en) 2017-05-10 2017-05-10 A kind of identity identifying method and system

Publications (1)

Publication Number Publication Date
CN107317682A true CN107317682A (en) 2017-11-03

Family

ID=60185183

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710325270.3A Pending CN107317682A (en) 2017-05-10 2017-05-10 A kind of identity identifying method and system

Country Status (1)

Country Link
CN (1) CN107317682A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109636233A (en) * 2018-12-20 2019-04-16 四川新网银行股份有限公司 The method and system of comparison threshold value identification behavioural characteristic confidence level based on building
CN109784015A (en) * 2018-12-27 2019-05-21 腾讯科技(深圳)有限公司 A kind of authentication identifying method and device
CN111310150A (en) * 2020-01-19 2020-06-19 湖北工程学院新技术学院 Security authentication system based on security computer
CN111541695A (en) * 2020-04-24 2020-08-14 太仓红码软件技术有限公司 Firewall system based on operation authentication
CN112100598A (en) * 2020-09-08 2020-12-18 紫光云(南京)数字技术有限公司 Method and device for identifying login authentication through mouse and keyboard knocking rhythm
CN112168176A (en) * 2019-06-12 2021-01-05 京东方科技集团股份有限公司 Identity recognition method, device and equipment based on electrocardiosignals
CN112966244A (en) * 2021-04-07 2021-06-15 中国南方电网有限责任公司 Multi-dimensional power grid information system access control method, system and storage medium
CN113132408A (en) * 2021-04-29 2021-07-16 中原工学院 Network information security intrusion detection method
CN116633586A (en) * 2023-04-07 2023-08-22 北京胜博雅义网络科技有限公司 Identification authentication analysis system based on Internet of things
CN112168176B (en) * 2019-06-12 2024-03-19 京东方科技集团股份有限公司 Electrocardiosignal-based identity recognition method, device and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101833619A (en) * 2010-04-29 2010-09-15 西安交通大学 Method for judging identity based on keyboard-mouse crossed certification
CN104318138A (en) * 2014-09-30 2015-01-28 杭州同盾科技有限公司 Method and device for verifying identity of user
CN105450412A (en) * 2014-08-19 2016-03-30 阿里巴巴集团控股有限公司 Identity authentication method and device
CN105930703A (en) * 2016-07-07 2016-09-07 四川农业大学 Mouse and keyboard double-index type composite security identity identification system
CN105991281A (en) * 2015-02-04 2016-10-05 中国移动通信集团公司 Identity authentication method, equipment and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101833619A (en) * 2010-04-29 2010-09-15 西安交通大学 Method for judging identity based on keyboard-mouse crossed certification
CN105450412A (en) * 2014-08-19 2016-03-30 阿里巴巴集团控股有限公司 Identity authentication method and device
CN104318138A (en) * 2014-09-30 2015-01-28 杭州同盾科技有限公司 Method and device for verifying identity of user
CN105991281A (en) * 2015-02-04 2016-10-05 中国移动通信集团公司 Identity authentication method, equipment and system
CN105930703A (en) * 2016-07-07 2016-09-07 四川农业大学 Mouse and keyboard double-index type composite security identity identification system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王振辉等: "基于鼠标和键盘行为特征组合的用户身份认证", 《计算机应用于软件》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109636233A (en) * 2018-12-20 2019-04-16 四川新网银行股份有限公司 The method and system of comparison threshold value identification behavioural characteristic confidence level based on building
CN109784015A (en) * 2018-12-27 2019-05-21 腾讯科技(深圳)有限公司 A kind of authentication identifying method and device
CN109784015B (en) * 2018-12-27 2023-05-12 腾讯科技(深圳)有限公司 Identity authentication method and device
CN112168176B (en) * 2019-06-12 2024-03-19 京东方科技集团股份有限公司 Electrocardiosignal-based identity recognition method, device and equipment
CN112168176A (en) * 2019-06-12 2021-01-05 京东方科技集团股份有限公司 Identity recognition method, device and equipment based on electrocardiosignals
CN111310150B (en) * 2020-01-19 2023-04-21 湖北工程学院新技术学院 Security authentication system based on security computer
CN111310150A (en) * 2020-01-19 2020-06-19 湖北工程学院新技术学院 Security authentication system based on security computer
CN111541695A (en) * 2020-04-24 2020-08-14 太仓红码软件技术有限公司 Firewall system based on operation authentication
CN112100598A (en) * 2020-09-08 2020-12-18 紫光云(南京)数字技术有限公司 Method and device for identifying login authentication through mouse and keyboard knocking rhythm
CN112966244A (en) * 2021-04-07 2021-06-15 中国南方电网有限责任公司 Multi-dimensional power grid information system access control method, system and storage medium
CN112966244B (en) * 2021-04-07 2023-10-10 中国南方电网有限责任公司 Multi-dimensional power grid information system access control method, system and storage medium
CN113132408A (en) * 2021-04-29 2021-07-16 中原工学院 Network information security intrusion detection method
CN116633586A (en) * 2023-04-07 2023-08-22 北京胜博雅义网络科技有限公司 Identification authentication analysis system based on Internet of things

Similar Documents

Publication Publication Date Title
CN107317682A (en) A kind of identity identifying method and system
Hady et al. Intrusion detection system for healthcare systems using medical and network data: A comparison study
US10069852B2 (en) Detection of computerized bots and automated cyber-attack modules
AU2021254670B2 (en) Systems and methods for providing security via interactive media
Zhu et al. Data mining for network intrusion detection: a comparison of alternative methods
Traore et al. Combining mouse and keystroke dynamics biometrics for risk-based authentication in web environments
He et al. Intrusion detection based on stacked autoencoder for connected healthcare systems
EP2069993A2 (en) Security system and method for detecting intrusion in a computerized system
CN106716958A (en) Lateral movement detection
Ahmed et al. Detecting Computer Intrusions Using Behavioral Biometrics.
Mikhail et al. A semi-boosted nested model with sensitivity-based weighted binarization for multi-domain network intrusion detection
WO2016045225A1 (en) Password fault tolerance method based on mouse behaviour
CN106817342A (en) Active identity authorization system based on user behavior feature recognition
Snehi et al. Global intrusion detection environments and platform for anomaly-based intrusion detection systems
Yampolskiy Human computer interaction based intrusion detection
CN109995751B (en) Internet access equipment marking method and device, storage medium and computer equipment
Ramasubramanian et al. A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system
CN116938590A (en) Cloud security management method and system based on virtualization technology
Garg et al. A user behavior monitoring and profiling scheme for masquerade detection
Nagarajan et al. Optimization of BPN parameters using PSO for intrusion detection in cloud environment
Yampolskiy et al. Direct and indirect human computer interaction based biometrics.
Onyesolu et al. Enhancing security in a distributed examination using biometrics and distributed firewall system
CN113923036A (en) Block chain information management method and device of continuous immune safety system
CN110287664A (en) A kind of identity identifying method being characterized selection based on multirow
US20220174079A1 (en) Cybersecurity predictive detection using computer input device patterns

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20171229

Address after: Green Ting Road Yuhang District Cang Qian street of Hangzhou city Zhejiang province 310000 No. 1 Building 1 room 498

Applicant after: Zhejiang Yi Tu Technology Co., Ltd.

Address before: 063000 Jidong News Center, No. 170, Jianshe Road 170, north of Tangshan City Road, Hebei Province, 1909

Applicant before: Shi Zhan

TA01 Transfer of patent application right
RJ01 Rejection of invention patent application after publication

Application publication date: 20171103

RJ01 Rejection of invention patent application after publication