CN107317682A - A kind of identity identifying method and system - Google Patents
A kind of identity identifying method and system Download PDFInfo
- Publication number
- CN107317682A CN107317682A CN201710325270.3A CN201710325270A CN107317682A CN 107317682 A CN107317682 A CN 107317682A CN 201710325270 A CN201710325270 A CN 201710325270A CN 107317682 A CN107317682 A CN 107317682A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- fixed reference
- reference feature
- mouse
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Abstract
The invention discloses a kind of identity identifying method and system, methods described includes obtaining the biological data of user, and the biological data includes shift action data of the user to mouse and the hammer action data to keyboard;By biological data analyzing and processing generation target signature information;The target signature information and fixed reference feature information are contrasted, if the target signature information and the fixed reference feature information have deviation, the deviation and the relation of multiple threshold ranges of setting is judged;The fixed reference feature information includes user and moves characteristic information corresponding with the behavioral characteristic tapped to keyboard to mouse;The identity of user according to judged result certification.The present invention can control access of the user to computer;Also, malicious intrusions behavior is further highly accurately monitored, the situation that user account number/password is stolen by the blabber of hacker or organization internal is constantly protected and monitor.In a word, the present invention can carry out network protection comprehensively and in real time.
Description
Technical field
The present invention relates to technical field of data processing, more particularly to a kind of identity identifying method and system.
Background technology
The fast development of networking technology changes people and uses the mode of computer, and makes people more convenient in the whole world
In the range of obtain information and resource anywhere or anytime, while this also increases malicious attack and invasion occur chance.Therefore, protect
Demonstrate,proving the reliability of user identity in internet turns into an important problem.
Because of the development of computer and network technologies, traditional identity verification scheme can not be met in current network conditions
For the security requirement of authentication;Existing identity identifying technology mainly includes three classes, has been utilized respectively different information:
1) recall info, such as password, PIN;2) auxiliary equipment, such as ID cards, token;3) biological characteristic, such as fingerprint, iris etc..This
A little traditional identification technologies itself have defect, for user name cryptography scheme, and password is difficult to remember and easily mix up
And leakage, ID card needs carry with and easily it is stolen or by crack cause failure, while this scheme does not ensure that user
The uniqueness of identity, and in token having scheme, having is easily lost, and there is a possibility that to copy;It is i.e. any can
It can be logged in the people for obtaining user name password on network with the identity of the user, and access its obtained resource;
For the biometrics based on physical features, it is relatively complicated that these schemes implement process, and most of all needs
The hardware devices for wanting some complicated, expensive, such as finger-print recognising instrument etc., its hardware cost is higher.While these authentication techniques
It is most of all to may not apply under internet environment.
In consideration of it, researcher is still constantly looking for new authentication means and method.It is wherein defeated based on computer
Enter the authentication method of behavioural characteristic, can be straight in current most computers system because extra equipment need not be added
Socket part is affixed one's name to, and implements glitch-free monitoring, is increasingly becoming the new focus in authentication research.
The content of the invention
In order to solve the above-mentioned technical problem, the present invention proposes a kind of identity identifying method and system.
The present invention is realized with following technical scheme:
First aspect provides a kind of identity identifying method, and methods described includes:
Obtain the biological data of user, the biological data include user to the shift action data of mouse and
To the hammer action data of keyboard;
By biological data analyzing and processing generation target signature information;
The target signature information and fixed reference feature information are contrasted, if the target signature information is believed with the fixed reference feature
There is deviation in breath, then judge the deviation and the relation of multiple threshold ranges of setting;The fixed reference feature information includes user
Characteristic information corresponding with the behavioral characteristic tapped to keyboard is moved to mouse;
The identity of user according to judged result certification.
Further, it is described to judge that the deviation and the relation of multiple threshold ranges of setting include:
First threshold scope is set, if the deviation is located at the first threshold scope, certification active user is true
User;
Second Threshold scope is set, if the deviation is located at the Second Threshold scope, alarm signal is sent, certification is worked as
Preceding user is user to be identified, proceeds the comparison of target signature information and fixed reference feature information;
The 3rd threshold range is set, if the deviation is located at the 3rd threshold range, certification active user is mistake
User, sends locking signal, and the client end interface of user's current operation is locked
Further, the contrast target signature information and fixed reference feature information, include before:
Obtain the client user's a large amount of actions moved to mouse collected and keyboard is tapped it is a large amount of
Action;
Believed by analyzing user's a large amount of action messages moved to mouse and a large amount of actions tapped to keyboard
Breath, generates the fixed reference feature information.
Or including:
Obtain the Training scene of user on the client and be trained the training data drawn;
The fixed reference feature information is generated according to the information of the training data.
Further, the biological data for obtaining user, includes before:
Judge whether user have input biological data, if so, then gathering the biological data by client.
Further, in addition to:By user's identity judged result each time and the target signature information gathered each time
Stored in the form of a list.
Inspect the passing log-on message and authentication information of the user.
Second aspect provides a kind of identity authorization system, including:Biological information acquisition module, the life for obtaining user
Thing information data;The biological data includes shift action data of the user to mouse and the hammer action number to keyboard
According to;
Biological information modular converter, by biological data analyzing and processing generation target signature information;
Feature comparing module, for contrasting the target signature information and fixed reference feature information, if the target signature is believed
There is deviation in breath and the fixed reference feature information, then judge the deviation and the relation of multiple threshold ranges of setting;The ginseng
Examine characteristic information and characteristic information corresponding with the behavioral characteristic tapped to keyboard is moved to mouse including user;
Identity judge module, the identity for the user according to judged result certification.
Further, the identity judge module includes:
First threshold judging unit, for setting first threshold scope, if the deviation is located at the first threshold scope,
Then certification active user is real user;
Second Threshold judging unit, for setting Second Threshold scope, if the deviation is located at the Second Threshold scope,
Alarm signal is then sent, certification active user is user to be identified, proceeds target signature information and fixed reference feature information
Compare;
3rd threshold decision unit, for setting the 3rd threshold range, if the deviation is located at the 3rd threshold range,
Then certification active user is erroneous user, sends locking signal, and the client end interface of user's current operation is locked.
Further, the feature comparing module includes:
Collection acts acquiring unit, for obtain a large amount of actions that the user that client is collected moves to mouse and
The a large amount of actions tapped to keyboard;
First fixed reference feature generation unit, for by analyzing a large amount of action messages that user moves to mouse and right
A large amount of action messages that keyboard is tapped, generate the fixed reference feature information.
Or including:
Training data acquisition module, obtains the Training scene of user on the client and is trained the training data drawn;
Second fixed reference feature generation unit, the fixed reference feature information is generated according to the information of the training data.
Further, the biological information acquisition module, including biological information input judging unit, for judging that user is
It is no to have input biological data, if so, then gathering the biological data by client.
Further, in addition to:
First memory module, for the identity judged result of user each time to be stored in the form of a list;
Second memory module, for the target signature information gathered each time to be stored in the form of a list.
Information inspects module, passing log-on message and authentication information for inspecting the user.
The present invention has following beneficial effect:
(1) by technical scheme, company and tissue can monitor the whereabouts of user in internal network with it,
And access of the user to computer, operation of the Organization Error Analysis user to computer can be controlled.
(2) by technical scheme, constantly user identity can be authenticated, constantly protects and monitor and use
The situation that family account number/password is stolen by the blabber of hacker or organization internal.
(3) technical scheme, system manager can monitor user in current internal network by administration interface
The login situation of account number, understands possible account and gives away secrets case in time, and then takes action and prevent the infringement row for the person of stealing secret information
For.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, makes required in being described below to embodiment
Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for
For those of ordinary skill in the art, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings
Accompanying drawing.
Fig. 1 is a kind of method flow diagram for identity identifying method that embodiment one is provided;
Fig. 2 is method flow of the server end according to the identity of user according to judged result certification in embodiment one
Figure;
Fig. 3 is the server end contrast target signature information and include before fixed reference feature information one in embodiment one
The flow chart of the method for kind;
Fig. 4 be in embodiment one server end contrast the target signature information with include before fixed reference feature information it is another
A kind of flow chart of method;
Fig. 5 is a kind of method flow diagram for identity identifying method that embodiment two is provided;
Fig. 6 is a kind of system block diagram for identity authorization system that embodiment three is provided;
Fig. 7 is the system block diagram for another identity authorization system that embodiment three is provided.
In figure:110- biological information acquisition modules, 111- biological informations input judging unit, 120- biological information moduluss of conversion
Block, 130- feature comparing modules, 131- collections action acquiring unit, 132- the first fixed reference feature generation units, 133- training numbers
According to acquisition module, 134- the second fixed reference feature generation units, 140- identity judge modules, 141- first threshold judging units,
142- Second Threshold judging units, the threshold decision units of 143- the 3rd, the memory modules of 150- first, the memory modules of 160- second,
170- information inspects module.
Embodiment
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people
The every other embodiment that member is obtained under the premise of creative work is not made, should all belong to the model that the present invention is protected
Enclose.
It should be noted that term " comprising " and " having " and their any deformation, it is intended that covering is non-exclusive
Include, for example, the process, method, system, product or the equipment that contain series of steps or unit are not necessarily limited to clearly arrange
Those steps or unit gone out, but may include not listing clearly or solid for these processes, method, product or equipment
The other steps or unit having.
Embodiment one:
Authentication is the first line of defence of computer security, network security, for a long time, and people are studying this side always
The technology in face, it is intended to find a kind of safe, reliable, feasible identification authentication mode to meet demand for security.Biological identification
It is user identity authentication technique popular in recent years, and is gradually paid close attention to.From initial fingerprint recognition, sound finally
The identification of sound, gesture, palmmprint, iris and face etc., these biological identifications hardware installation and need on spend financial resources and
Training, hardly enters general business and personal user field, is unfavorable for the implementation and popularization of system.
At present, the authentication method based on computer input behavioural characteristic, with salient feature, such as:Behavior is difficult to
Imitate, behavior is without memory, and behavioral data amount is more, and behavior password does not have obvious feature;Without extras, and
Can directly it be disposed in current most computers system;Keyboard is combined again and mouse popularity rate is high, so, by monitoring
User's keyboard key stroke feature or mouse behavioural characteristic, new to one of user's progress identification as biological identification field
Study hotspot.
As shown in figure 1, present embodiments providing a kind of identity identifying method, methods described includes:
S101. server end obtains the biological data of user by client, and the biological data includes using
Shift action data of the family to mouse and the hammer action data to keyboard;
Particularly, client-side program, which is deployed in Intranet, needs on computer to be protected.After User logs in, client
Program is by automatic start and starts to collect the biological data of user and send server to analyze.Wherein, number
It is fully transparent to user according to the whole process collected and transmitted, and other programs or the performance generation that user will not be used
Significant impact.
S102. biological data analyzing and processing is generated target signature information by server end;
User is acquired to mouse and keyboard by client first and trains behavioral data, then with the support optimized
Vector machine SVM combined mouse keyboard Two indices carry out authentication to the user of the system.
S103. server real-time reception and calculate client transmissions come user target signature information data,
S104. server end contrasts the target signature information and fixed reference feature information, if the target signature information with
There is deviation in the fixed reference feature information, then judge the deviation and the relation of multiple threshold ranges of setting;
The fixed reference feature information includes user and feature letter corresponding with the behavioral characteristic tapped to keyboard is moved to mouse
Breath;
Wherein, it is contemplated that real user is with factors such as times, and it is likely to result in characteristic using the change of computer proficiency
According to the deviation more than setting, to ensure the legitimacy of real user main body, user must apply for training again, to update server
The fixed reference feature information data of the user at end.
S105. identity of the server end according to the user according to judged result certification.
Further, server end is according to the identity of the user according to judged result certification, as shown in Fig. 2 including:
S1051. first threshold scope is set, if the deviation is located at the first threshold scope, certification active user
For real user;
S1052. Second Threshold scope is set, if the deviation is located at the Second Threshold scope, alarm signal is sent,
Certification active user is user to be identified, proceeds the comparison of target signature information and fixed reference feature information;
S1053. the 3rd threshold range is set, if the deviation is located at the 3rd threshold range, certification active user
For erroneous user, locking signal is sent, the client end interface of user's current operation is locked.
Specifically, the deviation between the target signature information and the fixed reference feature information has different degree, right
Answer different identification results;Wherein, if the deviation is located at the first threshold scope, server-side certificate active user
For real user, operation of the user to active client is met;If the deviation is located at the Second Threshold scope, announcement is sent
Alert signal, server-side certificate active user is user to be identified, proceeds target signature information and fixed reference feature information
Compare, until giving final judged result, it is real user or erroneous user to judge the user;It should be noted that
If repeatedly there is the situation that the deviation is located at the Second Threshold scope, by ejecting problem dialogue box on the client,
The form for allowing active user to answer a question further identifies the identity of user;If the deviation is located at the 3rd threshold range,
Then server-side certificate active user is erroneous user, and now server end can directly transmit locking signal, and user is currently grasped
The client end interface locking of work
Further, the server end contrasts the target signature information and fixed reference feature information, includes before, such as schemes
Shown in 3:
S1041a. server end obtains client and collected, a large amount of actions that user moves to mouse and to key
A large amount of actions that disk is tapped;And send it to server end;
S1042a. server end is by analyzing a large amount of action messages and struck to keyboard that user moves to mouse
The a large amount of action messages hit, generate the fixed reference feature information.
Specifically, the behavioural characteristic of mouse-keyboard refers to that user operates the custom of mouse-keyboard.For each user, its
All there is the pattern dramatically different with other users in mouse-keyboard operation;Each user is using because personal reason is likely to result in
There are different customs during mouse-keyboard;Such as user is for the use of mouse, including left mouse button clicks behavior, right mouse button
Click behavior, left mouse button and double-click behavior, mouse mobile behavior, left mouse button dragging behavior, right mouse button dragging behavior, mouse
Movement adds left button to click, and behavior, mouse are moved plus right button clicks behavior, mouse movement and adds left button dragging behavior, mouse to move plus the right side
Key pulls behavior and mouse movement plus left double click behavior.
It is further elaborated with, left mouse button, which clicks behavioural information, to be included:Click time and the displacement clicked on,
The described click time refer to mouse down and mouse upspring between time interval, the displacement of described click refers to refer to
Mouse down and mouse upspring between displacement;
Right mouse button, which clicks behavioural information, to be included:Click time and the displacement clicked on;
Left mouse button, which double-clicks behavioural information, to be included:Time, the displacement clicked on for the first time are clicked on for the first time, double-click interval
Time, the displacement double-clicked spacing distance, click on time and second of click for second.
By the way that the analysis and processing of mass data to be drawn to the fixed reference feature information of user, preserve and be easy to follow-up tune
With.
Or, mode is preferably carried out as one kind, it is special with reference that the server end contrasts the target signature information
Reference ceases, and includes before, as shown in figure 4,
S1041b. obtain the Training scene of user on the client and be trained the training data drawn;
S1042b. the fixed reference feature information is generated according to the information of the training data.
Wherein, training must be carried out in the scene of setting, and each scene both corresponds to specific a mouse or key
The behavioral indicator of disk.If system provides 9 scenes altogether to be used to train, the prompting that user need to provide according to current scene completes to specify
Operation;The design of each scene is built upon on certain background, it is to avoid uninteresting and multiple during use
It is miscellaneous.They are respectively:The sumptuous meal (double-click picture) of mother, (click by the number number test of chain-dotted line (mouse track related), younger sister
Picture), strength building (mouse roller operation), the shopping (right click picture) of elder sister, oral arithmetic training (keyboard index of correlation),
The big panic buying of pet market (mouse track is related), my password gesture (track is related), conventional cipher character (keystroke characteristic).Often
One scene all corresponds to one or more specific behavioral indicators, during scene, and what user must provide according to scene carries
Show the corresponding operation of completion, for non-designated operation, scene will provide the prompting of operational error, the behavior number corresponding to the operation
According to will also be dropped.Scene index is all elected after test;When carrying out authentication with these indexs, it is necessary to sample
Notebook data amount is small, and natural data acquisition time is also reduced accordingly, has so just been saved during training and certification much
Time;These selected indexs, in identity differentiation test is carried out, their effect is also different.Therefore, with safety
The use of these indexs carries out division classification when rank is to certification:For the relatively good index of effect, high safe level will be included into
Not;For the general index of effect, general or relatively low level of security will be included into.So when being authenticated, user need to only lead to
The scene corresponding to pre-set level of security is crossed, without by whole scenes, being reduced compared to the training time again
It is many.
By using specific scene environment, in conjunction with global keyboard hook (WH_KEYBOARD_LL) and global mouse
Hook (WH_MOUSE_LL), can accurately be collected into desired behavioral data.In scene environment, user is needed according to field
Prompting given by scape completes a series of operation, such as single left button mouse click, a mouse click right button, double left button mouse click, rolling
Predetermined password string of mouse roller, mobile cursor of mouse, input etc..In the scene, in single game scape every single stepping, field
Switching between scape all has controllability, it is possible to which the behavioral data produced by accurately acquiring very much user's current slot is assorted
, and then taxonomic revision can be carried out to these behavioral datas;The present embodiment is entered using the SVM algorithm of optimization to the data of collection
Row is arranged.
Wherein, SVM algorithm shows many distinctive advantages in small sample, non-linear high danger pattern-recognition is solved,
What is mainly solved is two class problems.Following object function is seen first:
W*X+b=0 (1)
This is straight line, it is determined that W values and b values under, only unique X values can meet (1) formula, other X values
After bringing into, or more than zero, or less than zero, so others X values are just divided into two classes, and inseparable is to meet (1) formula
X。
Above W and X value is one-dimensional situation, and SVM assigns whole new definition to this parameter on this basis, by original W values
Multidimensional is expanded to X values, following object function is obtained:
X=(x1, x2, x3 ..., xn) n=1,2,3...n (2)
Y=(y1, y2, y3 ..., yn) n=1,2,3...n (3)
A=(a1, a2, a3 ..., an) n=1,2,3...n (4)
W=y1*a1*X1+y2*a2*X2+...+yn*an*Xn n=1,2,3...n (5)
<W,X>+ b=1-C*E C and E are real number (6)
Here two new value Y and A are defined, while being also not difficult to find out that X and W become multidimensional, (6) formula is equivalent to original
(1) formula, the multidimensional X for being unsatisfactory for (6) formula is divided into two classes.
User is defined as the vectorial X of a n dimension, and value is user's mouse or keyboard operation feature, such as user=(left button list
Hit time t1).Assuming that having two user's first and second.First has X1, X2, X3, one groups of samples of three groups of mouse-keyboard feature samples just right
A formula (2) is answered, such as X1=(x1, x2, x3), X2=(x1, x2, x3), X3=(x1, x2, x3).It should note in different samples
Xn values are not necessarily equal, but are all same type of value (such as mouses or keyboard features), and the data amount check in bracket is necessary
It is equal.It is self-defined as data amount check, such as increases a double-click data and be designated as x4, then X1=(x1, x2, x3, x4), X1=
(x1, x2, x3, x4), X1=(x1, x2, x3, x4).Similarly, second has three groups of mouse-keyboard feature samples X4, X5, X6.First and second samples
This number can not be waited, but the mouse or keyboard features in sample must be corresponded, and present total number of samples is 6.
Referring again to (3) (4) formula, because total sample is 6, therefore, the n in (3) (4) formula bracket is 6, i.e., by total sample number
It is determined that, the value in (3) (4) bracket will be corresponded with 6 samples, the y1 in such as X1 correspondences Y and the a1 in A, other samples
By that analogy, above corresponding relation is now arranged as follows:
First:X1=(x1, x2, x3) y1 a1
X2=(x1, x2, x3) y2 a2
X3=(x1, x2, x3) y3 a3
Second:X4=(x1, x2, x3) y4 a4
X5=(x1, x2, x3) y5 a5
X6=(x1, x2, x3) y6 a6
As for the value in Y, such processing is done:All y of correspondence first assign 1, and correspondence second is -1, can also anti-mistake
Come, i.e. y1=y2=y3=1, y4=y5=y6=-1;Or, y1=y2=y3=-1, y4=y5=y6=1.Value in A is
Automatically generated after user trains each sample group of time-histories ordered pair user to calculate.This example is used as standard using the y of user's first as 1.
Referring again to (5) formula, it is found that the first and second relation datas arranged by more than are substituted on the right of (5) formula, just can draw the W on the left side
It is worth.(5) formula be the W in the formula of certification, (6) formula be (5) formula W, b is that program is automatically generated when user trains, C and
E is this algorithm self-defining value, and X represents one group of new samples of user to be certified.Note:Here user to be certified can only be determined
W two users because (6) formula is as (1) formula, solution be in two class problems, such as this example W by first and second sample and
Get, then can only authenticate first and second, data all bring (6) formula into afterwards, and more than the formula left side, certification passes through.
So, the behavioral data of acquisition is arranged, and they is converted into the form for meeting algorithm requirement.Due to
SVM algorithm be solve two class samples classification problem, thus only with one classify line can distinguish two samples.For multi-purpose
The differentiation at family, takes this mode to judge the identity of active user.Such as user 1 is judged, and the current user trained
When sample has 6, then the training sample of user 1 and the training sample of remaining 5 user carry out classification line computation respectively, then
Sample judgement is carried out with this 5 classification lines.It is noted herein that:Training sample must keep odd number, if active user
Training burden deficiency odd number, system can call counterfoil sample to go to supply automatically.Surpass if classification line is thrown when judging to the poll of user 1
Cross half (a classification line is equivalent to single ballot), then it is determined that 1 user.The optimization situation of algorithm:Now again will be with
It is as shown in table 1 that the parameter value of upper (2)~(6) formula determines that situation is arranged.Found out by table 1, can make what is changed in these parameters
For X (having said that X can customize above, i.e., mouse index number is self-defined and mouse index is self-defined), C, (program is self-defined specific
Value), or and remaining parameter is fixed, or calculated by other specification.
Due to the characteristic of SVM algorithm, system can provide an assessment according to the current training data of user, i.e., basis is worked as
The data of preceding training, estimate the possibility passed through when carrying out Characteristic Contrast.Also, user can tie according to this assessment
Fruit decides whether to be trained again.Under physical training condition, training mission of the user except completing whole scenes, in addition it is also necessary to according to working as
The priority assignation level of security of preceding user.
Further, the biological data for obtaining user, includes before:
Judge whether user have input biological data by client, if so, then gathering the life by client
Thing information data.
It should be noted that system employs the SVM algorithm after optimization, with flexible topology layout, it can allow for using
Family carries out secondary development on the basis of application system is original, there is good transplantability.
Embodiment two:
A kind of identity identifying method is present embodiments provided, as shown in figure 5, methods described is except including institute in embodiment one
Outside the method stated, further also include:
S106. server end by user's identity judged result each time and the target signature information gathered each time to arrange
The form of table is stored;
S107. the passing log-on message and authentication information of the user is inspected by the control interface of server end.
It should be noted that providing the management platform of corresponding web interface, keeper can use the figure by server
Control interface inspects the record of the passing login of user and authentication;Corporate operations personnel can check that user steps in current Intranet
The real-time summary info of record, by checking that the form of list clearly obtains the knot that the login situation and identity of each user judge
Fruit information.
Embodiment three:
A kind of identity authorization system is present embodiments provided, the system is completed jointly by client and server end.
As shown in Figure 6 and Figure 7, specifically include:
Biological information acquisition module 110, the biological data for obtaining user;The biological data includes using
Shift action data of the family to mouse and the hammer action data to keyboard;
Specifically, to mouse mobile data and the collection to the percussion data of keyboard are complete in the behavior act of user
Into, each user for participating in data acquisition respective computer match one can with monitoring record user's mouse behavior and
The module of the percussion of keyboard, and the data of collection are automatically sent to acquisition server.
It should be noted that in the mouse data collected more or less all can exist some interference or noise, to containing
The data of this interference are analyzed, and inherently reduce the accuracy of identification.For example, there are different mouse in different computer users
Click speed is marked, the mouse-click time interval of common people is about between 40~500ms, and difference may be bigger sometimes.Such as
Fruit sets up unified filtering threshold to all users, and threshold value is fixed low, can filter the normal data of the slow people of some click speed
Remove;The fixed height of threshold value, can bring very big error again, therefore respectively different user determines that different threshold value Li are more objective
Selection.
Li=kMi (7)
Wherein, Mi is that the left button of i-th of user clicks time interval, and coefficient k can be determined by some optimization tools.
Biological information modular converter 120, by biological data analyzing and processing generation target signature information;
Feature comparing module 130, for contrasting the target signature information and fixed reference feature information, if the target signature
There is deviation in information and the fixed reference feature information, then judge the deviation and the relation of multiple threshold ranges of setting;It is described
Fixed reference feature information includes user and moves characteristic information corresponding with the behavioral characteristic tapped to keyboard to mouse;
Identity judge module 140, the identity for the user according to judged result certification.
Further, the identity judge module 140 includes:
First threshold judging unit 141, for setting first threshold scope, if the deviation is located at the first threshold model
Enclose, then certification active user is real user;
Second Threshold judging unit 142, for setting Second Threshold scope, if the deviation is located at the Second Threshold model
Enclose, then send alarm signal, certification active user is user to be identified, proceeds target signature information and fixed reference feature information
Comparison;
3rd threshold decision unit 143, for setting the 3rd threshold range, if the deviation is located at the 3rd threshold value model
Enclose, then certification active user is erroneous user, sends locking signal, the client end interface of user's current operation is locked.
Further, the feature comparing module 130 includes:
Collection acts acquiring unit 131, and for obtaining what is collected from client, it is big that user moves to mouse
A large amount of actions that amount is acted and tapped to keyboard;
First fixed reference feature generation unit 132, for by analyzing a large amount of action messages that user moves to mouse
With a large amount of action messages tapped to keyboard, the fixed reference feature information is generated.
Or including:
Training data acquisition module 133, obtains the Training scene of user on the client and is trained the training number drawn
According to;
Second fixed reference feature generation unit 134, the fixed reference feature information is generated according to the information of the training data.
It should be noted that user before using the system, it is necessary to be first authorized to, it is afterwards, described as authorized user
System sets up a unique fixed reference feature collection for the keyboard and mouse handling characteristics of each authorized user, that is,
The first fixed reference feature generation unit of the present embodiment.
Further, the biological information acquisition module 110, including biological information input judging unit 111, for judging
Whether user have input biological data, if so, then gathering the biological data by client.
Further, in addition to:
First memory module 150, for the identity judged result of user each time to be stored in the form of a list;
Second memory module 160, for the target signature information gathered each time to be stored in the form of a list.
Information inspects module 170, passing log-on message and authentication information for inspecting the user.
Specifically, the system provides the management platform of web interface, and keeper can be by the control interface of server end
The record of the passing login of user and authentication is inspected, the real-time summary info of User logs in current Intranet can be checked, currently
The login of time each user and the situation of authentication.
It should be noted that the present invention taps produced biology by collecting and analyzing the mouse movement and keyboard of user
Information constantly computer user is identified.
Further illustrate, continue identity authorization system and can be combined with analysis to Abnormal network traffic, with advanced
Heuritic approach detect the intrusion behavior in network;Also, identification and the Analysis of Network Intrusion of synthetic user account number,
Further highly accurately monitor malicious intrusions behavior.
Further illustrate, if present invention application is on a personal computer, and currently used person is by calculating owner
Operated under the agreement of people, i.e. now owner's real user can be conducted interviews the setting of authority, and the authority is limited
It is processed to be cancelled, or owner is by the latch-release after screen locking.
The present invention has following beneficial effect:
(1) by technical scheme, company and tissue can monitor the whereabouts of user in internal network with it,
And access of the user to computer can be controlled.
(2) by technical scheme, constantly user identity can be authenticated, constantly protects and monitor and use
The situation that family account number/password is stolen by the blabber of hacker or organization internal.
(3) technical scheme, system manager can monitor user in current internal network by administration interface
The login situation of account number, understands possible account and gives away secrets case in time, and then takes action and prevent the infringement row for the person of stealing secret information
For.
In a word, the present invention can carry out net comprehensively and in real time from man-machine interaction and user's physiological behavior aspect
Network is protected, with higher accuracy rate.
In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment
The part of detailed description, may refer to the associated description of other embodiment.
The modules in technical scheme in the present invention can be realized by terminal or miscellaneous equipment.The meter
Calculation machine terminal includes processor and memory.The memory is used to store programmed instruction/module in the present invention, the processing
Device is stored in programmed instruction/module in memory by operation, realizes corresponding function of the present invention.
Part or the technical scheme that technical scheme in the present invention substantially contributes to prior art in other words
All or part can be embodied in the form of software product, the computer software product is stored in storage medium, bag
Some instructions are included to so that one or more computer equipment (can be personal computer, server or network equipment etc.) is held
The all or part of step of each embodiment methods described of the row present invention.
The division of heretofore described module/unit, only a kind of division of logic function can have another when actually realizing
Outer dividing mode, such as multiple units or component can combine or be desirably integrated into another system, or some features can
To ignore, or do not perform.Some or all of module/unit therein can be selected according to the actual needs realizes this to reach
The purpose of scheme of the invention.
In addition, each module/unit in each embodiment of the invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as protection scope of the present invention.
Claims (10)
1. a kind of identity identifying method, it is characterised in that methods described includes:
The biological data of user is obtained, the biological data includes user to the shift action data of mouse and to key
The hammer action data of disk;
By biological data analyzing and processing generation target signature information;
The target signature information and fixed reference feature information are contrasted, if the target signature information is deposited with the fixed reference feature information
In deviation, then the deviation and the relation of multiple threshold ranges of setting are judged;The fixed reference feature information includes user to mouse
The mobile characteristic information corresponding with the behavioral characteristic tapped to keyboard of mark;
The identity of user according to judged result certification.
2. according to the method described in claim 1, it is characterised in that described to judge the deviation and multiple threshold ranges of setting
Relation include:
First threshold scope is set, if the deviation is located at the first threshold scope, certification active user is real user;
Second Threshold scope is set, if the deviation is located at the Second Threshold scope, alarm signal is sent, certification is currently used
Family is user to be identified, proceeds the comparison of target signature information and fixed reference feature information;
The 3rd threshold range is set, if the deviation is located at the 3rd threshold range, certification active user is erroneous user,
Locking signal is sent, the client end interface of user's current operation is locked.
3. according to the method described in claim 1, it is characterised in that the contrast target signature information is believed with fixed reference feature
Breath, includes before:
Obtain user's a large amount of actions moved to mouse and a large amount of actions tapped to keyboard that client is collected;
It is raw by analyzing a large amount of action messages that user moves to mouse and a large amount of action messages tapped to keyboard
Into the fixed reference feature information;
Or including:
Obtain the Training scene of user on the client and be trained the training data drawn;
The fixed reference feature information is generated according to the information of the training data.
4. according to the method described in claim 1, it is characterised in that obtain the biological data of user, include before:
Also include:Judge whether user have input biological data, if so, then gathering the biological information number by client
According to.
5. according to the method described in claim 1, it is characterised in that also include:
User's identity judged result each time and the target signature information gathered each time are stored in the form of a list;
Inspect the passing log-on message and authentication information of the user.
6. a kind of identity authorization system, it is characterised in that including:
Biological information acquisition module, the biological data for obtaining user;The biological data includes user to mouse
Target shift action data and the hammer action data to keyboard;
Biological information modular converter, for biological data analyzing and processing to be generated into target signature information;
Feature comparing module, for contrasting the target signature information and fixed reference feature information, if the target signature information with
There is deviation in the fixed reference feature information, then judge the deviation and the relation of multiple threshold ranges of setting;The reference is special
Reference breath includes user and moves characteristic information corresponding with the behavioral characteristic tapped to keyboard to mouse;
Identity judge module, the identity for the user according to judged result certification.
7. system according to claim 6, it is characterised in that the identity judge module includes:
First threshold judging unit, for setting first threshold scope, if the deviation is located at the first threshold scope, recognizes
Card active user is real user;
Second Threshold judging unit, for setting Second Threshold scope, if the deviation is located at the Second Threshold scope, sends out
Go out alarm signal, certification active user is user to be identified, proceeds the comparison of target signature information and fixed reference feature information;
3rd threshold decision unit, for setting the 3rd threshold range, if the deviation is located at the 3rd threshold range, recognizes
Card active user is erroneous user, sends locking signal, and the client end interface of user's current operation is locked.
8. system according to claim 6, it is characterised in that the feature comparing module includes:
Collection acts acquiring unit, for obtaining a large amount of actions that the user that client is collected moves to mouse and right
A large amount of actions that keyboard is tapped;
First fixed reference feature generation unit, for by analyzing a large amount of action messages that user moves to mouse and to keyboard
The a large amount of action messages tapped, generate the fixed reference feature information.
Or including:
Training data acquisition module, obtains the Training scene of user on the client and is trained the training data drawn;
Second fixed reference feature generation unit, the fixed reference feature information is generated according to the information of the training data.
9. system according to claim 6, it is characterised in that biological information acquisition module includes:Biological information input is sentenced
Disconnected unit, for judging whether user have input biological data, if so, then gathering the biological information number by client
According to.
10. system according to claim 6, it is characterised in that also include:
First memory module, for the identity judged result of user each time to be stored in the form of a list;
Second memory module, for the target signature information gathered each time to be stored in the form of a list;
Information inspects module, passing log-on message and authentication information for inspecting the user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710325270.3A CN107317682A (en) | 2017-05-10 | 2017-05-10 | A kind of identity identifying method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710325270.3A CN107317682A (en) | 2017-05-10 | 2017-05-10 | A kind of identity identifying method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107317682A true CN107317682A (en) | 2017-11-03 |
Family
ID=60185183
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710325270.3A Pending CN107317682A (en) | 2017-05-10 | 2017-05-10 | A kind of identity identifying method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107317682A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109636233A (en) * | 2018-12-20 | 2019-04-16 | 四川新网银行股份有限公司 | The method and system of comparison threshold value identification behavioural characteristic confidence level based on building |
CN109784015A (en) * | 2018-12-27 | 2019-05-21 | 腾讯科技(深圳)有限公司 | A kind of authentication identifying method and device |
CN111310150A (en) * | 2020-01-19 | 2020-06-19 | 湖北工程学院新技术学院 | Security authentication system based on security computer |
CN111541695A (en) * | 2020-04-24 | 2020-08-14 | 太仓红码软件技术有限公司 | Firewall system based on operation authentication |
CN112100598A (en) * | 2020-09-08 | 2020-12-18 | 紫光云(南京)数字技术有限公司 | Method and device for identifying login authentication through mouse and keyboard knocking rhythm |
CN112168176A (en) * | 2019-06-12 | 2021-01-05 | 京东方科技集团股份有限公司 | Identity recognition method, device and equipment based on electrocardiosignals |
CN112966244A (en) * | 2021-04-07 | 2021-06-15 | 中国南方电网有限责任公司 | Multi-dimensional power grid information system access control method, system and storage medium |
CN113132408A (en) * | 2021-04-29 | 2021-07-16 | 中原工学院 | Network information security intrusion detection method |
CN116633586A (en) * | 2023-04-07 | 2023-08-22 | 北京胜博雅义网络科技有限公司 | Identification authentication analysis system based on Internet of things |
CN112168176B (en) * | 2019-06-12 | 2024-03-19 | 京东方科技集团股份有限公司 | Electrocardiosignal-based identity recognition method, device and equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101833619A (en) * | 2010-04-29 | 2010-09-15 | 西安交通大学 | Method for judging identity based on keyboard-mouse crossed certification |
CN104318138A (en) * | 2014-09-30 | 2015-01-28 | 杭州同盾科技有限公司 | Method and device for verifying identity of user |
CN105450412A (en) * | 2014-08-19 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Identity authentication method and device |
CN105930703A (en) * | 2016-07-07 | 2016-09-07 | 四川农业大学 | Mouse and keyboard double-index type composite security identity identification system |
CN105991281A (en) * | 2015-02-04 | 2016-10-05 | 中国移动通信集团公司 | Identity authentication method, equipment and system |
-
2017
- 2017-05-10 CN CN201710325270.3A patent/CN107317682A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101833619A (en) * | 2010-04-29 | 2010-09-15 | 西安交通大学 | Method for judging identity based on keyboard-mouse crossed certification |
CN105450412A (en) * | 2014-08-19 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Identity authentication method and device |
CN104318138A (en) * | 2014-09-30 | 2015-01-28 | 杭州同盾科技有限公司 | Method and device for verifying identity of user |
CN105991281A (en) * | 2015-02-04 | 2016-10-05 | 中国移动通信集团公司 | Identity authentication method, equipment and system |
CN105930703A (en) * | 2016-07-07 | 2016-09-07 | 四川农业大学 | Mouse and keyboard double-index type composite security identity identification system |
Non-Patent Citations (1)
Title |
---|
王振辉等: "基于鼠标和键盘行为特征组合的用户身份认证", 《计算机应用于软件》 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109636233A (en) * | 2018-12-20 | 2019-04-16 | 四川新网银行股份有限公司 | The method and system of comparison threshold value identification behavioural characteristic confidence level based on building |
CN109784015A (en) * | 2018-12-27 | 2019-05-21 | 腾讯科技(深圳)有限公司 | A kind of authentication identifying method and device |
CN109784015B (en) * | 2018-12-27 | 2023-05-12 | 腾讯科技(深圳)有限公司 | Identity authentication method and device |
CN112168176B (en) * | 2019-06-12 | 2024-03-19 | 京东方科技集团股份有限公司 | Electrocardiosignal-based identity recognition method, device and equipment |
CN112168176A (en) * | 2019-06-12 | 2021-01-05 | 京东方科技集团股份有限公司 | Identity recognition method, device and equipment based on electrocardiosignals |
CN111310150B (en) * | 2020-01-19 | 2023-04-21 | 湖北工程学院新技术学院 | Security authentication system based on security computer |
CN111310150A (en) * | 2020-01-19 | 2020-06-19 | 湖北工程学院新技术学院 | Security authentication system based on security computer |
CN111541695A (en) * | 2020-04-24 | 2020-08-14 | 太仓红码软件技术有限公司 | Firewall system based on operation authentication |
CN112100598A (en) * | 2020-09-08 | 2020-12-18 | 紫光云(南京)数字技术有限公司 | Method and device for identifying login authentication through mouse and keyboard knocking rhythm |
CN112966244A (en) * | 2021-04-07 | 2021-06-15 | 中国南方电网有限责任公司 | Multi-dimensional power grid information system access control method, system and storage medium |
CN112966244B (en) * | 2021-04-07 | 2023-10-10 | 中国南方电网有限责任公司 | Multi-dimensional power grid information system access control method, system and storage medium |
CN113132408A (en) * | 2021-04-29 | 2021-07-16 | 中原工学院 | Network information security intrusion detection method |
CN116633586A (en) * | 2023-04-07 | 2023-08-22 | 北京胜博雅义网络科技有限公司 | Identification authentication analysis system based on Internet of things |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107317682A (en) | A kind of identity identifying method and system | |
Hady et al. | Intrusion detection system for healthcare systems using medical and network data: A comparison study | |
US10069852B2 (en) | Detection of computerized bots and automated cyber-attack modules | |
AU2021254670B2 (en) | Systems and methods for providing security via interactive media | |
Zhu et al. | Data mining for network intrusion detection: a comparison of alternative methods | |
Traore et al. | Combining mouse and keystroke dynamics biometrics for risk-based authentication in web environments | |
He et al. | Intrusion detection based on stacked autoencoder for connected healthcare systems | |
EP2069993A2 (en) | Security system and method for detecting intrusion in a computerized system | |
CN106716958A (en) | Lateral movement detection | |
Ahmed et al. | Detecting Computer Intrusions Using Behavioral Biometrics. | |
Mikhail et al. | A semi-boosted nested model with sensitivity-based weighted binarization for multi-domain network intrusion detection | |
WO2016045225A1 (en) | Password fault tolerance method based on mouse behaviour | |
CN106817342A (en) | Active identity authorization system based on user behavior feature recognition | |
Snehi et al. | Global intrusion detection environments and platform for anomaly-based intrusion detection systems | |
Yampolskiy | Human computer interaction based intrusion detection | |
CN109995751B (en) | Internet access equipment marking method and device, storage medium and computer equipment | |
Ramasubramanian et al. | A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system | |
CN116938590A (en) | Cloud security management method and system based on virtualization technology | |
Garg et al. | A user behavior monitoring and profiling scheme for masquerade detection | |
Nagarajan et al. | Optimization of BPN parameters using PSO for intrusion detection in cloud environment | |
Yampolskiy et al. | Direct and indirect human computer interaction based biometrics. | |
Onyesolu et al. | Enhancing security in a distributed examination using biometrics and distributed firewall system | |
CN113923036A (en) | Block chain information management method and device of continuous immune safety system | |
CN110287664A (en) | A kind of identity identifying method being characterized selection based on multirow | |
US20220174079A1 (en) | Cybersecurity predictive detection using computer input device patterns |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20171229 Address after: Green Ting Road Yuhang District Cang Qian street of Hangzhou city Zhejiang province 310000 No. 1 Building 1 room 498 Applicant after: Zhejiang Yi Tu Technology Co., Ltd. Address before: 063000 Jidong News Center, No. 170, Jianshe Road 170, north of Tangshan City Road, Hebei Province, 1909 Applicant before: Shi Zhan |
|
TA01 | Transfer of patent application right | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171103 |
|
RJ01 | Rejection of invention patent application after publication |