CN108234454B - Identity authentication method, server and client device - Google Patents
Identity authentication method, server and client device Download PDFInfo
- Publication number
- CN108234454B CN108234454B CN201711331515.XA CN201711331515A CN108234454B CN 108234454 B CN108234454 B CN 108234454B CN 201711331515 A CN201711331515 A CN 201711331515A CN 108234454 B CN108234454 B CN 108234454B
- Authority
- CN
- China
- Prior art keywords
- behavior
- attribute information
- client device
- legal
- identity authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention discloses an identity authentication method, a server and client equipment. The method comprises the following steps: the server receives first behavior attribute information sent by the client device, similarity matching is carried out on the first behavior attribute information and legal samples in a legal sample set, and if matching fails, an explicit identity authentication request message is sent to the client device. By the method, the first behavior attribute information is information generated by the user operating the client, even if a malicious user falsely uses the account information of the user, the malicious user is difficult to imitate or steal the operation information of the original user, and therefore the malicious user can be identified due to the fact that the behavior attribute is different from that of the original user in the using process, the problem that the account information is falsely used can be effectively avoided, the reliability of identity authentication is improved, and the information safety of the user can be further guaranteed.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an identity authentication method, a server, and a client device.
Background
With the development of internet and electronic commerce, computer network applications have penetrated all industries, and global informatization has become a major trend of human development. In recent years, the network security problem is particularly severe, and it is not rare that a user is frequently attacked by hackers, trojans and malicious software, a bank account is stolen, funds are stolen, and the identity of the user is falsely used. Therefore, ensuring the reliability of the user identity in the internet is an important issue.
At present, the common identity authentication methods include static passwords, smart cards, dynamic passwords, short message passwords, digital signatures, biometric identification and the like, and it is considered that these authentication methods usually identify the user identity in the user login process, and do not continuously identify the user identity after the user login. Taking the static password as an example, when a user logs in by using the static password, an account name and a corresponding static password need to be input, and the authentication system can identify the identity of the user through the account name and the corresponding static password input by the user. However, by adopting the authentication method, once the mobile phone of the user is lost and the account number logged in by the user is still in the login state, the malicious user can falsely use the account number information of the user.
Based on this, there is a need for an identity authentication method for solving the problem in the prior art that account information is falsely used after a terminal is lost.
Disclosure of Invention
The embodiment of the invention provides an identity authentication method, a server and client equipment, and aims to solve the technical problem that account information is falsely used after a terminal is lost in the prior art.
The invention provides an identity authentication method, which comprises the following steps:
the server receives first behavior attribute information sent by the client equipment; the first behavior attribute information is information which is acquired by the client device within a preset time period and is generated by the client device through user operation;
the server carries out similarity matching on the first behavior attribute information and legal samples in a legal sample set, and if matching fails, an explicit identity authentication request message is sent to the client equipment; the legal sample set is a set of behavior attribute information collected by the client device after identity authentication.
Optionally, the method further comprises:
the server receives an explicit identity authentication response message sent by the client equipment;
and the server determines that the explicit identity authentication passes according to the explicit identity authentication response message, then takes the first behavior attribute information as a special sample, and adds the special sample into the legal sample set.
Optionally, the performing, by the server, similarity matching between the first behavior attribute information and a legal sample in a legal sample set includes:
the server determines that matching fails when determining that the first behavior attribute information satisfies the following conditions:
the server determines that a first similarity value is smaller than a first threshold value, wherein the first similarity value is a similarity value between the first behavior attribute information and an average value of legal samples in the legal sample set;
and the number of the first and second electrodes,
the server determines that a second similarity value is less than a second threshold, the second similarity value being a similarity value between the first behavior attribute information and each particular sample in the set of legal samples.
Optionally, the method further comprises:
and if the matching is successful, the server takes the first behavior attribute information as a legal sample and adds the legal sample to the legal sample set.
The embodiment of the invention provides an identity authentication method, which comprises the following steps:
the client equipment sends first behavior attribute information to the server; the first behavior attribute information is information which is acquired by the client device within a preset time period and is generated by the client device through user operation;
the client device receives an explicit identity authentication request message sent by the server, wherein the explicit identity authentication request message is sent when the server fails to perform similarity matching on the first behavior attribute information and legal samples in a legal sample set, and the legal sample set is a set of behavior attribute information collected by the client device after identity authentication.
An embodiment of the present invention provides a server, where the server includes:
the receiving unit is used for receiving first behavior attribute information sent by the client equipment; the first behavior attribute information is information which is acquired by the client device within a preset time period and is generated by the client device through user operation;
the processing unit is used for carrying out similarity matching on the first behavior attribute information and legal samples in a legal sample set; the legal sample set is a set of behavior attribute information collected by the client equipment after identity authentication is passed;
and the sending unit is used for sending an explicit identity authentication request message to the client equipment after the processing unit determines that the matching fails.
Optionally, the receiving unit is further configured to:
receiving an explicit identity authentication response message sent by the client equipment;
and the processing unit is further configured to, after determining that the explicit identity authentication passes according to the explicit identity authentication response message, use the first behavior attribute information as a special sample, and add the special sample to the legal sample set.
Optionally, the processing unit is specifically configured to:
determining that the matching fails when the first behavior attribute information is determined to satisfy the following condition:
determining that a first similarity value is smaller than a first threshold, the first similarity value being a similarity value between the first behavior attribute information and an average value of legal samples in the set of legal samples;
and the number of the first and second electrodes,
determining that a second similarity value is less than a second threshold, the second similarity value being a similarity value between the first behavior attribute information and each particular sample in the set of legal samples.
Optionally, the processing unit is further configured to:
and if the matching is determined to be successful, adding the first behavior attribute information serving as a legal sample to the legal sample set.
An embodiment of the present invention provides a client device, where the client device includes:
a sending unit, configured to send first behavior attribute information to a server; the first behavior attribute information is information which is acquired by the client device within a preset time period and is generated by the client device through user operation;
a receiving unit, configured to receive an explicit identity authentication request message sent by the server, where the explicit identity authentication request message is sent when the server fails to perform similarity matching between the first behavior attribute information and a legal sample in a legal sample set, and the legal sample set is a set of behavior attribute information acquired by the client device after identity authentication.
An embodiment of the present invention provides a computer-readable storage medium, which stores instructions that, when executed on a computer, enable the computer to implement the method described above.
An embodiment of the present invention provides a computer device, including:
a memory for storing program instructions;
and the processor is used for calling the program instructions stored in the memory and executing the method according to the obtained program.
In the embodiment of the invention, a server receives first behavior attribute information sent by client equipment, similarity matching is carried out on the first behavior attribute information and legal samples in a legal sample set, and if matching fails, an explicit identity authentication request message is sent to the client equipment. The first behavior attribute information is information which is collected by the client device within a preset time period and is generated by the client device through user operation; the legal sample set is a set of behavior attribute information collected by the client device after identity authentication. In the embodiment of the invention, the server continues to receive the information generated by the user operating the client equipment after the user successfully logs in, and the received information is subjected to similarity matching with the legal sample.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a system architecture diagram illustrating an embodiment of the present invention;
fig. 2 is a schematic flow chart of an identity authentication method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a preset time period according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an overall flow involved in an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a server according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a client device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 illustrates a schematic diagram of a system architecture used by an embodiment of the present invention, and as shown in fig. 1, a system architecture to which an embodiment of the present invention is applicable includes a server 101, one or more client devices, such as a client device 102, a client device 103, and a client device 104 shown in fig. 1. The server and the client device 102, 103, 104 may communicate via a network, for example, the server 101 may send an explicit authentication request message to any of the client device 102, 103, 104, and any of the client devices may return an explicit authentication response message according to the explicit authentication request message.
In the embodiment of the present invention, the client device may be multiple types of devices, for example, a smart phone, a tablet computer, a notebook computer, and the like.
Based on the system architecture shown in fig. 1, fig. 2 is a schematic flow chart corresponding to an identity authentication method provided in an embodiment of the present invention, and as shown in fig. 2, the method specifically includes the following steps:
in step 201, the client device sends first behavior attribute information to the server.
In step 202, the server receives the first behavior attribute information sent by the client device.
In step 204, the client device receives the explicit authentication request message sent by the server.
In the embodiment of the invention, the server continues to receive the information generated by the user operating the client equipment after the user successfully logs in, and the received information is subjected to similarity matching with the legal sample.
Before step 201 is executed, the embodiment of the present invention needs to generate a legal sample set in advance, where the legal sample set is a set of behavior attribute information collected by the client device after passing explicit identity authentication. Specifically, after the user passes identity authentication, for example, after logging in an account by using an explicit identity authentication method, the client device collects behavior attribute information of the user in a login process, and uses the collected behavior attribute information as a legal sample. The explicit identity authentication is an authentication method requiring a user to input a password, such as an account name and a corresponding static password, a card number and a corresponding static password, a mobile phone number and a corresponding short message verification code, and the like.
In one example, when a user logs in an application program by using a client device, for example, when the user logs in a mobile phone bank by using a smart phone, a bank card number and a password need to be input first, and when the input bank card number and the input password are correct, the user is determined to pass identity authentication; then, the smart phone can collect behavior attribute information in the user login process, and the collected behavior attribute information is used as a legal sample.
In the embodiment of the invention, the behavior attribute information is information generated by operating the client equipment by the user. Furthermore, considering that there may be information that has a small influence on the identity authentication in the information generated by the user operating the client device, the information generated by the user operating the client device can be screened, and the information that has a large influence on the identity authentication is used as the behavior attribute information, so that the behavior attribute information better conforms to the behavior characteristics of the user, and the accuracy of the behavior attribute information can be improved.
As shown in table 1, the information generated by the user operating the client device may include behavioral elements such as an IP address of the user, a location of the client device, a reading speed of the user, and a web page address. For the same user, the position of the IP address of the user is relatively fixed, so that the IP address can be used as a behavior element in the behavior attribute information; similarly, the reading speed of the user is a usage habit of the user, and therefore, can also be used as a behavior element in the behavior attribute information; the web page address may vary according to the requirement of the user, and therefore, the behavior attribute information may not include the web page address.
Table 1: whether information generated by a user operating a client device is used as an example of behavior attribute information
| Information generated by user operation of client device | Whether or not to act as behavior attribute information |
| IP address of user | Is that |
| Location of client device | Is that |
| User's readingRead speed | Is that |
| Web page address | Whether or not |
| …… | …… |
In step 201, the first behavior attribute information is information collected by the client device within a preset time period and generated by the client device through user operation.
In the embodiment of the present invention, the preset time period is any one of N time periods from when the user successfully logs in the account to before when the user logs in the account next time, as shown in fig. 3, a schematic diagram of the preset time period provided in the embodiment of the present invention may be equally divided into N time periods from when the user successfully logs in to when the user logs in next time, and the client device may collect information generated by the user operating the client device in the ith time period, and use the collected information as the first behavior attribute information. Wherein the attribute included in the first behavior attribute information is consistent with the attribute included in the behavior attribute in the legal sample.
It should be noted that what is shown in fig. 3 is only one possible implementation manner, and a person skilled in the art may determine the preset time period according to experience and actual conditions, and the preset time period is not limited in particular.
In step 202 and step 203, after receiving the first behavior attribute information sent by the client device, the server may perform similarity matching between the first behavior attribute information and the legal samples in the legal sample set in a variety of ways, and one possible implementation manner is to obtain a first similarity value between the first behavior attribute information and each legal sample for any one legal sample in the legal sample set.
Further, after the first similarity value is obtained by the method, there are various methods for determining that matching fails, for example, if it is determined that the first similarity value between the first behavior attribute information and each legal sample is smaller than a preset similarity threshold, matching fails; or, if it is determined that the number of the first similarity values between the first behavior attribute information and each legal sample, which is greater than or equal to a preset similarity threshold value, is smaller than a preset number threshold value, the matching fails. The preset similarity threshold and the preset number threshold may be determined by those skilled in the art according to experience and actual conditions, and are not particularly limited.
Another possible implementation manner is that an average value of the legal samples in the legal sample set is determined, a first similarity value between the first behavior attribute information and the average value of the legal samples in the legal sample set is obtained, whether the similarity value is smaller than a first threshold value or not is judged, and if the similarity value is smaller than the first threshold value, matching fails. The first threshold may be determined by a person skilled in the art based on experience and practical situations, and is not limited in particular. The following specifically describes a method for performing similarity matching by using an average value of legal samples, including the following steps:
step 301, determine the average of the legal samples in the set of legal samples.
Specifically, the legal samples are behavior attribute information collected by the client, and each legal sample comprises at least one behavior element. The behavior elements can be divided into numerical behavior elements and text behavior elements according to different attribute values of the behavior elements, for example, the reading speed of a user is 88.75 lines/min, and the reading speed of the user can be taken as the numerical behavior element because the attribute value of the behavior element is 88.75 lines/min which is the reading speed of the user is a numerical value; the position of the client device is 'qingxiu district' in Nanning city, and the attribute value of the action element 'the position of the client device' is 'qingxiu district' in Nanning city, and the attribute value is text, so the 'position of the client device' can be used as a text-type action element.
For a numerical behavior element, the average value of the attribute values of the numerical behavior element may be set as the average value of the behavior element. Taking the reading speed of the user as an example, as shown in table 2, the legal sample set includes 3 legal samples, where in legal sample 1, the reading speed of the user is "88.75 lines/min"; in legal sample 2, the reading speed of the user is "80.75 lines/min"; in the legal sample 3, the reading speed of the user is "84.75 lines/min", which can be obtained by using an average value calculation formula, and in the legal sample set, the average value of the reading speed of the user is "84.75 lines/min".
Table 2: an example of an average of numerical behavior elements
| Legal sample set | Reading speed of user |
| Legal sample 1 | 88.75 lines/min |
| Legal sample 2 | 80.75 lines/min |
| Legal sample 3 | 84.75 lines/min |
| Mean value of | 84.75 lines/min |
For a textual behavior element, the average of the textual behavior element may be determined based on a probability distribution of the attribute values of the textual behavior element. As shown in table 3, the legal sample set includes 3 legal samples, where in legal sample 1, the IP address of the user is "172.18.19.20", the city where the client device is located is "nanning", and the urban area where the client device is located is "qingxiu district"; in legal sample 2, the IP address of the user is "172.18.19.20", the city in which the client device is located is "nanning", and the urban area in which the client device is located is "qingxiu district"; in legal sample 3, the IP address of the user is "172.18.19.20", the city in which the client device is located is "nanning", and the urban area in which the client device is located is "south of the river". It can be seen that, in the above 3 legal samples, the probability that the user's IP address is "172.18.19.20" appears is 3 times, and the probability distribution of the user's IP address can be recorded as {172.18.19.20, 3 }; the probability that the city where the client device is located is 'Nanning' is 3 times, and the probability distribution of the city where the client device is located can be recorded as { Nanning, 3 }; the probability that the urban area where the client device is located is the 'qingxiu area' is 2 times, the probability that the urban area where the client device is located is the 'jiangnan area' is 1 time, and the probability distribution of the urban area where the client device is located can be recorded as { qingxiu area, 2; region of south of the river, 1 }.
Table 3: example of a probability distribution of textual behavior elements
| Legal sample set | IP address of user | City where client device is located | Urban area where client equipment is located |
| Legal sample 1 | 172.18.19.20 | Nanning (a Chinese character) | Qingxiu district |
| Legal sample 2 | 172.18.19.20 | Nanning (a Chinese character) | Qingxiu district |
| Legal sample 3 | 172.18.19.20 | Nanning (a Chinese character) | Region of south of the river |
| Probability distribution | {172.18.19.20,3} | { Nanning, 3} | { youth, 2; region of south of the Yangtze river, 1} |
Step 302, for each behavior element of a legal sample, determining a weight value of the behavior element.
In the embodiment of the invention, the distribution of the weight values of the behavior elements can be directly guided to the reliability and accuracy of identity authentication, and the existing weight value distribution mainly comprises two methods, namely a subjective weighting method based on the subjective judgment of a decision maker and an objective weighting method based on a decision matrix. The embodiment of the invention determines the weight value of the behavior element by taking a subjective weighting method as an example, and can avoid the influence of a decision matrix by adopting the subjective weighting method, thereby ensuring the consistency of decision thinking and improving the reasonability of weight value distribution.
In one example, as shown in table 4, an example of weight value assignment for a behavior element is shown, where the behavior element of a legal sample includes an IP address of a user, a city in which a client device is located, a city area in which the client device is located, and a reading speed of the user. The weight value of the IP address of the user may be set to 0.2, the weight value of the city where the client device is located may be set to 0.3, the weight value of the city where the client device is located may be set to 0.2, and the weight value of the reading speed of the user may be set to 0.3.
Table 4: an example of weight value assignment for a behavioral element
| Element of action | Weighted value |
| IP address of user | 0.2 |
| City where client device is located | 0.3 |
| Urban area where client equipment is located | 0.2 |
| Reading speed of user | 0.3 |
Table 4 is merely an example, and those skilled in the art may modify what is shown in table 4 according to experience and practical situations, and the details are not limited.
Step 303, determining a first similarity value between the first behavior attribute information and the average value of the legal sample according to the average value of the legal sample and the weight value of the behavior element.
In the embodiment of the present invention, after determining the average value of the numerical behavior element, the numerical behavior element may determine the difference value between the numerical behavior element in the first behavior attribute information and the legal sample according to the attribute value of the numerical behavior element in the first behavior attribute information and the average value of the numerical behavior element in the legal sample set, so as to determine the similarity value between the numerical behavior element and the legal sample. Specifically, for a numerical behavior element, the similarity value between the first behavior attribute information and the average value of the legal samples may be calculated by the following formula:
wherein, TsThe similarity value between the numerical behavior element in the first behavior attribute information and the average value of the corresponding numerical behavior elements in the legal sample is obtained; x is the attribute value of the numerical behavior element in the first behavior attribute information;
is the average value of the corresponding numerical behavior elements in the legal sample.
In one example, the numerical behavior element is the reading speed of the user, and the average value of the reading speed of the user in the legal sample set is 84.75 lines/min; in the first behavior attribute information, if the reading speed of the user is 50 lines/min, the similarity value between the reading speed of the user in the first behavior attribute and the average value of the reading speeds of the users in the legal sample set is 0.59 according to the above calculation formula.
In the embodiment of the present invention, after determining the probability distribution of the text-type behavior element, the similarity value between the text-type behavior element in the first behavior attribute information and the legal sample may be determined according to the attribute value of the text-type behavior element in the first behavior attribute information and the probability distribution of the text-type behavior element in the legal sample set. Specifically, for a text-type behavioral element, the similarity value between the first behavioral attribute information and the legal sample may be calculated by the following formula:
wherein, TwSimilarity values between the text-type behavior elements in the first behavior attribute information and the corresponding text-type behavior elements in the legal sample; y is the number of samples in the legal sample set which are the same as the attribute value of the text-type behavior element in the first behavior attribute information; and N is the total number of samples in the legal sample set. y is an integer of 0 or more, and N is an integer of 1 or more.
In one example, the text-based behavior element is a city area where the client device is located, and in the legal sample set, the probability distribution of the city area where the client device is located is { green show area, 2; region of south of the river, 1 }; in the first behavior attribute information, if the urban area where the client device is located is a qingxiu area, the similarity value between the urban area where the client device is located in the first behavior attribute and the urban area where the client device is located in the legal sample set is obtained according to the above calculation formula to be 0.67.
Further, after obtaining the similarity value between each behavior element in the first behavior attribute information and the corresponding behavior element in the legal sample set by using the above-described method, the first similarity value between the first behavior attribute information and the average value of the legal sample may be determined according to the weight value of each behavior element, and may specifically be calculated by the following formula:
wherein T is a first similarity value between the first behavior attribute information and the average value of the legal samples,
similarity between the ith numerical behavior element in the first behavior attribute information and a legal sample is obtained; omegaiThe weight value of the ith numerical behavior element in the first behavior attribute information is obtained;
similarity value between the jth text-type behavior element in the first behavior attribute information and a legal sample; omegajThe weight value of the jth text-type behavior element in the first behavior attribute information. i is an integer of 1 or more, and j is an integer of 1 or more.
The following illustrates a calculation method based on the first similarity value between the first behavior attribute information and the average value of the legal samples described above.
In one example, as shown in table 5, as an example of the first similarity value between the first behavior attribute information and the average value of the legal samples, if it is determined that the weight value of the IP address of the user is 0.2, the weight value of the city where the client device is located is 0.3, the weight value of the city where the client device is located is 0.2, the weight value of the reading speed of the user is 0.3, and it is determined that, in the set of legal samples, the probability distribution of the IP address of the user is {172.18.19.20, 3}, the probability distribution of the city where the client device is located is { nanning, 3}, and the probability distribution of the city where the client device is located is { qingxiu, 2; south of the Yangtze river, 1}, and the average value of the reading speed of the user is 84.75 lines/min, then the first similarity value between the first behavior attribute information and the average value of the legal samples is 0.798 according to the above calculation formula.
Table 5: an example of the first similarity value
It should be noted that the above-described calculation method is only an example provided by the embodiment of the present invention, and a person skilled in the art may modify the above-described method according to experience and practical situations, and the method is not limited in detail.
Step 304, judging whether the first similarity value is smaller than a first threshold value, if so, the matching fails; otherwise, the matching is successful.
Further, after executing step 204, after determining that the identity authentication passes according to the received explicit identity authentication response message sent by the client device, the server uses the first behavior attribute information as a special sample and adds the special sample to the legal sample set, and determines whether the number of legal samples in the legal sample set is greater than a preset sample number threshold, and if so, deletes the legal sample with longer storage time in the legal sample set until the number of the legal samples in the deleted legal sample set is not greater than the preset sample number threshold. The preset sample number threshold may be determined by those skilled in the art based on experience and practical situations, and is not limited specifically. By updating the legal sample set in this way, the legal samples with long storage time may not meet the current user behavior, so the first behavior attribute information passing the identity authentication each time is added into the legal sample set, and the legal samples with long storage time in the legal sample set are deleted, thereby improving the referential property of the legal sample set.
The embodiment of the invention provides another similarity matching method, which specifically comprises the following steps:
step one, after the server determines that the similarity matching between the first behavior attribute information and the legal samples in the legal sample set fails, determining whether special samples exist or not, and if so, executing step two; if not, executing step three.
And step two, the server carries out similarity matching on the first behavior attribute information and a special sample.
Specifically, if the server determines that only one special sample exists, determining a second similarity value between the first behavior attribute information and the special sample according to the first behavior attribute information and the special sample; and judging whether the second similarity value is smaller than a second threshold value, and if so, failing to match.
If the server determines that a plurality of special samples exist, determining a second similarity value of the first behavior attribute information and each special sample aiming at each special sample; and judging whether a second similarity value which is larger than or equal to the second threshold exists, if not, the matching fails.
In the embodiment of the present invention, the specific calculation method of the second similarity value may refer to the calculation method of the first similarity value, and details thereof are not repeated herein. The person skilled in the art may also determine the calculation method of the second similarity value according to experience and practical situations, and is not limited specifically.
And step three, if the server determines that the matching fails, sending an explicit identity authentication request message to the client equipment.
In order to describe the above identity authentication method more clearly, the flow involved in the embodiment of the present invention is generally described below with reference to fig. 4. As shown in fig. 4, the following steps may be included:
in step 401, the server receives first behavior attribute information sent by the client device.
At step 406, the server sends an explicit authentication request message to the client device.
In step 410, the server determines that the identity authentication fails, and returns to step 401.
In the embodiment of the invention, after the user logs in successfully, the server can continuously determine whether the user operating the client device is a malicious user or not according to the received information generated by the user operating the client device. By adopting the method, even if the account information of the user is falsely used by the malicious user, the malicious user is difficult to imitate or steal the operation information of the original user, so that the malicious user can be identified because the behavior attribute is different from that of the original user in the using process, the problem that the account information is falsely used can be effectively avoided, the reliability of identity authentication is improved, and the information safety of the user can be further ensured.
Based on the same concept, as shown in fig. 5, the server 500 according to the embodiment of the present invention includes a receiving unit 501, a processing unit 502, and a sending unit 503; wherein the content of the first and second substances,
a receiving unit 501, configured to receive first behavior attribute information sent by a client device; the first behavior attribute information is information which is acquired by the client device within a preset time period and is generated by the client device through user operation;
a processing unit 502, configured to perform similarity matching between the first behavior attribute information and a legal sample in a legal sample set; the legal sample set is a set of behavior attribute information collected by the client equipment after identity authentication is passed;
a sending unit 503, configured to send an explicit identity authentication request message to the client device after the processing unit determines that the matching fails.
Optionally, the receiving unit 501 is further configured to:
receiving an explicit identity authentication response message sent by the client equipment;
and the processing unit is further configured to, after determining that the explicit identity authentication passes according to the explicit identity authentication response message, use the first behavior attribute information as a special sample, and add the special sample to the legal sample set.
Optionally, the processing unit 502 is specifically configured to:
determining that the matching fails when the first behavior attribute information is determined to satisfy the following condition:
determining that a first similarity value is smaller than a first threshold, the first similarity value being a similarity value between the first behavior attribute information and an average value of legal samples in the set of legal samples;
and the number of the first and second electrodes,
determining that a second similarity value is less than a second threshold, the second similarity value being a similarity value between the first behavior attribute information and each particular sample in the set of legal samples.
Optionally, the processing unit 502 is further configured to:
and if the matching is determined to be successful, adding the first behavior attribute information serving as a legal sample to the legal sample set.
Based on the same inventive concept, an embodiment of the present invention further provides a client device, as shown in fig. 6, the client device 600 includes a receiving unit 601, a sending unit 602; wherein the content of the first and second substances,
a sending unit 601, configured to send first behavior attribute information to a server; the first behavior attribute information is information which is acquired by the client device within a preset time period and is generated by the client device through user operation;
a receiving unit 602, configured to receive an explicit identity authentication request message sent by the server, where the explicit identity authentication request message is sent when the server fails to perform similarity matching between the first behavior attribute information and a legal sample in a legal sample set, and the legal sample set is a set of behavior attribute information acquired by the client device after identity authentication.
An embodiment of the present invention provides a computer-readable storage medium, which stores instructions that, when executed on a computer, enable the computer to implement the method described above.
An embodiment of the present invention provides a computer device, including:
a memory for storing program instructions;
and the processor is used for calling the program instructions stored in the memory and executing the method according to the obtained program.
In the embodiment of the invention, a server receives first behavior attribute information sent by client equipment, similarity matching is carried out on the first behavior attribute information and legal samples in a legal sample set, and if matching fails, an explicit identity authentication request message is sent to the client equipment. The first behavior attribute information is information which is collected by the client device within a preset time period and is generated by the client device through user operation; the legal sample set is a set of behavior attribute information collected by the client device after identity authentication. In the embodiment of the invention, the server continues to receive the information generated by the user operating the client equipment after the user successfully logs in, and the received information is subjected to similarity matching with the legal sample.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (8)
1. An identity authentication method, the method comprising:
the server receives first behavior attribute information sent by the client equipment; the first behavior attribute information is information which is acquired by the client device within a preset time period and is generated by the client device through the operation of a user, the first behavior attribute information comprises a numerical behavior element and a text behavior element, the numerical behavior element describes the behavior of the client device through a numerical value, and the text behavior element describes the behavior of the client device through a text;
the server determines that the first similarity value is smaller than a first threshold value, and determines that the second similarity value is smaller than a second threshold value, if the matching fails, the server sends an explicit identity authentication request message to the client device;
the first similarity value is determined according to the average value of the numerical behavior elements of the first behavior attribute information and the probability distribution of the text type behavior elements, and is respectively determined according to the similarity value between the average value of the numerical behavior elements of the legal samples in the legal sample set and the probability distribution of the text type behavior elements;
the second similarity value is a similarity value between the first behavior attribute information and each special sample in the legal sample set, and the legal sample set is a set of behavior attribute information acquired by the client device after identity authentication;
the server receives an explicit identity authentication response message sent by the client equipment;
and the server determines that the explicit identity authentication passes according to the explicit identity authentication response message, then takes the first behavior attribute information as a special sample, and adds the special sample into the legal sample set.
2. The method of claim 1, further comprising:
and if the matching is successful, the server takes the first behavior attribute information as a legal sample and adds the legal sample to the legal sample set.
3. An identity authentication method, the method comprising:
the client equipment sends first behavior attribute information to the server; the first behavior attribute information is information generated by the client device when a user operates the client device and collected by the client device within a preset time period, the first behavior attribute information comprises a numerical behavior element and a text behavior element, the numerical behavior element describes the behavior of the client device through numerical values, and the text behavior element describes the behavior of the client device through texts;
the client device receives an explicit identity authentication request message sent by the server, wherein the explicit identity authentication request message is sent when the server fails to perform similarity matching on the average value of the numerical behavior elements and the probability distribution of the text behavior elements of the first behavior attribute information and the average value of the numerical behavior elements and the probability distribution of the text behavior elements of legal samples in a legal sample set respectively, and the first behavior attribute information fails to perform similarity matching with each special sample in the legal sample set, and the legal sample set is a set of behavior attribute information collected by the client device after identity authentication.
4. A server, characterized in that the server comprises:
the receiving unit is used for receiving first behavior attribute information sent by the client equipment; the first behavior attribute information is information which is acquired by the client device within a preset time period and is generated by the client device through the operation of a user, the first behavior attribute information comprises a numerical behavior element and a text behavior element, the numerical behavior element describes the behavior of the client device through a numerical value, and the text behavior element describes the behavior of the client device through a text;
a processing unit, configured to determine that a first similarity value is smaller than a first threshold, and determine that a second similarity value is smaller than a second threshold, where the first similarity value is determined according to similarity values between an average value of the numerical behavior elements of the first behavior attribute information and a probability distribution of the text type behavior elements, and an average value of the numerical behavior elements of the legal samples in the legal sample set and a probability distribution of the text type behavior elements, respectively; the second similarity value is a similarity value between the first behavior attribute information and each particular sample in the set of legal samples; the legal sample set is a set of behavior attribute information collected by the client equipment after identity authentication is passed;
a sending unit, configured to send an explicit identity authentication request message to the client device after the processing unit determines that the matching fails;
the receiving unit is further configured to receive an explicit identity authentication response message sent by the client device;
and the processing unit is further configured to, after determining that the explicit identity authentication passes according to the explicit identity authentication response message, use the first behavior attribute information as a special sample, and add the special sample to the legal sample set.
5. The server according to claim 4, wherein the processing unit is further configured to:
and if the matching is determined to be successful, adding the first behavior attribute information serving as a legal sample to the legal sample set.
6. A client device, the client device comprising:
a sending unit, configured to send first behavior attribute information to a server; the first behavior attribute information is information generated by the client device when a user operates the client device and collected by the client device within a preset time period, the first behavior attribute information comprises a numerical behavior element and a text behavior element, the numerical behavior element describes the behavior of the client device through numerical values, and the text behavior element describes the behavior of the client device through texts;
a receiving unit, configured to receive an explicit identity authentication request message sent by the server, where the explicit identity authentication request message is sent when the server fails to perform similarity matching on the average value of the numerical behavior elements and the probability distribution of the text behavior elements of the first behavior attribute information and the average value of the numerical behavior elements and the probability distribution of the text behavior elements of the legal sample in a legal sample set, and the first behavior attribute information fails to perform similarity matching with each special sample in the legal sample set, and the legal sample set is a set of behavior attribute information collected by the client device after identity authentication.
7. A computer-readable storage medium having stored thereon instructions which, when executed on a computer, cause the computer to carry out the method of any one of claims 1 to 3.
8. A computer device, comprising:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to execute the method of any of claims 1 to 3 in accordance with the obtained program.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711331515.XA CN108234454B (en) | 2017-12-13 | 2017-12-13 | Identity authentication method, server and client device |
| PCT/CN2018/092950 WO2019114246A1 (en) | 2017-12-13 | 2018-06-26 | Identity authentication method, server and client device |
| TW107127944A TWI701932B (en) | 2017-12-13 | 2018-08-10 | Identity authentication method, server and client equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711331515.XA CN108234454B (en) | 2017-12-13 | 2017-12-13 | Identity authentication method, server and client device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108234454A CN108234454A (en) | 2018-06-29 |
| CN108234454B true CN108234454B (en) | 2020-12-18 |
Family
ID=62652128
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711331515.XA Active CN108234454B (en) | 2017-12-13 | 2017-12-13 | Identity authentication method, server and client device |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN108234454B (en) |
| TW (1) | TWI701932B (en) |
| WO (1) | WO2019114246A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109151518B (en) * | 2018-08-06 | 2021-02-02 | 武汉斗鱼网络科技有限公司 | Stolen account identification method and device and electronic equipment |
| CN110570199B (en) * | 2019-07-24 | 2022-10-11 | 中国科学院信息工程研究所 | User identity detection method and system based on user input behaviors |
| CN111083141A (en) * | 2019-12-13 | 2020-04-28 | 广州市百果园信息技术有限公司 | Method, device, server and storage medium for identifying counterfeit account |
| CN111062014A (en) * | 2019-12-24 | 2020-04-24 | 中国银行股份有限公司 | Security authentication method and device and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010131333A1 (en) * | 2009-05-12 | 2010-11-18 | パイオニア株式会社 | Content search device, content search method, content search program, and recording medium |
| CN106301778A (en) * | 2015-05-19 | 2017-01-04 | 中兴通讯股份有限公司 | Auth method, device, system and user terminal |
| CN106384027A (en) * | 2016-09-05 | 2017-02-08 | 四川长虹电器股份有限公司 | User identity recognition system and recognition method thereof |
| CN106603327A (en) * | 2016-11-29 | 2017-04-26 | 上海亿账通互联网科技有限公司 | Behavior data analysis method and device |
| JP6203116B2 (en) * | 2014-05-20 | 2017-09-27 | ヤフー株式会社 | Notary providing device, notary providing method and program |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101299762B (en) * | 2008-06-20 | 2011-08-17 | 北京中星微电子有限公司 | Identification authentication method and apparatus |
| JP2012219796A (en) * | 2011-04-14 | 2012-11-12 | Nissan Motor Co Ltd | Combustion chamber of internal combustion engine |
| CN104579668B (en) * | 2013-10-28 | 2018-12-11 | 深圳市腾讯计算机系统有限公司 | The verification method and cipher protection apparatus and verifying system of a kind of user identity |
| CN105100376A (en) * | 2014-05-16 | 2015-11-25 | 中国移动通信集团湖南有限公司 | Identity authentication method and apparatus |
-
2017
- 2017-12-13 CN CN201711331515.XA patent/CN108234454B/en active Active
-
2018
- 2018-06-26 WO PCT/CN2018/092950 patent/WO2019114246A1/en active Application Filing
- 2018-08-10 TW TW107127944A patent/TWI701932B/en active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010131333A1 (en) * | 2009-05-12 | 2010-11-18 | パイオニア株式会社 | Content search device, content search method, content search program, and recording medium |
| JP6203116B2 (en) * | 2014-05-20 | 2017-09-27 | ヤフー株式会社 | Notary providing device, notary providing method and program |
| CN106301778A (en) * | 2015-05-19 | 2017-01-04 | 中兴通讯股份有限公司 | Auth method, device, system and user terminal |
| CN106384027A (en) * | 2016-09-05 | 2017-02-08 | 四川长虹电器股份有限公司 | User identity recognition system and recognition method thereof |
| CN106603327A (en) * | 2016-11-29 | 2017-04-26 | 上海亿账通互联网科技有限公司 | Behavior data analysis method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108234454A (en) | 2018-06-29 |
| TWI701932B (en) | 2020-08-11 |
| TW201929481A (en) | 2019-07-16 |
| WO2019114246A1 (en) | 2019-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108156237B (en) | Product information pushing method and device, storage medium and computer equipment | |
| CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
| US10785134B2 (en) | Identifying multiple devices belonging to a single user | |
| CN108234454B (en) | Identity authentication method, server and client device | |
| CN111404887B (en) | Service processing method and device | |
| CN106650350B (en) | Identity authentication method and system | |
| CN107809371B (en) | Shared resource display method and device | |
| CN108650260B (en) | Malicious website identification method and device | |
| CN107451819B (en) | Identity verification method and device based on user operation behavior characteristics | |
| CN104980402B (en) | Method and device for identifying malicious operation | |
| JP7014898B2 (en) | ID authentication method, device, server and computer readable medium | |
| CN107871279A (en) | User ID authentication method and application server | |
| CN108985048B (en) | Simulator identification method and related device | |
| AU2017273371B2 (en) | Method and device for preventing server from being attacked | |
| CN110798488A (en) | Web application attack detection method | |
| CN108763251B (en) | Personalized recommendation method and device for nuclear product and electronic equipment | |
| CN111027065B (en) | Leucavirus identification method and device, electronic equipment and storage medium | |
| CN110943989B (en) | Equipment identification method and device, electronic equipment and readable storage medium | |
| CN107995167B (en) | Equipment identification method and server | |
| CN107679865B (en) | Identity verification method and device based on touch area | |
| CN112100604A (en) | Terminal equipment information processing method and device | |
| CN114710468A (en) | Domain name generation and identification method, device, equipment and medium | |
| CN114841698A (en) | Transaction information processing method and device and computer readable storage medium | |
| Digwal et al. | Detection of phishing website based on deep learning | |
| CN111209552A (en) | Identity authentication method and device based on user behaviors |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1255860 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |