CN109560937A - Command identifying method, device and computer readable storage medium - Google Patents
Command identifying method, device and computer readable storage medium Download PDFInfo
- Publication number
- CN109560937A CN109560937A CN201910008849.6A CN201910008849A CN109560937A CN 109560937 A CN109560937 A CN 109560937A CN 201910008849 A CN201910008849 A CN 201910008849A CN 109560937 A CN109560937 A CN 109560937A
- Authority
- CN
- China
- Prior art keywords
- password
- log
- user
- false
- command identifying
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of command identifying methods, this method comprises: obtaining the register account number and log-in password of user;Using trained false password generated model, false password corresponding with the log-in password is generated;Store the log-in password and the corresponding false password of the log-in password of the user;When detecting that the register account number of the user is currently being used for logging in, the current password currently logged in is obtained;The current password false password corresponding with the log-in password of the user and the log-in password is compared;If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, and sends information warning to default terminal.The present invention also proposes a kind of command identifying method device and a kind of computer readable storage medium.The present invention can make attacker that can not obtain true user data, issue warning in time, encroached on to avoid or reduce privacy of user property.
Description
Technical field
The present invention relates to field of computer technology more particularly to a kind of command identifying method, device and computer-readable deposit
Storage media.
Background technique
Internet scale is very huge, and Internet application diversification, network economy has obtained quick growth.Internet is not
Only the important sources to obtain information, or exchange, amusement, consumption Important Platform, many economic activities, as shopping at network,
The business such as hotel books rooms, Contract Signing are all moved on line under line on a large scale.With more and more, the interconnection of Internet application
The safety problem of net gradually causes the concern of people, and wherein password leakage problem is the most serious.Client, communication network, even
All there is the risk of password leakage in server end.
User identity authentication based on password is the identification authentication mode of current internet mainstream.But the authentication
Mode is that fragile, common attack pattern is the user password that attacker obtains Hash encryption, is obtained by cracking cryptographic Hash
Password.Once attacker recovers some user and logs in password, the user that can disguise oneself as is logged in, and family privacy property is not used only
It is encroached on, also brings immeasurable loss for enterprise.
Summary of the invention
The present invention provides a kind of command identifying method, device and computer readable storage medium, main purpose and is reality
It is existing.
To achieve the above object, the present invention also provides a kind of command identifying methods, which comprises
Obtain the register account number and log-in password of user;
Using trained false password generated model, false password corresponding with the log-in password is generated;
Store the log-in password and the corresponding false password of the log-in password of the user;
When detecting that the register account number of the user is currently being used for logging in, what acquisition currently logged in works as prosopyle
It enables;
The current password false password corresponding with the log-in password of the user and the log-in password is compared;
If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, concurrently
Send information warning to default terminal.
Optionally, the training false password generated model includes:
Obtain the corpus being made of leakage password;
The corpus is handled, password dictionary is obtained;
The highest combination of the frequency of occurrences is obtained from the corpus;
The highest combination of the frequency of occurrences is parsed, generative grammar tree;
It is trained based on parameter of the password dictionary to the syntax tree, obtains trained false password generated model.
Optionally, described to handle the corpus, obtaining password dictionary includes:
The highest word of the frequency of occurrences, number and additional character in leakage password are counted using Hash mapping;
According to sewing before and after leakage password, the highest word of the frequency of occurrences, number and additional character are classified and be integrated into
Password dictionary.
Optionally, the corresponding false password of log-in password and the log-in password of the storage user includes:
Established in the tables of data of database multiple fields for store the user log-in password and the registration mouth
Corresponding false password is enabled, wherein the authentic password of each user is located at different field in the database.
Optionally, described to send the combination that information warning includes following one or more to default terminal:
Send the terminal device of warning message to administrator;
Send the terminal device of exception information to the user.
Optionally, the method also includes:
Generate the false private data with the user;
After currently logging in successfully, false private data is presented on a user interface.
Optionally, the generation and the false private data of the user include:
Random character is generated, the random character includes number, character string;
The true private data of the user intersect obscuring with random character, wherein the true privacy of the user
Data include the data of numeric type, the data of date type, the data of character string type.
To achieve the above object, the present invention also provides a kind of password authentication device, described device includes memory and processing
Device is stored with the command identifying method program that can be run on the processor, the command identifying method on the memory
Program realizes following steps when being executed by the processor:
Obtain the register account number and log-in password of user;
Using trained false password generated model, false password corresponding with the log-in password is generated;
Store the log-in password and the corresponding false password of the log-in password of the user;
When detecting that the register account number of the user is currently being used for logging in, what acquisition currently logged in works as prosopyle
It enables;
The current password false password corresponding with the log-in password of the user and the log-in password is compared;
If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, concurrently
Send information warning to default terminal.
Optionally, the training false password generated model includes:
Obtain the corpus being made of leakage password;
The corpus is handled, password dictionary is obtained;
The highest combination of the frequency of occurrences is obtained from the corpus;
The highest combination of the frequency of occurrences is parsed, generative grammar tree;
It is trained based on parameter of the password dictionary to the syntax tree, obtains trained false password generated model.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium
Command identifying method program is stored on storage medium, the command identifying method program can be held by one or more processor
Row, the step of to realize command identifying method as described above.
Command identifying method, device and a kind of computer readable storage medium provided by the invention, can make attacker without
Method obtains true user data, issues warning in time, is encroached on to avoid or reduce privacy of user property.
Detailed description of the invention
Fig. 1 is the flow diagram for the command identifying method that one embodiment of the invention provides;
Fig. 2 is the schematic diagram of internal structure for the password authentication device that one embodiment of the invention provides;
The module diagram of command identifying method program in the password authentication device that Fig. 3 provides for one embodiment of the invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of command identifying method.It is the password authentication that one embodiment of the invention provides shown in referring to Fig.1
The flow diagram of method.This method can be executed by a device, which can be by software and or hardware realization.
In the present embodiment, command identifying method includes:
S10, the register account number and log-in password for obtaining user.
In the present embodiment, when user registers for the first time, the register account number and note that user inputs on a user interface are obtained
Volume password.The register account number and log-in password are used for the authentication of the subsequent login system of user.
S11, trained false password generated model, generation false password corresponding with the log-in password are utilized.
In the present embodiment, the training false password generated model includes:
(1) corpus being made of leakage password is obtained.
In the present embodiment, a large amount of leakage password can grab the password that leakage occurred from many databases.
(2) corpus is handled, obtains password dictionary.
One in the specific implementation, described handle the corpus, obtaining password dictionary includes:
The highest word of the frequency of occurrences, number and additional character in leakage password are counted using Hash mapping hashmap;
According to sewing before and after leakage password, the highest word of the frequency of occurrences, number and additional character are classified and be integrated into
Password dictionary.
Specifically, the highest word of the frequency of occurrences, number and additional character method in hashmap statistics leakage password are as follows:
All words, number and additional character being mapped in a hashtable (Hash table) one by one.If a list
Word, number and additional character are already present in Hash table, just add 1 operation to the frequency of occurrences.After mapping is completed, one is obtained
The statistical information of number with word all in leakage password file, number and additional character.By traversing Hash table, return
Return word, number and additional character with maximum frequency number.
(3) the highest combination of the frequency of occurrences is obtained from the corpus.
In the present embodiment, it is described leakage password combination frequency statistics according to leakage password in letter, number,
The difference of additional character ASCII character distinguishes.Wherein, the ASCII character of 0 to 90 Arabic numerals is 48~57,26
The ASCII character of capitalization English letter is that the ASCII character of 65~90,26 small English alphabets is 97~No. 122, additional character
ASCII character value is the other values different from letter and number.By C programmer to the leakage mouth of word length certain in password dictionary
The differentiation of each the character ASCII character enabled reveals the highest combination of the frequency of occurrences in password to count.
(4) the highest combination of the frequency of occurrences is parsed, generative grammar tree (Probabilistic context-
Free grammar, PCFG).
In the present embodiment, leakage password equally possesses certain composition rule, after carrying out syntax parsing to leakage password
It could Mass production vacation password.One in the specific implementation, syntax parsing to the highest combination of the frequency of occurrences, to generate
Syntax tree.Because the highest combination of the frequency of occurrences is usually the mode that attacker is commonly used, highest to the frequency of occurrences
The syntax tree that combination is parsed can more generate and meet the false password that attacker's trial logs in.
One in the specific implementation, using context-free grammar (Context-Free Grammer) and probability distribution is used
Context-free grammar (Probabilistic Context-Free Grammar) come to the highest combination side of the frequency of occurrences
Formula is parsed.
(5) it is trained based on parameter of the password dictionary to the syntax tree, obtains trained false password generated model.
One in the specific implementation, after training the false password generated model, using the log-in password of the user as
The input of the vacation password generated model, to obtain the corresponding false password of the log-in password.The wherein log-in password pair
The false password answered may include multiple false passwords.
S12, the log-in password of the storage user and the corresponding false password of the log-in password.
In the present embodiment, the corresponding false password packet of log-in password and the log-in password of the storage user
It includes:
Established in the tables of data of database multiple fields for store the user log-in password and the registration mouth
Corresponding false password is enabled, wherein the authentic password of each user can be located at different field in the database.
Specifically, using Hash table (hash table) this data structure go storage user log-in password and several false mouths
It enables, the log-in password of user and the value of several false passwords is accessed by the position that hash function is mapped in Hash table
Record.Different user's authentic passwords passes through the mapping of hash function, and the authentic password of each user is likely located at different field.
The hash function can make the access process to a data sequence more effective rapidly, pass through hash function, number
It will quickly be positioned according to element.
S13, when detecting that the register account number of the user is currently being used for logging in, acquisition currently log in it is current
Password.
In the present embodiment, when there is the register account number for inputting the user on detecting log-in interface, i.e., the described user
Register account number be currently being used for logging in.The current password currently logged in is then obtained from log-in interface.
S14, the current password false password corresponding with the log-in password of the user and the log-in password is carried out
Comparison.
In the present embodiment, if the current password is identical as the log-in password of the user, expression is currently to log in be
Normally log in.If current password vacation password corresponding with the log-in password of the user is identical, determination currently logs in different
Often.Indicate that currently logging in middle attacker is repeatedly attempting the account that different passwords logs in the user.
If S15, the current password false password corresponding with the log-in password are identical, judgement currently logs in exception,
And information warning is sent to default terminal.
In the present embodiment, described to send the combination that information warning includes following one or more to default terminal:
Send the terminal device of warning message to administrator;
Send the terminal device of exception information to the user.
Specifically, when finding that attacker logs in, system notifies administrator and user, administrator to answer starting automatically immediately
Anxious response and retrospect.Wherein, the mode for notifying user is that the mailbox bound when passing through user's registration or telephone number send postal
Part or short message are to user.
One in the specific implementation, the method also includes:
Generate the false private data with the user;
After currently logging in successfully, false private data is presented on a user interface.
The generation and the false private data of the user include:
Random character is generated, the random character includes number, character string;
The true private data of the user intersect obscuring with random character, wherein the true privacy of the user
Data include the data of numeric type, the data of date type, the data of character string type.
Specifically, wherein generating false private data is the true private data based on all users possessed, true
Obscure and intersect into row stochastic on the basis of real data, largely seems that comparison is true but is actually but entirely to generate
False data.By the way that the true private data of user to be divided into: number, date and 3 seed type of character string are obscured respectively.
The first obfuscated manner: the data obfuscation of numeric type is most simple, using random function RAND (), if it is
Integer then can be multiplied by being rounded after a coefficient, can also be with original data plus the random number generated, so that number
According to range be maintained at the identical distribution of former truthful data.Than if any Revenue field, being the income from customers' place, big customer
It is unable to completely random with the income number of small client parameter, can be increased within 10000 at random on the basis of original Revenue
Number: Revenue+RAND () * 10000.
Second of obfuscated manner: the data obfuscation of date type can be added and subtracted on the basis of original date or current date
One random number of days is formed, and DATEADD () function and RAND () function are used.For example generate random nearest 100 days
The interior date: DATEADD (" day ", 0-RAND () * 100, GETDATE ()).
The third obfuscated manner: the data obfuscation of character string type is the most complicated, because character string has very specific meaning
Justice, such as name field, company name field etc., if being randomly generated character will be meaningless.It at this moment it is contemplated that will
Character string splits into two parts and then carries out combined crosswise, and the data for being really are replaced with random combined crosswise.Such as it is original
Name be: Li Yuchun, Zeng Yike, Liu write, just will form by combined crosswise: the group of Lee's work, Zeng Yuchun, Liu Yike etc
It closes.
Wherein the fractionation of name is divided into surname and name, and the fractionation of company can split into preceding 2 words and subsequent word.Such as
Fruit be english name or English company name then can according to first space by English character string split into first word and
Subsequent word.Then two fields of generation are stored in interim table, carry out cross-join with two interim tables, obtains two words
All combinations of section, then select the data of certain item number at random again, are replaced legacy data with the random data selected.
A false data is automatically generated according to above-mentioned technical proposal, when attacker is logged in using false password, system is certainly
The dynamic false data for generating simulation is presented to attacker, so that the privacy of user be prevented to be leaked.
In conclusion the present invention obtains the register account number and log-in password of user;Utilize trained false password generated mould
Type generates false password corresponding with the log-in password;Log-in password and the log-in password for storing the user are corresponding
False password;When detecting that the register account number of the user is currently being used for logging in, the current password currently logged in is obtained;
The current password false password corresponding with the log-in password of the user and the log-in password is compared;If described work as
When preceding password vacation password corresponding with the log-in password is identical, determination currently logs in exception, and issues information warning to association
Personnel.The present invention can make attacker that can not obtain true user data, and when attacker is logged in using false password first
Time while manager and user, make a response in time, are encroached on to avoid or reduce privacy of user property.
The present invention also provides a kind of password authentication devices.Referring to shown in Fig. 2, recognize for the password that one embodiment of the invention provides
Demonstrate,prove the schematic diagram of internal structure of square law device.
In the present embodiment, password authentication device 1 can be PC (PersonalComputer, PC), can also be with
It is the terminal devices such as smart phone, tablet computer, portable computer.The command identifying method device 1 include at least memory 11,
Processor 12, communication bus 13 and network interface 14.
Wherein, memory 11 include at least a type of readable storage medium storing program for executing, the readable storage medium storing program for executing include flash memory,
Hard disk, multimedia card, card-type memory (for example, SD or DX memory etc.), magnetic storage, disk, CD etc..Memory 11
It can be the internal storage unit of command identifying method device 1 in some embodiments, such as the command identifying method device 1
Hard disk.Memory 11 is also possible to the External memory equipment of command identifying method device 1, such as password in further embodiments
The plug-in type hard disk being equipped on authentication method device 1, intelligent memory card (Smart Media Card, SMC), secure digital
(Secure Digital, SD) card, flash card (Flash Card) etc..Further, memory 11 can also both include password
The internal storage unit of authentication method device 1 also includes External memory equipment.Memory 11 can be not only used for storage and be installed on
Application software and Various types of data, such as the code of command identifying method program 01 of command identifying method device 1 etc. can also be used
In temporarily storing the data that has exported or will export.
Processor 12 can be in some embodiments a central processing unit (Central Processing Unit,
CPU), controller, microcontroller, microprocessor or other data processing chips, the program for being stored in run memory 11
Code or processing data, such as execute command identifying method program 01 etc..
Communication bus 13 is for realizing the connection communication between these components.
Network interface 14 optionally may include standard wireline interface and wireless interface (such as WI-FI interface), be commonly used in
Communication connection is established between the device 1 and other electronic equipments.
Optionally, which can also include user interface, and user interface may include display (Display), input
Unit such as keyboard (Keyboard), optional user interface can also include standard wireline interface and wireless interface.It is optional
Ground, in some embodiments, display can be light-emitting diode display, liquid crystal display, touch-control liquid crystal display and organic hair
Optical diode (Organic Light-Emitting Diode, OLED) touches device etc..Wherein, display appropriate can also claim
For display screen or display unit, visualized for being shown in the information handled in command identifying method device 1 and for showing
User interface.
Fig. 2 illustrates only the password authentication device 1 with component 11-14 and password authentication program 01, art technology
Personnel may include than figure it is understood that structure shown in fig. 1 does not constitute the restriction to command identifying method device 1
Show that less perhaps more components perhaps combine certain components or different component layouts.
In 1 embodiment of device shown in Fig. 2, password authentication program 01 is stored in memory 11;Processor 12 executes
Following steps are realized when the password authentication program 01 stored in memory 11:
Obtain the register account number and log-in password of user.
In the present embodiment, when user registers for the first time, the register account number and note that user inputs on a user interface are obtained
Volume password.The register account number and log-in password are used for the authentication of the subsequent login system of user.
Using trained false password generated model, false password corresponding with the log-in password is generated.
In the present embodiment, the training false password generated model includes:
(1) corpus being made of leakage password is obtained.
In the present embodiment, a large amount of leakage password can grab the password that leakage occurred from many databases.
(2) corpus is handled, obtains password dictionary.
One in the specific implementation, described handle the corpus, obtaining password dictionary includes:
The highest word of the frequency of occurrences, number and additional character in leakage password are counted using Hash mapping hashmap;
According to sewing before and after leakage password, the highest word of the frequency of occurrences, number and additional character are classified and be integrated into
Password dictionary.
Specifically, the highest word of the frequency of occurrences, number and additional character method in hashmap statistics leakage password are as follows:
All words, number and additional character being mapped in a hashtable (Hash table) one by one.If a list
Word, number and additional character are already present in Hash table, just add 1 operation to the frequency of occurrences.After mapping is completed, one is obtained
The statistical information of number with word all in leakage password file, number and additional character.By traversing Hash table, return
Return word, number and additional character with maximum frequency number.
(3) the highest combination of the frequency of occurrences is obtained from the corpus.
In the present embodiment, it is described leakage password combination frequency statistics according to leakage password in letter, number,
The difference of additional character ASCII character distinguishes.Wherein, the ASCII character of 0 to 90 Arabic numerals is 48~57,26
The ASCII character of capitalization English letter is that the ASCII character of 65~90,26 small English alphabets is 97~No. 122, additional character
ASCII character value is the other values different from letter and number.By C programmer to the leakage mouth of word length certain in password dictionary
The differentiation of each the character ASCII character enabled reveals the highest combination of the frequency of occurrences in password to count.
(4) the highest combination of the frequency of occurrences is parsed, generative grammar tree (Probabilistic context-
Free grammar, PCFG).
In the present embodiment, leakage password equally possesses certain composition rule, after carrying out syntax parsing to leakage password
It could Mass production vacation password.One in the specific implementation, syntax parsing to the highest combination of the frequency of occurrences, to generate
Syntax tree.Because the highest combination of the frequency of occurrences is usually the mode that attacker is commonly used, highest to the frequency of occurrences
The syntax tree that combination is parsed can more generate and meet the false password that attacker's trial logs in.
One in the specific implementation, using context-free grammar (Context-Free Grammer) and probability distribution is used
Context-free grammar (Probabilistic Context-Free Grammar) come to the highest combination side of the frequency of occurrences
Formula is parsed.
(5) it is trained based on parameter of the password dictionary to the syntax tree, obtains trained false password generated model.
One in the specific implementation, after training the false password generated model, using the log-in password of the user as
The input of the vacation password generated model, to obtain the corresponding false password of the log-in password.The wherein log-in password pair
The false password answered may include multiple false passwords.
Store the log-in password and the corresponding false password of the log-in password of the user.
In the present embodiment, the corresponding false password packet of log-in password and the log-in password of the storage user
It includes:
Established in the tables of data of database multiple fields for store the user log-in password and the registration mouth
Corresponding false password is enabled, wherein the authentic password of each user can be located at different field in the database.
Specifically, using Hash table (hash table) this data structure go storage user log-in password and several false mouths
It enables, the log-in password of user and the value of several false passwords is accessed by the position that hash function is mapped in Hash table
Record.Different user's authentic passwords passes through the mapping of hash function, and the authentic password of each user is likely located at different field.
The hash function can make the access process to a data sequence more effective rapidly, pass through hash function, number
It will quickly be positioned according to element.
When detecting that the register account number of the user is currently being used for logging in, what acquisition currently logged in works as prosopyle
It enables.
In the present embodiment, when there is the register account number for inputting the user on detecting log-in interface, i.e., the described user
Register account number be currently being used for logging in.The current password currently logged in is then obtained from log-in interface.
The current password false password corresponding with the log-in password of the user and the log-in password is compared.
In the present embodiment, if the current password is identical as the log-in password of the user, expression is currently to log in be
Normally log in.If current password vacation password corresponding with the log-in password of the user is identical, determination currently logs in different
Often.Indicate that currently logging in middle attacker is repeatedly attempting the account that different passwords logs in the user.
If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, concurrently
Send information warning to default terminal.
In the present embodiment, described to send the combination that information warning includes following one or more to default terminal:
Send the terminal device of warning message to administrator;
Send the terminal device of exception information to the user.
Specifically, when finding that attacker logs in, system notifies administrator and user, administrator to answer starting automatically immediately
Anxious response and retrospect.Wherein, the mode for notifying user is that the mailbox bound when passing through user's registration or telephone number send postal
Part or short message are to user.
One in the specific implementation, the method also includes:
Generate the false private data with the user;
After currently logging in successfully, false private data is presented on a user interface.
The generation and the false private data of the user include:
Random character is generated, the random character includes number, character string;
The true private data of the user intersect obscuring with random character, wherein the true privacy of the user
Data include the data of numeric type, the data of date type, the data of character string type.
Specifically, wherein generating false private data is the true private data based on all users possessed, true
Obscure and intersect into row stochastic on the basis of real data, largely seems that comparison is true but is actually but entirely to generate
False data.By the way that the true private data of user to be divided into: number, date and 3 seed type of character string are obscured respectively.
The first obfuscated manner: the data obfuscation of numeric type is most simple, using random function RAND (), if it is
Integer then can be multiplied by being rounded after a coefficient, can also be with original data plus the random number generated, so that number
According to range be maintained at the identical distribution of former truthful data.Than if any Revenue field, being the income from customers' place, big customer
It is unable to completely random with the income number of small client parameter, can be increased within 10000 at random on the basis of original Revenue
Number: Revenue+RAND () * 10000.
Second of obfuscated manner: the data obfuscation of date type can be added and subtracted on the basis of original date or current date
One random number of days is formed, and DATEADD () function and RAND () function are used.For example generate random nearest 100 days
The interior date: DATEADD (" day ", 0-RAND () * 100, GETDATE ()).
The third obfuscated manner: the data obfuscation of character string type is the most complicated, because character string has very specific meaning
Justice, such as name field, company name field etc., if being randomly generated character will be meaningless.It at this moment it is contemplated that will
Character string splits into two parts and then carries out combined crosswise, and the data for being really are replaced with random combined crosswise.Such as it is original
Name be: Li Yuchun, Zeng Yike, Liu write, just will form by combined crosswise: the group of Lee's work, Zeng Yuchun, Liu Yike etc
It closes.
Wherein the fractionation of name is divided into surname and name, and the fractionation of company can split into preceding 2 words and subsequent word.Such as
Fruit be english name or English company name then can according to first space by English character string split into first word and
Subsequent word.Then two fields of generation are stored in interim table, carry out cross-join with two interim tables, obtains two words
All combinations of section, then select the data of certain item number at random again, are replaced legacy data with the random data selected.
A false data is automatically generated according to above-mentioned technical proposal, when attacker is logged in using false password, system is certainly
The dynamic false data for generating simulation is presented to attacker, so that the privacy of user be prevented to be leaked.
In conclusion the present invention obtains the register account number and log-in password of user;Utilize trained false password generated mould
Type generates false password corresponding with the log-in password;Log-in password and the log-in password for storing the user are corresponding
False password;When detecting that the register account number of the user is currently being used for logging in, the current password currently logged in is obtained;
The current password false password corresponding with the log-in password of the user and the log-in password is compared;If described work as
When preceding password vacation password corresponding with the log-in password is identical, determination currently logs in exception, and issues information warning to association
Personnel.The present invention can make attacker that can not obtain true user data, and when attacker is logged in using false password first
Time while manager and user, make a response in time, are encroached on to avoid or reduce privacy of user property.
Optionally, in other embodiments, password authentication program 01 can also be divided into one or more module, and one
A or multiple modules are stored in memory 11, and are held by one or more processors (the present embodiment is by processor 12)
For row to complete the present invention, the so-called module of the present invention is the series of computation machine program instruction section for referring to complete specific function,
For describing implementation procedure of the command identifying method program 01 in password authentication device 1.
It is the program module schematic diagram of password authentication program 01 of the present invention for example, referring to shown in Fig. 3, in the embodiment, mouth
It enables authentication procedure 01 that can be divided into and obtains module 10, generation module 20, memory module 30, contrast module 40 and alarm module
50, illustratively:
Obtain register account number and log-in password that module 10 obtains user;
Generation module 20 generates false password corresponding with the log-in password using trained false password generated model;
Memory module 30 stores the log-in password and the corresponding false password of the log-in password of the user;
The acquisition module 10 obtains current when the register account number for detecting the user is currently being used for logging in
The current password logged in;
Contrast module 40 is by the current password false mouth corresponding with the log-in password of the user and the log-in password
Order compares;
If the current password of alarm module 50 vacation password corresponding with the log-in password is identical, determination is currently logged in
It is abnormal, and information warning is issued to associate people.
The program modules such as above-mentioned acquisition module 10, generation module 20, memory module 30, contrast module 40 and alarm module 50
It is performed realized functions or operations step to be substantially the same with above-described embodiment, details are not described herein.
In addition, the embodiment of the present invention also proposes a kind of computer readable storage medium, the computer readable storage medium
On be stored with password authentication program, the password authentication program can be executed by one or more processors, to realize following operation:
Obtain the register account number and log-in password of user;
Using trained false password generated model, false password corresponding with the log-in password is generated;
Store the log-in password and the corresponding false password of the log-in password of the user;
When detecting that the register account number of the user is currently being used for logging in, what acquisition currently logged in works as prosopyle
It enables;
The current password false password corresponding with the log-in password of the user and the log-in password is compared;
If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, concurrently
Send information warning to default terminal.
Computer readable storage medium specific embodiment of the present invention and above-mentioned each reality of command identifying method device and method
It is essentially identical to apply example, does not make tired state herein.
It should be noted that the serial number of the above embodiments of the invention is only for description, do not represent the advantages or disadvantages of the embodiments.And
The terms "include", "comprise" herein or any other variant thereof is intended to cover non-exclusive inclusion, so that packet
Process, device, article or the method for including a series of elements not only include those elements, but also including being not explicitly listed
Other element, or further include for this process, device, article or the intrinsic element of method.Do not limiting more
In the case where, the element that is limited by sentence "including a ...", it is not excluded that including process, device, the article of the element
Or there is also other identical elements in method.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in one as described above
In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that terminal device (it can be mobile phone,
Computer, server or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of command identifying method, which is characterized in that the described method includes:
Obtain the register account number and log-in password of user;
Using trained false password generated model, false password corresponding with the log-in password is generated;
Store the log-in password and the corresponding false password of the log-in password of the user;
When detecting that the register account number of the user is currently used to log in, the current password logged in is obtained;
The current password false password corresponding with the log-in password of the user and the log-in password is compared;
If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, and sends police
Show information to default terminal.
2. command identifying method as described in claim 1, which is characterized in that the training false password generated model packet
It includes:
Obtain the corpus being made of leakage password;
The corpus is handled, password dictionary is obtained;
The highest combination of the frequency of occurrences is obtained from the corpus;
The highest combination of the frequency of occurrences is parsed, generative grammar tree;
It is trained based on parameter of the password dictionary to the syntax tree, obtains trained false password generated model.
3. command identifying method as claimed in claim 2, which is characterized in that it is described that the corpus is handled, obtain mouth
The dictionary is enabled to include:
The highest word of the frequency of occurrences, number and additional character in leakage password are counted using Hash mapping;
According to sewing before and after leakage password, classifies to the highest word of the frequency of occurrences, number and additional character and be integrated into password
Dictionary.
4. command identifying method as described in claim 1, which is characterized in that the log-in password of the storage user and institute
Stating the corresponding false password of log-in password includes:
Multiple fields are established in the tables of data of database for storing the log-in password and the log-in password pair of the user
The false password answered, wherein the authentic password of each user is located at different field in the database.
5. command identifying method as described in claim 1, which is characterized in that the transmission information warning includes to default terminal
The combination of following one or more:
Send the terminal device of warning message to administrator;
Send the terminal device of exception information to the user.
6. command identifying method as described in claim 1, which is characterized in that the method also includes:
Generate the false private data of the user;
After currently logging in successfully, false private data is presented on a user interface.
7. command identifying method as claimed in claim 6, which is characterized in that the false privacy number of the generation and the user
According to including:
Random character is generated, the random character includes number, character string;
The true private data of the user intersect obscuring with random character, wherein the true private data of the user
Data, the data of character string type of data, date type including numeric type.
8. a kind of command identifying method device, which is characterized in that described device includes memory and processor, on the memory
It is stored with the command identifying method program that can be run on the processor, the command identifying method program is by the processor
Following steps are realized when execution:
Obtain the register account number and log-in password of user;
Using trained false password generated model, false password corresponding with the log-in password is generated;
Store the log-in password and the corresponding false password of the log-in password of the user;
When detecting that the register account number of the user is currently being used for logging in, the current password logged in is obtained;
The current password false password corresponding with the log-in password of the user and the log-in password is compared;
If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, and sends police
Show information to default terminal.
9. command identifying method device as claimed in claim 8, which is characterized in that the training false password generated model
Include:
Obtain the corpus being made of leakage password;
The corpus is handled, password dictionary is obtained;
The highest combination of the frequency of occurrences is obtained from the corpus;
The highest combination of the frequency of occurrences is parsed, generative grammar tree;
It is trained based on parameter of the password dictionary to the syntax tree, obtains trained false password generated model.
10. a kind of computer readable storage medium, which is characterized in that be stored with password on the computer readable storage medium and recognize
Demonstrate,prove method program, the command identifying method program can execute by one or more processor, with realize as claim 1 to
Command identifying method described in any one of 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910008849.6A CN109560937B (en) | 2019-01-04 | 2019-01-04 | Password authentication method, device and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910008849.6A CN109560937B (en) | 2019-01-04 | 2019-01-04 | Password authentication method, device and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109560937A true CN109560937A (en) | 2019-04-02 |
CN109560937B CN109560937B (en) | 2022-09-27 |
Family
ID=65872482
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910008849.6A Active CN109560937B (en) | 2019-01-04 | 2019-01-04 | Password authentication method, device and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109560937B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110766841A (en) * | 2019-06-12 | 2020-02-07 | 天津新泰基业电子股份有限公司 | User registration and verification method and device |
CN113032765A (en) * | 2021-04-29 | 2021-06-25 | 中国工商银行股份有限公司 | Password authentication method, device and equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1442782A (en) * | 2002-03-05 | 2003-09-17 | 三星电子株式会社 | User confirmation method using word of command |
CN103455737A (en) * | 2012-05-28 | 2013-12-18 | 百度在线网络技术(北京)有限公司 | User information protection method and device |
US20150365400A1 (en) * | 2014-06-12 | 2015-12-17 | Nadapass, Inc. | Password-less authentication system and method |
CN107977559A (en) * | 2017-11-22 | 2018-05-01 | 杨晓艳 | A kind of identity identifying method, device, equipment and computer-readable recording medium |
-
2019
- 2019-01-04 CN CN201910008849.6A patent/CN109560937B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1442782A (en) * | 2002-03-05 | 2003-09-17 | 三星电子株式会社 | User confirmation method using word of command |
CN103455737A (en) * | 2012-05-28 | 2013-12-18 | 百度在线网络技术(北京)有限公司 | User information protection method and device |
US20150365400A1 (en) * | 2014-06-12 | 2015-12-17 | Nadapass, Inc. | Password-less authentication system and method |
CN107977559A (en) * | 2017-11-22 | 2018-05-01 | 杨晓艳 | A kind of identity identifying method, device, equipment and computer-readable recording medium |
Non-Patent Citations (1)
Title |
---|
BRILAND HITAJ: "PassGAN: A Deep Learning Approach for Password Guessing", 《HTTPS://ARXIV.ORG/ABS/1709.00440V2》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110766841A (en) * | 2019-06-12 | 2020-02-07 | 天津新泰基业电子股份有限公司 | User registration and verification method and device |
CN113032765A (en) * | 2021-04-29 | 2021-06-25 | 中国工商银行股份有限公司 | Password authentication method, device and equipment |
Also Published As
Publication number | Publication date |
---|---|
CN109560937B (en) | 2022-09-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11997115B1 (en) | Message platform for automated threat simulation, reporting, detection, and remediation | |
US12095820B2 (en) | User model-based data loss prevention | |
US9418237B2 (en) | System and method for data masking | |
US20200279050A1 (en) | Generating and monitoring fictitious data entries to detect breaches | |
CN103973668B (en) | Server-side personal privacy data protecting method in network information system | |
US9021135B2 (en) | System and method for tokenization of data for storage in a cloud | |
US20200279041A1 (en) | Measuring data-breach propensity | |
CN106503557B (en) | SQL injection attack defending system and defence method based on dynamic mapping | |
US12107877B2 (en) | Real-time detection of anomalous content in transmission of textual data | |
Ciampa | A comparison of password feedback mechanisms and their impact on password entropy | |
GB2448071A (en) | Associating a query with an application user | |
CN109214683A (en) | A kind of Application of risk decision method and device | |
CN106934299A (en) | A kind of Database Encrypt System and method | |
CN109560937A (en) | Command identifying method, device and computer readable storage medium | |
US8359647B1 (en) | System, method and computer program product for rendering data of an on-demand database service safe | |
CN106020923A (en) | SELinux strategy compiling method and system | |
Yang et al. | An analysis view on password patterns of Chinese internet users | |
Sharma et al. | Explorative study of SQL injection attacks and mechanisms to secure web application database-A | |
Joe et al. | A study of sql injection hacking techniques | |
US11240266B1 (en) | System, device and method for detecting social engineering attacks in digital communications | |
US20180246968A1 (en) | Event processing system | |
Nanda et al. | Oracle Privacy Security Auditing: Includes Federal Law Compliance with HIPAA, Sarbanes Oxley and the Gramm Leach Bliley Act GLB | |
EP3480821B1 (en) | Clinical trial support network data security | |
US12105844B1 (en) | Selective redaction of personally identifiable information in generative artificial intelligence model outputs | |
CN103634326B (en) | A kind of method and device for processing application system request message |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |