CN109560937A - Command identifying method, device and computer readable storage medium - Google Patents

Command identifying method, device and computer readable storage medium Download PDF

Info

Publication number
CN109560937A
CN109560937A CN201910008849.6A CN201910008849A CN109560937A CN 109560937 A CN109560937 A CN 109560937A CN 201910008849 A CN201910008849 A CN 201910008849A CN 109560937 A CN109560937 A CN 109560937A
Authority
CN
China
Prior art keywords
password
log
user
false
command identifying
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910008849.6A
Other languages
Chinese (zh)
Other versions
CN109560937B (en
Inventor
徐凌智
王健宗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910008849.6A priority Critical patent/CN109560937B/en
Publication of CN109560937A publication Critical patent/CN109560937A/en
Application granted granted Critical
Publication of CN109560937B publication Critical patent/CN109560937B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of command identifying methods, this method comprises: obtaining the register account number and log-in password of user;Using trained false password generated model, false password corresponding with the log-in password is generated;Store the log-in password and the corresponding false password of the log-in password of the user;When detecting that the register account number of the user is currently being used for logging in, the current password currently logged in is obtained;The current password false password corresponding with the log-in password of the user and the log-in password is compared;If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, and sends information warning to default terminal.The present invention also proposes a kind of command identifying method device and a kind of computer readable storage medium.The present invention can make attacker that can not obtain true user data, issue warning in time, encroached on to avoid or reduce privacy of user property.

Description

Command identifying method, device and computer readable storage medium
Technical field
The present invention relates to field of computer technology more particularly to a kind of command identifying method, device and computer-readable deposit Storage media.
Background technique
Internet scale is very huge, and Internet application diversification, network economy has obtained quick growth.Internet is not Only the important sources to obtain information, or exchange, amusement, consumption Important Platform, many economic activities, as shopping at network, The business such as hotel books rooms, Contract Signing are all moved on line under line on a large scale.With more and more, the interconnection of Internet application The safety problem of net gradually causes the concern of people, and wherein password leakage problem is the most serious.Client, communication network, even All there is the risk of password leakage in server end.
User identity authentication based on password is the identification authentication mode of current internet mainstream.But the authentication Mode is that fragile, common attack pattern is the user password that attacker obtains Hash encryption, is obtained by cracking cryptographic Hash Password.Once attacker recovers some user and logs in password, the user that can disguise oneself as is logged in, and family privacy property is not used only It is encroached on, also brings immeasurable loss for enterprise.
Summary of the invention
The present invention provides a kind of command identifying method, device and computer readable storage medium, main purpose and is reality It is existing.
To achieve the above object, the present invention also provides a kind of command identifying methods, which comprises
Obtain the register account number and log-in password of user;
Using trained false password generated model, false password corresponding with the log-in password is generated;
Store the log-in password and the corresponding false password of the log-in password of the user;
When detecting that the register account number of the user is currently being used for logging in, what acquisition currently logged in works as prosopyle It enables;
The current password false password corresponding with the log-in password of the user and the log-in password is compared;
If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, concurrently Send information warning to default terminal.
Optionally, the training false password generated model includes:
Obtain the corpus being made of leakage password;
The corpus is handled, password dictionary is obtained;
The highest combination of the frequency of occurrences is obtained from the corpus;
The highest combination of the frequency of occurrences is parsed, generative grammar tree;
It is trained based on parameter of the password dictionary to the syntax tree, obtains trained false password generated model.
Optionally, described to handle the corpus, obtaining password dictionary includes:
The highest word of the frequency of occurrences, number and additional character in leakage password are counted using Hash mapping;
According to sewing before and after leakage password, the highest word of the frequency of occurrences, number and additional character are classified and be integrated into Password dictionary.
Optionally, the corresponding false password of log-in password and the log-in password of the storage user includes:
Established in the tables of data of database multiple fields for store the user log-in password and the registration mouth Corresponding false password is enabled, wherein the authentic password of each user is located at different field in the database.
Optionally, described to send the combination that information warning includes following one or more to default terminal:
Send the terminal device of warning message to administrator;
Send the terminal device of exception information to the user.
Optionally, the method also includes:
Generate the false private data with the user;
After currently logging in successfully, false private data is presented on a user interface.
Optionally, the generation and the false private data of the user include:
Random character is generated, the random character includes number, character string;
The true private data of the user intersect obscuring with random character, wherein the true privacy of the user Data include the data of numeric type, the data of date type, the data of character string type.
To achieve the above object, the present invention also provides a kind of password authentication device, described device includes memory and processing Device is stored with the command identifying method program that can be run on the processor, the command identifying method on the memory Program realizes following steps when being executed by the processor:
Obtain the register account number and log-in password of user;
Using trained false password generated model, false password corresponding with the log-in password is generated;
Store the log-in password and the corresponding false password of the log-in password of the user;
When detecting that the register account number of the user is currently being used for logging in, what acquisition currently logged in works as prosopyle It enables;
The current password false password corresponding with the log-in password of the user and the log-in password is compared;
If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, concurrently Send information warning to default terminal.
Optionally, the training false password generated model includes:
Obtain the corpus being made of leakage password;
The corpus is handled, password dictionary is obtained;
The highest combination of the frequency of occurrences is obtained from the corpus;
The highest combination of the frequency of occurrences is parsed, generative grammar tree;
It is trained based on parameter of the password dictionary to the syntax tree, obtains trained false password generated model.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium Command identifying method program is stored on storage medium, the command identifying method program can be held by one or more processor Row, the step of to realize command identifying method as described above.
Command identifying method, device and a kind of computer readable storage medium provided by the invention, can make attacker without Method obtains true user data, issues warning in time, is encroached on to avoid or reduce privacy of user property.
Detailed description of the invention
Fig. 1 is the flow diagram for the command identifying method that one embodiment of the invention provides;
Fig. 2 is the schematic diagram of internal structure for the password authentication device that one embodiment of the invention provides;
The module diagram of command identifying method program in the password authentication device that Fig. 3 provides for one embodiment of the invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of command identifying method.It is the password authentication that one embodiment of the invention provides shown in referring to Fig.1 The flow diagram of method.This method can be executed by a device, which can be by software and or hardware realization.
In the present embodiment, command identifying method includes:
S10, the register account number and log-in password for obtaining user.
In the present embodiment, when user registers for the first time, the register account number and note that user inputs on a user interface are obtained Volume password.The register account number and log-in password are used for the authentication of the subsequent login system of user.
S11, trained false password generated model, generation false password corresponding with the log-in password are utilized.
In the present embodiment, the training false password generated model includes:
(1) corpus being made of leakage password is obtained.
In the present embodiment, a large amount of leakage password can grab the password that leakage occurred from many databases.
(2) corpus is handled, obtains password dictionary.
One in the specific implementation, described handle the corpus, obtaining password dictionary includes:
The highest word of the frequency of occurrences, number and additional character in leakage password are counted using Hash mapping hashmap;
According to sewing before and after leakage password, the highest word of the frequency of occurrences, number and additional character are classified and be integrated into Password dictionary.
Specifically, the highest word of the frequency of occurrences, number and additional character method in hashmap statistics leakage password are as follows: All words, number and additional character being mapped in a hashtable (Hash table) one by one.If a list Word, number and additional character are already present in Hash table, just add 1 operation to the frequency of occurrences.After mapping is completed, one is obtained The statistical information of number with word all in leakage password file, number and additional character.By traversing Hash table, return Return word, number and additional character with maximum frequency number.
(3) the highest combination of the frequency of occurrences is obtained from the corpus.
In the present embodiment, it is described leakage password combination frequency statistics according to leakage password in letter, number, The difference of additional character ASCII character distinguishes.Wherein, the ASCII character of 0 to 90 Arabic numerals is 48~57,26 The ASCII character of capitalization English letter is that the ASCII character of 65~90,26 small English alphabets is 97~No. 122, additional character ASCII character value is the other values different from letter and number.By C programmer to the leakage mouth of word length certain in password dictionary The differentiation of each the character ASCII character enabled reveals the highest combination of the frequency of occurrences in password to count.
(4) the highest combination of the frequency of occurrences is parsed, generative grammar tree (Probabilistic context- Free grammar, PCFG).
In the present embodiment, leakage password equally possesses certain composition rule, after carrying out syntax parsing to leakage password It could Mass production vacation password.One in the specific implementation, syntax parsing to the highest combination of the frequency of occurrences, to generate Syntax tree.Because the highest combination of the frequency of occurrences is usually the mode that attacker is commonly used, highest to the frequency of occurrences The syntax tree that combination is parsed can more generate and meet the false password that attacker's trial logs in.
One in the specific implementation, using context-free grammar (Context-Free Grammer) and probability distribution is used Context-free grammar (Probabilistic Context-Free Grammar) come to the highest combination side of the frequency of occurrences Formula is parsed.
(5) it is trained based on parameter of the password dictionary to the syntax tree, obtains trained false password generated model.
One in the specific implementation, after training the false password generated model, using the log-in password of the user as The input of the vacation password generated model, to obtain the corresponding false password of the log-in password.The wherein log-in password pair The false password answered may include multiple false passwords.
S12, the log-in password of the storage user and the corresponding false password of the log-in password.
In the present embodiment, the corresponding false password packet of log-in password and the log-in password of the storage user It includes:
Established in the tables of data of database multiple fields for store the user log-in password and the registration mouth Corresponding false password is enabled, wherein the authentic password of each user can be located at different field in the database.
Specifically, using Hash table (hash table) this data structure go storage user log-in password and several false mouths It enables, the log-in password of user and the value of several false passwords is accessed by the position that hash function is mapped in Hash table Record.Different user's authentic passwords passes through the mapping of hash function, and the authentic password of each user is likely located at different field.
The hash function can make the access process to a data sequence more effective rapidly, pass through hash function, number It will quickly be positioned according to element.
S13, when detecting that the register account number of the user is currently being used for logging in, acquisition currently log in it is current Password.
In the present embodiment, when there is the register account number for inputting the user on detecting log-in interface, i.e., the described user Register account number be currently being used for logging in.The current password currently logged in is then obtained from log-in interface.
S14, the current password false password corresponding with the log-in password of the user and the log-in password is carried out Comparison.
In the present embodiment, if the current password is identical as the log-in password of the user, expression is currently to log in be Normally log in.If current password vacation password corresponding with the log-in password of the user is identical, determination currently logs in different Often.Indicate that currently logging in middle attacker is repeatedly attempting the account that different passwords logs in the user.
If S15, the current password false password corresponding with the log-in password are identical, judgement currently logs in exception, And information warning is sent to default terminal.
In the present embodiment, described to send the combination that information warning includes following one or more to default terminal:
Send the terminal device of warning message to administrator;
Send the terminal device of exception information to the user.
Specifically, when finding that attacker logs in, system notifies administrator and user, administrator to answer starting automatically immediately Anxious response and retrospect.Wherein, the mode for notifying user is that the mailbox bound when passing through user's registration or telephone number send postal Part or short message are to user.
One in the specific implementation, the method also includes:
Generate the false private data with the user;
After currently logging in successfully, false private data is presented on a user interface.
The generation and the false private data of the user include:
Random character is generated, the random character includes number, character string;
The true private data of the user intersect obscuring with random character, wherein the true privacy of the user Data include the data of numeric type, the data of date type, the data of character string type.
Specifically, wherein generating false private data is the true private data based on all users possessed, true Obscure and intersect into row stochastic on the basis of real data, largely seems that comparison is true but is actually but entirely to generate False data.By the way that the true private data of user to be divided into: number, date and 3 seed type of character string are obscured respectively.
The first obfuscated manner: the data obfuscation of numeric type is most simple, using random function RAND (), if it is Integer then can be multiplied by being rounded after a coefficient, can also be with original data plus the random number generated, so that number According to range be maintained at the identical distribution of former truthful data.Than if any Revenue field, being the income from customers' place, big customer It is unable to completely random with the income number of small client parameter, can be increased within 10000 at random on the basis of original Revenue Number: Revenue+RAND () * 10000.
Second of obfuscated manner: the data obfuscation of date type can be added and subtracted on the basis of original date or current date One random number of days is formed, and DATEADD () function and RAND () function are used.For example generate random nearest 100 days The interior date: DATEADD (" day ", 0-RAND () * 100, GETDATE ()).
The third obfuscated manner: the data obfuscation of character string type is the most complicated, because character string has very specific meaning Justice, such as name field, company name field etc., if being randomly generated character will be meaningless.It at this moment it is contemplated that will Character string splits into two parts and then carries out combined crosswise, and the data for being really are replaced with random combined crosswise.Such as it is original Name be: Li Yuchun, Zeng Yike, Liu write, just will form by combined crosswise: the group of Lee's work, Zeng Yuchun, Liu Yike etc It closes.
Wherein the fractionation of name is divided into surname and name, and the fractionation of company can split into preceding 2 words and subsequent word.Such as Fruit be english name or English company name then can according to first space by English character string split into first word and Subsequent word.Then two fields of generation are stored in interim table, carry out cross-join with two interim tables, obtains two words All combinations of section, then select the data of certain item number at random again, are replaced legacy data with the random data selected.
A false data is automatically generated according to above-mentioned technical proposal, when attacker is logged in using false password, system is certainly The dynamic false data for generating simulation is presented to attacker, so that the privacy of user be prevented to be leaked.
In conclusion the present invention obtains the register account number and log-in password of user;Utilize trained false password generated mould Type generates false password corresponding with the log-in password;Log-in password and the log-in password for storing the user are corresponding False password;When detecting that the register account number of the user is currently being used for logging in, the current password currently logged in is obtained; The current password false password corresponding with the log-in password of the user and the log-in password is compared;If described work as When preceding password vacation password corresponding with the log-in password is identical, determination currently logs in exception, and issues information warning to association Personnel.The present invention can make attacker that can not obtain true user data, and when attacker is logged in using false password first Time while manager and user, make a response in time, are encroached on to avoid or reduce privacy of user property.
The present invention also provides a kind of password authentication devices.Referring to shown in Fig. 2, recognize for the password that one embodiment of the invention provides Demonstrate,prove the schematic diagram of internal structure of square law device.
In the present embodiment, password authentication device 1 can be PC (PersonalComputer, PC), can also be with It is the terminal devices such as smart phone, tablet computer, portable computer.The command identifying method device 1 include at least memory 11, Processor 12, communication bus 13 and network interface 14.
Wherein, memory 11 include at least a type of readable storage medium storing program for executing, the readable storage medium storing program for executing include flash memory, Hard disk, multimedia card, card-type memory (for example, SD or DX memory etc.), magnetic storage, disk, CD etc..Memory 11 It can be the internal storage unit of command identifying method device 1 in some embodiments, such as the command identifying method device 1 Hard disk.Memory 11 is also possible to the External memory equipment of command identifying method device 1, such as password in further embodiments The plug-in type hard disk being equipped on authentication method device 1, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, memory 11 can also both include password The internal storage unit of authentication method device 1 also includes External memory equipment.Memory 11 can be not only used for storage and be installed on Application software and Various types of data, such as the code of command identifying method program 01 of command identifying method device 1 etc. can also be used In temporarily storing the data that has exported or will export.
Processor 12 can be in some embodiments a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor or other data processing chips, the program for being stored in run memory 11 Code or processing data, such as execute command identifying method program 01 etc..
Communication bus 13 is for realizing the connection communication between these components.
Network interface 14 optionally may include standard wireline interface and wireless interface (such as WI-FI interface), be commonly used in Communication connection is established between the device 1 and other electronic equipments.
Optionally, which can also include user interface, and user interface may include display (Display), input Unit such as keyboard (Keyboard), optional user interface can also include standard wireline interface and wireless interface.It is optional Ground, in some embodiments, display can be light-emitting diode display, liquid crystal display, touch-control liquid crystal display and organic hair Optical diode (Organic Light-Emitting Diode, OLED) touches device etc..Wherein, display appropriate can also claim For display screen or display unit, visualized for being shown in the information handled in command identifying method device 1 and for showing User interface.
Fig. 2 illustrates only the password authentication device 1 with component 11-14 and password authentication program 01, art technology Personnel may include than figure it is understood that structure shown in fig. 1 does not constitute the restriction to command identifying method device 1 Show that less perhaps more components perhaps combine certain components or different component layouts.
In 1 embodiment of device shown in Fig. 2, password authentication program 01 is stored in memory 11;Processor 12 executes Following steps are realized when the password authentication program 01 stored in memory 11:
Obtain the register account number and log-in password of user.
In the present embodiment, when user registers for the first time, the register account number and note that user inputs on a user interface are obtained Volume password.The register account number and log-in password are used for the authentication of the subsequent login system of user.
Using trained false password generated model, false password corresponding with the log-in password is generated.
In the present embodiment, the training false password generated model includes:
(1) corpus being made of leakage password is obtained.
In the present embodiment, a large amount of leakage password can grab the password that leakage occurred from many databases.
(2) corpus is handled, obtains password dictionary.
One in the specific implementation, described handle the corpus, obtaining password dictionary includes:
The highest word of the frequency of occurrences, number and additional character in leakage password are counted using Hash mapping hashmap;
According to sewing before and after leakage password, the highest word of the frequency of occurrences, number and additional character are classified and be integrated into Password dictionary.
Specifically, the highest word of the frequency of occurrences, number and additional character method in hashmap statistics leakage password are as follows: All words, number and additional character being mapped in a hashtable (Hash table) one by one.If a list Word, number and additional character are already present in Hash table, just add 1 operation to the frequency of occurrences.After mapping is completed, one is obtained The statistical information of number with word all in leakage password file, number and additional character.By traversing Hash table, return Return word, number and additional character with maximum frequency number.
(3) the highest combination of the frequency of occurrences is obtained from the corpus.
In the present embodiment, it is described leakage password combination frequency statistics according to leakage password in letter, number, The difference of additional character ASCII character distinguishes.Wherein, the ASCII character of 0 to 90 Arabic numerals is 48~57,26 The ASCII character of capitalization English letter is that the ASCII character of 65~90,26 small English alphabets is 97~No. 122, additional character ASCII character value is the other values different from letter and number.By C programmer to the leakage mouth of word length certain in password dictionary The differentiation of each the character ASCII character enabled reveals the highest combination of the frequency of occurrences in password to count.
(4) the highest combination of the frequency of occurrences is parsed, generative grammar tree (Probabilistic context- Free grammar, PCFG).
In the present embodiment, leakage password equally possesses certain composition rule, after carrying out syntax parsing to leakage password It could Mass production vacation password.One in the specific implementation, syntax parsing to the highest combination of the frequency of occurrences, to generate Syntax tree.Because the highest combination of the frequency of occurrences is usually the mode that attacker is commonly used, highest to the frequency of occurrences The syntax tree that combination is parsed can more generate and meet the false password that attacker's trial logs in.
One in the specific implementation, using context-free grammar (Context-Free Grammer) and probability distribution is used Context-free grammar (Probabilistic Context-Free Grammar) come to the highest combination side of the frequency of occurrences Formula is parsed.
(5) it is trained based on parameter of the password dictionary to the syntax tree, obtains trained false password generated model.
One in the specific implementation, after training the false password generated model, using the log-in password of the user as The input of the vacation password generated model, to obtain the corresponding false password of the log-in password.The wherein log-in password pair The false password answered may include multiple false passwords.
Store the log-in password and the corresponding false password of the log-in password of the user.
In the present embodiment, the corresponding false password packet of log-in password and the log-in password of the storage user It includes:
Established in the tables of data of database multiple fields for store the user log-in password and the registration mouth Corresponding false password is enabled, wherein the authentic password of each user can be located at different field in the database.
Specifically, using Hash table (hash table) this data structure go storage user log-in password and several false mouths It enables, the log-in password of user and the value of several false passwords is accessed by the position that hash function is mapped in Hash table Record.Different user's authentic passwords passes through the mapping of hash function, and the authentic password of each user is likely located at different field.
The hash function can make the access process to a data sequence more effective rapidly, pass through hash function, number It will quickly be positioned according to element.
When detecting that the register account number of the user is currently being used for logging in, what acquisition currently logged in works as prosopyle It enables.
In the present embodiment, when there is the register account number for inputting the user on detecting log-in interface, i.e., the described user Register account number be currently being used for logging in.The current password currently logged in is then obtained from log-in interface.
The current password false password corresponding with the log-in password of the user and the log-in password is compared.
In the present embodiment, if the current password is identical as the log-in password of the user, expression is currently to log in be Normally log in.If current password vacation password corresponding with the log-in password of the user is identical, determination currently logs in different Often.Indicate that currently logging in middle attacker is repeatedly attempting the account that different passwords logs in the user.
If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, concurrently Send information warning to default terminal.
In the present embodiment, described to send the combination that information warning includes following one or more to default terminal:
Send the terminal device of warning message to administrator;
Send the terminal device of exception information to the user.
Specifically, when finding that attacker logs in, system notifies administrator and user, administrator to answer starting automatically immediately Anxious response and retrospect.Wherein, the mode for notifying user is that the mailbox bound when passing through user's registration or telephone number send postal Part or short message are to user.
One in the specific implementation, the method also includes:
Generate the false private data with the user;
After currently logging in successfully, false private data is presented on a user interface.
The generation and the false private data of the user include:
Random character is generated, the random character includes number, character string;
The true private data of the user intersect obscuring with random character, wherein the true privacy of the user Data include the data of numeric type, the data of date type, the data of character string type.
Specifically, wherein generating false private data is the true private data based on all users possessed, true Obscure and intersect into row stochastic on the basis of real data, largely seems that comparison is true but is actually but entirely to generate False data.By the way that the true private data of user to be divided into: number, date and 3 seed type of character string are obscured respectively.
The first obfuscated manner: the data obfuscation of numeric type is most simple, using random function RAND (), if it is Integer then can be multiplied by being rounded after a coefficient, can also be with original data plus the random number generated, so that number According to range be maintained at the identical distribution of former truthful data.Than if any Revenue field, being the income from customers' place, big customer It is unable to completely random with the income number of small client parameter, can be increased within 10000 at random on the basis of original Revenue Number: Revenue+RAND () * 10000.
Second of obfuscated manner: the data obfuscation of date type can be added and subtracted on the basis of original date or current date One random number of days is formed, and DATEADD () function and RAND () function are used.For example generate random nearest 100 days The interior date: DATEADD (" day ", 0-RAND () * 100, GETDATE ()).
The third obfuscated manner: the data obfuscation of character string type is the most complicated, because character string has very specific meaning Justice, such as name field, company name field etc., if being randomly generated character will be meaningless.It at this moment it is contemplated that will Character string splits into two parts and then carries out combined crosswise, and the data for being really are replaced with random combined crosswise.Such as it is original Name be: Li Yuchun, Zeng Yike, Liu write, just will form by combined crosswise: the group of Lee's work, Zeng Yuchun, Liu Yike etc It closes.
Wherein the fractionation of name is divided into surname and name, and the fractionation of company can split into preceding 2 words and subsequent word.Such as Fruit be english name or English company name then can according to first space by English character string split into first word and Subsequent word.Then two fields of generation are stored in interim table, carry out cross-join with two interim tables, obtains two words All combinations of section, then select the data of certain item number at random again, are replaced legacy data with the random data selected.
A false data is automatically generated according to above-mentioned technical proposal, when attacker is logged in using false password, system is certainly The dynamic false data for generating simulation is presented to attacker, so that the privacy of user be prevented to be leaked.
In conclusion the present invention obtains the register account number and log-in password of user;Utilize trained false password generated mould Type generates false password corresponding with the log-in password;Log-in password and the log-in password for storing the user are corresponding False password;When detecting that the register account number of the user is currently being used for logging in, the current password currently logged in is obtained; The current password false password corresponding with the log-in password of the user and the log-in password is compared;If described work as When preceding password vacation password corresponding with the log-in password is identical, determination currently logs in exception, and issues information warning to association Personnel.The present invention can make attacker that can not obtain true user data, and when attacker is logged in using false password first Time while manager and user, make a response in time, are encroached on to avoid or reduce privacy of user property.
Optionally, in other embodiments, password authentication program 01 can also be divided into one or more module, and one A or multiple modules are stored in memory 11, and are held by one or more processors (the present embodiment is by processor 12) For row to complete the present invention, the so-called module of the present invention is the series of computation machine program instruction section for referring to complete specific function, For describing implementation procedure of the command identifying method program 01 in password authentication device 1.
It is the program module schematic diagram of password authentication program 01 of the present invention for example, referring to shown in Fig. 3, in the embodiment, mouth It enables authentication procedure 01 that can be divided into and obtains module 10, generation module 20, memory module 30, contrast module 40 and alarm module 50, illustratively:
Obtain register account number and log-in password that module 10 obtains user;
Generation module 20 generates false password corresponding with the log-in password using trained false password generated model;
Memory module 30 stores the log-in password and the corresponding false password of the log-in password of the user;
The acquisition module 10 obtains current when the register account number for detecting the user is currently being used for logging in The current password logged in;
Contrast module 40 is by the current password false mouth corresponding with the log-in password of the user and the log-in password Order compares;
If the current password of alarm module 50 vacation password corresponding with the log-in password is identical, determination is currently logged in It is abnormal, and information warning is issued to associate people.
The program modules such as above-mentioned acquisition module 10, generation module 20, memory module 30, contrast module 40 and alarm module 50 It is performed realized functions or operations step to be substantially the same with above-described embodiment, details are not described herein.
In addition, the embodiment of the present invention also proposes a kind of computer readable storage medium, the computer readable storage medium On be stored with password authentication program, the password authentication program can be executed by one or more processors, to realize following operation:
Obtain the register account number and log-in password of user;
Using trained false password generated model, false password corresponding with the log-in password is generated;
Store the log-in password and the corresponding false password of the log-in password of the user;
When detecting that the register account number of the user is currently being used for logging in, what acquisition currently logged in works as prosopyle It enables;
The current password false password corresponding with the log-in password of the user and the log-in password is compared;
If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, concurrently Send information warning to default terminal.
Computer readable storage medium specific embodiment of the present invention and above-mentioned each reality of command identifying method device and method It is essentially identical to apply example, does not make tired state herein.
It should be noted that the serial number of the above embodiments of the invention is only for description, do not represent the advantages or disadvantages of the embodiments.And The terms "include", "comprise" herein or any other variant thereof is intended to cover non-exclusive inclusion, so that packet Process, device, article or the method for including a series of elements not only include those elements, but also including being not explicitly listed Other element, or further include for this process, device, article or the intrinsic element of method.Do not limiting more In the case where, the element that is limited by sentence "including a ...", it is not excluded that including process, device, the article of the element Or there is also other identical elements in method.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in one as described above In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that terminal device (it can be mobile phone, Computer, server or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of command identifying method, which is characterized in that the described method includes:
Obtain the register account number and log-in password of user;
Using trained false password generated model, false password corresponding with the log-in password is generated;
Store the log-in password and the corresponding false password of the log-in password of the user;
When detecting that the register account number of the user is currently used to log in, the current password logged in is obtained;
The current password false password corresponding with the log-in password of the user and the log-in password is compared;
If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, and sends police Show information to default terminal.
2. command identifying method as described in claim 1, which is characterized in that the training false password generated model packet It includes:
Obtain the corpus being made of leakage password;
The corpus is handled, password dictionary is obtained;
The highest combination of the frequency of occurrences is obtained from the corpus;
The highest combination of the frequency of occurrences is parsed, generative grammar tree;
It is trained based on parameter of the password dictionary to the syntax tree, obtains trained false password generated model.
3. command identifying method as claimed in claim 2, which is characterized in that it is described that the corpus is handled, obtain mouth The dictionary is enabled to include:
The highest word of the frequency of occurrences, number and additional character in leakage password are counted using Hash mapping;
According to sewing before and after leakage password, classifies to the highest word of the frequency of occurrences, number and additional character and be integrated into password Dictionary.
4. command identifying method as described in claim 1, which is characterized in that the log-in password of the storage user and institute Stating the corresponding false password of log-in password includes:
Multiple fields are established in the tables of data of database for storing the log-in password and the log-in password pair of the user The false password answered, wherein the authentic password of each user is located at different field in the database.
5. command identifying method as described in claim 1, which is characterized in that the transmission information warning includes to default terminal The combination of following one or more:
Send the terminal device of warning message to administrator;
Send the terminal device of exception information to the user.
6. command identifying method as described in claim 1, which is characterized in that the method also includes:
Generate the false private data of the user;
After currently logging in successfully, false private data is presented on a user interface.
7. command identifying method as claimed in claim 6, which is characterized in that the false privacy number of the generation and the user According to including:
Random character is generated, the random character includes number, character string;
The true private data of the user intersect obscuring with random character, wherein the true private data of the user Data, the data of character string type of data, date type including numeric type.
8. a kind of command identifying method device, which is characterized in that described device includes memory and processor, on the memory It is stored with the command identifying method program that can be run on the processor, the command identifying method program is by the processor Following steps are realized when execution:
Obtain the register account number and log-in password of user;
Using trained false password generated model, false password corresponding with the log-in password is generated;
Store the log-in password and the corresponding false password of the log-in password of the user;
When detecting that the register account number of the user is currently being used for logging in, the current password logged in is obtained;
The current password false password corresponding with the log-in password of the user and the log-in password is compared;
If the current password false password corresponding with the log-in password is identical, judgement currently logs in exception, and sends police Show information to default terminal.
9. command identifying method device as claimed in claim 8, which is characterized in that the training false password generated model Include:
Obtain the corpus being made of leakage password;
The corpus is handled, password dictionary is obtained;
The highest combination of the frequency of occurrences is obtained from the corpus;
The highest combination of the frequency of occurrences is parsed, generative grammar tree;
It is trained based on parameter of the password dictionary to the syntax tree, obtains trained false password generated model.
10. a kind of computer readable storage medium, which is characterized in that be stored with password on the computer readable storage medium and recognize Demonstrate,prove method program, the command identifying method program can execute by one or more processor, with realize as claim 1 to Command identifying method described in any one of 7.
CN201910008849.6A 2019-01-04 2019-01-04 Password authentication method, device and computer readable storage medium Active CN109560937B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910008849.6A CN109560937B (en) 2019-01-04 2019-01-04 Password authentication method, device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910008849.6A CN109560937B (en) 2019-01-04 2019-01-04 Password authentication method, device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN109560937A true CN109560937A (en) 2019-04-02
CN109560937B CN109560937B (en) 2022-09-27

Family

ID=65872482

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910008849.6A Active CN109560937B (en) 2019-01-04 2019-01-04 Password authentication method, device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN109560937B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110766841A (en) * 2019-06-12 2020-02-07 天津新泰基业电子股份有限公司 User registration and verification method and device
CN113032765A (en) * 2021-04-29 2021-06-25 中国工商银行股份有限公司 Password authentication method, device and equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1442782A (en) * 2002-03-05 2003-09-17 三星电子株式会社 User confirmation method using word of command
CN103455737A (en) * 2012-05-28 2013-12-18 百度在线网络技术(北京)有限公司 User information protection method and device
US20150365400A1 (en) * 2014-06-12 2015-12-17 Nadapass, Inc. Password-less authentication system and method
CN107977559A (en) * 2017-11-22 2018-05-01 杨晓艳 A kind of identity identifying method, device, equipment and computer-readable recording medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1442782A (en) * 2002-03-05 2003-09-17 三星电子株式会社 User confirmation method using word of command
CN103455737A (en) * 2012-05-28 2013-12-18 百度在线网络技术(北京)有限公司 User information protection method and device
US20150365400A1 (en) * 2014-06-12 2015-12-17 Nadapass, Inc. Password-less authentication system and method
CN107977559A (en) * 2017-11-22 2018-05-01 杨晓艳 A kind of identity identifying method, device, equipment and computer-readable recording medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BRILAND HITAJ: "PassGAN: A Deep Learning Approach for Password Guessing", 《HTTPS://ARXIV.ORG/ABS/1709.00440V2》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110766841A (en) * 2019-06-12 2020-02-07 天津新泰基业电子股份有限公司 User registration and verification method and device
CN113032765A (en) * 2021-04-29 2021-06-25 中国工商银行股份有限公司 Password authentication method, device and equipment

Also Published As

Publication number Publication date
CN109560937B (en) 2022-09-27

Similar Documents

Publication Publication Date Title
US11997115B1 (en) Message platform for automated threat simulation, reporting, detection, and remediation
US12095820B2 (en) User model-based data loss prevention
US9418237B2 (en) System and method for data masking
US20200279050A1 (en) Generating and monitoring fictitious data entries to detect breaches
CN103973668B (en) Server-side personal privacy data protecting method in network information system
US9021135B2 (en) System and method for tokenization of data for storage in a cloud
US20200279041A1 (en) Measuring data-breach propensity
CN106503557B (en) SQL injection attack defending system and defence method based on dynamic mapping
US12107877B2 (en) Real-time detection of anomalous content in transmission of textual data
Ciampa A comparison of password feedback mechanisms and their impact on password entropy
GB2448071A (en) Associating a query with an application user
CN109214683A (en) A kind of Application of risk decision method and device
CN106934299A (en) A kind of Database Encrypt System and method
CN109560937A (en) Command identifying method, device and computer readable storage medium
US8359647B1 (en) System, method and computer program product for rendering data of an on-demand database service safe
CN106020923A (en) SELinux strategy compiling method and system
Yang et al. An analysis view on password patterns of Chinese internet users
Sharma et al. Explorative study of SQL injection attacks and mechanisms to secure web application database-A
Joe et al. A study of sql injection hacking techniques
US11240266B1 (en) System, device and method for detecting social engineering attacks in digital communications
US20180246968A1 (en) Event processing system
Nanda et al. Oracle Privacy Security Auditing: Includes Federal Law Compliance with HIPAA, Sarbanes Oxley and the Gramm Leach Bliley Act GLB
EP3480821B1 (en) Clinical trial support network data security
US12105844B1 (en) Selective redaction of personally identifiable information in generative artificial intelligence model outputs
CN103634326B (en) A kind of method and device for processing application system request message

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant