CN109753783B - Single sign-on method and device based on machine learning and computer readable storage medium - Google Patents

Single sign-on method and device based on machine learning and computer readable storage medium Download PDF

Info

Publication number
CN109753783B
CN109753783B CN201811438773.2A CN201811438773A CN109753783B CN 109753783 B CN109753783 B CN 109753783B CN 201811438773 A CN201811438773 A CN 201811438773A CN 109753783 B CN109753783 B CN 109753783B
Authority
CN
China
Prior art keywords
login
single sign
behavior
sign
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811438773.2A
Other languages
Chinese (zh)
Other versions
CN109753783A (en
Inventor
詹天
莫增文
孙腾
张灿群
柳锴
蓝晏翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Youwei Technology Co.,Ltd.
Original Assignee
Beijing Youxin Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Youxin Technology Co ltd filed Critical Beijing Youxin Technology Co ltd
Priority to CN201811438773.2A priority Critical patent/CN109753783B/en
Publication of CN109753783A publication Critical patent/CN109753783A/en
Application granted granted Critical
Publication of CN109753783B publication Critical patent/CN109753783B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The embodiment of the invention provides a single sign-on method based on machine learning, which comprises the following steps: acquiring a login request of a current login user, wherein the login target of the login request is a first webpage application in a plurality of webpage applications; extracting login behavior characteristics corresponding to the login request, and inputting the login behavior characteristics into a pre-trained behavior prediction model to output login rules corresponding to the first webpage application; and guiding the login behavior of the current login user by using the login rule. The invention also provides a corresponding device and a computer readable storage medium, and the security of the single sign-on method can be improved by the method.

Description

Single sign-on method and device based on machine learning and computer readable storage medium
Technical Field
The invention relates to the field of computers, in particular to a single sign-on method and device based on machine learning and a computer readable storage medium.
Background
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
SSO (single sign on) is a set of solutions for unified login authentication. In the SSO webpage application, by integrating a plurality of mutually trusted subnet page applications, a user can access all mutually trusted subnet page applications only after completing one-time login authentication in the SSO webpage application, thereby realizing one-time login anywhere access.
However, the existing single sign-on method has at least the following problems: (1) the potential safety hazard is large, a user only needs to log in one webpage application of the single sign-on platform, and can directly log in other webpage applications of the single sign-on platform without password and verification steps, and the judgment capability on abnormal logging-in behaviors is not provided; (2) the method is not suitable for complex webpage applications, multiple webpage applications of the single sign-on platform may have different security requirements, and the traditional single sign-on method does not have login authorization for performing regional differentiation on different systems of the single sign-on platform.
Disclosure of Invention
To solve the problem of insufficient security of the conventional single sign-on method, embodiments of the present invention provide a single sign-on method and apparatus based on machine learning, and a computer-readable storage medium.
In a first aspect of an embodiment of the present invention, a single sign-on method based on machine learning is provided, which is applied to a single sign-on system, where the single sign-on system includes a single sign-on platform and a plurality of web applications whose login functions are centralized on the single sign-on platform, and the method includes:
acquiring a login request of a current login user, and redirecting the login request to the single sign-on platform, wherein the login target of the login request is a first webpage application in the plurality of webpage applications;
extracting login behavior features corresponding to the login request, and inputting the login behavior features into a pre-trained behavior prediction model to output login rules corresponding to the first webpage application, wherein the pre-trained behavior prediction model is obtained according to a historical login data machine learning algorithm and training of the single-point login platform;
and guiding the login behavior of the current login user by using the login rule.
Preferably, the inputting the login behavior feature into a pre-trained behavior prediction model to output login exception information of the current login request further comprises:
extracting the identity characteristic information of the current login user according to the login request;
acquiring preset authority information corresponding to the first webpage application based on the identity characteristic information;
adjusting a plurality of weight parameters in the behavior prediction model according to the preset authority information;
inputting the login behavior characteristics into an adjusted behavior prediction model to output login abnormal information of the current login request.
Preferably, wherein the login behavior feature comprises: one or more of login address, login webpage application number, login frequency and login error frequency.
Preferably, the guiding the login behavior of the current login user by using the login rule comprises:
selecting a first verification request from a plurality of preset verification requests according to the login rule, sending the first verification request to the current login user, and guiding the current login user to input verification information; and
and responding the valid first authentication information to perform login authorization on the current login user and/or responding to the invalid second authentication information to reject the login request.
Preferably, the plurality of preset authentication requests include: one or more of a passcode verification request, a biometric verification request, a U-key verification request.
Preferably, the login rule further includes: and executing an alarm for the current login user.
Preferably, if the login behavior characteristics meet a preset condition, the login rule output by the behavior prediction model is to allow the current login user to directly login the first webpage application;
wherein the preset conditions include: and detecting that the current login user logs in a second webpage application of the plurality of webpage applications according to the identity characteristic information of the current login user.
Preferably, wherein the machine learning algorithm comprises: one or more of a clustering algorithm, a kernel density estimation algorithm, and an association rule algorithm.
Preferably, the historical login data includes identity feature information of a plurality of registered users of the plurality of web applications whose login functions are centralized in the single-sign-on platform, and historical login behavior features of the plurality of registered users in the plurality of web applications.
Preferably, the pre-training process of the behavior prediction model further comprises:
acquiring the historical login data;
classifying and aggregating the historical login data according to the login behavior characteristics containing one or more dimensions to form a plurality of sample sets;
and respectively executing model training according to each sample set in the plurality of sample sets to obtain a plurality of behavior prediction models corresponding to the plurality of sample sets.
Preferably, the inputting the login behavior feature into a pre-trained behavior prediction model to output the login rule corresponding to the first web page application further comprises:
selecting a target behavior prediction model corresponding to the login request from the plurality of behavior prediction models according to the login behavior characteristics of the login request, and inputting the login behavior characteristics into the target behavior prediction model to output login rules corresponding to the first webpage application.
Preferably, the method further comprises the following steps:
updating the behavior prediction model according to the login request after the outputting of the login rule corresponding to the first web application.
In a second aspect of an embodiment of the present invention, a single sign-on apparatus based on machine learning is provided, which is applied to a single sign-on system including a single sign-on platform and a plurality of web applications having a login function concentrated on the single sign-on platform, and the apparatus includes:
the single sign-on platform comprises an acquisition module, a display module and a display module, wherein the acquisition module is used for acquiring a login request of a current login user and redirecting the login request to the single sign-on platform, and the login target of the login request is a first webpage application in the plurality of webpage applications;
the machine learning module is used for extracting login behavior characteristics corresponding to the login request and inputting the login behavior characteristics into a pre-trained behavior prediction model to output login rules corresponding to the first webpage application, wherein the pre-trained behavior prediction model is obtained according to a historical login data machine learning algorithm and training of the single-point login platform;
and the guiding module is used for guiding the login behavior of the current login user by utilizing the login rule.
Preferably, wherein the machine learning module is further configured to:
extracting the identity characteristic information of the current login user according to the login request;
acquiring preset authority information corresponding to the first webpage application based on the identity characteristic information;
adjusting a plurality of weight parameters in the behavior prediction model according to the preset authority information;
inputting the login behavior characteristics into an adjusted behavior prediction model to output login abnormal information of the current login request.
Preferably, wherein the login behavior feature comprises: one or more of login address, login webpage application number, login frequency and login error frequency.
Preferably, wherein the guiding module is further configured to:
selecting a first verification request from a plurality of preset verification requests according to the login rule, sending the first verification request to the current login user, and guiding the current login user to input verification information; and
and responding the valid first authentication information to perform login authorization on the current login user and/or responding to the invalid second authentication information to reject the login request.
Preferably, the plurality of preset authentication requests include: one or more of a passcode verification request, a biometric verification request, a U-key verification request.
Preferably, the login rule further includes: and executing an alarm for the current login user.
Preferably, if the login behavior characteristics meet a preset condition, the login rule output by the behavior prediction model is to allow the current login user to directly login the first webpage application;
wherein the preset conditions include: and detecting that the current login user logs in a second webpage application of the plurality of webpage applications according to the identity characteristic information of the current login user.
Preferably, wherein the machine learning algorithm comprises: one or more of a clustering algorithm, a kernel density estimation algorithm, and an association rule algorithm.
Preferably, the historical login data includes identity feature information of a plurality of registered users of the plurality of web applications whose login functions are centralized in the single-sign-on platform, and historical login behavior features of the plurality of registered users in the plurality of web applications.
Preferably, the pre-training process of the behavior prediction model further comprises:
acquiring the historical login data;
classifying and aggregating the historical login data according to the login behavior characteristics containing one or more dimensions to form a plurality of sample sets;
and respectively executing model training according to each sample set in the plurality of sample sets to obtain a plurality of behavior prediction models corresponding to the plurality of sample sets.
Preferably, wherein the machine learning module is further configured to:
selecting a target behavior prediction model corresponding to the login request from the plurality of behavior prediction models according to the login behavior characteristics of the login request, and inputting the login behavior characteristics into the target behavior prediction model to output login rules corresponding to the first webpage application.
Preferably, the machine learning module further includes an updating module, specifically configured to:
updating the behavior prediction model according to the login request after the outputting of the login rule corresponding to the first web application.
In a third aspect of an embodiment of the present invention, there is provided a single sign-on device based on machine learning, including:
one or more processors;
a memory for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement:
acquiring a login request of a current login user, and redirecting the login request to the single sign-on platform, wherein the login target of the login request is a first webpage application in the plurality of webpage applications;
extracting login behavior characteristics corresponding to the login request, and inputting the login behavior characteristics into a pre-trained behavior prediction model to output login rules corresponding to the first webpage application, wherein the pre-trained behavior prediction model is obtained by training according to historical login data of the single-point login platform and adopting a machine learning algorithm;
and guiding the login behavior of the current login user by using the login rule.
In a fourth aspect of the embodiments of the present invention, a computer-readable storage medium is provided, which stores a program that, when executed by a processor, causes the processor to execute the method as described above.
The safe single sign-on method provided by the embodiment of the invention obtains the behavior prediction model through the training of the machine learning algorithm, and executes different sign-on rules for sign-on requests with different sign-on behavior characteristics based on the behavior prediction model. Therefore, different login rules can be adaptively implemented for different login requests or different webpage applications, and the security and pertinence of single login are improved. In addition, no matter whether the current login user logs in other webpage applications of the single sign-on platform or not, the user logs in according to the login method, and the safety of the webpage applications is further improved.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present invention will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:
FIG. 1(a) shows a prior art single sign-on flow diagram; FIG. 1(b) shows a prior art single sign-on system schematic;
fig. 2 shows a flowchart of a single sign-on method based on machine learning according to an embodiment of the present invention.
Fig. 3 shows a flowchart of another single sign-on method based on machine learning according to an embodiment of the present invention.
Fig. 4 shows a flowchart of another single sign-on method based on machine learning according to an embodiment of the present invention.
Fig. 5 shows a flowchart of another single sign-on method based on machine learning according to an embodiment of the present invention.
Fig. 6 is a schematic diagram of a single sign-on apparatus based on machine learning according to an embodiment of the present invention.
Fig. 7 shows a schematic diagram of another single sign-on device based on machine learning according to an embodiment of the present invention.
FIG. 8 illustrates a schematic diagram of a computer-readable storage medium according to an embodiment of the invention.
In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Detailed Description
The principles and spirit of the present invention will be described with reference to a number of exemplary embodiments. It is understood that these embodiments are given solely for the purpose of enabling those skilled in the art to better understand and to practice the invention, and are not intended to limit the scope of the invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Generally, the Single Sign-on protocol may include various protocols, such as a CAS Single Sign-on protocol, a Passport Single Sign-on protocol, and an X/Open Single Sign-on Service Single Sign-on protocol. The embodiment of the present invention is applicable to the different types of single sign-on protocols, and is not limited herein. The following describes a conventional single sign-on web application in detail with reference to fig. 1:
fig. 1(a) shows a flowchart based on a conventional single sign-on method, wherein, as shown in fig. 1(b), the single sign-on system may include a single sign-on platform 204, a first web application 202, a second web application 203, and a client browser 201, and the login functions of the first web application 202 and the second web application 203 are concentrated on the single sign-on platform 204, wherein the step of the user a logging in the first web application 202 or the second web application 203 through the client browser 201 includes:
firstly, a user A accesses a first webpage application 202 through a browser 201; the first webpage application 202 finds that the user A does not log in after verification; the first webpage application 202 redirects the access request to the single sign-on platform 204; after the single sign-on platform 204 verifies, finding that the unregistered function of the user A is concentrated on any webpage application of the single sign-on platform 204; the single sign-on platform 204 guides the user A to a login interface through the browser 201; sixthly, the user A inputs a user name and a password on a login interface through the browser 201 to submit a login application; the single sign-on platform 204 verifies the input user name and password, and creates an authorization token after verification is successful; the single sign-on platform 204 jumps back to the original request address (the first web application 202) with the token; ninthly, after the first webpage application 202 obtains the token, checking whether the token is valid or not by the single sign-on platform 204; checking the token to be a valid token by the R single sign-on platform 204, and successfully logging in the first webpage application 202 by the user A;
when the user a has logged into the first web application 202, the step of further logging into the second web application 203 is as follows:
Figure BDA0001883048790000091
the user a accesses the second web application 203 through the browser 201;
Figure BDA0001883048790000092
the second webpage application 203 finds that the user A does not log in after verification;
Figure BDA0001883048790000093
the second webpage application 203 redirects the access request to the single sign-on platform 204;
Figure BDA0001883048790000094
after the single sign-on platform 204 verifies, finding that the login function of the user A is concentrated on a first webpage application of the single sign-on platform 204;
Figure BDA0001883048790000095
the single sign-on platform 204 jumps back to the second web application 203 and attaches the token;
Figure BDA0001883048790000096
after the second webpage application 203 takes the token, the single sign-on platform 204 checks whether the token is valid;
Figure BDA0001883048790000097
the single sign-on platform 204 checks the token and returns a valid token, and the user a successfully logs on the second web application 203.
As shown in fig. 1(a), the process is a common process in the field of single sign-on technology, and the inventor finds that the conventional single sign-on method cannot be applied to the existing complex web application system, for example, the conventional single sign-on method cannot be correspondingly protected against abnormal sign-on behavior, and is difficult to satisfy different security requirements of different web applications.
The basic idea of the embodiment of the present invention is that, based on the above-mentioned conventional processing, the login behavior characteristics of the current login user when requesting to login a certain web application can be monitored, and whether the login behavior deviates from the login behavior baseline corresponding to the web application is determined, if so, the login complexity is increased, and if not, the original login complexity can be reduced or maintained. Therefore, a perfect safe login system of the single-point login system can be established.
The following describes a method and an apparatus for performing access right control based on a single sign-on protocol according to an embodiment of the present invention in detail with reference to the accompanying drawings.
Fig. 2 shows a flowchart of a single sign-on method based on machine learning according to an embodiment of the present invention. As shown in fig. 2, the method includes, but is not limited to, S110 to S130, and specifically includes:
s110: obtaining a login request of a current login user, and redirecting the login request to the single sign-on platform, wherein the login target of the login request is a first webpage application in the plurality of webpage applications.
Specifically, the multiple web applications of the single sign-on platform focus the login function on the multiple web applications of the single sign-on platform according to the single sign-on protocol, at this time, any one of the multiple web applications does not provide a login entry, and only receives indirect authorization realized by the single sign-on platform through the token.
It should be noted that the login request is a login request in a broad sense, and may be a login request sent by a current login user through a login page, or may be an access request of a user of a certain web application that has logged in a single-sign-on platform to a protected resource of another web application under the same single-sign-on platform.
S120: and extracting login behavior characteristics corresponding to the login request, and inputting the login behavior characteristics into a pre-trained behavior prediction model to output login rules corresponding to the first webpage application.
The pre-trained behavior prediction model is obtained by training according to a machine learning algorithm and historical login data of the single-point login platform.
Specifically, the single sign-on platform may acquire the login behavior characteristics of the current login user by collecting the behavior log of the current login user.
It can be understood by those skilled in the art that the essence of the machine learning algorithm is to find an objective function, which becomes the optimal mapping between the input variables and the output variables. Further, the login behavior features are input variables, and the behavior prediction model is an objective function.
Specifically, the method provided in this embodiment may specifically include: obtaining historical login data of a plurality of registered users, establishing an initial behavior prediction model based on a preset machine learning algorithm, training the initial behavior prediction model according to the historical login data (sample data), adjusting the initial behavior prediction model according to the matching condition of an output login rule and a correct login rule until the matching degree meets a preset condition, and completing the establishment of the behavior prediction model.
Specifically, various login rules may be preset, for example, login rule a: the login is directly authorized without any verification information; and (3) login rule B: executing authorized login after inputting the valid verification code; login rule C: account locking within 30 minutes, disallowing authorized login, and so on.
Optionally, the login request may further include a login password. For example: in the step (c) of the single sign-on flowchart shown in fig. 1(a), after the single sign-on platform directs the currently logged-on user a to the login page, the login request input by the user a may be a user name a, a password, and the single sign-on platform performs password verification, and further obtains a login rule according to the login request after the verification is error-free, and performs login authorization on the user a according to the login rule. Optionally, in the embodiment of the present invention, the login request may not include a password, and the password verification rule is fused into the corresponding preset login rule, for example: after the single sign-on platform guides the current login user a to the login page, the login request input by the user a does not include a password, so the login request may include a login behavior feature of "no password input", and the single sign-on platform may further obtain a corresponding preset login rule D according to the login behavior feature: and repeatedly inputting the user name, the password and the verification code.
Here, the preset login rule is not particularly limited, and may be set according to actual requirements. The four login rules are described as examples in the present application, but are not limited thereto.
S130: and guiding the login behavior of the current login user by using the login rule.
Specifically, the above-mentioned guiding the login behavior of the current login user refers to guiding the current login user to perform an operation corresponding to a login rule to realize login, for example, skipping a browser page of the current login user to an authentication page, guiding the user to input authentication information, or directly skipping the browser page of the current login user to a login completion page to guide the user to perform no operation.
Compared with the traditional single sign-on method: once one web application of the single sign-on platform has been logged on, other web applications of the single sign-on platform can be directly logged on without additional login information. The safe single sign-on method provided by the embodiment of the invention obtains the behavior prediction model through the training of the machine learning algorithm, and executes different sign-on rules for different sign-on requests based on the behavior prediction model. Therefore, different webpage applications can adaptively implement different login rules, and the security and pertinence of single sign-on are improved. In addition, no matter whether the current login user logs in the webpage application of the single sign-on platform or not, the user needs to log in according to the login method, and the safety of the webpage application in the single sign-on platform is further improved.
In an embodiment, the login behavior characteristics of the login request may include: one or more of current login address, current login webpage application number, login frequency in preset time, login error times in preset time and current login password input error. The present embodiment is described by taking the above login behavior features as an example, but is not limited to this, and other feature information that can describe the login behavior may be included.
Specifically, the login behavior feature may be obtained from a user behavior log by the single sign-on platform or the first web application.
In an embodiment, the login rule may further be: and executing an alarm for the current login user. Specifically, the alarm may be a message sent to the user to prompt the user for abnormal information.
Fig. 3 is a flowchart illustrating another secure single sign-on method according to an embodiment of the present invention, and the following describes in detail another secure single sign-on method according to an embodiment of the present invention with reference to fig. 3.
S210: acquiring a login request of a current login user, and redirecting the login request to the single sign-on platform;
wherein the login target of the login request is a first webpage application in the plurality of webpage applications.
S220: and extracting login behavior characteristics corresponding to the login request.
S230: and extracting the identity characteristic information of the current login user according to the login request.
Specifically, the identity characteristic information of the current login user obtained by receiving the login request of the current login user may include a user name of the current login user.
Specifically, if the login request is an access request input by a current login user, the acquired identity characteristic information may include an IP address of the current login user. For example, if a user a who has logged in a second web application on the single sign-on platform wants to access a protected resource of a first web application associated with the second web application, the single sign-on platform may obtain the identity information of the current access request by analyzing the IP address of the current access request because the IP address of the current login user a has logged in the single sign-on platform.
S240: and acquiring preset authority information corresponding to the first webpage application based on the identity characteristic information.
Specifically, the single sign-on platform may be connected to a user information base, which may contain the identity feature information of all registered users of a plurality of web applications centralized on the single sign-on platform, and an identity corresponding to each registered user, for example, the identity of the user a may be < finance staff, employee B >. Further, in the embodiment of the present invention, a permission correspondence between the identity and the web application may be constructed in advance, at least one identity is obtained through the identity characteristic information, and a corresponding preset permission set is obtained through the at least one identity, for example, the first system is a financial web application, and the preset permission correspondence may be: the financial staff logs in the authority C1 of the financial webpage application, and the staff in the place B logs in the authority C2 of the financial webpage application.
S250: and adjusting a plurality of weight parameters in the behavior prediction model according to the preset authority information.
S260: inputting the login behavior features into the adjusted behavior prediction model to output login rules corresponding to the first web page application.
Optionally, if the obtained preset authority information meets a preset condition, the login rule may also be directly obtained according to the preset authority information. For example, if the content of the right of any of C1 and C2 is login prohibition, the login rule can be obtained directly from the login right without further determination.
S270: and guiding the login behavior of the current login user by using the login rule.
The contents of the steps S210, S220, and S270 are respectively the same as the contents of the steps S110, S120, and S130, and are not described herein again.
The embodiment comprehensively considers the important factor that different users may have different login rights, and can set different login rules for different users, so that the pertinence of the single sign-on method is further improved compared with the foregoing embodiment.
Fig. 4 shows a schematic diagram of guiding the login behavior of the current login user using login rules. S130 and/or S270 are described in further detail below in conjunction with fig. 4.
S310: selecting a first verification request from a plurality of preset verification requests according to the login rule, sending the first verification request to the current login user, and guiding the current login user to input verification information; and
s320: and responding the valid first authentication information to perform login authorization on the current login user and/or responding to the invalid second authentication information to reject the login request.
Specifically, as shown in fig. 5, the user may be guided to an authentication page according to a corresponding login rule, the authentication page displays "please input a fingerprint" (a biometric authentication method), after the user inputs the fingerprint, the single sign-on platform authenticates the fingerprint information, further, if the authentication information returned by the currently logged-in user passes the authentication, a token is created to authorize login, and if the authentication information fails to pass the authentication, the login request of the currently logged-in user is rejected.
In one embodiment, the plurality of preset authentication requests include: one or more of a verification code, a cell phone verification code, biometric information verification (e.g., fingerprint information verification, face recognition verification, etc.), a U-key. Further, the verification code may be further divided into a slider verification code, a graphic verification code, a character selection verification code, and the like, and the type of the verification request is not limited in the present invention.
In an embodiment, if the login behavior characteristics satisfy a preset condition, the login rule output by the behavior prediction model is to allow the current login user to directly login the first web application;
wherein the preset conditions include: and detecting that the current login user logs in a second webpage application of the plurality of webpage applications according to the identity characteristic information of the current login user.
In particular, "the current login user has logged in to a second web application of the plurality of web applications" may also be a login behavior feature entered into the behavior prediction model.
As can be understood by those skilled in the art, as shown in the conventional single sign-on method of fig. 1(a), if it is detected that the current login user has logged in a second web application of the multiple web applications of the single sign-on platform according to the identity information of the current login user, the conventional single sign-on method directly authorizes the login request to log in. Accordingly, in this embodiment, for example, if the security requirement of a certain web application is not high, the influence of the parameter corresponding to the login behavior feature of "the current login user has logged in the second web application of the plurality of web applications" may be increased during the behavior prediction model training process, and further, during the actual login process, if the current login user has logged in the second web application of the plurality of web applications, the login rule a may still be directly obtained under the condition that the abnormality of other login behavior features is large: and the login is directly authorized without any verification information.
Compared with the embodiment, the embodiment distinguishes the login behavior logged in the single sign-on platform from the login behavior logged in the unregistered single sign-on platform and executes different login rules, and improves the convenience while ensuring the login security.
In one embodiment, the historical login data includes identity characteristic information of a plurality of registered users of the plurality of web applications focused on the single sign-on platform and historical login behavior characteristics of the plurality of registered users in the plurality of web applications.
Specifically, as will be understood by those skilled in the art, each login behavior of each login user is collected by the single-point login platform and is subjected to abnormality determination, so that the single-point login platform collects identity characteristic information of each login request and login behavior characteristics corresponding to the identity characteristic information.
Alternatively, the behavior prediction model may be constructed based on a machine Learning algorithm of Unsupervised Learning (Unsupervised Learning).
Specifically, the preset machine learning algorithm may include: one or more of a clustering algorithm (K-mean), a Kernel Density Estimation algorithm (KDE), and an Association rule (Association rule learning) algorithm.
Fig. 5 is a flowchart illustrating a pre-training method of a behavior prediction model, and the following describes in further detail with reference to fig. 5 training with historical login data of the single sign-on platform according to a machine learning algorithm to construct a behavior prediction model, including:
s410: acquiring the historical login data;
s420: classifying and aggregating the historical login data according to the login behavior characteristics containing one or more dimensions to form a plurality of sample sets;
s430: and respectively executing model training according to each sample set in the plurality of sample sets to obtain a plurality of behavior prediction models corresponding to the plurality of sample sets.
Specifically, registered users concentrated on the single sign-on platform can be clustered by using a K-means algorithm, that is, people with similar behavior patterns are divided into dynamic groups, and a behavior prediction model is respectively constructed based on the login behavior characteristics of each group.
Further, a target behavior prediction model corresponding to the login request is selected from the plurality of behavior prediction models according to the login behavior characteristics of the login request, and the login behavior characteristics are input into the target behavior prediction model to output login rules corresponding to the first webpage application. That is, when obtaining the login rule according to the login request, first, find the group to which the login request belongs according to the login behavior feature of the login request, and determine whether the login request is abnormal according to the behavior prediction model of the group and the login behavior feature of the login request, so as to obtain the login rule.
The method and the device have the advantages that the login behavior characteristics of different users are very different, so that whether the login request is abnormal or not is difficult to judge, and further, the appropriate login rule is difficult to select to execute login authorization.
The above has described an example of building a behavior prediction model by using a clustering algorithm, and the following detailed description is given by using an association rule algorithm as an example:
specifically, Association rule (Association rule learning) belongs to an unsupervised machine learning algorithm. According to the embodiment of the invention, the login behavior characteristics in the historical login data can be analyzed by adopting an Association rule (Association rule learning) algorithm, and a behavior prediction model is constructed based on the Association relationship among the login behavior characteristics.
For example, in the historical login data, a first behavior feature (for example, the login place is D place) often occurs along with a second behavior feature (for example, the login time period is 02:00 to 05:00 in the morning), and then a behavior prediction model can be established according to the association relationship between the first behavior feature and the second behavior feature.
Since the occurrence of login behavior features is not only related to the behavior habits of the user, there may also be a concomitant relationship between behavior features, such as: the common login place of the user A is the place E, and the common login time period is 13: 00-17: 00 in the afternoon; and when the user A goes on a business trip to the place D, the login place of the login behavior is the place D, and the login time period is 02: 00-05: 00 in the morning due to time difference factors, in this case, the embodiment of the invention avoids the problem of inaccurate login rule setting caused by repeatedly calculating abnormal parameters of a plurality of related login behavior characteristics by adopting the algorithm, and optimizes the behavior prediction model.
In the embodiment of the present invention, any one of the preset algorithms may be independently adopted, or the preset algorithms may be adopted in any combination, and in addition, other suitable machine learning algorithms may also be adopted to participate in the construction of the behavior prediction model, such as a decision tree algorithm and a support vector machine.
In an embodiment, after outputting the login rule corresponding to the first web application, this embodiment may further include: and updating the behavior prediction model according to the login request.
Specifically, the login request also includes login data that can be used for training, and the behavior prediction model can be improved by updating the behavior prediction model according to the login request.
Optionally, the behavior prediction model may be further refined based on the accuracy feedback result of the user on the prediction result.
As shown in fig. 6, an embodiment of the present invention further provides a single sign-on apparatus 600 based on machine learning, which is applied to the single sign-on system shown in fig. 1(b), where the single sign-on system includes a single sign-on platform and a plurality of web applications with login functions concentrated on the single sign-on platform, and the apparatus includes:
an obtaining module 610, configured to obtain a login request of a current login user, and redirect the login request to the single sign-on platform, where a login target of the login request is a first web application in the multiple web applications;
specifically, the multiple web applications of the single sign-on platform focus the login function on the multiple web applications of the single sign-on platform according to the single sign-on protocol, at this time, any one of the multiple web applications does not provide a login entry, and only receives indirect authorization realized by the single sign-on platform through the token.
It should be noted that the login request is a login request in a broad sense, and may be a login request sent by a current login user through a login page, or a protected resource access request for another web application under the same single login platform by a user of a certain web application that has already logged in the single login platform.
A machine learning module 620, configured to extract login behavior features corresponding to the login request, and input the login behavior features into a pre-trained behavior prediction model to output login rules corresponding to the first web application, where the pre-trained behavior prediction model is obtained according to a machine learning algorithm and training of historical login data of the single-point login platform;
the pre-trained behavior prediction model is obtained by training according to a machine learning algorithm and historical login data of the single-point login platform.
Specifically, the single sign-on platform may acquire the login behavior characteristics of the current login user by collecting the behavior log of the current login user.
It can be understood by those skilled in the art that the essence of the machine learning algorithm is to find an objective function, which becomes the optimal mapping between the input variables and the output variables. Further, the login behavior features are input variables, and the behavior prediction model is an objective function.
Specifically, the method provided in this embodiment may specifically include: obtaining historical login data of a plurality of registered users, establishing an initial behavior prediction model based on a preset machine learning algorithm, training the initial behavior prediction model according to the historical login data (sample data), adjusting the initial behavior prediction model according to the matching condition of an output login rule and a correct login rule until the matching degree meets a preset condition, and completing the establishment of the behavior prediction model.
Specifically, various login rules may be preset, for example, login rule a: the login is directly authorized without any verification information; and (3) login rule B: executing authorized login after inputting the valid verification code; login rule C: account locking within 30 minutes, disallowing authorized login, and so on.
Optionally, the login request may further include a login password. For example: in step (v) of the single sign-on flowchart shown in fig. 1, after the single sign-on platform directs the current login user a to the login page, the login request input by the user a is a user name a, a password, and the single sign-on platform further obtains the login rule according to the login request after performing password verification, and performs login authorization on the user a according to the login rule. Optionally, in the embodiment of the present invention, the login request may not include a password, and the password verification rule is fused into the corresponding preset login rule, for example: after the single sign-on platform guides the current login user a to the login page, the login request input by the user a does not include a password, so the login request may include a login behavior feature of "no password input", and the single sign-on platform may further obtain a corresponding preset login rule D according to the login behavior feature: and repeatedly inputting the user name, the password and the verification code.
Here, the preset login rule is not particularly limited, and may be set according to actual requirements. The four login rules are described as examples in the present application, but are not limited thereto.
A guiding module 630, configured to guide the login behavior of the current login user according to the login rule.
Specifically, the above-mentioned guiding the login behavior of the current login user refers to guiding the current login user to perform an operation corresponding to a login rule to realize login, for example, skipping a browser page of the current login user to an authentication page, guiding the user to input authentication information, or directly skipping the browser page of the current login user to a login completion page to guide the user to perform no operation.
Compared with the traditional single sign-on method: once one web application of the single sign-on platform has been logged on, other web applications of the single sign-on platform can be directly logged on without additional login information. The safe single sign-on method provided by the embodiment of the invention obtains the behavior prediction model through the training of the machine learning algorithm, and executes different sign-on rules for different sign-on requests based on the behavior prediction model. Therefore, different webpage applications can adaptively implement different login rules, and the security and pertinence of single sign-on are improved. In addition, no matter whether the current login user logs in the webpage application of the single sign-on platform or not, the user needs to log in according to the login method, and the safety of the webpage application in the single sign-on platform is further improved.
Preferably, wherein the machine learning module is further configured to:
extracting the identity characteristic information of the current login user according to the login request;
acquiring preset authority information corresponding to the first webpage application based on the identity characteristic information;
adjusting a plurality of weight parameters in the behavior prediction model according to the preset authority information;
inputting the login behavior characteristics into an adjusted behavior prediction model to output login abnormal information of the current login request.
Preferably, wherein the login behavior feature comprises: one or more of login address, login webpage application number, login frequency and login error frequency.
Preferably, wherein the guiding module is further configured to:
selecting a first verification request from a plurality of preset verification requests according to the login rule, sending the first verification request to the current login user, and guiding the current login user to input verification information; and
and responding the valid first authentication information to perform login authorization on the current login user and/or responding to the invalid second authentication information to reject the login request.
Preferably, the plurality of preset authentication requests include: one or more of a passcode verification request, a biometric verification request, a U-key verification request.
Preferably, the login rule further includes: and executing an alarm for the current login user.
Preferably, if the login behavior characteristics meet a preset condition, the login rule output by the behavior prediction model is to allow the current login user to directly login the first webpage application;
wherein the preset conditions include: and detecting that the current login user logs in a second webpage application of the plurality of webpage applications according to the identity characteristic information of the current login user.
Preferably, wherein the machine learning algorithm comprises: one or more of a clustering algorithm, a kernel density estimation algorithm, and an association rule algorithm.
Preferably, the historical login data includes identity feature information of a plurality of registered users of the plurality of web applications whose login functions are centralized in the single-sign-on platform, and historical login behavior features of the plurality of registered users in the plurality of web applications.
Preferably, the pre-training process of the behavior prediction model further comprises:
acquiring the historical login data;
classifying and aggregating the historical login data according to the login behavior characteristics containing one or more dimensions to form a plurality of sample sets;
and respectively executing model training according to each sample set in the plurality of sample sets to obtain a plurality of behavior prediction models corresponding to the plurality of sample sets.
Preferably, wherein the machine learning module is further configured to:
selecting a target behavior prediction model corresponding to the login request from the plurality of behavior prediction models according to the login behavior characteristics of the login request, and inputting the login behavior characteristics into the target behavior prediction model to output login rules corresponding to the first webpage application.
Preferably, the machine learning module further includes an updating module, specifically configured to:
updating the behavior prediction model according to the login request after the outputting of the login rule corresponding to the first web application.
Having described the method and apparatus of exemplary embodiments of the present invention, a machine learning based single sign-on apparatus according to another aspect of the present invention is described.
Those skilled in the art will appreciate that aspects of the present invention may be embodied as an apparatus, method, or computer-readable storage medium. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" device.
In some possible embodiments, the machine learning based single sign-on apparatus of the present invention may include at least one or more processors, and at least one memory. Wherein the memory stores a program that, when executed by the processor, causes the processor to perform the steps of:
s110, obtaining a login request of a current login user, and redirecting the login request to the single sign-on platform, wherein the login target of the login request is a first webpage application in the plurality of webpage applications;
s120: extracting login behavior characteristics corresponding to the login request, and inputting the login behavior characteristics into a pre-trained behavior prediction model to output login rules corresponding to the first webpage application;
the pre-trained behavior prediction model is obtained according to a historical login data machine learning algorithm and training of the single sign-on platform;
s130: and guiding the login behavior of the current login user by using the login rule.
Further, although not shown in the drawings, the program of the present invention, when executed by the processor, causes the processor to perform other operations or steps described in the above-described exemplary methods.
The machine learning-based single sign-on apparatus according to this embodiment of the present invention is described below with reference to fig. 7. The device 1 shown in fig. 7 is only an example and should not bring any limitation to the function and the scope of use of the embodiment of the present invention.
As shown in FIG. 7, the apparatus 1 may take the form of a general purpose computing device, including but not limited to: at least one processor 10, at least one memory 20, a bus 60 connecting the different device components.
The bus 60 includes a data bus, an address bus, and a control bus.
The memory 20 may include volatile memory, such as Random Access Memory (RAM)21 and/or cache memory 22, and may further include Read Only Memory (ROM) 23.
Memory 20 may also include program modules 24, such program modules 24 including, but not limited to: an operating device, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The device 1 may also communicate with one or more external devices 2 (e.g., a keyboard, a pointing device, a bluetooth device, etc.), as well as with one or more other devices. Such communication may be via an input/output (I/O) interface 40 and displayed on the display unit 30. Also, the apparatus 1 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) through the network adapter 50. As shown, the network adapter 50 communicates with other modules in the device 1 over a bus 60. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the apparatus 1, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID devices, tape drives, and data backup storage devices, to name a few.
In some possible embodiments, aspects of the invention may also be embodied in the form of a computer-readable storage medium comprising program code for causing a processor to perform the above-described method when the program code is executed by the processor.
The above-described method includes a number of operations and steps shown and not shown in the above figures, which will not be described again.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor device, apparatus, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
As shown in fig. 8, a computer-readable storage medium according to an embodiment of the present invention is described, which can employ a portable compact disc-read only memory (CD-ROM) and include program codes, and can be run on a terminal device, such as a personal computer. However, the computer-readable storage medium of the present invention is not limited thereto, and in this document, the readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution apparatus, device, or apparatus.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Moreover, while the operations of the method of the invention are depicted in the drawings in a particular order, this does not require or imply that the operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
While the spirit and principles of the invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, nor is the division of aspects, which is for convenience only as the features in such aspects may not be combined to benefit. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims (24)

1. A single sign-on method based on machine learning is applied to a single sign-on system, the single sign-on system comprises a single sign-on platform and a plurality of webpage applications with the login functions centralized on the single sign-on platform, and the method comprises the following steps:
acquiring a login request of a current login user, and redirecting the login request to the single sign-on platform, wherein the login target of the login request is a first webpage application in the plurality of webpage applications;
extracting login behavior characteristics corresponding to the login request, and inputting the login behavior characteristics into a pre-trained behavior prediction model to output login rules corresponding to the first webpage application, wherein the pre-trained behavior prediction model is obtained by training according to historical login data of the single-point login platform and adopting a machine learning algorithm;
guiding the login behavior of the current login user by using the login rule;
the inputting the login behavior features into a pre-trained behavior prediction model to output login rules corresponding to the first web page application further comprises:
extracting the identity characteristic information of the current login user according to the login request;
acquiring preset authority information corresponding to the first webpage application based on the identity characteristic information;
adjusting a plurality of weight parameters in the behavior prediction model according to the preset authority information;
inputting the login behavior features into the adjusted behavior prediction model to output login rules corresponding to the first web page application.
2. The single sign-on method of claim 1, wherein the sign-on behavior characteristic comprises: one or more of login address, login webpage application number, login frequency and login error frequency.
3. The single sign-on method of claim 1, wherein said directing a sign-on behavior of the current sign-on user using the sign-on rules comprises:
selecting a first verification request from a plurality of preset verification requests according to the login rule, sending the first verification request to the current login user, and guiding the current login user to input verification information; and
and responding the valid first authentication information to perform login authorization on the current login user and/or responding to the invalid second authentication information to reject the login request.
4. The single sign-on method of claim 3, wherein the plurality of predetermined authentication requests comprises: one or more of a passcode verification request, a biometric verification request, a U-key verification request.
5. The single sign-on method of claim 1, wherein the sign-on rules further comprise: and executing an alarm for the current login user.
6. The single sign-on method of claim 1, wherein if the sign-on behavior characteristic satisfies a preset condition, the sign-on rule output by the behavior prediction model is to allow the current sign-on user to directly sign on the first web application;
wherein the preset conditions include: and detecting that the current login user logs in a second webpage application of the plurality of webpage applications according to the identity characteristic information of the current login user.
7. The single sign-on method of claim 1, wherein the machine learning algorithm comprises: one or more of a clustering algorithm, a kernel density estimation algorithm, and an association rule algorithm.
8. The single sign-on method of claim 1, wherein the historical sign-on data comprises identity characteristic information of a plurality of registered users of the plurality of web applications having their login functionality focused on the single sign-on platform, and historical sign-on behavior characteristics of the plurality of registered users in the plurality of web applications.
9. The single sign-on method of claim 8, wherein the pre-training process of the behavior prediction model further comprises:
acquiring the historical login data;
classifying and aggregating the historical login data according to the login behavior characteristics containing one or more dimensions to form a plurality of sample sets;
and respectively executing model training according to each sample set in the plurality of sample sets to obtain a plurality of behavior prediction models corresponding to the plurality of sample sets.
10. The single sign-on method of claim 9, wherein said inputting the sign-on behavior characteristics into a pre-trained behavior prediction model to output sign-on rules corresponding to the first web page application further comprises:
selecting a target behavior prediction model corresponding to the login request from the plurality of behavior prediction models according to the login behavior characteristics of the login request, and inputting the login behavior characteristics into the target behavior prediction model to output login rules corresponding to the first webpage application.
11. The single sign-on method of any one of claims 1 to 10, further comprising:
updating the behavior prediction model according to the login request after the outputting of the login rule corresponding to the first web application.
12. A single sign-on device based on machine learning is applied to a single sign-on system, the single sign-on system comprises a single sign-on platform and a plurality of webpage applications with login functions concentrated on the single sign-on platform, and the device is characterized by comprising:
the single sign-on platform comprises an acquisition module, a display module and a display module, wherein the acquisition module is used for acquiring a login request of a current login user and redirecting the login request to the single sign-on platform, and the login target of the login request is a first webpage application in the plurality of webpage applications;
the machine learning module is used for extracting login behavior characteristics corresponding to the login request, inputting the login behavior characteristics into a pre-trained behavior prediction model to output login rules corresponding to the first webpage application, wherein the pre-trained behavior prediction model is obtained according to historical login data of the single-point login platform and by adopting machine learning algorithm training;
the guiding module is used for guiding the login behavior of the current login user by utilizing the login rule;
the machine learning module is further to:
extracting the identity characteristic information of the current login user according to the login request;
acquiring preset authority information corresponding to the first webpage application based on the identity characteristic information;
adjusting a plurality of weight parameters in the behavior prediction model according to the preset authority information;
inputting the login behavior features into the adjusted behavior prediction model to output login rules corresponding to the first web page application.
13. The single sign-on apparatus of claim 12, wherein the sign-on behavior characteristic comprises: one or more of login address, login webpage application number, login frequency and login error frequency.
14. The single sign-on apparatus of claim 12, wherein the boot module is further to:
selecting a first verification request from a plurality of preset verification requests according to the login rule, sending the first verification request to the current login user, and guiding the current login user to input verification information; and
and responding the valid first authentication information to perform login authorization on the current login user and/or responding to the invalid second authentication information to reject the login request.
15. The single sign-on apparatus of claim 14, wherein the plurality of predetermined authentication requests comprises: one or more of a passcode verification request, a biometric verification request, a U-key verification request.
16. The single sign-on apparatus of claim 12, wherein the sign-on rules further comprise: and executing an alarm for the current login user.
17. The single sign-on apparatus of claim 12, wherein if the sign-on behavior characteristic satisfies a predetermined condition, the sign-on rule output by the behavior prediction model is to allow the currently logged-on user to directly log on to the first web application;
wherein the preset conditions include: and detecting that the current login user logs in a second webpage application of the plurality of webpage applications according to the identity characteristic information of the current login user.
18. The single sign-on apparatus of claim 12, wherein the machine learning algorithm comprises: one or more of a clustering algorithm, a kernel density estimation algorithm, and an association rule algorithm.
19. The single sign-on apparatus of claim 12, wherein the historical sign-on data comprises identity characteristic information of a plurality of registered users of the plurality of web applications having their login functionality focused on the single sign-on platform, and historical sign-on behavior characteristics of the plurality of registered users in the plurality of web applications.
20. The single sign-on apparatus of claim 19, wherein the pre-training process of the behavior prediction model further comprises:
acquiring the historical login data;
classifying and aggregating the historical login data according to the login behavior characteristics containing one or more dimensions to form a plurality of sample sets;
and respectively executing model training according to each sample set in the plurality of sample sets to obtain a plurality of behavior prediction models corresponding to the plurality of sample sets.
21. The single sign-on apparatus of claim 20, wherein the machine learning module is further to:
selecting a target behavior prediction model corresponding to the login request from the plurality of behavior prediction models according to the login behavior characteristics of the login request, and inputting the login behavior characteristics into the target behavior prediction model to output login rules corresponding to the first webpage application.
22. The single sign-on apparatus of any one of claims 12 to 21, wherein the machine learning module further comprises an update module, specifically configured to:
updating the behavior prediction model according to the login request after the outputting of the login rule corresponding to the first web application.
23. A single sign-on device based on machine learning is applied to a single sign-on system, the single sign-on system comprises a single sign-on platform and a plurality of webpage applications with login functions concentrated on the single sign-on platform, and the device is characterized by comprising:
one or more processors;
a memory for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement:
acquiring a login request of a current login user, and redirecting the login request to the single sign-on platform, wherein the login target of the login request is a first webpage application in the plurality of webpage applications;
extracting login behavior characteristics corresponding to the login request, and inputting the login behavior characteristics into a pre-trained behavior prediction model to output login rules corresponding to the first webpage application, wherein the pre-trained behavior prediction model is obtained by training according to historical login data of the single-point login platform and adopting a machine learning algorithm;
guiding the login behavior of the current login user by using the login rule;
the inputting the login behavior features into a pre-trained behavior prediction model to output login rules corresponding to the first web page application further comprises:
extracting the identity characteristic information of the current login user according to the login request;
acquiring preset authority information corresponding to the first webpage application based on the identity characteristic information;
adjusting a plurality of weight parameters in the behavior prediction model according to the preset authority information;
inputting the login behavior features into the adjusted behavior prediction model to output login rules corresponding to the first web page application.
24. A computer-readable storage medium storing a program which, when executed by a processor, causes the processor to perform the method of any one of claims 1-11.
CN201811438773.2A 2018-11-28 2018-11-28 Single sign-on method and device based on machine learning and computer readable storage medium Active CN109753783B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811438773.2A CN109753783B (en) 2018-11-28 2018-11-28 Single sign-on method and device based on machine learning and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811438773.2A CN109753783B (en) 2018-11-28 2018-11-28 Single sign-on method and device based on machine learning and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN109753783A CN109753783A (en) 2019-05-14
CN109753783B true CN109753783B (en) 2020-09-08

Family

ID=66402586

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811438773.2A Active CN109753783B (en) 2018-11-28 2018-11-28 Single sign-on method and device based on machine learning and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN109753783B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110166438B (en) * 2019-04-19 2022-03-18 平安科技(深圳)有限公司 Account information login method and device, computer equipment and computer storage medium
CN110471728A (en) * 2019-07-11 2019-11-19 中国平安财产保险股份有限公司 Method and relevant apparatus based on user right display interface
CN111581608A (en) * 2020-04-09 2020-08-25 苏宁云计算有限公司 Authentication method, system and computer readable storage medium based on application program login
CN113391858A (en) * 2021-07-12 2021-09-14 苏州达家迎信息技术有限公司 Page loading method and device in client, computer equipment and medium
CN114692040B (en) * 2022-04-06 2022-11-29 山东特亿宝互联网科技有限公司 Auxiliary display platform of web browser
CN117390708B (en) * 2023-12-11 2024-02-23 南京向日葵大数据有限公司 Privacy data security protection method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102156833B (en) * 2011-04-12 2012-09-26 华中科技大学 Role-based access control model constructing system
FR3007551A1 (en) * 2013-06-25 2014-12-26 France Telecom METHOD AND SERVER FOR PROCESSING AN ACCESS QUERY FROM A TERMINAL TO A COMPUTER RESOURCE
CN106452774B (en) * 2015-08-07 2020-07-10 百度在线网络技术(北京)有限公司 Method and device for controlling access authority based on single sign-on protocol
CN107818344B (en) * 2017-10-31 2020-01-07 深圳壹账通智能科技有限公司 Method and system for classifying and predicting user behaviors

Also Published As

Publication number Publication date
CN109753783A (en) 2019-05-14

Similar Documents

Publication Publication Date Title
CN109753783B (en) Single sign-on method and device based on machine learning and computer readable storage medium
US10395065B2 (en) Password protection under close input observation based on dynamic multi-value keyboard mapping
US9525684B1 (en) Device-specific tokens for authentication
US8950002B2 (en) Method and apparatus for token-based access of related resources
US11494507B2 (en) Machine learning for identity access management
US9626495B2 (en) Authenticating a device based on availability of other authentication methods
US20080015986A1 (en) Systems, methods and computer program products for controlling online access to an account
KR102090940B1 (en) Method and system for extracting characteristic information
US11431719B2 (en) Dynamic access evaluation and control system
US20190268319A1 (en) Authentication and Approval Control System for Distributed Ledger Platform
US10282537B2 (en) Single prompt multiple-response user authentication method
US11689537B2 (en) Providing flexible service access using identity provider
US11636187B2 (en) Systems and methods for continuous user authentication
US11496470B2 (en) Methods for randomized multi-factor authentication with biometrics and devices thereof
US11080390B2 (en) Systems and methods for data access control using narrative authentication questions
US11411947B2 (en) Systems and methods for smart contract-based detection of authentication attacks
US20230058138A1 (en) Device step-up authentication system
CN107645514B (en) Authentication protocol conversion method and device
US20230224325A1 (en) Distributed endpoint security architecture enabled by artificial intelligence
CN113014576A (en) Service authority control method, device, server and storage medium
US11409856B2 (en) Video-based authentication
CN111753304A (en) System and method for performing tasks on a computing device based on access rights
KR101944696B1 (en) Method for auto login base on biometric data, and computer readable recording medium applying the same
WO2020023145A1 (en) Web browser incorporating social and community features
US11658964B2 (en) System and method for providing a continuous authentication on an open authentication system using user&#39;s behavior analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20210918

Address after: 361000 3f-a642, Zone C, innovation building, software park, Xiamen Torch High tech Zone, Xiamen, Fujian

Patentee after: Xiamen Youwei Technology Co.,Ltd.

Address before: A21, 21 / F, building 8, yard 1, Zhongguancun East Road, Haidian District, Beijing 100083

Patentee before: BEIJING YOUXIN TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right