CN109918891B - User authentication method, device, computer equipment and storage medium - Google Patents
User authentication method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN109918891B CN109918891B CN201910068790.XA CN201910068790A CN109918891B CN 109918891 B CN109918891 B CN 109918891B CN 201910068790 A CN201910068790 A CN 201910068790A CN 109918891 B CN109918891 B CN 109918891B
- Authority
- CN
- China
- Prior art keywords
- verification
- user
- distance
- voice
- voice information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000012795 verification Methods 0.000 claims abstract description 404
- 239000013598 vector Substances 0.000 claims description 50
- 230000002159 abnormal effect Effects 0.000 claims description 19
- 238000012545 processing Methods 0.000 claims description 18
- 238000004364 calculation method Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000006854 communication Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000001228 spectrum Methods 0.000 description 5
- 230000005856 abnormality Effects 0.000 description 4
- 238000012790 confirmation Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000004088 simulation Methods 0.000 description 3
- 230000007175 bidirectional communication Effects 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000009432 framing Methods 0.000 description 2
- 238000003062 neural network model Methods 0.000 description 2
- 230000000630 rising effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 210000001260 vocal cord Anatomy 0.000 description 1
Abstract
The embodiment of the invention discloses a user authentication method, a device, computer equipment and a storage medium, which comprise the following steps: acquiring verification information, wherein the verification information is coordinate data of a plurality of clicking positions when a verification user performs clicking operation on verification characters in a verification picture; calculating a click distance of the verification user according to the verification information, wherein the click distance is a distance between the click position and a center coordinate of a corresponding verification character; and determining a risk index of the verification user according to the click distance, wherein the risk index is the reciprocal of the distance variance calculated according to the click distance. By the method, the authenticity of the user can be effectively checked and verified, the risk of the user is primarily judged, the effectiveness and the safety of user verification are improved, and attacks of non-real users such as machines, crawlers and the like on websites and platforms are effectively prevented.
Description
Technical Field
The present invention relates to the field of security verification technologies, and in particular, to a user verification method, device, computer device, and storage medium.
Background
Currently, there are two general ways of user security verification systems: 1. verifying by clicking the verification code; 2. and verifying in a mode of voice broadcasting the verification code.
Aiming at the first verification mode, the click verification code is easier to be identified by the intelligent AI, then the verification is bypassed by imitating the click operation according to the identification result, and the verification system cannot be operated by human or machine according to the click operation during verification, so that a high decoding risk exists.
Aiming at the second verification mode, the user client is directly called after receiving the verification request, the verification code is broadcasted to the user client in a voice broadcasting mode, and after the user acquires the verification code, the user returns to the client to fill in and verify the verification code. In the operation process of voice verification, a user needs to listen to the verification code and record the verification code information, and then returns to the user client to fill in the verification code, so that the operation process is too complicated; meanwhile, the verification code of voice broadcasting generally only supports the use of numbers, and the content of the verification code has certain limitation, so that certain secret leakage risk exists.
In summary, the existing user security verification system is easier to be deciphered by the intelligent AI to bypass verification, and cannot identify whether the verification operation is a manual operation or a machine operation, so that a great potential safety hazard exists.
Disclosure of Invention
The embodiment of the invention can provide the user verification method, the device, the computer equipment and the storage medium for effectively identifying the abnormal user and ensuring the authenticity of the verification user.
In order to solve the technical problems, the embodiment of the invention adopts the following technical scheme: there is provided a user authentication method including the steps of:
acquiring verification information, wherein the verification information is coordinate data of a plurality of clicking positions when a verification user performs clicking operation on verification characters in a verification picture;
calculating a click distance of the verification user according to the verification information, wherein the click distance is a distance between the click position and a center coordinate of a corresponding verification character;
and determining a risk index of the verification user according to the click distance, wherein the risk index is the reciprocal of the distance variance calculated according to the click distance.
Optionally, the determining the risk index of the verification user according to the click distance includes the following steps:
Calculating the distance variance according to the clicking distance, wherein the distance variance is a variance value of a plurality of the clicking distances;
and determining the risk index according to the distance variance, wherein the risk index is the reciprocal of the distance variance.
Optionally, after the step of determining the risk index of the verification user according to the click distance, the method includes the following steps:
judging whether the risk index is larger than a preset first risk threshold value or not;
and when the risk index is larger than the first risk threshold, performing voice verification on the verification user.
Optionally, the step of performing voice verification on the verification user when the risk index is greater than the first risk threshold includes the steps of:
acquiring first voice information of the verification user;
verifying the first voice information according to a preset verification rule, wherein the verification rule is a data comparison rule for judging whether the similarity between the content of the first voice information and a first verification code is larger than a preset similarity threshold value;
and when the first voice information accords with the verification rule, determining that voice verification is passed.
Optionally, after the step of verifying the first voice information according to a preset verification rule, the method includes the following steps:
when the first voice information does not accord with the verification rule, performing secondary voice verification;
acquiring second voice information of the verification user, wherein the second voice information is verification voice acquired when the user is subjected to secondary voice verification;
generating a first feature vector and a second feature vector according to the first voice information and the second voice information, wherein the first feature vector and the second feature vector are feature vectors generated according to the feature data, and the first voice information and the second voice information are analyzed to obtain corresponding feature data;
and calculating the Euclidean distance between the first feature vector and the second feature vector, and judging that the target user is abnormal in verification when the Euclidean distance is larger than a preset distance threshold value, and determining that the verification fails.
Optionally, before the step of acquiring the first voice information of the authenticated user, the method includes the following steps:
acquiring a verification request of a target terminal;
randomly searching a text in a preset verification database according to the verification request to serve as the verification code;
And sending the verification code to a target terminal, and triggering a preset reminding instruction to guide a verification user to conduct voice verification according to the verification code.
Optionally, the step of verifying the first voice information according to a preset verification rule includes the following steps:
generating a verification text according to the first voice information, wherein the verification text is text information corresponding to the content of the first voice information, which is obtained after the content of the first voice information is identified;
determining text similarity according to the verification text, wherein the text similarity is similarity information between the verification text and the first verification code;
and verifying whether the text similarity is larger than the preset similarity threshold value.
In order to solve the above technical problem, an embodiment of the present invention further provides a user authentication device, including:
the acquisition module is used for acquiring verification information, wherein the verification information is coordinate data of a plurality of clicking positions when a verification user performs clicking operation on verification characters in a verification picture;
the processing module is used for calculating the clicking distance of the verification user according to the verification information, wherein the clicking distance is the distance between the clicking position and the center coordinate of the corresponding verification character;
And the execution module is used for determining a risk index of the verification user according to the click distance, wherein the risk index is the reciprocal of the distance variance calculated according to the click distance.
Optionally, the user authentication device further includes:
the first calculation sub-module is used for calculating the distance variance according to the clicking distance, wherein the distance variance is a variance value of a plurality of the clicking distances;
and the first processing submodule is used for determining the risk index according to the distance variance, wherein the risk index is the reciprocal of the distance variance.
Optionally, the user authentication device further includes:
the first judging sub-module is used for judging whether the risk index is larger than a preset first risk threshold value or not;
and the first execution sub-module is used for carrying out voice verification on the verification user when the risk index is larger than the first risk threshold.
Optionally, the user authentication device further includes:
the first acquisition sub-module is used for acquiring the first voice information of the verification user;
the first verification sub-module is used for verifying the first voice information according to a preset verification rule, wherein the verification rule is a data comparison rule for judging whether the similarity between the content of the first voice information and a first verification code is larger than a preset similarity threshold value;
And the second execution sub-module is used for determining that the voice verification passes when the first voice information accords with the verification rule.
Optionally, the user authentication device further includes:
the third execution sub-module is used for performing secondary voice verification when the first voice information does not accord with the verification rule;
the second acquisition sub-module is used for acquiring second voice information of the verification user, wherein the second voice information is verification voice acquired when the user is subjected to secondary voice verification;
a second processing sub-module, configured to generate a first feature vector and a second feature vector according to the first voice information and the second voice information, where the first feature vector and the second feature vector are feature vectors generated according to the feature data, where the first feature vector and the second feature vector are feature data obtained by analyzing the first voice information and the second voice information
And the second calculation sub-model is used for calculating the Euclidean distance between the first feature vector and the second feature vector, and judging that the target user is abnormal in verification when the Euclidean distance is larger than a preset distance threshold value, and determining that the verification fails.
Optionally, the user authentication device further includes:
The third acquisition sub-module is used for acquiring the verification request of the target terminal;
the first searching sub-module is used for randomly searching a text in a preset verification database according to the verification request to serve as the verification code;
and the first sending sub-module is used for sending the verification code to the target terminal and triggering a preset reminding instruction so as to guide the verification user to conduct voice verification according to the verification code.
Optionally, the user authentication device further includes:
the third processing sub-module is used for generating a confirmation text according to the first voice information, wherein the confirmation text is text information corresponding to the content of the first voice information, which is obtained after the content of the first voice information is identified;
a fourth processing sub-module, configured to determine a text similarity according to the verification text, where the text similarity is similarity information between the verification text and the first verification code;
and the second verification sub-module is used for verifying whether the text similarity is larger than the preset similarity threshold value.
To solve the above technical problem, an embodiment of the present invention further provides a computer device, including a memory and a processor, where the memory stores computer readable instructions, and when the computer readable instructions are executed by the processor, the processor is caused to execute the steps of the user authentication method.
To solve the above technical problem, embodiments of the present invention further provide a storage medium storing computer readable instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of the user authentication method described above.
The embodiment of the invention has the beneficial effects that: when the user performs the verification code clicking operation, the clicking position of the user is obtained, the distance between the clicking position and the center position of the corresponding verification code is calculated, the fluctuation of the distance between each clicking position and the center position of the corresponding verification code is reflected in a distance variance mode, when the AI identifies the verification code and simulates the operation, the clicking positions of different verification codes are usually fixed, so that the fluctuation of the distance between the clicking positions and the center position of the verification code is not too large, when the clicking operation is performed manually, the clicking positions are random, larger distance fluctuation can exist, the authenticity of the user can be effectively checked and verified in a mode, the risk of the user is primarily judged, the effectiveness and the safety of user verification are improved, and the attacks of non-real users such as machines, crawlers and the like on websites and platforms are effectively prevented.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a basic flow diagram of a user authentication method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for determining a risk index of a user according to an embodiment of the present invention;
FIG. 3 is a flowchart of determining whether voice verification is required according to an embodiment of the present invention;
FIG. 4 is a schematic flow chart of voice verification according to an embodiment of the present invention;
FIG. 5 is a flowchart of determining whether a user is abnormal according to an embodiment of the present invention;
FIG. 6 is a flowchart of an embodiment of the present invention for obtaining verification codes;
FIG. 7 is a flowchart of determining whether voice information conforms to a verification rule according to an embodiment of the present invention;
FIG. 8 is a basic block diagram of a user authentication device according to an embodiment of the present invention;
fig. 9 is a basic structural block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
In order to enable those skilled in the art to better understand the present invention, the following description will make clear and complete descriptions of the technical solutions according to the embodiments of the present invention with reference to the accompanying drawings.
In some of the flows described in the specification and claims of the present invention and in the foregoing figures, a plurality of operations occurring in a particular order are included, but it should be understood that the operations may be performed out of order or performed in parallel, with the order of operations such as 101, 102, etc., being merely used to distinguish between the various operations, the order of the operations themselves not representing any order of execution. In addition, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first" and "second" herein are used to distinguish different messages, devices, modules, etc., and do not represent a sequence, and are not limited to the "first" and the "second" being different types.
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by a person skilled in the art without any inventive effort, are intended to be within the scope of the present invention based on the embodiments of the present invention.
As used herein, a "terminal" includes both a device of a wireless signal receiver having no transmitting capability and a device of receiving and transmitting hardware having receiving and transmitting hardware capable of performing bi-directional communications over a bi-directional communication link, as will be appreciated by those skilled in the art. Such a device may include: a cellular or other communication device having a single-line display or a multi-line display or a cellular or other communication device without a multi-line display; PCS (personal communication service) which may combine voice, data processing, facsimile and/or data communication capabilities; PDA (personal digital assistant) which may include a radio frequency receiver, pager, internet/intranet access, web browser, notepad, calendar and/or GPS (global positioning system) receiver; a conventional laptop and/or palmtop computer or other appliance that has and/or includes a radio frequency receiver. As used herein, "terminal," "terminal device" may be portable, transportable, installed in a vehicle (aeronautical, maritime, and/or land-based), or adapted and/or configured to operate locally and/or in a distributed fashion, to operate at any other location(s) on earth and/or in space. As used herein, a "terminal" and a "terminal device" may also be a communication terminal, a network access terminal, and a music/video playing terminal, for example, a PDA, a MID (mobile internet device), and/or a mobile phone with a music/video playing function, and may also be a smart tv, a set top box, and other devices.
Referring to fig. 1 specifically, fig. 1 is a basic flow chart of a user authentication method according to the present embodiment.
As shown in fig. 1, a user authentication method includes the steps of:
s1100, acquiring verification information, wherein the verification information is coordinate data of a plurality of clicking positions when a verification user performs clicking operation on verification characters in a verification picture;
when the target terminal requests verification, a verification request is sent to a server, the server randomly determines a plurality of verification characters, the verification characters are randomly placed in a verification picture according to the size of a preset verification picture, the center position and the verification range of each verification character are recorded, the verification range is a circle which is generated by taking the center position as the center and the preset distance as the radius, and when a user clicks within the range, the user is judged to select the corresponding verification character. And then generating a clicking sequence, and sending the generated verification picture and the clicking sequence to the target terminal to guide the user to perform clicking verification. And acquiring coordinate data and sequence of the clicking position of the user in the clicking verification operation process of the user, transmitting the acquired coordinate data and sequence of the clicking position to a server, judging whether the clicking position is in a verification range of verification characters according to the coordinate data to determine whether the user selects the verification characters, and then comparing the verification character sequence determined according to the positions clicked by the user in sequence with a preset clicking sequence, wherein when the two are identical, judging that the clicking verification is passed.
S1200, calculating a click distance of the verification user according to the verification information, wherein the click distance is a distance between the click position and a center coordinate of a corresponding verification character;
after the click verification is passed, calculating the click distance of the user according to the secondary standard data of the click position of the user and the center coordinates of the verification character selected correspondingly, wherein the click distance is the straight line distance from the click position to the center coordinates of the corresponding character. And calculating a plurality of clicking distances according to the plurality of clicking positions of the user.
S1300, determining a risk index of the verification user according to the click distance, wherein the risk index is the reciprocal of a distance variance calculated according to the click distance;
after a plurality of click distances of the user are obtained, an average value of the click distances is calculated, then the average value of the click distances is subjected to difference calculation with each click distance, the average value of squares of the obtained differences is used as a distance variance for verification at this time, and the variance can be used for measuring the discreteness of data, in this embodiment, the stability of the distances between the click positions of the user and the center positions of the corresponding verification characters.
During click verification, the position of the corresponding verification code is random by manual operation, and the position is a random position within the verification range, so that a plurality of click distances can have large differences. When the machine simulates to perform the clicking operation, the machine recognizes the verification picture, and the clicking position is relatively fixed, and is usually a specific position within the clicking verification range, so that the fluctuation of the clicking distance in the machine operation is small, and even all the clicking distances may be the same value. The stability of the drop point of the user in the clicking operation can be reflected in a variance mode, when the variance is large, namely the clicking stability is poor, the manual operation is possible to be large, and when the variance is small and even zero, the clicking has high stability, and the machine simulation clicking operation is possible to try to bypass verification.
The inverse of the variance is used as a risk index, namely, the smaller the variance is, the greater the possibility of user abnormality is, so that the risk index rises along with the rising of the possibility of user abnormality, and a positive correlation is formed.
As shown in fig. 2, the step S1300 specifically includes the following steps:
s1310, calculating the distance variance according to the point selection distance, wherein the distance variance is a variance value of a plurality of point selection distances;
after a plurality of click distances of a user are obtained, calculating to obtain an average value of the click distances, and then, carrying out difference calculation on the average value of the click distances and each click distance, wherein the average value of squares of the obtained differences is used as a distance variance of the verification.
According to the above calculation method, the calculation formula of the variance is known as follows:
wherein sigma is variance, X is the click distance, mu is the average value of the click distances, and N is the number of the click distances, namely the number of the click verification codes.
S1320, determining the risk index according to the distance variance, wherein the risk index is the inverse of the distance variance;
the inverse of the variance is used as a risk index, namely, the smaller the variance is, the greater the possibility of user abnormality is, so that the risk index rises along with the rising of the possibility of user abnormality, and a positive correlation is formed.
The stability of the drop point of the user in the clicking operation can be reflected in a variance mode, when the variance is large, namely the clicking stability is poor, the manual operation is possible to be large, and when the variance is small and even zero, the clicking has high stability, and the machine simulation clicking operation is possible to try to bypass verification. By using the method, the risk of the user can be effectively judged, and a higher risk index is definitely obtained when the user is verified as a malicious user.
As shown in fig. 3, step S1300 further includes the following steps:
s1400, judging whether the risk index is larger than a preset first risk threshold value;
the system is preset with a first risk threshold value for judging whether the user is an abnormal user or not. The determining of the first risk threshold value can be according to a large number of acquired manual click operation samples, and calculate the risk index fluctuation range of the manual click operation, and the critical value of the fluctuation range is taken as the first risk threshold value, wherein the critical value is the highest risk index operated by a person or the highest risk index less than a certain probability during manual operation. Comparing the acquired risk index with a preset first risk threshold value, and determining the size relation between the acquired risk index and the preset first risk threshold value according to the size of data.
S1500, performing voice verification on the verification user when the risk index is larger than the first risk threshold;
when the risk index is larger than a preset risk threshold, the stability of the clicking position at the time of verification is higher, and the stability of the manual operation under the normal condition is exceeded, so that the clicking operation can be the machine simulation to try to bypass the verification, the current verification user is judged to be an abnormal user at the moment, and the user is subjected to voice verification.
By setting the risk threshold value, the abnormal situation of the user can be found in time, when the user is judged to be the abnormal user, voice verification is carried out on the user, most of intelligent AI or web crawlers can be effectively eliminated in voice verification, and if error exists in click verification, the normal user can easily pass verification when the normal user is judged to be abnormal in voice verification, so that most of malicious users are effectively isolated, and the authenticity of the verified user is ensured.
As shown in fig. 4, step S1500 specifically includes the steps of:
s1510, acquiring the first voice information of the verification user;
after the verification user passes the preliminary verification, the terminal sends a voice verification request to the server, the server receives the voice verification request of the terminal, sends a verification code to the terminal, triggers a prompt instruction to guide the user to perform voice verification, and collects voice verification voice input by the user. Specifically, the verification code may be one or more randomly generated vocabularies, or a random vocabulary or one or more words found from a preset verification code library are combined, after the terminal receives the verification code, the verification code is displayed in a screen, and a prompt is sent out, a specific voice broadcast or a specific guiding sentence pattern, such as "please read the verification code in the screen", is displayed, after the user is guided to verify, the sound collection is started, the collection end point is judged according to the size of the sound of the user, for example, when the preset time (for example, 1 second but not limited thereto) is exceeded, the sound collection is judged to be ended, and the collected sound is used as the first voice information.
S1520, verifying the first voice information according to a preset verification rule, wherein the verification rule is a data comparison rule for judging whether the similarity between the content of the first voice information and a first verification code is larger than a preset similarity threshold value;
inputting the first voice information into a natural language analysis model, identifying the content in the first voice information, outputting text information corresponding to the voice content, comparing the obtained text information with a verification code of the voice verification, obtaining the similarity obtained by comparison, judging whether the similarity is larger than a preset similarity threshold value, conforming to the verification rule when the similarity is larger than the preset threshold value, and not conforming to the verification rule when the similarity is not larger than the preset threshold value.
S1530, when the first voice information accords with the verification rule, determining that voice verification is passed;
when the similarity between the extracted verification text and the verification code is larger than a preset similarity threshold, determining that the first voice information accords with a verification rule, and passing the voice verification.
As shown in fig. 5, step S1520 further includes the following steps:
s1521, performing secondary voice verification when the first voice information does not accord with the verification rule;
When the similarity between the extracted verification text and the verification code is smaller than or equal to a preset similarity threshold value, determining that the first voice information does not accord with the verification rule, and failing to verify the voice. And performing secondary voice verification on the verification user.
S1522, acquiring second voice information of the verification user, wherein the second voice information is verification voice acquired when the user is subjected to secondary voice verification;
after the verification user fails to verify, triggering a prompt instruction to guide the user to perform secondary voice verification, and collecting voice verification voice input by the user. Specifically, the verification code may be a verification code of the first voice verification, or may be one or more words generated randomly again, after the verification code is determined, the terminal displays the verification code in the screen, and sends a reminder at the same time, the reminding mode may be through specific voice broadcasting or displaying a specific guiding sentence, for example, "please read the verification code in the screen again", after the user is guided to verify, sound collection is started, the collection end point is judged according to the size of the sound of the user, for example, when the preset time (for example, 1 second, but not limited to this) is exceeded, the sound collection end is judged, and the collected sound is used as the second voice information.
Inputting the second voice information into a natural language analysis model, identifying the content in the second voice information, outputting text information corresponding to the voice content, comparing the acquired text information with a verification code of the secondary voice verification as a second verification text, acquiring the similarity obtained by comparison, judging whether the similarity is larger than a preset similarity threshold value, and when the similarity is larger than the preset threshold value, conforming to the verification rule, enabling the secondary voice verification to pass, and when the similarity is not larger than the preset threshold value, not conforming to the verification rule, wherein the secondary voice verification fails.
S1523, generating a first feature vector and a second feature vector according to the first voice information and the second voice information, wherein the first feature vector and the second feature vector are feature vectors generated according to the feature data, and the first voice information and the second voice information are analyzed to obtain corresponding feature data;
after the secondary voice verification is passed, the first voice information and the second voice information are analyzed to obtain feature data. Specifically, the acquired voice information is resolved into original time domain data, anti-aliasing filtering, sampling and A/D conversion are performed on the original voice data, pre-emphasis is performed after the original voice data is digitized, the high-frequency part is promoted, unimportant information and background noise are filtered out, meanwhile, effects caused by vocal cords and lips in the sounding process are eliminated, the high-frequency part of the voice signal pressed by the sounding system is compensated, and the formants of the high frequency are highlighted. Then, the end point detection of the voice signal is carried out, the beginning and the end of the voice signal are found out, and then windowing and framing are carried out. The fourier transform requires that the input signal is stable, the speech signal is macroscopically unstable and microscopically stable, the speech signal has short-time stationarity (the speech signal can be considered to be approximately unchanged within 10-30 ms), the speech signal can be divided into a plurality of short segments to be processed, each short segment is called a frame, and as the subsequent operation needs windowing, during framing, the intercepted frames overlap each other, the intercepted frames are multiplied by a preset window function, so that the speech signal which originally has no periodicity presents part of the characteristics of the periodic function, the frame signal is subjected to fourier transform to obtain a corresponding frequency spectrum, the frequency is converted into a linear relation perceived by human ear energy through mel spectrum transform, the direct current signal component and the sinusoidal signal component are separated by the DCT transform, and the sound spectrum characteristic is extracted as spectrum data. And the time-frame data and the frequency spectrum data obtained by analyzing the voice information are used as characteristic data of the voice information together.
And respectively inputting the acquired characteristic data into a characteristic extraction model to obtain corresponding characteristic vectors, wherein the characteristic extraction model is a neural network model trained to be converged and used for outputting the corresponding characteristic vectors according to the input characteristic data.
S1524, calculating Euclidean distance between the first feature vector and the second feature vector, judging that the target user is abnormal in verification when the Euclidean distance is larger than a preset distance threshold, and determining that the verification fails;
after the first feature vector and the second feature vector are obtained, the euclidean distance between the two feature vectors is calculated, and then the calculated distance is compared with a distance threshold. The system is preset with a corresponding distance threshold value for judging whether the target user is abnormal, such as abnormal psychological activities. The distance threshold value can be determined by extracting features through a large number of samples, and determining the distance limit between the abnormal psychological sample and the normal psychological sample as the distance threshold value through the distribution condition of Euclidean distances of feature vectors in the large number of samples.
Through carrying out the secondary pronunciation, cause certain psychological stress to the user when illegal user's attempt bypasses the verification, psychological stress can show through the change in pronunciation, therefore through the verification of unusual psychology, the voice information that verifies twice pronunciation compares, confirm whether user's psychological change has exceeded normal level, for example unusual tension etc. when user's psychological change is great, the user probably is abnormal user, judge the verification unusual this moment, can discern abnormal user's verification operation through psychological change effectively, prevent abnormal user from passing the verification.
As shown in fig. 6, the following steps are further included before step S1510:
s1501, acquiring a verification request of a target terminal;
when the target terminal needs to perform voice verification, a verification request is sent to a server, and the server side obtains the verification request sent by the terminal.
S1502, randomly searching a text in a preset verification database according to the verification request to serve as the verification code;
the server is provided with a verification database, the verification database contains a large number of preset texts (for example, 1000 texts), the texts can be words or random word combinations, and when a verification request of a target terminal is obtained, a text is randomly searched in the verification database to serve as a verification code of the voice verification. In some embodiments, a plurality of words or vocabularies can be randomly searched in the verification database to be randomly combined to generate the verification code, so that the verification code has higher randomness.
S1503, the verification code is sent to a target terminal, and a preset reminding instruction is triggered to guide a verification user to conduct voice verification according to the verification code;
after searching for the verification code, sending the verification code to the target terminal according to the acquired verification request, displaying the verification code in a screen after the terminal receives the verification code, triggering a reminding instruction at the same time, and sending out a reminding, wherein the reminding mode can be through specific voice broadcasting or displaying a specific guiding sentence pattern, for example, please read the verification code in the screen. In some embodiments, the verification code may be preprocessed to obtain a verification code picture, for example, but not limited to, before the verification code is displayed, and the verification code picture after the preprocessing is displayed to the verification user to guide the verification user to perform voice verification.
As shown in fig. 7, step S1520 specifically includes the steps of:
s1525, generating a verification text according to the first voice information, wherein the verification text is text information corresponding to the content of the first voice information, which is obtained after the content of the first voice information is identified;
the speech information is input into the speech recognition model, and the verification text is determined according to the output result of the speech recognition model, and the verification text is text information corresponding to the content in the speech information, that is, the speech information is converted into text information, and the speech recognition model used in the embodiment may be existing, and a model of the corresponding text information is generated by recognizing the content in the speech information, for example, a natural speech analysis model or a neural network model trained to converge, which is not limited herein.
S1526, determining text similarity according to the verification text, wherein the text similarity is similarity information between the verification text and the first verification code;
and comparing the similarity between the verification text and the verification code to obtain corresponding text similarity, specifically, converting the verification text into Unicode characters or GBK\GB2312 characters, comparing the Unicode characters or GBK\GB2312 characters with the characters of the verification code, judging the Hamming distance, and determining the text similarity according to the ratio of the Hamming distance to the total number of the characters of the verification code. In some embodiments, each vocabulary or individual Chinese character in the text may be compared with the vocabulary or Chinese character at the corresponding position in the verification code according to the sequence, when the obtained hamming distance is greater than zero, the corresponding vocabulary or Chinese character is determined to be not corresponding, the number of the non-corresponding vocabulary or Chinese character between the verification text and the verification code is counted, and a ratio is calculated with the total word number of the verification code, and the ratio is used as the text similarity.
Because a large number of homophones or approximate pronunciation words or Chinese characters exist in the Chinese characters, fuzzy comparison can be performed, the obtained verification text is converted into pinyin characters, and the pinyin characters of the verification code are subjected to text similarity through one of the methods.
S1527, verifying whether the text similarity is larger than the preset similarity threshold;
the similarity threshold value is preset in the system and is used for judging whether the similarity of the verification text and the verification code accords with the verification rule, the value of the similarity threshold value can be adjusted according to actual conditions, for example, when a relatively accurate similarity determination method is selected, the value of the similarity threshold value can be improved, and when a relatively coarse similarity determination method is selected, the value of the similarity threshold value can be reduced. Determining whether the voice information accords with the verification rule according to a comparison result of the text similarity and the similarity threshold value, and determining that the voice information accords with the verification rule when the text similarity is larger than the similarity threshold value, wherein the verification passes; and when the text similarity is smaller than or equal to the similarity threshold, determining that the voice information does not accord with the verification rule, and failing to verify.
In order to solve the technical problems, the embodiment of the invention also provides a user authentication device. Referring specifically to fig. 8, fig. 8 is a block diagram illustrating a basic structure of the user authentication device according to the present embodiment.
As shown in fig. 8, the user authentication apparatus includes: an acquisition module 2100, a processing module 2200, and an execution module 2300. The acquisition module is used for acquiring verification information, wherein the verification information is coordinate data of a plurality of clicking positions when a verification user performs clicking operation on verification characters in a verification picture; the processing module is used for calculating the click distance of the verification user according to the verification information, wherein the click distance is the distance between the click position and the center coordinate of the corresponding verification character; the execution module is used for determining a risk index of the verification user according to the click distance, wherein the risk index is the reciprocal of the distance variance calculated according to the click distance.
When the user performs the verification code clicking operation, the clicking position of the user is obtained, the distance between the clicking position and the center position of the corresponding verification code is calculated, the fluctuation of the distance between each clicking position and the center position of the corresponding verification code is reflected in a distance variance mode, when the AI identifies the verification code and simulates the operation, the clicking positions of different verification codes are usually fixed, so that the fluctuation of the distance between the clicking positions and the center position of the verification code is not too large, when the clicking operation is performed manually, the clicking positions are random, larger distance fluctuation can exist, the authenticity of the user can be effectively checked and verified in a mode, the risk of the user is primarily judged, the effectiveness and the safety of user verification are improved, and the attacks of non-real users such as machines, crawlers and the like on websites and platforms are effectively prevented.
In some embodiments, the user authentication device further comprises: the system comprises a first computing sub-module and a first processing sub-module. The first calculating submodule is used for calculating the distance variance according to the clicking distance, wherein the distance variance is a variance value of a plurality of the clicking distances; the first processing submodule is used for determining the risk index according to the distance variance, wherein the risk index is the reciprocal of the distance variance.
In some embodiments, the user authentication device further comprises: the first judging sub-module and the first executing sub-module. The first judging sub-module is used for judging whether the risk index is larger than a preset first risk threshold value or not; the first execution submodule is used for carrying out voice verification on the verification user when the risk index is larger than the first risk threshold value.
In some embodiments, the user authentication device further comprises: the system comprises a first acquisition sub-module, a first verification sub-module and a second execution sub-module. The first acquisition sub-module is used for acquiring the first voice information of the verification user; the first verification submodule is used for verifying the first voice information according to a preset verification rule, wherein the verification rule is a data comparison rule for judging whether the similarity between the content of the first voice information and a first verification code is larger than a preset similarity threshold value or not; and the second execution submodule is used for determining that the voice verification passes when the first voice information accords with the verification rule.
In some embodiments, the user authentication device further comprises: the system comprises a third execution sub-module, a second acquisition sub-module, a second processing sub-module and a second calculation sub-module. The third execution submodule is used for carrying out secondary voice verification when the first voice information does not accord with the verification rule; the second acquisition sub-module is used for acquiring second voice information of the verification user, wherein the second voice information is verification voice acquired when the user is subjected to secondary voice verification; the second processing sub-module is used for generating a first feature vector and a second feature vector according to the first voice information and the second voice information, wherein the first feature vector and the second feature vector are feature vectors generated according to the feature data and are obtained by analyzing the first voice information and the second voice information; the second calculation submodule is used for calculating Euclidean distance between the first feature vector and the second feature vector, and judging that the target user is abnormal in verification when the Euclidean distance is larger than a preset distance threshold value, and determining that the verification fails.
In some embodiments, the user authentication device further comprises: the system comprises a third acquisition sub-module, a first searching sub-module and a first sending sub-module. The third acquisition sub-module is used for acquiring the verification request of the target terminal; the first searching sub-module is used for randomly searching a text in a preset verification database according to the verification request to serve as the verification code; the first sending sub-module is used for sending the verification code to the target terminal, and triggering a preset reminding instruction to guide a verification user to conduct voice verification according to the verification code.
In some embodiments, the user authentication device further comprises: the system comprises a third processing sub-module, a fourth processing sub-module and a second verification sub-module. The third processing sub-module is used for generating a confirmation text according to the first voice information, wherein the confirmation text is text information corresponding to the content of the first voice information, which is obtained after the content of the first voice information is identified; the fourth processing sub-module is used for determining text similarity according to the verification text, wherein the text similarity is similarity information between the verification text and the first verification code; the second verification sub-module is used for verifying whether the text similarity is larger than the preset similarity threshold value.
In order to solve the technical problems, the embodiment of the application also provides computer equipment. Referring specifically to fig. 9, fig. 9 is a basic structural block diagram of a computer device according to the present embodiment.
As shown in fig. 9, the internal structure of the computer device is schematically shown. As shown in fig. 9, the computer device includes a processor, a non-volatile storage medium, a memory, and a network interface connected by a system bus. The nonvolatile storage medium of the computer device stores an operating system, a database and computer readable instructions, the database can store a control information sequence, and the computer readable instructions can enable the processor to realize a user verification method when the computer readable instructions are executed by the processor. The processor of the computer device is used to provide computing and control capabilities, supporting the operation of the entire computer device. The memory of the computer device may have stored therein computer readable instructions that, when executed by the processor, cause the processor to perform a user authentication method. The network interface of the computer device is for communicating with a terminal connection. It will be appreciated by persons skilled in the art that the structures shown in the drawings are block diagrams of only some of the structures associated with the inventive arrangements and are not limiting of the computer device to which the inventive arrangements may be implemented, and that a particular computer device may include more or less elements than those shown, or may be combined with some elements or have a different arrangement of elements.
The processor in this embodiment is configured to perform specific functions of the acquisition module 2100, the processing module 2200, and the execution module 2300 in fig. 8, and the memory stores program codes and various types of data required for executing the above modules. The network interface is used for data transmission between the user terminal or the server. The memory in the present embodiment stores program codes and data required for executing all the sub-modules in the user authentication device, and the server can call the program codes and data of the server to execute the functions of all the sub-modules.
The invention also provides a storage medium storing computer readable instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of the user authentication method of any of the embodiments described above.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored in a computer-readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. The storage medium may be a nonvolatile storage medium such as a magnetic disk, an optical disk, a Read-only memory (ROM), or a random access memory (RandomAccessMemory, RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the invention and are described in detail herein without thereby limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.
Claims (8)
1. A user authentication method, comprising the steps of:
acquiring verification information, wherein the verification information is coordinate data of a plurality of clicking positions when a verification user performs clicking operation on verification characters in a verification picture;
calculating a click distance of the verification user according to the verification information, wherein the click distance is a distance between the click position and a center coordinate of a corresponding verification character;
determining a risk index of the verification user according to the click distance, wherein the risk index is the reciprocal of a distance variance calculated according to the click distance;
after the step of judging the risk index of the verification user according to the click distance, the method further comprises the following steps:
judging whether the risk index is larger than a preset first risk threshold value or not;
when the risk index is larger than the first risk threshold, performing voice verification on the verification user;
a step of voice authentication of the authenticated user, comprising the steps of:
acquiring first voice information of the verification user;
verifying the first voice information according to a preset verification rule, wherein the verification rule is a data comparison rule for judging whether the similarity between the content of the first voice information and a first verification code is larger than a preset similarity threshold value;
When the first voice information does not accord with the verification rule, performing secondary voice verification;
acquiring second voice information of the verification user, wherein the second voice information is verification voice acquired when the user is subjected to secondary voice verification;
generating a first feature vector and a second feature vector according to the first voice information and the second voice information, wherein the first feature vector and the second feature vector are feature vectors generated according to the feature data, and the first voice information and the second voice information are analyzed to obtain corresponding feature data;
and calculating the Euclidean distance between the first feature vector and the second feature vector, and judging that the verification of the target user is abnormal when the Euclidean distance is larger than a preset distance threshold value, and determining that the verification fails.
2. The user authentication method as claimed in claim 1, wherein the judging the risk index of the authenticated user according to the click distance comprises the steps of:
calculating the distance variance according to the clicking distance, wherein the distance variance is a variance value of a plurality of the clicking distances;
and determining the risk index according to the distance variance, wherein the risk index is the reciprocal of the distance variance.
3. The user authentication method of claim 1, wherein the authenticating the first voice information according to a preset authentication rule further comprises the steps of:
and when the first voice information accords with the verification rule, determining that voice verification is passed.
4. The user authentication method of claim 1, wherein the step of acquiring the first voice information of the authenticated user is preceded by the step of:
acquiring a verification request of a target terminal;
randomly searching a text in a preset verification database according to the verification request to serve as the verification code;
and sending the verification code to a target terminal, and triggering a preset reminding instruction to guide a verification user to conduct voice verification according to the verification code.
5. The user authentication method of claim 4, wherein the step of authenticating the first voice information according to a preset authentication rule comprises the steps of:
generating a verification text according to the first voice information, wherein the verification text is text information corresponding to the content of the first voice information, which is obtained after the content of the first voice information is identified;
Determining text similarity according to the verification text, wherein the text similarity is similarity information between the verification text and the first verification code;
and verifying whether the text similarity is larger than the preset similarity threshold value.
6. A user authentication apparatus, comprising:
the acquisition module is used for acquiring verification information, wherein the verification information is coordinate data of a plurality of clicking positions when a verification user performs clicking operation on verification characters in a verification picture;
the processing module is used for calculating the clicking distance of the verification user according to the verification information, wherein the clicking distance is the distance between the clicking position and the center coordinate of the corresponding verification character;
the execution module is used for determining a risk index of the verification user according to the click distance, wherein the risk index is the reciprocal of the distance variance calculated according to the click distance;
after the step of judging the risk index of the verification user according to the click distance, the method further comprises the following steps:
judging whether the risk index is larger than a preset first risk threshold value or not;
when the risk index is larger than the first risk threshold, performing voice verification on the verification user;
A step of voice authentication of the authenticated user, comprising the steps of:
acquiring first voice information of the verification user;
verifying the first voice information according to a preset verification rule, wherein the verification rule is a data comparison rule for judging whether the similarity between the content of the first voice information and a first verification code is larger than a preset similarity threshold value;
when the first voice information does not accord with the verification rule, performing secondary voice verification;
acquiring second voice information of the verification user, wherein the second voice information is verification voice acquired when the user is subjected to secondary voice verification;
generating a first feature vector and a second feature vector according to the first voice information and the second voice information, wherein the first feature vector and the second feature vector are feature vectors generated according to the feature data, and the first voice information and the second voice information are analyzed to obtain corresponding feature data;
and calculating the Euclidean distance between the first feature vector and the second feature vector, and judging that the verification of the target user is abnormal when the Euclidean distance is larger than a preset distance threshold value, and determining that the verification fails.
7. A computer device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to perform the user authentication method of any of the preceding claims 1-5.
8. A non-transitory computer readable storage medium, which when executed by a processor of a mobile terminal, causes the mobile terminal to perform a user authentication method comprising the user authentication method of any of the preceding claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910068790.XA CN109918891B (en) | 2019-01-24 | 2019-01-24 | User authentication method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910068790.XA CN109918891B (en) | 2019-01-24 | 2019-01-24 | User authentication method, device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109918891A CN109918891A (en) | 2019-06-21 |
| CN109918891B true CN109918891B (en) | 2023-11-21 |
Family
ID=66960671
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910068790.XA Active CN109918891B (en) | 2019-01-24 | 2019-01-24 | User authentication method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109918891B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110503563B (en) * | 2019-07-05 | 2023-07-21 | 中国平安人寿保险股份有限公司 | Risk control method and system |
| CN112751799B (en) * | 2019-10-29 | 2023-09-05 | 北京沃东天骏信息技术有限公司 | Verification method and device based on picture verification code |
| JP7359962B2 (en) * | 2020-06-25 | 2023-10-11 | グーグル エルエルシー | Detecting anomalous user interface input |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104852885A (en) * | 2014-02-14 | 2015-08-19 | 腾讯科技(深圳)有限公司 | Method, device and system for verifying verification code |
| CN105933267A (en) * | 2015-08-21 | 2016-09-07 | 中国银联股份有限公司 | Identity authentication method and device |
| CN107612921A (en) * | 2017-09-30 | 2018-01-19 | 北京梆梆安全科技有限公司 | A kind of auth method and device based on click location |
| CN107846412A (en) * | 2017-11-28 | 2018-03-27 | 五八有限公司 | Identifying code request processing method, device and identifying code processing system |
| CN108229130A (en) * | 2018-01-30 | 2018-06-29 | 中国银联股份有限公司 | A kind of verification method and device |
| CN108460268A (en) * | 2017-02-20 | 2018-08-28 | 阿里巴巴集团控股有限公司 | Verification method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010066269A1 (en) * | 2008-12-10 | 2010-06-17 | Agnitio, S.L. | Method for verifying the identify of a speaker and related computer readable medium and computer |
-
2019
- 2019-01-24 CN CN201910068790.XA patent/CN109918891B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104852885A (en) * | 2014-02-14 | 2015-08-19 | 腾讯科技(深圳)有限公司 | Method, device and system for verifying verification code |
| CN105933267A (en) * | 2015-08-21 | 2016-09-07 | 中国银联股份有限公司 | Identity authentication method and device |
| CN108460268A (en) * | 2017-02-20 | 2018-08-28 | 阿里巴巴集团控股有限公司 | Verification method and device |
| CN107612921A (en) * | 2017-09-30 | 2018-01-19 | 北京梆梆安全科技有限公司 | A kind of auth method and device based on click location |
| CN107846412A (en) * | 2017-11-28 | 2018-03-27 | 五八有限公司 | Identifying code request processing method, device and identifying code processing system |
| CN108229130A (en) * | 2018-01-30 | 2018-06-29 | 中国银联股份有限公司 | A kind of verification method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109918891A (en) | 2019-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109801638B (en) | Voice verification method, device, computer equipment and storage medium | |
| CN109493872B (en) | Voice information verification method and device, electronic equipment and storage medium | |
| US10824874B2 (en) | Method and apparatus for processing video | |
| CN105931644B (en) | A kind of audio recognition method and mobile terminal | |
| CN109918891B (en) | User authentication method, device, computer equipment and storage medium | |
| EP3543998B1 (en) | Method and apparatus for playing multimedia content | |
| US9484036B2 (en) | Method and apparatus for detecting synthesized speech | |
| US8670983B2 (en) | Speech signal similarity | |
| CN112530408A (en) | Method, apparatus, electronic device, and medium for recognizing speech | |
| CN109754808B (en) | Method, device, computer equipment and storage medium for converting voice into text | |
| CN111028845A (en) | Multi-audio recognition method, device, equipment and readable storage medium | |
| CN110324726B (en) | Model generation method, video processing method, model generation device, video processing device, electronic equipment and storage medium | |
| CN113470278A (en) | Self-service payment method and device | |
| CN108877779A (en) | Method and apparatus for detecting voice tail point | |
| CN111653283A (en) | Cross-scene voiceprint comparison method, device, equipment and storage medium | |
| CN112351047B (en) | Double-engine based voiceprint identity authentication method, device, equipment and storage medium | |
| KR20170010978A (en) | Method and apparatus for preventing voice phishing using pattern analysis of communication content | |
| CN111768789B (en) | Electronic equipment, and method, device and medium for determining identity of voice generator of electronic equipment | |
| CN115331703A (en) | Song voice detection method and device | |
| EP3944230A1 (en) | Training voice query models | |
| CN111833867B (en) | Voice instruction recognition method and device, readable storage medium and electronic equipment | |
| CN109710735B (en) | Reading content recommendation method based on multiple social channels and electronic equipment | |
| CN111899718A (en) | Method, apparatus, device and medium for recognizing synthesized speech | |
| CN113421590A (en) | Abnormal behavior detection method, device, equipment and storage medium | |
| EP4170526A1 (en) | An authentication system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |