CN111414601A - Continuous identity authentication method, system and medium for kylin mobile operating system - Google Patents

Continuous identity authentication method, system and medium for kylin mobile operating system Download PDF

Info

Publication number
CN111414601A
CN111414601A CN202010228653.0A CN202010228653A CN111414601A CN 111414601 A CN111414601 A CN 111414601A CN 202010228653 A CN202010228653 A CN 202010228653A CN 111414601 A CN111414601 A CN 111414601A
Authority
CN
China
Prior art keywords
authentication
biological characteristic
current
web application
kylin
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010228653.0A
Other languages
Chinese (zh)
Other versions
CN111414601B (en
Inventor
彭龙
余杰
李文杰
夏若冰
刘晓东
谭郁松
吴庆波
张毅
李睿
毛涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Kirin Software Co Ltd
Original Assignee
National University of Defense Technology
Kirin Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology, Kirin Software Co Ltd filed Critical National University of Defense Technology
Priority to CN202010228653.0A priority Critical patent/CN111414601B/en
Publication of CN111414601A publication Critical patent/CN111414601A/en
Application granted granted Critical
Publication of CN111414601B publication Critical patent/CN111414601B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Abstract

The invention discloses a continuous identity authentication method of an kylin mobile operating system, which comprises the following steps: s1) acquiring current Web application parameters and current system environment parameters in real time, and calculating to obtain a current system threat level according to the current Web application parameters and the current system environment parameters; s2) generating a corresponding biometric authentication combination according to the current system threat level, wherein the biometric authentication combination comprises at least one biometric authentication mode; s3) respectively collecting the corresponding biological characteristics of the user according to the biological characteristic authentication combination to authenticate and outputting the authentication result to the Web application. The method can dynamically adjust the biometric feature authentication combination according to the threat level of the system, and ensures the safety of the kylin mobile operating system.

Description

Continuous identity authentication method, system and medium for kylin mobile operating system
Technical Field
The invention relates to the field of biometric authentication of a mobile terminal operating system, in particular to a method, a system and a medium for continuous identity authentication of an kylin mobile operating system.
Background
The kylin mobile operating system is a mobile terminal operating system developed by the national defense science and technology university, adopts L inux inner cores and a browser engine-based operating environment, provides an interface for directly accessing hardware equipment and services based on an HTM L/JavaScript technology for developers, and provides convenient and smooth Web application experience for users.
On the kylin mobile operation system, password user identity authentication modes such as passwords and patterns are realized, but verification of the password is easily acquired by others in recording, monitoring and other modes, and the security is low.
With the rapid development of biometric authentication technology, biometric authentication methods applied to mobile operating systems have gradually become an important barrier for protecting user key data from being stolen. The existing mobile operating system has various biometric authentication modes, such as fingerprints, irises, sound waves, vein information and the like, after user authentication and authorization, the environment of the mobile terminal is not constant, when the environmental risk level is increased, a fixed single biometric authentication mode is adopted, the probability that lawbreakers pass authentication is probably increased, and therefore, the mobile operating system has great potential safety hazard.
Therefore, a continuous authentication method based on biological characteristics and environmental factors is needed, and continuous authentication of the user is realized on the kylin mobile operating system.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the technical problems in the prior art, the invention provides a continuous identity authentication method, a system and a medium for an kylin mobile operating system, which can dynamically adjust a combined authentication mode and set authorization duration according to a system threat level, avoid the improvement of the operation complexity of a user and ensure the safety of the kylin mobile operating system as far as possible.
In order to solve the technical problems, the technical scheme provided by the invention is as follows:
a continuous identity authentication method of an kylin mobile operating system is characterized by comprising the following steps:
s1) acquiring current Web application parameters and current system environment parameters in real time, and calculating to obtain a current system threat level according to the current Web application parameters and the current system environment parameters;
s2) generating a corresponding biometric authentication combination according to the current system threat level, wherein the biometric authentication combination comprises at least one biometric authentication mode;
s3) respectively collecting the corresponding biological characteristics of the user according to the biological characteristic authentication combination to authenticate and outputting the authentication result to the Web application.
Preferably, the functional expression of the current system threat level in step S1) is as follows:
P=(G1+G2+...+GN)×E
in the above formula, (G)1+G2+...+GN) And E is the current Web application parameter and the current system environment parameter.
Preferably, the step of acquiring the Web application parameters in step S1) includes: according to the preset weighted values of the Web applications, weighted values of weighted values corresponding to all the Web applications currently visited by the user are calculated, and the function expression is as follows:
(G1+G2+...+GN)
in the above formula, G1To GNAnd presetting weight values corresponding to all Web applications currently accessed by the user.
Preferably, the step of acquiring the system environment parameters in step S1) includes: setting a fixed distance R with fixed longitude and latitude as the center of a circleRAcquiring the current geographic position and the network state for a circle with a radius, and calculating system environment parameters according to the acquired geographic position and the network state, wherein the function expression is as follows:
E=(R<RR?1:(1+R/RT) + connect to a designated network? 1 (1+ T/T)T),R<RT,T<TT)
In the above formula, (1+ R/RT) Quantifying a parameter, R, for a geographic locationTIs greater than the radius RRR is the distance between the current geographic position and the center of a circle, (1+ T/T)T) For quantizing the parameters for the network, TTT is the time threshold of disconnecting the network connection, and T is the current time of disconnecting the network connection.
Preferably, the step S2) is preceded by a step of determining whether to proceed to step S2), which specifically includes:
A1) judging whether the current system threat level is higher than the last system threat level, if so, jumping to the step S2), otherwise, entering the next step;
A2) judging whether the time for the user to access the Web application reaches the preset authorized time, if so, jumping to the step S2), and if not, entering the next step;
A3) and judging whether the Web application currently accessed by the user has a new Web application, if so, jumping to the step S2), and otherwise, jumping to the step A1).
Preferably, the generating of the corresponding biometric authentication combination according to the current system threat level specifically includes, before the step S1), establishing a comparison table of the system threat level and the biometric authentication combination, specifically including:
C1) respectively establishing the identification weight of each biological characteristic, wherein the function expression is as follows:
QDA=A/D
in the formula, D is the biological characteristic recognition error rate, and A is the biological characteristic recognition accuracy;
C2) respectively setting a biological characteristic authentication combination comprising at least one biological characteristic, wherein the biological characteristic authentication combinations are different, respectively calculating the corresponding biological characteristic authentication level in the biological characteristic authentication combination, and the functional expression is as follows:
Q=QDAI+QDAJ+...+QDAN
in the above formula, QDAITo QDANThe identification weight of each biological characteristic in the biological characteristic authentication combination.
C3) The system threat level and the biometric authentication level are in one-to-one correspondence from high to low.
Preferably, the step S3) includes the steps of:
s3.1) acquiring a biological characteristic of the corresponding biological characteristic authentication combination of the user as a current biological characteristic;
s3.2) matching the current biological characteristics in a preset template database to generate and output a matching result;
s3.3) judging whether all the biological characteristics of the biological characteristic authentication combination corresponding to the user are collected completely, if so, ending and quitting, otherwise, skipping to the step S3.1).
The invention also provides a continuous identity authentication system of the kylin mobile operating system, which comprises the following steps:
the upper application module is used for accessing the Web application and displaying an authentication interaction interface by a user;
the continuous authentication framework is used for acquiring system environment parameters, acquiring Web application parameters from an upper application module in real time, calculating to obtain a system threat level according to the Web application parameters and the system environment parameters, generating a corresponding biological characteristic authentication combination according to the system threat level, and acquiring an authentication result and sending the authentication result to an authentication interaction interface of the Web application;
and the biological characteristic daemon process is used for acquiring a biological characteristic authentication combination in the continuous authentication framework, respectively acquiring the biological characteristics corresponding to the user according to the biological characteristic authentication combination, authenticating the biological characteristics, generating an authentication result and sending the authentication result to the continuous authentication framework.
Preferably, the biometric daemon includes a template database, a sensor for collecting a biometric characteristic, and a daemon for generating authentication information, the sensor and the daemon correspond to the biometric characteristic one to one, the continuous authentication framework includes a biometric authentication service for sending the authentication information to the authentication interaction interface, and the biometric authentication service corresponds to the daemon one to one.
The present invention also proposes a computer storage medium having stored thereon a computer program programmed or configured to perform the persistent authentication method of the kylin mobile operating system described above.
Compared with the prior art, the invention has the advantages that:
the invention aims at the threat level of the current system and adopts the corresponding biological characteristic combination authentication mode to carry out identity authentication, so that the authentication mode is dynamically adjusted, the fixed and single potential safety hazard existing in the authentication mode is avoided, and meanwhile, in the using process of a user, the invention continuously carries out identity authentication, and the potential safety hazard existing in single authentication and used by other people after authentication is avoided. The method protects the use safety of the kylin operating system to the maximum extent.
Drawings
FIG. 1 is a schematic diagram of the steps of a method of an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of a system according to an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the drawings and specific preferred embodiments of the description, without thereby limiting the scope of protection of the invention.
As shown in fig. 1, the steps of the persistent authentication method for kylin mobile operating system according to the embodiment of the present invention include:
s1) acquiring current Web application parameters and current system environment parameters in real time, and calculating to obtain a current system threat level according to the current Web application parameters and the current system environment parameters;
s2) generating a corresponding biometric authentication combination according to the current system threat level, wherein the biometric authentication combination comprises at least one biometric authentication mode;
s3) respectively collecting the corresponding biological characteristics of the user according to the biological characteristic authentication combination to authenticate and outputting the authentication result to the Web application.
In this embodiment, when the correct authentication result is obtained in step S3), the user can continue to access the Web application, and when the incorrect authentication result is obtained in step S3), the user cannot continue to access the Web application.
In this embodiment, the functional expression of the current system threat level in step S1) is as follows:
P=(G1+G2+...+GN)×E (1)
in the above formula, (G)1+G2+...+GN) And E is the current Web application parameter and the current system environment parameter.
In this embodiment, the step of acquiring the Web application parameter in step S1) includes: according to the preset weighted values of the Web applications, weighted values of weighted values corresponding to all the Web applications currently visited by the user are calculated, and the function expression is as follows:
(G1+G2+...+GN) (2)
in the above formula, G1To GNAnd presetting weight values corresponding to all Web applications currently accessed by the user.
In this embodiment, the step of acquiring the system environment parameter in step S1) includes: setting a fixed distance R with fixed longitude and latitude as the center of a circleRAcquiring the current geographic position and the network state for a circle with a radius, and calculating system environment parameters according to the acquired geographic position and the network state, wherein the function expression is as follows:
E=(R<RR?1:(1+R/RT) + connect to a designated network? 1:(1+T/TT),R<RT,T<TT) (3)
In the above formula, (1+ R/RT) Quantifying a parameter, R, for a geographic locationTIs greater than the radius RR(1+ T/T)T) For quantizing the parameters for the network, TTThe time threshold value is the time threshold value of disconnecting the network connection, and T is the current time of disconnecting the network connection;
for the situation exceeding the threshold, at this time, the system threat exceeds the highest level, the authority range which can be given to the current user by the system is exceeded, the interactive operation between the user and the device should be prohibited, and subsequent biometric feature combination authentication is not needed. An out of context quantification threshold condition includes, but is not limited to, a geo-location service detecting that the device is no longer currently within a specified range of use, a network service detecting that the device is disconnected, and the like.
In this embodiment, the step S2) is preceded by the step of determining whether to proceed to step S2), which specifically includes:
A1) judging whether the current system threat level is higher than the last system threat level, if so, jumping to the step S2), otherwise, entering the next step;
A2) judging whether the time for the user to access the Web application reaches the preset authorized time, if so, jumping to the step S2), and if not, entering the next step;
A3) and judging whether the Web application currently accessed by the user has a new Web application, if so, jumping to the step S2), and otherwise, jumping to the step A1).
In this embodiment, generating a corresponding biometric authentication combination according to the current system threat level specifically is to match the biometric authentication combination corresponding to the current system threat level in a preset comparison table, and before step S1), the method further includes a step of establishing a comparison table of the system threat level and the biometric authentication combination, specifically including:
C1) respectively establishing the identification weight of each biological characteristic, wherein the function expression is as follows:
QDA=A/D (4)
in the above formula, D is a biometric recognition error rate, which means when a biometric recognition algorithm is tested on a standard biometric database, the biometric matching scores of different users are greater than a given threshold, so that the biometric characteristics of different users are considered as the probability of the biometric characteristics of the same user, a is a biometric recognition accuracy, which means how easily the biometric characteristics can be copied, i.e., the face characteristics are more difficult to copy than the fingerprint characteristics, and the iris characteristics are more difficult to copy than the face characteristics, so the biometric recognition accuracy corresponding to the fingerprint, the face, and the iris in this embodiment is sequentially increased, and the biometric recognition accuracy values corresponding to the fingerprint, the face, and the iris in this embodiment are 0.5, 0.75, and 1, respectively;
C2) the biometric authentication combinations including at least one biometric feature are respectively set, the authentication methods applicable to the biometric authentication combinations in this embodiment include, but are not limited to, fingerprint recognition, face recognition, iris recognition, touch gesture recognition, and the like, for each biometric authentication combination, the sum of the weights of various biometric features in the combination is taken as the corresponding biometric authentication level, and the functional expression is as follows:
Q=QDAI+QDAJ+...+QDAN(5)
in the above formula, QDAITo QDANThe identification weight of each biological characteristic in the biological characteristic authentication combination.
C3) The system threat level and the biometric authentication level are in one-to-one correspondence from high to low, and the specific correspondence rule is shown in table 1:
TABLE 1
Serial number System threat level Combined authentication method
1 Exceeding an environmental quantization threshold --
2 First level (very high) Face + iris
3 Second grade (high) Fingerprint + iris
4 Third level (middle level) Fingerprint + face
5 Four-stage (Low) Finger print
In this embodiment, when the biometric features in the biometric authentication combination are more than one, the biometric features in the biometric authentication combination are sequentially authenticated, so step S3) includes the steps of:
s3.1) acquiring a biological characteristic of the corresponding biological characteristic authentication combination of the user as a current biological characteristic;
s3.2) matching the current biological characteristics in a preset template database to generate a matching result and outputting the matching result to Web application;
s3.3) judging whether all the biological characteristics of the biological characteristic authentication combination corresponding to the user are collected completely, if so, ending and quitting, otherwise, skipping to the step S3.1).
The present embodiment further provides a persistent identity authentication system of an kylin mobile operating system, where the kylin mobile operating system uses inter-process communication protocol language IPD L, and when a message is transmitted between a Web application and a system core process, the message is defined as a C + + implementation method, as shown in fig. 2, a specific structure of the persistent identity authentication system of the kylin mobile operating system in the present embodiment includes:
the Web application in the upper application module is a Web application constructed based on HTM L/JavaScript/CSS, and the Web application is provided with the authentication interaction interface, so that the safety of key business data of a user is guaranteed, the Web application in the embodiment is only a common Web application, does not have the capability of directly accessing a biological characteristic daemon process, and only sends a message through IPD L;
the system comprises a continuous authentication framework, a Web application module and a Web application interaction interface, wherein the continuous authentication framework is used for acquiring system environment parameters, acquiring Web application parameters in real time from the upper application module, calculating to obtain a system threat level according to the Web application parameters and the system environment parameters, generating a corresponding biological characteristic authentication combination according to the system threat level, and acquiring an authentication result and sending the authentication result to the authentication interaction interface of the Web application;
the biometric daemon is used for acquiring biometric authentication combinations in the continuous authentication framework, respectively acquiring biometric features corresponding to the user according to the biometric authentication combinations, authenticating the biometric features, generating authentication results and sending the authentication results to the continuous authentication framework. In this embodiment, the biometric daemon further includes a template database and sensors for acquiring biometric features, each sensor also corresponds to a unique biometric feature, and when the system core process is started, all the daemon processes corresponding to the biometric authentication in the biometric daemon process are started. Respectively opening a template database in the daemon process, starting and configuring corresponding sensors, respectively acquiring the biological characteristics of the user through the sensors, comparing the existing biological characteristic templates in the template database, storing the new user characteristics and giving an authentication result.
In the embodiment, considering the characteristics of strong interactivity between a user and a system, asynchronous interactive process, small programming complexity and the like in the process of biometric input and authentication, when a Web API is designed, a Web application is specified to only call a WebAPI to register a JS callback, and a JavaScript (JavaScript) parsing engine of a kylin mobile operating system is utilized to map a C + + function under a DOM (document object model) namespace at the browser engine level.
In this embodiment, the persistent authentication framework includes a biometric authentication service for sending authentication information to an authentication interaction interface, the biometric authentication service corresponds to daemon processes one by one, the biometric authentication service feeds back to an upper application module through IPD L callback or kylin mobile operating system uniform event distribution mechanism, and the authentication interaction interface of the Web application is displayed to a user.
In this embodiment, a Navigator object in the kylin mobile operating system includes attributes provided by a related browser engine to the outside, the attributes correspond to various function module objects, and the objects include implementation methods, so that the biometric authentication function is encapsulated as Navigator.
void enroll(long featureId,long timeout,EnrollCallback callback);
void authenticate(AuthenticateCallback callback);
void remove (long creatureid, RemoveCallback callback), and the like.
In the embodiment, the environment sensing module includes nsgeocitional service (geographical position), nsnetworkstats service (network state), and the like, and when the kylin mobile operating system runs in a core process, the environment sensing module is started, and a must path for all Web applications to access hardware functions is provided, so that the invention defines system environment factor quantization parameters and environment quantization thresholds by using data changes of related services, specifically:
aiming at the nsGeolocationservice, a circular range R with fixed longitude and latitude as the center of a circle and fixed distance as the radius is definedRIs defined as being greater than the radius RRDistance threshold value RT. The distance R between the current geographic position and the circle center is within the radius RRWithin, the quantization parameter is 1; the distance R between the current geographic position and the circle center is within the radius RRAnd at a threshold value RTWithin, the quantization parameter is (1+ R/R)T) The expression is (R)<RR?1:(1+R/RT))。
Aiming at the NSNetworkStatsService service, the system is connected with any network such as a wired network, a wireless network, a body area network, an ad hoc network and the like, the quantitative parameter is 1, and the time threshold value for disconnecting the network connection is defined as TTThe time T after the network disconnection does not exceed the time threshold TTThe quantization parameter is (1+ T/T)T) The expression is (connection-specifying network? 1: (1+ T/T)T)). The time T after the network disconnection exceeds the time threshold TTThe operation is not counted.
When a user accesses a new Web application in an upper application module, or the operation time of the user in the Web application of the upper application module reaches a preset authorization time, a continuous authentication framework starts identity authentication, and meanwhile, when the user frequently accesses more sensitive services, the environment sensing module changes greatly but does not exceed an environment quantization threshold value, the system threat level is rapidly improved, if the system threat level in the current authorization time range jumps, a combined authentication process is triggered, and the continuous authentication framework starts identity authentication.
The present embodiment also provides a computer storage medium having stored thereon a computer program programmed or configured to execute the persistent authentication method of the kylin mobile operating system described above.
The foregoing is considered as illustrative of the preferred embodiments of the invention and is not to be construed as limiting the invention in any way. Although the present invention has been described with reference to the preferred embodiments, it is not intended to be limited thereto. Therefore, any simple modification, equivalent change and modification made to the above embodiments according to the technical spirit of the present invention should fall within the protection scope of the technical scheme of the present invention, unless the technical spirit of the present invention departs from the content of the technical scheme of the present invention.

Claims (10)

1. A continuous identity authentication method of an kylin mobile operating system is characterized by comprising the following steps:
s1) acquiring current Web application parameters and current system environment parameters in real time, and calculating to obtain a current system threat level according to the current Web application parameters and the current system environment parameters;
s2) generating a corresponding biometric authentication combination according to the current system threat level, wherein the biometric authentication combination comprises at least one biometric authentication mode;
s3) respectively collecting the corresponding biological characteristics of the user according to the biological characteristic authentication combination to authenticate and outputting the authentication result to the Web application.
2. The method for continuous authentication of kylin mobile os according to claim 1, wherein the function expression of the current threat level in step S1) is as follows:
P=(G1+G2+...+GN)×E
in the above formula, (G)1+G2+...+GN) And E is the current Web application parameter and the current system environment parameter.
3. The method for continuously authenticating identities of kylin mobile operating systems according to claim 2, wherein the step of obtaining Web application parameters in step S1) comprises: according to the preset weighted values of the Web applications, weighted values of weighted values corresponding to all the Web applications currently visited by the user are calculated, and the function expression is as follows:
(G1+G2+...+GN)
in the above formula, G1To GNAnd presetting weight values corresponding to all Web applications currently accessed by the user.
4. The method for continuously authenticating identities of kylin mobile operating systems according to claim 2, wherein the step of obtaining system environment parameters in step S1) comprises: setting a fixed distance R with fixed longitude and latitude as the center of a circleRAcquiring the current geographic position and the network state for a circle with a radius, and calculating system environment parameters according to the acquired geographic position and the network state, wherein the function expression is as follows:
E=(R<RR?1:(1+R/RT) + connect to a designated network? 1 (1+ T/T)T),R<RT,T<TT)
In the above formula, (1+ R/RT) Quantifying a parameter, R, for a geographic locationTIs greater than the radius RRR is the distance between the current geographic position and the center of a circle, (1+ T/T)T) For quantizing the parameters for the network, TTT is the time threshold of disconnecting the network connection, and T is the current time of disconnecting the network connection.
5. The method for continuously authenticating identities of kylin mobile operating systems according to claim 1, wherein before the step S2), the method further comprises a step of determining whether to enter the step S2), specifically comprising:
A1) judging whether the current system threat level is higher than the last system threat level, if so, jumping to the step S2), otherwise, entering the next step;
A2) judging whether the time for the user to access the Web application reaches the preset authorized time, if so, jumping to the step S2), and if not, entering the next step;
A3) and judging whether the Web application currently accessed by the user has a new Web application, if so, jumping to the step S2), and otherwise, jumping to the step A1).
6. The method for continuously authenticating identities of kylin mobile operating systems according to claim 1, wherein the generating of the corresponding biometric authentication combination according to the current system threat level is specifically to match the biometric authentication combination corresponding to the current system threat level in a preset comparison table, and before the step S1), the method further comprises the step of establishing a comparison table of the system threat level and the biometric authentication combination, and specifically comprises:
C1) respectively establishing the identification weight of each biological characteristic, wherein the function expression is as follows:
QDA=A/D
in the formula, D is the biological characteristic recognition error rate, and A is the biological characteristic recognition accuracy;
C2) respectively setting a biological characteristic authentication combination comprising at least one biological characteristic, wherein the biological characteristic authentication combinations are different, respectively calculating the corresponding biological characteristic authentication level in the biological characteristic authentication combination, and the functional expression is as follows:
Q=QDAI+QDAJ+...+QDAN
in the above formula, QDAITo QDANThe identification weight of each biological characteristic in the biological characteristic authentication combination.
C3) The system threat level and the biometric authentication level are in one-to-one correspondence from high to low.
7. The method for continuous authentication of kylin mobile os according to claim 1, wherein said step S3) comprises the steps of:
s3.1) acquiring a biological characteristic of the corresponding biological characteristic authentication combination of the user as a current biological characteristic;
s3.2) matching the current biological characteristics in a preset template database to generate and output a matching result;
s3.3) judging whether all the biological characteristics of the biological characteristic authentication combination corresponding to the user are collected completely, if so, ending and quitting, otherwise, skipping to the step S3.1).
8. A continuous identity authentication system of an kylin mobile operating system, comprising:
the upper application module is used for accessing the Web application and displaying an authentication interaction interface by a user;
the continuous authentication framework is used for acquiring system environment parameters, acquiring Web application parameters from an upper application module in real time, calculating to obtain a system threat level according to the Web application parameters and the system environment parameters, generating a corresponding biological characteristic authentication combination according to the system threat level, and acquiring an authentication result and sending the authentication result to an authentication interaction interface of the Web application;
and the biological characteristic daemon process is used for acquiring a biological characteristic authentication combination in the continuous authentication framework, respectively acquiring the biological characteristics corresponding to the user according to the biological characteristic authentication combination, authenticating the biological characteristics, generating an authentication result and sending the authentication result to the continuous authentication framework.
9. The system for persistent identity authentication of the kylin mobile operating system according to claim 8, wherein the biometric daemon comprises a template database, a sensor for collecting biometric information, and a daemon for generating authentication information, the sensor and daemon corresponding to the biometric information one to one, the persistent authentication framework comprises a biometric authentication service for sending the authentication information to the authentication interaction interface, and the biometric authentication service corresponds to the daemon one to one.
10. A computer storage medium having stored thereon a computer program programmed or configured to perform the method for persistent authentication of kylin mobile operating systems according to any one of claims 1 to 8.
CN202010228653.0A 2020-03-27 2020-03-27 Continuous identity authentication method, system and medium for kylin mobile operation system Active CN111414601B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010228653.0A CN111414601B (en) 2020-03-27 2020-03-27 Continuous identity authentication method, system and medium for kylin mobile operation system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010228653.0A CN111414601B (en) 2020-03-27 2020-03-27 Continuous identity authentication method, system and medium for kylin mobile operation system

Publications (2)

Publication Number Publication Date
CN111414601A true CN111414601A (en) 2020-07-14
CN111414601B CN111414601B (en) 2023-10-03

Family

ID=71493287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010228653.0A Active CN111414601B (en) 2020-03-27 2020-03-27 Continuous identity authentication method, system and medium for kylin mobile operation system

Country Status (1)

Country Link
CN (1) CN111414601B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114708667A (en) * 2022-03-14 2022-07-05 江苏东方数码系统集成有限公司 Security method and system based on multiple biological recognition technology

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105684345A (en) * 2014-09-30 2016-06-15 华为技术有限公司 Dynamically updating compartments representing one or more geological structures
CN105827641A (en) * 2016-05-13 2016-08-03 沃通电子认证服务有限公司 Context awareness type dynamic unified authentication method and system
CN105912901A (en) * 2016-04-06 2016-08-31 深圳市金立通信设备有限公司 Fingerprint authentication method and terminal
CN109145562A (en) * 2018-09-25 2019-01-04 浙江智贝信息科技有限公司 A kind of lasting authenticating identity method and its equipment by finger print mouse
CN109450959A (en) * 2019-01-08 2019-03-08 四川九洲电器集团有限责任公司 A kind of multiple-factor identity identifying method based on threat level
CN109933966A (en) * 2019-03-13 2019-06-25 中国人民解放军国防科技大学 Continuous authentication method and system based on biological characteristics
WO2019243474A1 (en) * 2018-06-21 2019-12-26 Bundesdruckerei Gmbh Automatic adaptive calibration of authentication requirements
CN110737485A (en) * 2019-09-29 2020-01-31 武汉海昌信息技术有限公司 workflow configuration system and method based on cloud architecture

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105684345A (en) * 2014-09-30 2016-06-15 华为技术有限公司 Dynamically updating compartments representing one or more geological structures
CN105912901A (en) * 2016-04-06 2016-08-31 深圳市金立通信设备有限公司 Fingerprint authentication method and terminal
CN105827641A (en) * 2016-05-13 2016-08-03 沃通电子认证服务有限公司 Context awareness type dynamic unified authentication method and system
WO2019243474A1 (en) * 2018-06-21 2019-12-26 Bundesdruckerei Gmbh Automatic adaptive calibration of authentication requirements
CN109145562A (en) * 2018-09-25 2019-01-04 浙江智贝信息科技有限公司 A kind of lasting authenticating identity method and its equipment by finger print mouse
CN109450959A (en) * 2019-01-08 2019-03-08 四川九洲电器集团有限责任公司 A kind of multiple-factor identity identifying method based on threat level
CN109933966A (en) * 2019-03-13 2019-06-25 中国人民解放军国防科技大学 Continuous authentication method and system based on biological characteristics
CN110737485A (en) * 2019-09-29 2020-01-31 武汉海昌信息技术有限公司 workflow configuration system and method based on cloud architecture

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114708667A (en) * 2022-03-14 2022-07-05 江苏东方数码系统集成有限公司 Security method and system based on multiple biological recognition technology

Also Published As

Publication number Publication date
CN111414601B (en) 2023-10-03

Similar Documents

Publication Publication Date Title
US20220075856A1 (en) Identifying and authenticating users based on passive factors determined from sensor data
US10389712B2 (en) Passive security enforcement
CN108780475B (en) Personalized inference authentication for virtual assistance
US10952074B2 (en) Method and apparatus for authenticating users in internet of things environment
US10867025B2 (en) Opportunistically collecting sensor data from a mobile device to facilitate user identification
US10635054B2 (en) Authentication system and method thereof
US10522154B2 (en) Voice signature for user authentication to electronic device
CN107800672B (en) Information verification method, electronic equipment, server and information verification system
JP4390122B2 (en) User authentication system using biometric information
US20110314558A1 (en) Method and apparatus for context-aware authentication
US20110314549A1 (en) Method and apparatus for periodic context-aware authentication
US11140171B1 (en) Establishing and verifying identity using action sequences while protecting user privacy
CN112613020A (en) Identity verification method and device
EP1461781B1 (en) User identification method and device
CN111414601A (en) Continuous identity authentication method, system and medium for kylin mobile operating system
CN112272195B (en) Dynamic detection authentication system and method thereof
CN113645045B (en) Security control method, device and equipment in TEE and storage medium
US20210349980A1 (en) Method and Apparatus for Processing Requests for Access by Biometric Verification
US20210303666A1 (en) Authentication system and method thereof
Yamaguchi et al. Enhancing Account Recovery with Location-based Dynamic Questions
CN117522407A (en) Identity authentication method, identity authentication device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant