CN112184241B - Identity authentication method and device - Google Patents
Identity authentication method and device Download PDFInfo
- Publication number
- CN112184241B CN112184241B CN202011036200.4A CN202011036200A CN112184241B CN 112184241 B CN112184241 B CN 112184241B CN 202011036200 A CN202011036200 A CN 202011036200A CN 112184241 B CN112184241 B CN 112184241B
- Authority
- CN
- China
- Prior art keywords
- data
- application
- training
- user
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000012549 training Methods 0.000 claims abstract description 140
- 230000002159 abnormal effect Effects 0.000 claims abstract description 28
- 230000006870 function Effects 0.000 claims description 133
- 230000006399 behavior Effects 0.000 claims description 68
- 238000012545 processing Methods 0.000 claims description 31
- 239000013598 vector Substances 0.000 claims description 22
- 238000007477 logistic regression Methods 0.000 claims description 15
- 230000001186 cumulative effect Effects 0.000 claims description 11
- 238000005065 mining Methods 0.000 claims description 9
- 238000003860 storage Methods 0.000 claims description 8
- 230000000295 complement effect Effects 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 7
- 230000009467 reduction Effects 0.000 claims description 7
- 238000007619 statistical method Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 9
- 238000013145 classification model Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 238000004590 computer program Methods 0.000 description 5
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 230000008571 general function Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 241000592183 Eidolon Species 0.000 description 1
- 230000001680 brushing effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Abstract
The invention discloses an identity authentication method and device, the method comprises the steps that a server obtains equipment data and operation behavior data when operating equipment is transmitted by equipment of a user to be identified, the equipment data is analyzed by using a first training model, a first risk value of the user to be identified is determined, the operation behavior data is analyzed by using a second training model, a second risk value of the user to be identified is determined, if the first risk value is larger than a first threshold value and the second risk value is larger than a second threshold value, the user to be identified is determined to be an abnormal user, and a determination result is transmitted to the equipment of the abnormal user. The first training model and the second training model which are obtained by using different training sets respectively are used for comprehensively identifying the equipment data and the operation behavior data of the user to be identified, compared with the mode that the user behavior risk is analyzed by the sensor data of the equipment to identify the legal user in the prior art, the equipment data and the operation behavior data can be combined for identification, and the accuracy of identification is improved.
Description
Technical Field
The invention relates to the technical field of payment safety, in particular to an identity authentication method and device.
Background
Effective authentication of legal users is always the focus of the enterprise for providing payment products and services, and under the development trend that more and more products are changed from a PC end to a mobile end, the risk of automatic attack and theft and brushing of lawless persons on a mobile phone end is prevented, so that the product is ensured to really provide services for the legal users. At present, enterprises commonly utilize sensor data to build a risk model for analyzing user behaviors so as to identify legal users; in recent years, however, new tools have been developed that can simulate sensor variations to some extent, resulting in enterprises that have difficulty accurately identifying legitimate users with only a single sensor data.
Disclosure of Invention
The embodiment of the invention provides an identity authentication method and device, which are used for improving the accuracy and efficiency of identifying legal users on the premise of acquiring less user privacy data.
In a first aspect, an embodiment of the present invention provides a method for identity authentication, including:
the method comprises the steps that a server obtains equipment data and operation behavior data when operating equipment is sent by equipment of a user to be identified;
the server analyzes the equipment data by using a first training model, and determines a first risk value of the user to be identified; the first training model is obtained by training and learning by using a training set of equipment data marked with an application function;
The server analyzes the operation behavior data by using a second training model, and determines a second risk value of the user to be identified; the second training model is obtained by training and learning by using a training set marked with the operation behavior data of the application function and the time sequence;
if the first risk value is larger than a first threshold value and the second risk value is larger than a second threshold value, the server determines that the user to be identified is an abnormal user, and sends a determination result to the equipment of the abnormal user so that the equipment of the abnormal user sends out alarm prompt information.
According to the technical scheme, the first training model and the second training model which are obtained by using different training sets respectively are used for comprehensively identifying the equipment data and the operation behavior data of the user to be identified, and compared with the mode that the user behavior risk is analyzed through the sensor data of the equipment to identify the legal user in the prior art, the equipment data and the operation behavior data can be combined for identification, so that the accuracy of identification is improved.
Optionally, the training learning by the server using the training set marked with the device data of the application function to obtain the first training model includes:
The server acquires a training set of device data marked with application functions;
the server clusters the application functions of the device data in the training set according to the operation positions of the application functions to obtain device data sets of the application functions;
the server performs noise reduction processing on equipment data in equipment data sets of various application functions through a complementary filter model, and determines a group of attitude angle data of any type of application function in the same operation time window;
the server analyzes multiple groups of attitude angle data of any type of application function and determines characteristic data corresponding to the equipment data of each type of application function;
and the server inputs the characteristic data corresponding to the equipment data of the class application function into a preset classification model to perform training learning until the preset classification model converges to obtain the first training model.
Optionally, the server analyzes multiple sets of attitude angle data of any type of application function, and determines feature data corresponding to device data of the type of application function, including:
for any one of the various application functions, the server calculates the cumulative distance sum of any one set of attitude angle data and other sets of attitude angle data in the multiple sets of attitude angle data of the any one application function; determining a minimum set of attitude angle data and cumulative distance as a reference vector for the device data for either class of application; calculating the distance between each group of attitude angle data and the reference vector to obtain a distance characteristic value; extracting variation variance of each group of attitude angle data, the ratio of the time from the starting point to the extreme point to the time from the extreme point to the end point and the angle difference ratio in a statistical analysis mode;
The server determines the reference vector, the distance characteristic value, the variance, the ratio and the angle difference ratio as characteristic data corresponding to the device data of any type of application function.
Optionally, the server performs training learning by using a training set marked with operation behavior data of an application function and a time sequence to obtain the second training model, which includes:
the server acquires a training set marked with operation behavior data of an application function and a time sequence;
the server analyzes the training set marked with the operation behavior data with the application function and the time sequence by using a sequence pattern mining algorithm, and determines frequent operation behavior data meeting a support degree threshold;
and the server inputs the frequent operation behavior data meeting the support threshold value into a preset logistic regression model to perform training learning until the preset logistic regression model converges to obtain the second training model.
Optionally, the method further comprises:
when the server determines that the user to be identified performs payment operation, marking equipment data corresponding to the application performing the payment operation;
the server monitors the flow direction of marked equipment data in a preset period;
And if the marked equipment data continues to flow to a first application for a preset time within a preset time period, the server adds the first application into a blacklist and sends an alarm prompt message of the first application to the user.
In a second aspect, an embodiment of the present invention provides an apparatus for identity authentication, including:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring device data and operation behavior data when operating devices are transmitted by devices of users to be identified;
the processing unit is used for analyzing the equipment data by using a first training model and determining a first risk value of the user to be identified; the first training model is obtained by training and learning by using a training set of equipment data marked with an application function; analyzing the operation behavior data by using a second training model, and determining a second risk value of the user to be identified; the second training model is obtained by training and learning by using a training set marked with the operation behavior data of the application function and the time sequence; and if the first risk value is larger than a first threshold value and the second risk value is larger than a second threshold value, determining the user to be identified as an abnormal user, and sending a determination result to equipment of the abnormal user so that the equipment of the abnormal user sends out alarm prompt information.
Optionally, the processing unit is specifically configured to:
acquiring a training set of equipment data marked with application functions;
clustering the application functions of the device data in the training set according to the operation positions of the application functions to obtain device data sets of the application functions;
carrying out noise reduction processing on equipment data in the equipment data set of each type of application function through a complementary filter model, and determining a group of attitude angle data of any type of application function in the same operation time window;
analyzing multiple groups of attitude angle data of any type of application function, and determining characteristic data corresponding to equipment data of each type of application function;
and inputting the characteristic data corresponding to the equipment data of the class application function into a preset classification model for training and learning until the preset classification model converges to obtain the first training model.
Optionally, the processing unit is specifically configured to:
calculating the accumulated distance sum of any one set of attitude angle data and other sets of attitude angle data in the multiple sets of attitude angle data of any one type of application function aiming at any one type of application function in the multiple types of application functions; determining a minimum set of attitude angle data and cumulative distance as a reference vector for the device data for either class of application; calculating the distance between each group of attitude angle data and the reference vector to obtain a distance characteristic value; extracting variation variance of each group of attitude angle data, the ratio of the time from the starting point to the extreme point to the time from the extreme point to the end point and the angle difference ratio in a statistical analysis mode;
And determining the reference vector, the distance characteristic value, the variance, the ratio and the angle difference ratio as characteristic data corresponding to the equipment data of any kind of application function.
Optionally, the processing unit is specifically configured to:
acquiring a training set marked with operation behavior data of an application function and a time sequence;
analyzing the training set marked with the operation behavior data with the application function and the time sequence by using a sequence pattern mining algorithm, and determining frequent operation behavior data meeting a support threshold;
and inputting the frequent operation behavior data meeting the support threshold into a preset logistic regression model for training and learning until the preset logistic regression model converges to obtain the second training model.
Optionally, the processing unit is further configured to:
when the user to be identified is determined to carry out payment operation, marking equipment data corresponding to the application carrying out payment operation;
monitoring the flow direction of marked equipment data in a preset period;
and if the marked equipment data continuously flows to a first application for a preset time within a preset period, adding the first application into a blacklist, and sending alarm prompt information of the first application to the user.
In a third aspect, embodiments of the present invention also provide a computing device, comprising:
a memory for storing program instructions;
and the processor is used for calling the program instructions stored in the memory and executing the identity authentication method according to the obtained program.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable nonvolatile storage medium, including computer-readable instructions, which when read and executed by a computer, cause the computer to perform the above-described method for identity authentication.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a system architecture according to an embodiment of the present invention;
fig. 2 is a flow chart of a method for identity authentication according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a classifier constructed according to an embodiment of the present invention;
Fig. 4 is a schematic flow chart of identity authentication according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an apparatus for identity authentication according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 is a system architecture according to an embodiment of the present invention. As shown in fig. 1, the system architecture may be a server 100, and the server 100 may include a processor 110, a communication interface 120, and a memory 130.
The communication interface 120 is used for communicating with a terminal device, receiving and transmitting information transmitted by the terminal device, and realizing communication.
The processor 110 is a control center of the server 100, connects various parts of the entire server 100 using various interfaces and lines, and performs various functions of the server 100 and processes data by running or executing software programs and/or modules stored in the memory 130, and calling data stored in the memory 130. Optionally, the processor 110 may include one or more processing units.
The memory 130 may be used to store software programs and modules, and the processor 110 performs various functional applications and data processing by executing the software programs and modules stored in the memory 130. The memory 130 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, application programs required for at least one function, and the like; the storage data area may store data created according to business processes, etc. In addition, memory 130 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
It should be noted that the structure shown in fig. 1 is merely an example, and the embodiment of the present invention is not limited thereto.
Based on the above description, fig. 2 shows in detail a flow of a method for identity authentication according to an embodiment of the present invention, where the flow may be executed by an apparatus of the method for identity authentication, and the apparatus may be the server or be located in the server.
As shown in fig. 2, the process specifically includes:
in step 201, the server acquires device data and operation behavior data when operating the device transmitted by the device of the user to be identified.
In the embodiment of the invention, when the user to be identified operates the application on the device, the device data and the operation behavior data when the user operates the device can be sent to the server. The server may be a cloud server.
The device data may be sensor data such as accelerometer data, gyroscope data, etc. at the time of operation of the application. The behavior data may be a series of behaviors for different function modules or menus when operating an application, such as clicking on my account, registering/logging in, viewing account information, etc.
Step 202, the server analyzes the device data by using a first training model, and determines a first risk value of the user to be identified.
Before analyzing the device data using the first training model, training learning using a training set of device data labeled with application functions is also required to obtain the first training model. Specifically, a training set of device data labeled with application functions may be obtained first. And clustering the application functions of the device data in the training set according to the operation positions of the application functions to obtain device data sets of the application functions. And then carrying out noise reduction processing on the device data in the device data set of each class of application functions through a complementary filter model, and determining a group of attitude angle data of any class of application functions in the same operation time window. And analyzing the multiple sets of attitude angle data of any type of application function to determine the characteristic data corresponding to the equipment data of each type of application function. And finally, inputting the characteristic data corresponding to the equipment data of the class application function into a preset classification model for training and learning until the preset classification model converges, so as to obtain a first training model. The first training model may be a classifier or other neural network model capable of achieving classification. The operation position may be an operation position on a display interface of the terminal device, for example, a position on the display interface of the mobile phone, where a user clicks or slides on the display interface when operating a certain application function. The training set of application-tagged device data may be device data for a selected period of time.
When determining the feature data, the cumulative distance sum of any one set of attitude angle data and other sets of attitude angle data in any one set of attitude angle data of any one application function can be calculated according to any one application function in each type, and a set of attitude angle data with the minimum cumulative distance sum is determined as a reference vector of equipment data of any one application. And calculating the distance between each group of attitude angle data and the reference vector to obtain a distance characteristic value. And extracting variation variance, a ratio of time from a starting point to an extreme point to time from the extreme point to an end point and an angle difference ratio of each group of attitude angle data in a statistical analysis mode. And then determining the reference vector, the distance characteristic value, the variance variation, the ratio and the angle difference ratio as characteristic data corresponding to the device data of any kind of application function. When analyzing the attitude angle data, a dynamic time warping method can be utilized to analyze multiple groups of attitude angle data.
For example, after the training set is obtained, the data range to be analyzed needs to be defined reasonably, so that the modeling efficiency is improved, and unnecessary resource waste is avoided. Note that the change in the sensor caused by operating a function on the handset application is essentially determined by the location of the application function on the handset. When the application functions at different positions are operated, different regular changes of the sensor data are caused. The existing key eidolon or group control equipment can only simulate random disturbance of a mobile phone during any operation, and the rule that specific disturbance is generated by different application functions is not considered. The embodiment of the invention considers the regularity, clusters the application functions with similar positions, and uniformly collects and analyzes the corresponding equipment data according to the application function categories.
The classifier can then be constructed using the device data. As shown in FIG. 3, data of an accelerometer and a gyroscope matched with the operation of a certain type of functions in a time window is firstly subjected to noise reduction treatment through a complementary filter model, and the treated gyroscope angle theta is obtained g And accelerometer angle θ a The attitude angle θ (equation (1)) is calculated in combination, resulting in a set of attitude angle data generated by some type of operation within the time window.
Wherein d t For the filter sampling frequency, τ is the filter time constant.
And analyzing n groups of attitude angle records of the same type of functional operation in the training set. Before further analysis, the training set data is normalized by means of reference vectors. Because of the speed difference between different users operating the functions of the mobile phone, a dynamic time warping (Dynamic Time Warping, DTW) method is used to find the reference vector and calculate the distance between two sets of attitude angle data. Specifically, for the two sets of attitude angle data R (n) and T (m), DTW calculates the cumulative distance sum of the two sets of attitude angle data according to formula (2) to find an optimal path.
D=min∑d(T(i n ),R(i m )) (2)
And calculating the cumulative distance sum of each set of attitude angle data and other n-1 sets of attitude angle data by using the DTW, taking the set of attitude angle data with the smallest distance sum as a reference vector [1] when the function is operated, and then calculating the distance between each set of attitude angle data and the reference vector to obtain a distance characteristic value [2]. In addition, the variance [3], the time ratio [4] between the starting point and the extreme point and the time ratio [5] between the extreme point and the end point of each group of attitude angles are extracted through a statistical analysis mode, and the [1] to [5] are used as characteristic data of a training classifier.
And constructing a classifier of a legal/illegal user under corresponding operation by using the characteristic data through ensemble learning (Ensemble Learning, EL), namely training learning until the model converges.
And 203, analyzing the operation behavior data by the server by using a second training model, and determining a second risk value of the user to be identified.
Before analyzing the device data using the second training model, training learning using a training set labeled with the application function and the time series operation behavior data is also required to obtain the second training model. Specifically, a training set marked with the operation behavior data of the application function and the time sequence needs to be acquired first. And then analyzing the training set marked with the operation behavior data of the application function and the time sequence by using a sequence pattern mining algorithm, and determining the frequent operation behavior data meeting the support threshold. And finally, inputting the frequent operation behavior data meeting the support threshold into a preset logistic regression model for training and learning until the preset logistic regression model converges to obtain a second training model. Wherein the support threshold may be empirically set.
Although the same application provides the same function for all users, in the actual use process, different users often generate different operation behavior data for a plurality of functions of the application due to the difference of using habits, for example, three functions of A, B and C are also used, and the meanings of sequential operations A, B, C, B and A are completely different. The embodiment of the invention refers to a plurality of operation behavior data of the sequential operation as an operation sequence. The embodiment of the invention constructs a logistic regression model by analyzing the behavior relation among a plurality of operation behavior data of a user in a certain time window. Specifically, the present invention relates to a method for manufacturing a semiconductor device.
(1) The sequence mining algorithm PrefixSpan or other algorithm capable of implementing sequence mining is utilized. And analyzing the operation behavior data of the functions to find out all frequent operation sequences meeting a certain support degree. The flow of the PrefixSpan algorithm is briefly described as follows.
Input: a sequence data set S and a support threshold α.
(a) And finding out frequent prefixes with the length of 1 and the support degree not smaller than alpha, constructing a corresponding projection database for each frequent prefix, deleting non-frequent items from S, and assigning i=1.
(b) Recursively mining each prefix with length i and support not less than alpha. i) And constructing a projection database. If the construction is impossible, the recursion ends. ii) calculating the support of each item in the projection database. If the support degree of all items is less than alpha, ending the recursion; if the support degree is not less than alpha, combining the item with the current prefix to obtain a new prefix. iii) Let i=i+1, recursively execute step b with the new prefix.
(c) Stopping when there is no longer frequent sequence.
(2) And constructing a logistic regression model for identifying legal/illegal users by using the frequent operation sequences as training data. The legal users have more operation behavior data due to the diversity of demands, but the targets of the illegal users are relatively single (such as a bill), so that only a few clear operation behavior data are needed. In order to improve the efficiency of model estimation, an illegal user (abnormal equipment) can be accurately identified as a final target of the model.
Step 204, if the first risk value is greater than a first threshold value and the second risk value is greater than a second threshold value, the server determines that the user to be identified is an abnormal user, and sends a determination result to the device of the abnormal user.
The first threshold and the second threshold may be set according to experience, and only when the first risk value and the second risk value are higher than the corresponding thresholds, the user to be identified may be judged to be an illegal user, that is, an abnormal user, and at this time, the server may send a determination result to the device of the abnormal user, where the determination result includes information that the user to be identified is the abnormal user. The server can also add the device information into a blacklist and feed the information back to the local application of the device of the abnormal user, and the local application can quickly shield all functions and pop up warning prompts after receiving the information. The warning prompt provides two options for the user, one is to confirm and exit the application; secondly, feedback is submitted, namely when a legal user is misjudged, the feedback can be submitted manually, and the server can update the blacklist according to the feedback of the user, so that the efficiency and accuracy of identifying the illegal user in the later period are improved.
In order to ensure the safety of mobile phone payment, the embodiment of the invention also provides a technical scheme for monitoring the sensor data of the user to be identified, and whether the application of maliciously stealing the data is determined by monitoring the sensor data. Specifically, when determining that the user to be identified performs payment operation, marking device data corresponding to the application performing payment operation, then monitoring the flow direction of the marked device data in a preset period, if the marked device data continues to flow to a first application in the preset period, adding the first application into a blacklist by the server, and sending alarm prompt information of the first application to the user. The preset time period and the preset time period may be empirically set. The alert message of the first application may be set empirically, for example, may be an alert message that risks stealing payment data and requests to close the first application. In this case, the flow of device data to the first application is also understood to mean that the device data flows to a remote server to which the first application belongs when monitoring the flow of device data.
Specifically, when a user needs to input a payment password, the payment application firstly pops up a random numeric keyboard based on an encryption algorithm, and automatically opens a click keyboard vibration mode, so that a malicious application of receiving sensor data in the background to crack the password is interfered. Because the technical difficulty of stealing the sliding operation of the mobile phone by the user is high, the handwriting numeric keyboard can be started under the selection and permission of the user, and malicious application is prevented from cracking the user password.
When the user inputs a payment password, it is monitored whether data flows from the sensor to the other application, and a marking module is added before the data flows to the other application, so that only the marked data can be transmitted to the other application. The server tracks the use condition of the sensor data through the marking module in a certain time interval, such as whether the marking data is continuously transmitted to a remote server or not, and the like, and the relevant application information is added into a blacklist when the situation indicates that the data is possibly stolen. When the user uses the payment function, the warning prompt of the malicious application grabbing data is jumped out, the user is inquired whether to close the malicious application or ignore the warning prompt, the access authority of the sensor and the data marking strategy are adjusted according to the feedback of the user, and the blacklist and the payment safety mechanism are dynamically optimized.
In order to better explain the embodiment of the present invention, the process of identity authentication will be described below in a specific implementation scenario.
In particular, the implementation scenario of the embodiment of the present invention will be described from the viewpoint of use by the user with the flow shown in fig. 4. Taking a mobile payment application as an example, when a user pays for the payment application and operates the general function, the application starts to collect equipment data and operation behavior data in the background of the mobile phone, inputs the two sets of data to a cloud server, judges the risk of the user by using a first training model and a second training model, and triggers the payment application to shield the operation of the user on the general function and jump out of a warning prompt after the risk reaches a certain threshold. When the user selects to confirm, exiting the payment application; when the user selects feedback information, the application jumps out of the user authentication window, if a specified question is answered to confirm the identity of the user, if checking is correct, the application can be used continuously, the information is fed back to the server, and the blacklist is adjusted. The identification classifier in fig. 4 is a first training model and a second training model in the embodiment of the present invention.
According to the bearing capacity and the computing capacity of the server, part of the data of operations and equipment instead of all the data of the operations and equipment can be selected for analysis, so that the response speed of the application to the user is ensured. For example, selecting functions that are closely related to user privacy, payment, etc., or randomly extracting operation and device data for a time window.
When the user needs to pay the password operation, the encrypted random number keyboard (the clicking keyboard can vibrate along with the sensor data) or the keyboard supporting handwriting input can be popped up according to the selection of the user, so that the payment operation is completed. Meanwhile, the embedded marking module can add marks to the sensor data at the moment and track the sensor data, a cloud server analyzes tracking records, when suspicious data transfer behaviors are found, warning prompts for closing malicious applications are jumped out, a user can select to close the malicious applications or ignore the malicious applications, access rights and data marking strategies of the sensor data are adjusted according to feedback of the user, and a blacklist and a payment safety mechanism are dynamically optimized.
It should be noted that, when the model is built by using the device data and the operation behavior data, other alternatives may be adopted besides the method detailed in the embodiment: and if the risk values calculated by the two training models are used as the characteristic variables to carry out logistic regression, estimating the weights of the two characteristic variables for determining the risk of the user, and constructing the comprehensive risk assessment model.
In addition, the model may include parameters related to the device information, in addition to the device data and operation data focused in this patent. Such as system version, memory usage, available storage space, battery power, number of processes, mobile network code, etc. The device discrimination can be performed through the parameters, and the high-risk mobile phone client is shielded.
The embodiment of the invention has the following advantages:
1. the realization is simple, and the mobile phone sensor and the applied system log are mainly used, no additional equipment is required to be built, and the mobile phone sensor and the applied system log can be hidden and executed in the background. The requirements on hardware resources are low, and the requirements on user privacy data are low. The collected operation data and sensor data are uploaded to a cloud server, and after modeling analysis is performed by the server, a user risk result is returned to a local application, so that the mobile phone memory is not occupied, and the running efficiency of the application is not affected.
2. The abnormal device, while mimicking the normal user's operational behavior, may still be different from the user's actual operational characteristics. For example, a high frequency logs in and accesses the coupon lottery page. User operation records are collected and analyzed from the system log, the defect of the existing equipment data analysis is overcome by analyzing the operation data, an identity authentication model is comprehensively established, the system log has the advantage of being difficult to crack and forge, and the authentication accuracy and reliability are improved.
3. A new safety framework is provided, and potential safety hazards caused by the fact that personal privacy data are revealed by the control sensor are controlled.
In the embodiment of the invention, a server acquires equipment data and operation behavior data when operating equipment is transmitted by equipment of a user to be identified, equipment data is analyzed by using a first training model, a first risk value of the user to be identified is determined, the first training model is obtained by training and learning by using a training set marked with the equipment data of an application function, the operation behavior data is analyzed by using a second training model, a second risk value of the user to be identified is determined, the second training model is obtained by training and learning by using a training set marked with the operation behavior data of the application function and time sequence, if the first risk value is greater than a first threshold value and the second risk value is greater than a second threshold value, the user to be identified is determined to be an abnormal user, and a determination result is transmitted to the equipment of the abnormal user, so that the equipment of the abnormal user transmits alarm prompt information. The equipment data and the operation behavior data of the user to be identified are identified by using the first training model and the second training model which are obtained by different training sets respectively, and compared with the mode of identifying legal users by analyzing the risk model of the user behavior through the sensor data of the equipment in the prior art, the equipment data and the operation behavior data can be combined for identification, and the accuracy rate of identification is improved.
Based on the same technical concept, fig. 5 exemplarily shows a structure of an apparatus for identity authentication provided by an embodiment of the present invention, where the apparatus may perform a flow of identity authentication.
As shown in fig. 5, the apparatus specifically includes:
an obtaining unit 501, configured to obtain device data and operation behavior data when an operation device is sent by a device of a user to be identified;
a processing unit 502, configured to analyze the device data using a first training model, and determine a first risk value of the user to be identified; the first training model is obtained by training and learning by using a training set of equipment data marked with an application function; analyzing the operation behavior data by using a second training model, and determining a second risk value of the user to be identified; the second training model is obtained by training and learning by using a training set marked with the operation behavior data of the application function and the time sequence; and if the first risk value is larger than a first threshold value and the second risk value is larger than a second threshold value, determining the user to be identified as an abnormal user, and sending a determination result to equipment of the abnormal user so that the equipment of the abnormal user sends out alarm prompt information.
Optionally, the processing unit 502 is specifically configured to:
acquiring a training set of equipment data marked with application functions;
clustering the application functions of the device data in the training set according to the operation positions of the application functions to obtain device data sets of the application functions;
carrying out noise reduction processing on equipment data in the equipment data set of each type of application function through a complementary filter model, and determining a group of attitude angle data of any type of application function in the same operation time window;
analyzing multiple groups of attitude angle data of any type of application function, and determining characteristic data corresponding to equipment data of each type of application function;
and inputting the characteristic data corresponding to the equipment data of the class application function into a preset classification model for training and learning until the preset classification model converges to obtain the first training model.
Optionally, the processing unit 502 is specifically configured to:
calculating the accumulated distance sum of any one set of attitude angle data and other sets of attitude angle data in the multiple sets of attitude angle data of any one type of application function aiming at any one type of application function in the multiple types of application functions; determining a minimum set of attitude angle data and cumulative distance as a reference vector for the device data for either class of application; calculating the distance between each group of attitude angle data and the reference vector to obtain a distance characteristic value; extracting variation variance of each group of attitude angle data, the ratio of the time from the starting point to the extreme point to the time from the extreme point to the end point and the angle difference ratio in a statistical analysis mode;
And determining the reference vector, the distance characteristic value, the variance, the ratio and the angle difference ratio as characteristic data corresponding to the equipment data of any kind of application function.
Optionally, the processing unit 502 is specifically configured to:
acquiring a training set marked with operation behavior data of an application function and a time sequence;
analyzing the training set marked with the operation behavior data with the application function and the time sequence by using a sequence pattern mining algorithm, and determining frequent operation behavior data meeting a support threshold;
and inputting the frequent operation behavior data meeting the support threshold into a preset logistic regression model for training and learning until the preset logistic regression model converges to obtain the second training model.
Optionally, the processing unit 502 is further configured to:
when the user to be identified is determined to carry out payment operation, marking equipment data corresponding to the application carrying out payment operation;
monitoring the flow direction of marked equipment data in a preset period;
and if the marked equipment data continuously flows to a first application for a preset time within a preset period, adding the first application into a blacklist, and sending alarm prompt information of the first application to the user.
Based on the same technical concept, the embodiment of the invention further provides a computing device, which comprises:
a memory for storing program instructions;
and the processor is used for calling the program instructions stored in the memory and executing the identity authentication method according to the obtained program.
Based on the same technical concept, the embodiment of the invention also provides a computer readable nonvolatile storage medium, which comprises computer readable instructions, wherein when the computer reads and executes the computer readable instructions, the computer executes the identity authentication method.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (8)
1. A method of identity authentication, comprising:
the method comprises the steps that a server obtains equipment data and operation behavior data when equipment of a user to be identified is operated, wherein the equipment data are sensor data when the application is operated;
the server analyzes the equipment data by using a first training model, and determines a first risk value of the user to be identified; the server analyzes the operation behavior data by using a second training model, and determines a second risk value of the user to be identified; the first training model is obtained by training and learning by using a training set of equipment data marked with an application function; the second training model is obtained by training and learning by using a training set marked with the operation behavior data of the application function and the time sequence;
if the first risk value is larger than a first threshold value and the second risk value is larger than a second threshold value, the server determines that the user to be identified is an abnormal user, and sends a determination result to equipment of the abnormal user so that the equipment of the abnormal user sends out alarm prompt information;
The server performs training learning by using a training set marked with equipment data of an application function to obtain the first training model, and the method comprises the following steps:
the server acquires a training set of device data marked with application functions;
the server clusters the application functions of the device data in the training set according to the operation positions of the application functions to obtain device data sets of the application functions;
the server performs noise reduction processing on equipment data in equipment data sets of various application functions through a complementary filter model, and determines a group of attitude angle data of any type of application function in the same operation time window;
the server analyzes multiple groups of attitude angle data of any type of application function and determines characteristic data corresponding to the equipment data of any type of application function;
based on the obtained characteristic data corresponding to the equipment data of the application functions of each class, constructing the first training model through ensemble learning;
the server performs training learning by using a training set marked with operation behavior data of an application function and time sequence to obtain the second training model, and the method comprises the following steps:
the server acquires a training set marked with operation behavior data of an application function and a time sequence;
The server analyzes the training set marked with the operation behavior data with the application function and the time sequence by using a sequence pattern mining algorithm, and determines frequent operation behavior data meeting a support degree threshold;
and the server inputs the frequent operation behavior data meeting the support threshold value into a preset logistic regression model to perform training learning until the preset logistic regression model converges to obtain the second training model.
2. The method of claim 1, wherein the server analyzes the plurality of sets of attitude angle data for any type of application function to determine feature data corresponding to device data for the type of application function, comprising:
for any one of the various application functions, the server calculates the cumulative distance sum of any one set of attitude angle data and other sets of attitude angle data in the multiple sets of attitude angle data of the any one application function; determining a minimum set of attitude angle data and cumulative distance as a reference vector for the device data for either class of application; calculating the distance between each group of attitude angle data and the reference vector to obtain a distance characteristic value; extracting variation variance of each group of attitude angle data, the ratio of the time from the starting point to the extreme point to the time from the extreme point to the end point and the angle difference ratio in a statistical analysis mode;
The server determines the reference vector, the distance characteristic value, the variance, the ratio and the angle difference ratio as characteristic data corresponding to the device data of any type of application function.
3. The method according to any one of claims 1 and 2, wherein the method further comprises:
when the server determines that the user to be identified performs payment operation, marking equipment data corresponding to the application performing the payment operation;
the server monitors the flow direction of marked equipment data in a preset period;
and if the marked equipment data continues to flow to a first application for a preset time within a preset time period, the server adds the first application into a blacklist and sends an alarm prompt message of the first application to the user.
4. An apparatus for identity authentication, comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring device data and operation behavior data when operating devices are transmitted by devices of users to be identified, and the device data are sensor data when operating applications;
the processing unit is used for analyzing the equipment data by using a first training model and determining a first risk value of the user to be identified; analyzing the operation behavior data by using a second training model, and determining a second risk value of the user to be identified; the first training model is obtained by training and learning by using a training set of equipment data marked with an application function; the second training model is obtained by training and learning by using a training set marked with the operation behavior data of the application function and the time sequence; if the first risk value is larger than a first threshold value and the second risk value is larger than a second threshold value, determining the user to be identified as an abnormal user, and sending a determination result to equipment of the abnormal user so that the equipment of the abnormal user sends out alarm prompt information;
The processing unit is specifically configured to:
acquiring a training set of equipment data marked with application functions;
clustering the application functions of the device data in the training set according to the operation positions of the application functions to obtain device data sets of the application functions;
carrying out noise reduction processing on equipment data in the equipment data set of each type of application function through a complementary filter model, and determining a group of attitude angle data of any type of application function in the same operation time window;
analyzing multiple groups of attitude angle data of any type of application function, and determining characteristic data corresponding to the equipment data of any type of application function;
based on the obtained characteristic data corresponding to the equipment data of the application functions of each class, constructing the first training model through ensemble learning;
the processing unit is specifically further configured to:
acquiring a training set marked with operation behavior data of an application function and a time sequence;
analyzing the training set marked with the operation behavior data with the application function and the time sequence by using a sequence pattern mining algorithm, and determining frequent operation behavior data meeting a support threshold;
and inputting the frequent operation behavior data meeting the support threshold into a preset logistic regression model for training and learning until the preset logistic regression model converges to obtain the second training model.
5. The apparatus of claim 4, wherein the processing unit is specifically configured to:
calculating the accumulated distance sum of any one set of attitude angle data and other sets of attitude angle data in the multiple sets of attitude angle data of any one type of application function aiming at any one type of application function in the multiple types of application functions; determining a minimum set of attitude angle data and cumulative distance as a reference vector for the device data for either class of application; calculating the distance between each group of attitude angle data and the reference vector to obtain a distance characteristic value; extracting variation variance of each group of attitude angle data, the ratio of the time from the starting point to the extreme point to the time from the extreme point to the end point and the angle difference ratio in a statistical analysis mode;
and determining the reference vector, the distance characteristic value, the variance, the ratio and the angle difference ratio as characteristic data corresponding to the equipment data of any kind of application function.
6. The apparatus of any one of claims 4 and 5, wherein the processing unit is further to:
when the user to be identified is determined to carry out payment operation, marking equipment data corresponding to the application carrying out payment operation;
Monitoring the flow direction of marked equipment data in a preset period;
and if the marked equipment data continuously flows to a first application for a preset time within a preset period, adding the first application into a blacklist, and sending alarm prompt information of the first application to the user.
7. A computing device, comprising:
a memory for storing program instructions;
a processor for invoking program instructions stored in said memory and for performing the method according to any of claims 1 to 3 in accordance with the obtained program.
8. A computer readable non-transitory storage medium comprising computer readable instructions which, when read and executed by a computer, cause the computer to perform the method of any of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011036200.4A CN112184241B (en) | 2020-09-27 | 2020-09-27 | Identity authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011036200.4A CN112184241B (en) | 2020-09-27 | 2020-09-27 | Identity authentication method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112184241A CN112184241A (en) | 2021-01-05 |
| CN112184241B true CN112184241B (en) | 2024-02-20 |
Family
ID=73944628
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011036200.4A Active CN112184241B (en) | 2020-09-27 | 2020-09-27 | Identity authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112184241B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11488178B2 (en) * | 2020-11-01 | 2022-11-01 | Beijing Didi Infinity Technology And Development Co., Ltd. | Systems and methods for verifying digital payments |
| CN113449309B (en) * | 2021-06-28 | 2023-10-27 | 平安银行股份有限公司 | Terminal security state identification method, device, equipment and medium |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104021339A (en) * | 2014-06-10 | 2014-09-03 | 北京奇虎科技有限公司 | Safety payment method and device for mobile terminal |
| CN104035396A (en) * | 2014-04-18 | 2014-09-10 | 重庆大学 | Distributed behavior identification method based on wireless sensor network |
| CN106940805A (en) * | 2017-03-06 | 2017-07-11 | 江南大学 | A kind of group behavior analysis method based on mobile phone sensor |
| CN107465814A (en) * | 2017-07-17 | 2017-12-12 | 长沙学院 | A kind of user's input recognition method based on mobile phone inertial sensor |
| CN108510280A (en) * | 2018-03-23 | 2018-09-07 | 上海氪信信息技术有限公司 | A kind of financial fraud behavior prediction method based on mobile device behavioral data |
| CN108629170A (en) * | 2018-04-20 | 2018-10-09 | 北京元心科技有限公司 | Personal identification method and corresponding device, mobile terminal |
| CN109542944A (en) * | 2018-09-29 | 2019-03-29 | 广东工业大学 | Smart home user based on timing Causality Analysis manipulates behavior recommended method |
| CN109635872A (en) * | 2018-12-17 | 2019-04-16 | 上海观安信息技术股份有限公司 | Personal identification method, electronic equipment and computer program product |
| CN109828997A (en) * | 2019-01-03 | 2019-05-31 | 温州医科大学 | A kind of analysis of university student's behavioral data and academic warning method |
| CN110175839A (en) * | 2019-05-31 | 2019-08-27 | 中国银联股份有限公司 | Method for processing payment information, device, equipment and computer readable storage medium |
| WO2019184119A1 (en) * | 2018-03-26 | 2019-10-03 | 平安科技(深圳)有限公司 | Risk model training method and apparatus, risk identification method and apparatus, device, and medium |
| WO2020060544A1 (en) * | 2018-09-19 | 2020-03-26 | Rulex, Inc. | Method for detecting anomalies in a data set |
| CN111625792A (en) * | 2020-07-28 | 2020-09-04 | 杭州大乘智能科技有限公司 | Identity recognition method based on abnormal behavior detection |
| CN111652280A (en) * | 2020-04-30 | 2020-09-11 | 中国平安财产保险股份有限公司 | Behavior-based target object data analysis method and device and storage medium |
-
2020
- 2020-09-27 CN CN202011036200.4A patent/CN112184241B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104035396A (en) * | 2014-04-18 | 2014-09-10 | 重庆大学 | Distributed behavior identification method based on wireless sensor network |
| CN104021339A (en) * | 2014-06-10 | 2014-09-03 | 北京奇虎科技有限公司 | Safety payment method and device for mobile terminal |
| CN106940805A (en) * | 2017-03-06 | 2017-07-11 | 江南大学 | A kind of group behavior analysis method based on mobile phone sensor |
| CN107465814A (en) * | 2017-07-17 | 2017-12-12 | 长沙学院 | A kind of user's input recognition method based on mobile phone inertial sensor |
| CN108510280A (en) * | 2018-03-23 | 2018-09-07 | 上海氪信信息技术有限公司 | A kind of financial fraud behavior prediction method based on mobile device behavioral data |
| WO2019184119A1 (en) * | 2018-03-26 | 2019-10-03 | 平安科技(深圳)有限公司 | Risk model training method and apparatus, risk identification method and apparatus, device, and medium |
| CN108629170A (en) * | 2018-04-20 | 2018-10-09 | 北京元心科技有限公司 | Personal identification method and corresponding device, mobile terminal |
| WO2020060544A1 (en) * | 2018-09-19 | 2020-03-26 | Rulex, Inc. | Method for detecting anomalies in a data set |
| CN109542944A (en) * | 2018-09-29 | 2019-03-29 | 广东工业大学 | Smart home user based on timing Causality Analysis manipulates behavior recommended method |
| CN109635872A (en) * | 2018-12-17 | 2019-04-16 | 上海观安信息技术股份有限公司 | Personal identification method, electronic equipment and computer program product |
| CN109828997A (en) * | 2019-01-03 | 2019-05-31 | 温州医科大学 | A kind of analysis of university student's behavioral data and academic warning method |
| CN110175839A (en) * | 2019-05-31 | 2019-08-27 | 中国银联股份有限公司 | Method for processing payment information, device, equipment and computer readable storage medium |
| CN111652280A (en) * | 2020-04-30 | 2020-09-11 | 中国平安财产保险股份有限公司 | Behavior-based target object data analysis method and device and storage medium |
| CN111625792A (en) * | 2020-07-28 | 2020-09-04 | 杭州大乘智能科技有限公司 | Identity recognition method based on abnormal behavior detection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112184241A (en) | 2021-01-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9509688B1 (en) | Providing malicious identity profiles from failed authentication attempts involving biometrics | |
| CN105791255B (en) | Computer risk identification method and system based on account clustering | |
| US20180121640A1 (en) | System, device, and method of secure utilization of fingerprints for user authentication | |
| CN112417439A (en) | Account detection method, device, server and storage medium | |
| CN103593609B (en) | Trustworthy behavior recognition method and device | |
| WO2017196609A1 (en) | User authentication and access control using identity services | |
| CN105591743B (en) | Method and device for identity authentication through equipment operation characteristics of user terminal | |
| CN104836781A (en) | Method distinguishing identities of access users, and device | |
| CN112184241B (en) | Identity authentication method and device | |
| US9667613B1 (en) | Detecting mobile device emulation | |
| CN109344583B (en) | Threshold determination and body verification method and device, electronic equipment and storage medium | |
| US11379591B2 (en) | Methods and devices for user authorization | |
| CN107465642A (en) | A kind of method and device for judging account abnormal login | |
| CN111083165A (en) | Login interception method and system based on combined anti-collision library platform | |
| US11172364B1 (en) | Threat identification, prevention, and remedy | |
| CN108229157A (en) | Server attack early warning method and apparatus | |
| CN113505393A (en) | Block chain payment data processing method applied to big data and cloud server | |
| WO2019156680A1 (en) | Proactive device authentication platform | |
| CN113572757B (en) | Server access risk monitoring method and device | |
| CN110781467A (en) | Abnormal business data analysis method, device, equipment and storage medium | |
| US20200380114A1 (en) | System for security analysis and authentication across downstream applications | |
| CN111160919A (en) | Block chain address risk assessment method and device | |
| CN107888576B (en) | Anti-collision library safety risk control method using big data and equipment fingerprints | |
| CN115801366A (en) | Attack detection method and device, electronic equipment and computer readable storage medium | |
| US20230046813A1 (en) | Selecting communication schemes based on machine learning model predictions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |