CN113095843A - User authentication method, user authentication device, user authentication system, and storage medium - Google Patents

User authentication method, user authentication device, user authentication system, and storage medium Download PDF

Info

Publication number
CN113095843A
CN113095843A CN202110503090.6A CN202110503090A CN113095843A CN 113095843 A CN113095843 A CN 113095843A CN 202110503090 A CN202110503090 A CN 202110503090A CN 113095843 A CN113095843 A CN 113095843A
Authority
CN
China
Prior art keywords
user
data
feature vector
registration
verified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110503090.6A
Other languages
Chinese (zh)
Inventor
杨瑞光
施佳子
罗涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110503090.6A priority Critical patent/CN113095843A/en
Publication of CN113095843A publication Critical patent/CN113095843A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2411Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/041Digitisers, e.g. for touch screens or touch pads, characterised by the transducing means
    • G06F3/0414Digitisers, e.g. for touch screens or touch pads, characterised by the transducing means using force sensing means to determine a position
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Evolutionary Computation (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Artificial Intelligence (AREA)
  • Software Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Medical Informatics (AREA)
  • Mathematical Physics (AREA)
  • Evolutionary Biology (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Technology Law (AREA)
  • Human Computer Interaction (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The disclosure provides a user verification method applied to electronic equipment, and relates to the field of information security or the field of finance and the like. The user authentication method includes: and acquiring verification data generated by the operation of the user to be verified on the screen of the electronic equipment. And processing the verification data to obtain at least one first feature vector. Sending the at least one first feature vector to a server, so that the server compares the at least one first feature vector with at least one second feature vector stored in advance in a one-to-one correspondence manner. And when the comparison result sent by the server is received to be passed, the user passes the verification. The present disclosure also provides a user authentication method applied to the server, and a user authentication apparatus, a user authentication system, and a storage medium.

Description

User authentication method, user authentication device, user authentication system, and storage medium
Technical Field
The present disclosure relates to the field of information security or the field of finance, and more particularly, to a user authentication method, a user authentication apparatus, a system, and a storage medium.
Background
People use electronic equipment such as mobile phones and computers to do work, life or entertainment activities, and more important data are stored in the daily used electronic equipment. For example, a user uses a mobile banking client to transact banking business, and the user can see the balance of a bank through the banking client and transact business such as transfer, collection or deposit. Because of the property safety, the electronic equipment or the mobile banking client needs to be protected by setting a password so as to prevent the use of others. In the related art, for example, a squared figure gesture password, a numeric password, or a password of a combination of letters, numbers, and symbols may be set for protection, and the user may use the password to unlock the electronic device.
In the course of implementing the disclosed concept, the inventors found that there are at least the following problems in the prior art:
if the password set by the user is leaked, because whether the user operates the password can not be verified, other people can also use the password to unlock and use the electronic equipment, and the safety is poor.
Disclosure of Invention
In view of the above, the embodiments of the present disclosure provide a user authentication method, a user authentication apparatus, a user authentication system, and a storage medium, which are capable of authenticating whether a user using an electronic device is himself/herself.
One aspect of the disclosed embodiments provides a user authentication method for an electronic device. The user authentication method includes: the method comprises the steps of obtaining verification data generated by operation of a user to be verified on a screen of the electronic equipment, wherein the verification data comprises sequence data of point contact of the user to be verified and N coordinate points on the screen and at least one of pressure data or contact area data of point contact with each coordinate point in the N coordinate points, and N is an integer greater than or equal to 1. And processing the verification data to obtain at least one first feature vector. Sending the at least one first feature vector to a server, so that the server compares the at least one first feature vector with at least one second feature vector stored in advance in a one-to-one correspondence manner. And when the comparison result sent by the server is received to be passed, the user passes the verification.
According to an embodiment of the present disclosure, the pressure data contacting each of the N coordinate points includes: at least one of a value of effective contact pressure, a value of maximum pressure, a value of minimum pressure, and a value of average pressure.
According to an embodiment of the present disclosure, the contact area data contacting each of the N coordinate points includes: at least one of an effective contact area, a maximum contact area, a minimum contact area, and an average contact area.
According to an embodiment of the present disclosure, the operation of the screen of the electronic device by the user to be authenticated includes: and the user to be verified clicks and/or slides the screen.
According to an embodiment of the present disclosure, before obtaining the verification data, the method further includes: and acquiring registration data of the user to be verified for S times, wherein the registration data comprises registration sequence data of the user to be verified contacting N coordinate points and at least one of registration pressure data or registration contact area data contacting each coordinate point, and S is an integer greater than 1. And respectively processing the registration data acquired for S times to obtain S groups of registration characteristic vectors, wherein each group of registration characteristic vectors comprises at least one registration characteristic vector. Sending the S sets of the registered feature vectors to the server such that the server averages the S sets of the registered feature vectors to obtain the at least one second feature vector.
Another aspect of the embodiments of the present disclosure provides a user authentication method applied to a server. The user authentication method includes: receiving at least one first feature vector sent by electronic equipment, wherein the at least one feature vector is obtained by processing verification data of a user to be verified by the electronic equipment, the verification data comprises sequential data of the user to be verified contacting N coordinate points on a screen of the electronic equipment and at least one of pressure data or contact area data contacting each coordinate point in the N coordinate points, and N is an integer greater than or equal to 1. Comparing the at least one first feature vector with at least one second feature vector stored in advance in a one-to-one correspondence manner, wherein the method comprises the following steps: and calculating the similarity of each first feature vector and each corresponding second feature vector. And sending a comparison result to the electronic equipment, wherein the comparison result is a pass when the similarity meets a preset condition.
According to an embodiment of the present disclosure, before receiving the at least one first feature vector, the method further includes obtaining the at least one second feature vector, specifically including: receiving S groups of registration characteristic vectors sent by the electronic equipment, wherein each group of registration characteristic vectors is obtained by processing registration data of the user to be authenticated collected by the electronic equipment each time, the registration data comprises registration sequence data of the user to be authenticated, which is in contact with N coordinate points, and at least one of registration pressure data or registration contact area data of the user to be authenticated, which is in contact with each coordinate point, and S is an integer greater than 1. And averaging the registration feature vectors of S groups to obtain the at least one second feature vector, wherein each group of the registration feature vectors comprises at least one registration feature vector, and S is an integer greater than or equal to 1.
According to an embodiment of the present disclosure, the calculating the similarity between each of the first feature vectors and each of the corresponding second feature vectors includes calculating the similarity using a classification model, and training the classification model before receiving the at least one first feature vector includes: obtaining M positive sample data in a training set, wherein each positive sample data comprises the verification data of a known user, and M is an integer greater than or equal to 1. And training a single-class support vector machine model based on the training set to obtain the classification model.
According to an embodiment of the present disclosure, the classification model includes a data processing model, and further includes, after the obtaining the classification model: and acquiring parameters of the electronic equipment. Modifying parameters of the data processing model based on parameters of the electronic device. Sending the modified data processing model to the electronic device, so that the electronic device processes the verification data of the user to be verified based on the modified data processing model to obtain the at least one first feature vector.
According to an embodiment of the present disclosure, the method further comprises: and allocating a user identifier for the user to be verified. The user identification is stored in association with the at least one second feature vector in advance. Wherein, before the calculating the similarity between each first feature vector and each corresponding second feature vector, the method further comprises: matching the at least one first feature vector with the corresponding at least one second feature vector based on the user identification.
Another aspect of the embodiments of the present disclosure provides a user authentication apparatus applied to an electronic device. The user authentication device comprises a data acquisition module, a data processing module, a vector sending module and a user authentication module. The data acquisition module is used for acquiring verification data generated by a user to be verified operating a screen of the electronic equipment, wherein the verification data comprises sequential data of the user to be verified contacting N coordinate points on the screen and at least one of pressure data or contact area data contacting each coordinate point in the N coordinate points, and N is an integer greater than or equal to 1. The data processing module is used for processing the verification data to obtain at least one first feature vector. The vector sending module is used for sending the at least one first feature vector to a server, so that the server compares the at least one first feature vector with at least one second feature vector stored in advance in a one-to-one correspondence manner. And the user verification module is used for passing the user verification when the comparison result sent by the server is received.
Another aspect of the embodiments of the present disclosure provides a user authentication apparatus applied to a server. The user authentication device comprises a vector receiving module, a vector comparison module and a result sending module. The vector receiving module is used for receiving at least one first feature vector sent by an electronic device, wherein the at least one feature vector is obtained by processing verification data of a user to be verified by the electronic device, the verification data comprises sequence data of the user to be verified contacting with N coordinate points on a screen of the electronic device and at least one of pressure data or contact area data contacting with each coordinate point of the N coordinate points, and N is an integer greater than or equal to 1. The vector comparison module is configured to compare the at least one first feature vector with at least one second feature vector stored in advance in a one-to-one correspondence manner, where the vector comparison module includes: and calculating the similarity of each first feature vector and each corresponding second feature vector. The result sending module is used for sending a comparison result to the electronic equipment, wherein when the similarity meets a preset condition, the comparison result is passed.
Another aspect of the disclosed embodiments provides a user authentication system. The user authentication system includes one or more memories, and one or more processors. The memory stores executable instructions. The processor executes the executable instructions to implement the method as described above. Another aspect of the embodiments of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Yet another aspect of an embodiment of the present disclosure provides a computer program product comprising computer programs/instructions which, when executed by a processor, implement the method as described above.
One or more of the embodiments described above have the following advantages or benefits: the problem that if the unlocking password of the electronic equipment is leaked, other people can also use the password to unlock the electronic equipment is solved at least partially, the sequence data of a user to be verified is obtained, then verification data is obtained by combining at least one of pressure data or contact area data, at least one first feature vector obtained by processing the verification data is compared with at least one second feature vector stored in advance, even if other people obtain the sequence data, whether the operation is carried out by the user or not can be verified through the comparison result based on the difference of the pressure data and/or the contact area data, and therefore safety is improved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an exemplary system architecture to which a user authentication method may be applied, according to an embodiment of the present disclosure;
FIG. 2 schematically shows a flow diagram of a user authentication method for an electronic device according to an embodiment of the present disclosure;
FIG. 3 schematically shows a flow diagram for obtaining a registration feature vector of a user to be authenticated according to an embodiment of the disclosure;
FIG. 4 schematically shows a flow chart of a user authentication method for a server according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow diagram of a user authentication method for a server according to yet another embodiment of the present disclosure;
FIG. 6 schematically shows a flow chart of a user authentication method for a server according to a further embodiment of the present disclosure;
FIG. 7 schematically shows a flow diagram for sending a modified data processing model to an electronic device, in accordance with an embodiment of the present disclosure;
FIG. 8 schematically shows a flow chart of a user authentication method for a server according to a further embodiment of the present disclosure;
FIG. 9 schematically illustrates a block diagram of a user authentication apparatus for an electronic device, in accordance with an embodiment of the present disclosure;
fig. 10 schematically shows a block diagram of a user authentication apparatus for a server according to an embodiment of the present disclosure;
FIG. 11 schematically shows a flow diagram of an interaction of a user authentication means for an electronic device with a user authentication means for a server, according to an embodiment of the present disclosure; and
FIG. 12 schematically illustrates a block diagram of a computer system suitable for implementing the user authentication method and apparatus according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
One aspect of the disclosed embodiments provides a user authentication method for an electronic device. The user authentication method comprises the following steps: the method comprises the steps of obtaining verification data generated by a user to be verified operating a screen of the electronic equipment, wherein the verification data comprises sequence data of the user to be verified contacting N coordinate points on the screen and at least one of pressure data or contact area data contacting each coordinate point in the N coordinate points, and N is an integer greater than or equal to 1. The verification data is processed to obtain at least one first feature vector. And sending the at least one first feature vector to the server so that the server compares the at least one first feature vector with at least one second feature vector stored in advance in a one-to-one correspondence manner. And when the comparison result sent by the server is received to be passed, the user passes the verification.
In the related art, the electronic device can be locked by setting a nine-grid gesture password, a numeric password, or a password formed by combining numbers, letters and symbols, and then the owner of the electronic device uses an unlocking password to unlock the electronic device first when using the electronic device. The verification mode is that the user can sense, and actually, the user can obtain data collected by a hardware sensor in the operation process of the user after obtaining the consent of the user in the process of daily using the electronic equipment, wherein the data is data which is not sensed by the user and has personal characteristics. For example, the age, sex, or physical constitution of different users are different, and the angle, the contact area with the screen, or the pressure value when the user uses the electronic apparatus is not the same.
By using the user authentication method of the embodiment of the disclosure, the order data set by the user to be authenticated is acquired, and then the authentication data is acquired by combining with at least one of the pressure data and the contact area data having the personal characteristics of the user to be authenticated, and at least one first feature vector acquired by processing the authentication data is compared with at least one second feature vector stored in advance, so that even if other people acquire the order data, the imperceptible authentication can be performed based on the difference of the pressure data and/or the contact area data, and whether the operation is performed by the user is determined through the comparison result, thereby improving the security.
Fig. 1 schematically illustrates an exemplary system architecture 100 to which a user authentication method may be applied, according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include electronic devices 101, 102, 103, a network 104, and a server 105. The network 104 is used to provide a medium for communication links between the electronic devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
A user may use the electronic devices 101, 102, 103 to interact with the server 105 over the network 104 to receive or send messages or the like. The electronic devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, and the like (by way of example only). The network 104 may also include a security authentication interface, a unified pass authentication unit, etc. to allow authorized electronic devices 101, 102, 103 to interact with the server 105.
The electronic devices 101, 102, 103 may be a variety of electronic devices having display screens and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like. It should be noted that the authentication of the user according to the present disclosure may include authentication performed when the electronic device is used, for example, in a lock screen state, and may also include authentication performed before entering a certain communication client application of the electronic device when the application is used.
The server 105 may be a server that provides various services, such as a background management server (for example only) that provides support for websites browsed by users using the electronic devices 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the electronic device.
According to an embodiment of the present disclosure, the server 105 may previously store at least one second feature vector, or may call at least one second feature vector stored in the database. The electronic device 101, 102, 103 may send the at least one first feature vector to the server 105. In some embodiments of the present disclosure, the electronic device 101, 102, 103 may directly send the verification data to the server 105, and the server 105 processes the verification data to obtain the at least one first feature vector.
It should be noted that the user authentication method applied to the electronic device provided by the embodiment of the present disclosure may be generally executed by any of the electronic devices 101, 102, and 103. Accordingly, the user authentication method applied to the electronic device provided by the embodiment of the present disclosure may be generally set in any of the electronic devices 101, 102, and 103. The user authentication method applied to the server provided by the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the user authentication method applied to the server provided by the embodiments of the present disclosure may be generally not disposed in the server 105.
The user authentication method applied to the server provided by the embodiment of the present disclosure may also be performed by a server or a server cluster different from the server 105 and capable of communicating with the electronic devices 101, 102, 103 and/or the server 105. Accordingly, the user authentication apparatus applied to the server provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster different from the server 105 and capable of communicating with the electronic devices 101, 102, 103 and/or the server 105.
It should be understood that the number of electronic devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of electronic devices, networks, and servers, as desired for implementation.
Fig. 2 schematically shows a flow chart of a user authentication method for an electronic device according to an embodiment of the present disclosure.
As shown in fig. 2, the user authentication method that may be used for the electronic device includes operations S210 to S240.
In operation S210, verification data generated by an operation of a user to be verified on a screen of an electronic device is obtained, where the verification data includes sequence data of the user to be verified in contact with N coordinate points on the screen and at least one of pressure data or contact area data of the user in contact with each coordinate point of the N coordinate points, where N is an integer greater than or equal to 1.
According to the embodiment of the disclosure, the operation of the screen of the electronic device by the user to be authenticated comprises the following steps: and clicking and/or sliding the screen by the user to be verified. It should be noted that, the user may use a finger to directly operate the screen, or may use a third-party device such as an electronic pen to operate the screen, which is not limited in this disclosure.
According to an embodiment of the present disclosure, for example, the user to be authenticated has set a lock screen password on the electronic device 105 in advance. When the screen locking password is in a nine-square-grid sliding unlocking form, the verification data may include sequential data of small dots of a sliding nine-square grid of the user to be verified, for example, the first 6 small dots are slid in sequence. The positions of the first 6 small dots correspond to 6 coordinate points, and the verification data may further include at least one of pressure data or contact area data collected while sliding through each coordinate point.
When the lock screen password is in the form of a combination of numbers, letters or symbols, the authentication data may include sequential data of the respective numbers, letters or symbols in the password. Taking the password "123 × abc" as an example, first, when the user to be authenticated unlocks, the keyboard information called by the user to be authenticated is obtained, for example, the current keyboard is a nine-key type numeric keyboard. Then, it is determined that each number on the keyboard corresponds to each coordinate point on the screen. And then, acquiring the digital information and the sequence data of 1, 2 and 3 sequentially clicked on the numeric keyboard by the user to be verified, and simultaneously acquiring at least one of pressure data or contact area when the user clicks 1, 2 and 3. Then, when the user to be verified calls the symbol keyboard or calls the 26-key English keyboard, the steps can be repeated. Finally, the acquired verification data includes "123 × abc" character information, sequence data, and at least one of pressure data or contact area of each coordinate point.
The sizes of the called keyboards are different due to the fact that different types of electronic equipment used by different users are different and the using habits are different, so that the obtained keyboard information also comprises size information, and the coordinate points corresponding to all numbers, letters or symbols are convenient to determine. In some embodiments of the present disclosure, an unlock keyboard of a fixed size and dimension may be provided, which is capable of directly acquiring at least one of character information of each number, letter, or symbol clicked by a user to be authenticated, order data of corresponding coordinate points, and pressure data or contact area.
In operation S220, the verification data is processed to obtain at least one first feature vector.
According to an embodiment of the present disclosure, the pressure data of the contact of the user to be verified with each coordinate point may include: at least one of a value of effective contact pressure, a value of maximum pressure, a value of minimum pressure, and a value of average pressure.
According to an embodiment of the present disclosure, the contact area data of the user to be verified contacting each coordinate point may include: at least one of an effective contact area, a maximum contact area, a minimum contact area, and an average contact area.
Taking the squared figure sliding unlocking as an example, by adding data buried points into a gesture sliding track of the squared figure, pressure and contact area data collected by a screen sensor when a user sweeps each small circle point are obtained, and are spliced into a 76-dimensional vector (for example, a vector in the form of 1 row and 76 columns). The vector is composed of front 4 dimensions and back 72 dimensions, and during the sliding process of the squared figure gesture, at least 5 points can be set to pass through, and at most 9 points can be set to pass through. The first 4 dimensions respectively represent the contact area when the first small circle point starts to slide, the contact area before the first small circle point leaves the last small circle point, the pressure when the first small circle point starts to slide and the pressure before the first small circle point leaves the last small circle point, the last 72 dimensions are divided into one group by 8 dimensions, 9 groups are provided, and each group represents data collected when each small circle point passes through the gesture slide. And the 8-dimension data in each group of vectors respectively represent effective contact area, effective pressure, minimum contact area, maximum contact area, average contact area, minimum pressure, maximum pressure and average pressure when the data passes through each small dot, and if the number of small dots touched after the gesture sliding process is finished is less than 9, the data which is not collected is filled with 0.
In addition, the sequential data of the Sudoku sliding unlocking can be represented by another 81-dimensional vector, each 9-dimensional vector is used as a group, and the sequence of each group is in one-to-one correspondence with the sequence of 9 small dots. For example, the first sliding small dot is the 3 rd small dot, the 3 rd small dot corresponds to the third set of vectors, and the third set has a value of [100000000 ]. That is, the 1 st value is 1, it means that the 3 rd small dot is slid for the first time.
According to the embodiment of the disclosure, the vector may be further processed by using a machine learning model to obtain at least one first feature vector. The 76-dimensional vector and the 81-dimensional vector can be combined to obtain a first feature vector.
In some embodiments of the present disclosure, when the user to be authenticated inputs a password such as a number, a letter, or the like by clicking, a process of processing the authentication data to obtain the first feature vector is similar to that described above. For example, for a password of "123 abc", the sequential data may be represented as a 49-dimensional vector, with each 7-dimensional vector as a group, each group corresponding to a number, letter, or symbol. In some embodiments of the present disclosure, hash algorithm may be used to process "123 × abc" to obtain the hash value as sequential data, where the sequential data is no longer represented in vector form.
In operation S230, the at least one first feature vector is transmitted to the server, so that the server compares the at least one first feature vector with at least one second feature vector stored in advance in a one-to-one correspondence.
In operation S240, when it is received that the comparison result sent by the server is pass, the user authentication is passed.
By using the user authentication method of the embodiment of the disclosure, the order data set by the user to be authenticated is acquired, the authentication data is acquired by combining at least one of the pressure data and the contact area data having the personal characteristics of the user to be authenticated, and the at least one first feature vector acquired by processing the authentication data is compared with the at least one second feature vector stored in advance, so that even if other people acquire the order data, the imperceptible authentication can be performed based on the difference of the pressure data and/or the contact area data to determine whether the operation is performed by the user, thereby improving the security.
Fig. 3 schematically shows a flowchart for obtaining a registration feature vector of a user to be authenticated according to an embodiment of the present disclosure.
As shown in fig. 3, obtaining the registration feature vector of the user to be authenticated may include operations S310 to S330.
In operation S310, registration data of the user to be authenticated is collected S times, where the registration data includes registration sequence data of the user to be authenticated in contact with N coordinate points and at least one of registration pressure data or registration contact area data of the user to be authenticated in contact with each coordinate point, and S is an integer greater than 1.
According to the embodiment of the disclosure, on the premise that the user to be authenticated is the owner of the electronic device, for example, the user to be authenticated wants to set the squared gesture password for the electronic device, the user to be authenticated may be first prompted to set 4 times (by way of example only), for example, to repeatedly slide 4 times, and then, sequence data, pressure data and/or contact area data are collected during the sliding process as registration data. In some embodiments of the present disclosure, the user to be authenticated may be prompted to slide 1 time or 2 times of the gesture password on the password setting interface, and pressure data and/or contact area data are acquired without sensing in the subsequent unlocking process of the user to be authenticated.
In operation S320, the registration data collected S times are respectively processed to obtain S groups of registration feature vectors, where each group of registration feature vectors includes at least one registration feature vector.
In operation S330, the S-set of registered feature vectors are sent to the server such that the server averages the S-set of registered feature vectors to obtain at least one second feature vector.
According to the embodiment of the disclosure, the user is authenticated by an imperceptible method, namely, during the process that the user uses the electronic equipment, the behavior data of the user is collected to determine the personal characteristics of the user. Therefore, the personal characteristics of the user can be more accurately determined by collecting the registration data for multiple times, and the problem that whether the user is the user can not be accurately judged by collecting the registration data for 1 time is prevented.
According to the embodiment of the disclosure, due to the fact that the behavior sequence of the user has diversity and irregularity, the user characteristics abstracted from the collected data cannot be well fitted to the current user, so that abnormal behavior sequences, such as behaviors of non-personal operation and the like, are often left during the non-perception verification, and the non-perception verification cannot achieve the expected purpose. And pressure data or contact area data of each person operation screen usually have certain regularity, therefore, through the processing to sequence data, pressure data or contact area data, can fit current user well, improve and verify the security.
Fig. 4 schematically shows a flow chart of a user authentication method for a server according to an embodiment of the present disclosure.
As shown in fig. 4, the user authentication method that may be used for the server includes operations S410 to S430.
In operation S410, at least one first feature vector sent by an electronic device is received, where the at least one first feature vector is obtained by processing, by the electronic device, verification data of a user to be verified, where the verification data includes sequence data of the user to be verified contacting N coordinate points on a screen of the electronic device, and at least one of pressure data or contact area data of the user contacting each coordinate point of the N coordinate points, where N is an integer greater than or equal to 1.
In operation S420, the at least one first feature vector is compared with at least one second feature vector stored in advance in a one-to-one correspondence manner, where the comparing includes: and calculating the similarity of each first feature vector and each corresponding second feature vector.
According to the embodiment of the disclosure, calculating the similarity between two vectors may select to calculate the euclidean distance, the manhattan distance, the chebyshev distance, or the like, which is not limited by the disclosure.
In operation S430, a comparison result is transmitted to the electronic device, wherein the comparison result is a pass when the similarity satisfies a preset condition.
According to the embodiment of the present disclosure, for example, when the euclidean distance is calculated, the preset threshold may be determined to be 0.5, and when the euclidean distance is less than or equal to 0.5, the similarity satisfies the preset condition, and the comparison result is passed.
According to the embodiment of the present disclosure, the second feature vector is pre-stored in the server, and the server is used to perform a comparison operation of the at least one first feature vector and the pre-stored at least one second feature vector. Compared with the method for storing the second feature vector in the electronic equipment, the method can avoid the second feature vector leakage caused by the fact that other people crack the electronic equipment by means of malicious means. For example, in some embodiments of the present disclosure, before the electronic device interacts with the server, a security gateway or a unified pass access rule may be set, so as to perform security authentication on the electronic device, thereby further improving the user security level.
Fig. 5 schematically shows a flowchart of a user authentication method for a server according to still another embodiment of the present disclosure.
As shown in fig. 5, the user authentication method of the embodiment of the present disclosure may include operations S510 to S520, and operations S410 to S430.
In operation S510, S sets of registration feature vectors sent by the electronic device are received, where each set of registration feature vectors is obtained by processing, by the electronic device, registration data of a user to be authenticated collected each time, where the registration data includes registration sequence data of the user to be authenticated in contact with N coordinate points and at least one of registration pressure data or registration contact area data of the user to be authenticated in contact with each coordinate point, and S is an integer greater than 1.
In operation S520, at least one second feature vector is obtained by averaging S sets of registered feature vectors, where each set of registered feature vectors includes at least one registered feature vector, and S is an integer greater than or equal to 1.
In operation S410, at least one first feature vector sent by an electronic device is received, where the at least one first feature vector is obtained by processing, by the electronic device, verification data of a user to be verified, where the verification data includes sequence data of the user to be verified contacting N coordinate points on a screen of the electronic device, and at least one of pressure data or contact area data of the user contacting each coordinate point of the N coordinate points, where N is an integer greater than or equal to 1.
In operation S420, the at least one first feature vector is compared with at least one second feature vector stored in advance in a one-to-one correspondence manner, where the comparing includes: and calculating the similarity of each first feature vector and each corresponding second feature vector.
In operation S430, a comparison result is transmitted to the electronic device, wherein the comparison result is a pass when the similarity satisfies a preset condition.
According to an embodiment of the present disclosure, referring to operation S310, the electronic device collects registration data of the user to be authenticated S times, and then processes the registration data to obtain S groups of registration feature vectors. The number S of times acquired by the electronic device may be an effective number. Specifically, first, the server receives a first set of registered feature vectors. Then, a second set of registration feature vectors is received, and a similarity between the second set of registration feature vectors and each of the first set of registration feature vectors is calculated, for example, if the euclidean distance between two registration feature vectors is greater than 0.5, the second set of registration feature vectors is an invalid vector. And informing the electronic equipment that the second acquired registration data is invalid, and performing the second data acquisition again. And repeating the steps until the S groups of registration feature vectors are received.
According to the embodiment of the disclosure, the pressure data or the contact area data generated by two identical operations are not identical during the use of the electronic device by the user. Therefore, the way of averaging the S groups of registered feature vectors may determine the second feature vector as the verification reference, and perform corresponding adjustment with the similarity as the determination condition. Therefore, the situation that the user cannot be authenticated even if the user operates the device is avoided.
Fig. 6 schematically shows a flowchart of a user authentication method for a server according to yet another embodiment of the present disclosure.
As shown in fig. 6, the user authentication method of the embodiment of the present disclosure may include operations S610 to S620, and operations S410 to S430. Wherein calculating the similarity of each first feature vector to each corresponding second feature vector in operation S420 includes calculating the similarity using a classification model. Referring to fig. 6, before operation S410, training the classification model may include operations S610 to S620.
In operation S610, M positive sample data in a training set are obtained, where each positive sample data includes verification data of a known user, and M is an integer greater than or equal to 1.
According to an embodiment of the present disclosure, referring to fig. 1, for example, three known users normally use the electronic devices 101, 102, and 103, respectively, and during the use, authentication data of the three known users is collected. Data generated by the user during normal use is known to be personal in character and therefore belongs to positive sample data.
In operation S620, a single-class support vector machine model is trained based on the training set to obtain a classification model.
In operation S410, at least one first feature vector sent by an electronic device is received, where the at least one first feature vector is obtained by processing, by the electronic device, verification data of a user to be verified, where the verification data includes sequence data of the user to be verified contacting N coordinate points on a screen of the electronic device, and at least one of pressure data or contact area data of the user contacting each coordinate point of the N coordinate points, where N is an integer greater than or equal to 1.
In operation S420, the at least one first feature vector is compared with at least one second feature vector stored in advance in a one-to-one correspondence manner, where the comparing includes: and calculating the similarity of each first feature vector and each corresponding second feature vector.
In operation S430, a comparison result is transmitted to the electronic device, wherein the comparison result is a pass when the similarity satisfies a preset condition.
According to the embodiment of the disclosure, the purpose of performing the non-perception verification by using the behavior sequence of the user is to find the behavior law of the user. Therefore, if a negative sample is constructed in the training set, on one hand, the irregularity is presented, so that the machine learning model cannot learn useful features, and on the other hand, the cost for constructing the training set is increased. The machine learning model is trained by using a single class support vector machine algorithm (one class support vector machine), so that a single class support vector machine model capable of classifying normal users and abnormal users can be obtained under the condition of only positive samples.
FIG. 7 schematically shows a flow diagram for sending a modified data processing model to an electronic device, according to an embodiment of the disclosure.
As shown in fig. 7, training the classification model in operation S620 may further include operations S710 to S730, where the modified data processing model is sent to the electronic device to adapt the electronic device accordingly. Wherein the classification model comprises a data processing model.
In operation S710, a parameter of an electronic device is acquired.
In operation S720, parameters of the data processing model are modified based on the parameters of the electronic device.
In operation S730, the modified data processing model is sent to the electronic device, so that the electronic device processes the authentication data of the user to be authenticated based on the modified data processing model to obtain at least one first feature vector.
According to an embodiment of the present disclosure, for example, the modified data processing model may first perform normalization processing on the collected pressure data or contact area data to obtain a preprocessed vector. Then, the preprocessed vector is used as an input of the model, and at least one first feature vector is output.
According to the embodiment of the disclosure, when a user to be verified operates the screen of the electronic device, the electronic device can acquire data through the sensor. Different models of electronic devices, or different operating systems of electronic devices, have different values (e.g., different units and data formats) acquired by sensors. Parameters such as the model of the electronic equipment, the operating system, the system version, the sensor model and the like can be acquired, and the parameters of the data processing model are modified, so that personalized adaptation is performed for each user.
Fig. 8 schematically shows a flowchart of a user authentication method for a server according to yet another embodiment of the present disclosure.
As shown in fig. 8, the user authentication method of the embodiment of the present disclosure may include operations S510 to S520, operations S810 to S820, and operations S410 to S430.
In operation S510, S sets of registration feature vectors sent by the electronic device are received, where each set of registration feature vectors is obtained by processing, by the electronic device, registration data of a user to be authenticated collected each time, where the registration data includes registration sequence data of the user to be authenticated in contact with N coordinate points and at least one of registration pressure data or registration contact area data of the user to be authenticated in contact with each coordinate point, and S is an integer greater than 1.
In operation S520, at least one second feature vector is obtained by averaging S sets of registered feature vectors, where each set of registered feature vectors includes at least one registered feature vector, and S is an integer greater than or equal to 1.
In operation S810, a user identifier is allocated to a user to be authenticated.
In operation S820, a user identification is stored in association with at least one second feature vector in advance.
In operation S410, at least one first feature vector sent by an electronic device is received, where the at least one first feature vector is obtained by processing, by the electronic device, verification data of a user to be verified, where the verification data includes sequence data of the user to be verified contacting N coordinate points on a screen of the electronic device, and at least one of pressure data or contact area data of the user contacting each coordinate point of the N coordinate points, where N is an integer greater than or equal to 1.
In operation S420, the at least one first feature vector is compared with at least one second feature vector stored in advance in a one-to-one correspondence manner, where the comparing includes: and calculating the similarity of each first feature vector and each corresponding second feature vector.
In operation S430, a comparison result is transmitted to the electronic device, wherein the comparison result is a pass when the similarity satisfies a preset condition.
According to an embodiment of the present disclosure, before performing operation S420 to calculate similarity between each first feature vector and each corresponding second feature vector, the at least one first feature vector may be further matched with the corresponding at least one second feature vector based on the user identification.
According to the embodiment of the disclosure, the server may provide the authentication service for the electronic devices of the plurality of users, and the server stores the second feature vectors corresponding to the plurality of users. Thus, storing the identification of each user in association with the second feature vector for that user may improve the speed of comparison of the first and second feature vectors.
It should be noted that, although the operations of the method are described above in a specific order, the embodiments of the present disclosure are not limited thereto, and the operations may be performed in other orders as needed. For example, step S810 may be performed before step S520, or may be performed simultaneously. In some embodiments, the generation of the user identification may be performed independently of the process of obtaining the second feature vector.
Fig. 9 schematically shows a block diagram of a user authentication apparatus 900 for an electronic device according to an embodiment of the present disclosure.
As shown in fig. 9, the user authentication apparatus 900 may include a data acquisition module 910, a data processing module 920, a vector transmission module 930, and a user authentication module 940.
The data obtaining module 910 may perform operation S210, for example, to obtain verification data generated by an operation performed on a screen of an electronic device by a user to be verified, where the verification data includes sequence data of the user to be verified in contact with N coordinate points on the screen and at least one of pressure data or contact area data of the user in contact with each coordinate point of the N coordinate points, where N is an integer greater than or equal to 1.
According to an embodiment of the present disclosure, the pressure data contacting each of the N coordinate points includes: at least one of a value of effective contact pressure, a value of maximum pressure, a value of minimum pressure, and a value of average pressure.
According to an embodiment of the present disclosure, the contact area data contacting each of the N coordinate points includes: at least one of an effective contact area, a maximum contact area, a minimum contact area, and an average contact area.
The data processing module 920 may perform operation S220, for example, to process the verification data to obtain at least one first feature vector.
The vector sending module 930 may perform, for example, operation S230, to send the at least one first feature vector to the server, so that the server compares the at least one first feature vector with the at least one second feature vector stored in advance in a one-to-one correspondence.
The user authentication module 940 may perform operation S240, for example, to authenticate the user when receiving that the comparison result sent by the server is pass.
According to an embodiment of the present disclosure, the user authentication apparatus 900 may further include a first registration module. The first registration module may perform operations S310 to S330, for example, to collect registration data of the user to be authenticated S times, where the registration data includes registration sequence data of the user to be authenticated contacting N coordinate points and at least one of registration pressure data or registration contact area data contacting each coordinate point, and S is an integer greater than 1. And respectively processing the registration data acquired for S times to obtain S groups of registration characteristic vectors, wherein each group of registration characteristic vectors comprises at least one registration characteristic vector. The S sets of registered feature vectors are sent to the server such that the server averages the S sets of registered feature vectors to obtain at least one second feature vector.
Fig. 10 schematically shows a block diagram of a user authentication apparatus 1000 for a server according to an embodiment of the present disclosure.
As shown in fig. 10, the user authentication apparatus 1000 may include a vector receiving module 1010, a vector comparing module 1020, and a result transmitting module 1030.
The vector receiving module 1010 may perform operation S410, for example, to receive at least one first feature vector sent by the electronic device, where the at least one feature vector is obtained by processing, by the electronic device, verification data of a user to be verified, where the verification data includes sequence data of the user to be verified contacting with N coordinate points on a screen of the electronic device, and at least one of pressure data or contact area data of the user to be verified contacting with each coordinate point on the screen of the electronic device, where N is an integer greater than or equal to 1.
The vector comparison module 1020 may perform operation S420, for example, to compare the at least one first feature vector with the at least one second feature vector stored in advance in a one-to-one correspondence manner, where the operation includes: and calculating the similarity of each first feature vector and each corresponding second feature vector.
The result transmitting module 1030 may perform operation S430, for example, to transmit a comparison result to the electronic device, wherein the comparison result is a pass when the similarity satisfies a preset condition.
According to an embodiment of the present disclosure, the user identification apparatus 1000 may further include a second registration module. The second registration module may perform operations S510 to S520, for example, to receive S sets of registration feature vectors sent by the electronic device, where each set of registration feature vectors is obtained by processing, by the electronic device, registration data of the user to be authenticated, where each set of registration feature vectors is acquired by the electronic device, the registration data includes registration sequence data of the user to be authenticated in contact with N coordinate points and at least one of registration pressure data or registration contact area data of the user to be authenticated in contact with each coordinate point, and S is an integer greater than 1. And averaging the S groups of registered feature vectors to obtain at least one second feature vector, wherein each group of registered feature vectors comprises at least one registered feature vector, and S is an integer greater than or equal to 1.
According to an embodiment of the present disclosure, the user recognition apparatus 1000 may further include a training module. The training module may perform operations S610 to S620, for example, to obtain M positive sample data in a training set, where each positive sample data includes verification data of a known user, and M is an integer greater than or equal to 1. And training the single-class support vector machine model based on the training set to obtain a classification model.
According to an embodiment of the present disclosure, the user recognition apparatus 1000 may further include a model transmission module. The model transmitting module may perform operations S710 to S730, for example, to acquire parameters of the electronic device. Parameters of the data processing model are modified based on the parameters of the electronic device. And sending the modified data processing model to the electronic equipment, so that the electronic equipment processes the verification data of the user to be verified based on the modified data processing model to obtain at least one first feature vector.
According to an embodiment of the present disclosure, the user identification device 1000 may further include a vector storage module. The vector storage module may perform operations S810 to S820, for example, to assign a user identifier to the user to be authenticated. The user identification is stored in advance in association with the at least one second feature vector. In some embodiments of the present disclosure, the user identification apparatus 1000 may further include a matching module configured to match at least one first feature vector with at least one corresponding second feature vector based on the user identification before calculating the similarity of each first feature vector with each corresponding second feature vector.
Fig. 11 schematically shows a flowchart of an interaction of a user authentication apparatus 900 for an electronic device and a user authentication apparatus 1000 for a server according to an embodiment of the present disclosure.
As shown in fig. 11, the interaction of the user authentication apparatus 900 with the user authentication apparatus 1000 may include operations S1101 to S1107. The user authentication apparatus 900 may include one or more, and accordingly, the electronic device may include one or more.
In operation S1101, when in the training phase, the authentication data of the known user may be collected by the first registration module of the user authentication apparatus 900 and transmitted to the user authentication apparatus 1000. Specifically, operations S310 to S330 may be referred to.
In operation S1102, the user authentication apparatus 1000 receives authentication data of a known user to construct a training set, and obtains a training model using a training module. Specifically, operations S610 to S620 may be referred to.
In operation S1103, when in the deployment phase, the user authentication apparatus 1000 may be deployed for each electronic device using the model transmission module. Specifically, reference may be made to operations S710 to S730.
According to the embodiment of the disclosure, the user verification apparatus 1000 may further perform operations such as pruning and quantization on the model in the deployment stage, so as to reduce the volume of the model while reducing the accuracy loss as much as possible.
In operation S1104, while in the registration phase, the user authentication apparatus 900 may register the user with the first registration module. Specifically, operations S310 to S330 may be referred to.
According to the embodiment of the disclosure, for example, a user enables password protection on a mobile banking client installed on an electronic device, the data processing model can be deployed on the mobile banking client. The user can submit registration data, such as a nine-square grid gesture password, and pressure data or contact area data when sliding a small dot of the nine-square grid, through a secure registration page of the mobile banking client. In some embodiments of the present disclosure, a user identification may be assigned based on the account id and electronic device model of each user.
In operation S1105, after the user authentication apparatus 1000 receives the registration feature vector of the user, the user may be registered using the second registration module. Specifically, operations S510 to S520 may be referred to.
In operation S1106, the user authentication device 900 may transmit at least one first feature vector to the user authentication device 1000 at the time of the authentication phase. Specifically, operations S210 to S240 may be referred to.
According to the embodiment of the disclosure, corresponding pressure or contact area data are collected in the process of sliding the Sudoku by a user, after sliding is finished, the data are preprocessed and transmitted to a data processing model deployed on the client side, and at least one first feature vector is output after the model is executed.
In operation S1107, the user authentication device 1000 compares the received at least one first feature vector with at least one second feature vector stored in advance and transmits the comparison result to the user authentication device 900.
According to the embodiment of the present disclosure, the user authentication apparatus 1000 determines whether the current user data is abnormal according to the similarity, and may perform secondary authentication by using other biometric authentication methods such as a human face, a fingerprint, and a voiceprint for the abnormal data (that is, the similarity does not satisfy a preset condition).
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as hardware circuitry, e.g., a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or by any other reasonable means of hardware or firmware for integrating or packaging a circuit, or by any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any of the modules in the user authentication apparatus 900 or the user authentication apparatus 1000 may be combined into one module to be implemented, or any of the modules may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one module of the user authentication device 900 or the user authentication device 1000 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware by any other reasonable way of integrating or packaging a circuit, or in any one of three implementations of software, hardware and firmware, or in a suitable combination of any of them. Alternatively, at least one module of the user authentication apparatus 900 or the user authentication apparatus 1000 may be at least partially implemented as a computer program module, which when executed may perform a corresponding function.
It should be noted that the user authentication method and apparatus of the embodiments of the present disclosure may be used in the financial field, and may also be used in any field other than the financial field.
FIG. 12 schematically illustrates a block diagram of a computer system suitable for implementing the user authentication method and apparatus according to an embodiment of the present disclosure. The computer system illustrated in FIG. 12 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.
As shown in fig. 12, a computer system 1200 according to an embodiment of the present disclosure includes a processor 1201, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)1202 or a program loaded from a storage section 1208 into a Random Access Memory (RAM) 1203. The processor 1201 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 1201 may also include on-board memory for caching purposes. The processor 1201 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 1203, various programs and data necessary for the operation of the system 1200 are stored. The processor 1201, the ROM 1202, and the RAM 1203 are connected to each other by a bus 1204. The processor 1201 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 1202 and/or the RAM 1203. Note that the programs may also be stored in one or more memories other than the ROM 1202 and the RAM 1203. The processor 1201 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
System 1200 may also include an input/output (I/O) interface 1205, according to an embodiment of the disclosure, input/output (I/O) interface 1205 also connected to bus 1204. The system 1200 may also include one or more of the following components connected to the I/O interface 1205: an input section 1206 including a keyboard, a mouse, and the like; an output portion 1207 including a display device such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 1208 including a hard disk and the like; and a communication section 1209 including a network interface card such as a LAN card, a modem, or the like. The communication section 1209 performs communication processing via a network such as the internet. A driver 1210 is also connected to the I/O interface 1205 as needed. A removable medium 1211, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is mounted on the drive 1210 as necessary, so that a computer program read out therefrom is mounted into the storage section 1208 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 1209, and/or installed from the removable medium 1211. The computer program, when executed by the processor 1201, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method provided by the embodiments of the present disclosure, when the computer program product is run on an electronic device, the program code being adapted to cause the electronic device, a server or a user authentication system to implement the user authentication method provided by the embodiments of the present disclosure.
The computer program, when executed by the processor 1201, performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, downloaded and installed through the communication section 1209, and/or installed from the removable medium 1211. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (14)

1. A user authentication method is applied to an electronic device and comprises the following steps:
acquiring verification data generated by a user to be verified operating a screen of the electronic equipment, wherein the verification data comprises sequence data of the user to be verified contacting N coordinate points on the screen and at least one of pressure data or contact area data contacting each coordinate point in the N coordinate points, and N is an integer greater than or equal to 1;
processing the verification data to obtain at least one first feature vector;
sending the at least one first feature vector to a server, so that the server compares the at least one first feature vector with at least one second feature vector stored in advance in a one-to-one correspondence manner;
and when the comparison result sent by the server is received to be passed, the user passes the verification.
2. The user authentication method according to claim 1, wherein the pressure data in contact with each of the N coordinate points includes:
at least one of a value of effective contact pressure, a value of maximum pressure, a value of minimum pressure, and a value of average pressure.
3. The user authentication method according to claim 1, wherein the contact area data in contact with each of the N coordinate points includes:
at least one of an effective contact area, a maximum contact area, a minimum contact area, and an average contact area.
4. The user authentication method according to claim 1, wherein the operation of the screen of the electronic device by the user to be authenticated includes:
and the user to be verified clicks and/or slides the screen.
5. The user authentication method of claim 1, wherein prior to obtaining the authentication data, further comprising:
acquiring registration data of the user to be verified for S times, wherein the registration data comprises registration sequence data of the user to be verified in contact with N coordinate points and at least one of registration pressure data or registration contact area data of the user to be verified in contact with each coordinate point, and S is an integer greater than 1;
respectively processing the registration data acquired for S times to obtain S groups of registration characteristic vectors, wherein each group of registration characteristic vectors comprises at least one registration characteristic vector;
sending the S sets of the registered feature vectors to the server such that the server averages the S sets of the registered feature vectors to obtain the at least one second feature vector.
6. A user authentication method is applied to a server and comprises the following steps:
receiving at least one first feature vector sent by electronic equipment, wherein the at least one feature vector is obtained by processing verification data of a user to be verified by the electronic equipment, the verification data comprises sequence data of the user to be verified contacting N coordinate points on a screen of the electronic equipment and at least one of pressure data or contact area data contacting each coordinate point in the N coordinate points, and N is an integer greater than or equal to 1;
comparing the at least one first feature vector with at least one second feature vector stored in advance in a one-to-one correspondence manner, wherein the method comprises the following steps: calculating the similarity of each first feature vector and each corresponding second feature vector;
and sending a comparison result to the electronic equipment, wherein the comparison result is a pass when the similarity meets a preset condition.
7. The user authentication method according to claim 6, wherein, prior to receiving the at least one first feature vector, the method further comprises obtaining the at least one second feature vector, in particular comprising:
receiving S groups of registration characteristic vectors sent by the electronic equipment, wherein each group of registration characteristic vectors is obtained by processing registration data of the user to be verified, collected each time, by the electronic equipment, the registration data comprises registration sequence data of the user to be verified, which is in contact with N coordinate points, and at least one of registration pressure data or registration contact area data, which is in contact with each coordinate point, and S is an integer greater than 1;
and averaging the registration feature vectors of S groups to obtain the at least one second feature vector, wherein each group of the registration feature vectors comprises at least one registration feature vector, and S is an integer greater than or equal to 1.
8. The user verification method according to claim 6 or 7, wherein the calculating of the similarity of each of the first feature vectors to each of the corresponding second feature vectors comprises calculating the similarity using a classification model, and the training of the classification model before receiving the at least one first feature vector further comprises:
obtaining M positive sample data in a training set, wherein each positive sample data comprises the verification data of a known user, and M is an integer greater than or equal to 1;
and training a single-class support vector machine model based on the training set to obtain the classification model.
9. The user verification method of claim 8, wherein the classification model comprises a data processing model, further comprising, after the obtaining the classification model:
acquiring parameters of the electronic equipment;
modifying parameters of the data processing model based on parameters of the electronic device;
sending the modified data processing model to the electronic device, so that the electronic device processes the verification data of the user to be verified based on the modified data processing model to obtain the at least one first feature vector.
10. The user authentication method of claim 6, wherein the method further comprises:
distributing a user identifier for the user to be verified;
storing the user identification in association with the at least one second feature vector in advance;
wherein, before the calculating the similarity between each first feature vector and each corresponding second feature vector, the method further comprises:
matching the at least one first feature vector with the corresponding at least one second feature vector based on the user identification.
11. A user identity verification device is applied to electronic equipment and comprises:
the data acquisition module is used for acquiring verification data generated by a user to be verified operating a screen of the electronic equipment, wherein the verification data comprises sequential data of the user to be verified contacting N coordinate points on the screen and at least one of pressure data or contact area data contacting each coordinate point in the N coordinate points, and N is an integer greater than or equal to 1;
the data processing module is used for processing the verification data to obtain at least one first feature vector;
the vector sending module is used for sending the at least one first feature vector to a server so that the server compares the at least one first feature vector with at least one second feature vector stored in advance in a one-to-one correspondence manner;
and the user verification module is used for passing the user verification when the comparison result sent by the server is received.
12. A user authentication device applied to a server comprises:
the system comprises a vector receiving module, a verification module and a verification module, wherein the vector receiving module is used for receiving at least one first feature vector sent by electronic equipment, the at least one feature vector is obtained by processing verification data of a user to be verified by the electronic equipment, the verification data comprises sequential data of the user to be verified contacting with N coordinate points on a screen of the electronic equipment and at least one of pressure data or contact area data of the user to be verified contacting with each coordinate point of the N coordinate points, and N is an integer greater than or equal to 1;
the vector comparison module is configured to compare the at least one first feature vector with at least one second feature vector stored in advance in a one-to-one correspondence manner, where the vector comparison module includes: calculating the similarity of each first feature vector and each corresponding second feature vector;
and the result sending module is used for sending a comparison result to the electronic equipment, wherein when the similarity meets a preset condition, the comparison result is passed.
13. A user authentication system comprising:
one or more memories storing executable instructions; and
one or more processors executing the executable instructions to implement the method of any one of claims 1-10.
14. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 10.
CN202110503090.6A 2021-05-08 2021-05-08 User authentication method, user authentication device, user authentication system, and storage medium Pending CN113095843A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110503090.6A CN113095843A (en) 2021-05-08 2021-05-08 User authentication method, user authentication device, user authentication system, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110503090.6A CN113095843A (en) 2021-05-08 2021-05-08 User authentication method, user authentication device, user authentication system, and storage medium

Publications (1)

Publication Number Publication Date
CN113095843A true CN113095843A (en) 2021-07-09

Family

ID=76665201

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110503090.6A Pending CN113095843A (en) 2021-05-08 2021-05-08 User authentication method, user authentication device, user authentication system, and storage medium

Country Status (1)

Country Link
CN (1) CN113095843A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102982269A (en) * 2012-10-25 2013-03-20 北京大学 Anti-peeping code authentication method and anti-peeping code authentication system based on biological metering characteristics
CN104035698A (en) * 2013-03-04 2014-09-10 联想(北京)有限公司 Terminal equipment and state switchover method for same
CN104992089A (en) * 2015-07-23 2015-10-21 广东欧珀移动通信有限公司 Security verification method and system based on touch screen technology
CN105279405A (en) * 2015-10-28 2016-01-27 同济大学 Keypress behavior pattern construction and analysis system of touch screen user and identity recognition method thereof
CN109543390A (en) * 2018-12-25 2019-03-29 广州知弘科技有限公司 A kind of information security management method and system
CN110147664A (en) * 2019-04-19 2019-08-20 深圳壹账通智能科技有限公司 The method and relevant device of authentication based on centralization database
CN110362233A (en) * 2019-07-19 2019-10-22 深圳国微视安科技有限公司 Intelligent home furnishing control method and system based on 3D pressure sensitivity touch technology

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102982269A (en) * 2012-10-25 2013-03-20 北京大学 Anti-peeping code authentication method and anti-peeping code authentication system based on biological metering characteristics
CN104035698A (en) * 2013-03-04 2014-09-10 联想(北京)有限公司 Terminal equipment and state switchover method for same
CN104992089A (en) * 2015-07-23 2015-10-21 广东欧珀移动通信有限公司 Security verification method and system based on touch screen technology
CN105279405A (en) * 2015-10-28 2016-01-27 同济大学 Keypress behavior pattern construction and analysis system of touch screen user and identity recognition method thereof
CN109543390A (en) * 2018-12-25 2019-03-29 广州知弘科技有限公司 A kind of information security management method and system
CN110147664A (en) * 2019-04-19 2019-08-20 深圳壹账通智能科技有限公司 The method and relevant device of authentication based on centralization database
CN110362233A (en) * 2019-07-19 2019-10-22 深圳国微视安科技有限公司 Intelligent home furnishing control method and system based on 3D pressure sensitivity touch technology

Similar Documents

Publication Publication Date Title
US11847199B2 (en) Remote usage of locally stored biometric authentication data
US10558792B2 (en) Touch-screen user key-press behavior pattern construction and analysis system and identity recognition method thereof
US20210286870A1 (en) Step-Up Authentication
CN106650350B (en) Identity authentication method and system
US9800574B2 (en) Method and apparatus for providing client-side score-based authentication
US9202035B1 (en) User authentication based on biometric handwriting aspects of a handwritten code
WO2021244531A1 (en) Payment method and apparatus based on facial recognition
EP4248341A1 (en) Method and apparatus for user recognition
Progonov et al. Behavior-based user authentication on mobile devices in various usage contexts
CN111882425B (en) Service data processing method, device and server
US11503018B2 (en) Method and system for detecting two-factor authentication
CN110546638A (en) Improvements in biometric authentication
CN116561737A (en) Password validity detection method based on user behavior base line and related equipment thereof
US20230319036A1 (en) Device-agnostic access control techniques
CN113095843A (en) User authentication method, user authentication device, user authentication system, and storage medium
CN114201740A (en) Login method, login device, electronic equipment and storage medium
CN106936840B (en) Information prompting method and device
CN111353139A (en) Continuous authentication method and device, electronic equipment and storage medium
CN111275506A (en) Bill issuing method and block link point equipment
CN109618342A (en) It is a kind of for determining the method and apparatus of the operation permission information of user
Suruthi et al. Efficient handwritten passwords to overcome spyware attacks
US20240095740A1 (en) Multi-factor authentication using location data
CN114567451B (en) Identity verification method, identity verification device, computer equipment and storage medium
CN111199027B (en) User authentication method and device, computer-readable storage medium and electronic equipment
US20240220593A1 (en) User authentication with biometric data in conjunction with autofill assistance

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination