CN113761514A - Cloud desktop multi-factor security authentication method and system - Google Patents

Abstract

The invention relates to the technical field of cloud system operation, and particularly discloses a cloud desktop multi-factor security authentication method and a cloud desktop multi-factor security authentication system, wherein the method comprises the following steps: receiving an access request, determining a verification problem, and judging whether a sender of the access request is a real person or not according to the verification problem; when the access request is sent by a real person, acquiring account information, and comparing the account information with preset registration information; when the account information is the same as the registration information, acquiring a user operation record, determining a risk problem according to the user operation record, displaying the risk problem at regular time, and receiving a feedback answer; and judging the feedback answers to determine emergency measures. According to the method and the device, the user operation record is obtained, the risk problem is determined according to the user operation record and displayed at regular time, the feedback answer is received, and the feedback answer is judged, so that the safety verification is performed in the using process of the user, and the safety of the system is improved.

Description

Cloud desktop multi-factor security authentication method and system

Technical Field

The invention relates to the technical field of cloud system operation, in particular to a cloud desktop multi-factor security authentication method and system.

Background

The cloud desktop is also called desktop virtualization and cloud computer, and is a new mode for replacing the traditional computer; after the cloud desktop is adopted, a user does not need to purchase a computer host, all components such as a CPU (central processing unit), a memory, a hard disk and the like contained in the computer host are virtualized in a server at the back end, and 1-50 different virtual computers can be virtualized by a single high-performance server; the main stream of the front-end equipment is that a client (equipment similar to a television set-top box) is connected with a display and a keyboard and mouse, and a user accesses a virtual machine host on a back-end server through a special communication protocol after installing the client to realize interactive operation, so that the experience effect consistent with that of a computer is achieved; meanwhile, the cloud desktop not only supports the replacement of a traditional computer, but also supports other intelligent devices such as a mobile phone and a tablet to access the Internet, and is also the latest solution of mobile office.

It can be expected that the central device providing the cloud desktop service is extremely high in calculation capacity and can easily become an attacked target, if a true attack succeeds, not only can user information be read, but also some very large projects can be completed by means of the central device, and all the projects violate benefits of a cloud desktop service provider, so that the cloud desktop can be really put into use on the premise that the cloud desktop is safe enough.

However, the center of gravity of the existing security guarantee mode is placed in the login process, such as password requirement improvement, difficulty increase of verification codes and the like, but the security verification in the use process is almost not performed, so that an attacker can attack the system only by adopting a method to bypass security measures in the login process, and the security is low.

Disclosure of Invention

The invention aims to provide a cloud desktop multi-factor security authentication method and a cloud desktop multi-factor security authentication system to solve the problems in the background technology.

In order to achieve the purpose, the invention provides the following technical scheme:

a cloud desktop multi-factor security authentication method, the method comprising:

receiving an access request, determining a verification problem, and judging whether a sender of the access request is a real person or not according to the verification problem;

when the access request is sent by a real person, acquiring account information, and comparing the account information with preset registration information;

when the account information is the same as the registration information, acquiring a user operation record, determining a risk problem according to the user operation record, displaying the risk problem at regular time, and receiving a feedback answer;

and comparing the feedback answer with a preset reference answer, determining the risk probability according to the comparison result, and executing emergency measures when the risk probability is greater than a preset probability threshold.

As a further limitation of the technical scheme of the invention: the step of receiving an access request and determining a verification problem specifically includes:

receiving an access request, generating access times, and stopping receiving the access request when the access times are greater than a preset first time threshold;

when the access times are smaller than a preset first time threshold value, determining difficulty levels according to the access times;

determining a verification problem according to the difficulty level; the format of the verification question at least comprises a picture and audio.

As a further limitation of the technical scheme of the invention: when the account information is the same as the registration information, acquiring a user operation record, determining a risk problem according to the user operation record and displaying the risk problem at regular time, wherein the step of receiving a feedback answer specifically comprises the following steps:

sequentially acquiring the latest use time of each application program, and marking the application programs when the latest use time is within a preset time range;

counting the marked application programs, sequentially calculating preference values of the marked application programs, and performing ascending arrangement on the marked application programs according to the preference values;

sequentially acquiring search records, and determining keywords according to the search records;

and reading risk questions according to the keywords, displaying the risk questions at regular time, and receiving feedback answers.

As a further limitation of the technical scheme of the invention: the step of calculating the preference values of the marked application program sequentially by the application program with the statistical mark specifically comprises:

counting the marked application programs, sequentially arranging the marked application programs according to the latest service time corresponding to the marked application programs, and generating marks;

calculating the use frequency of the marked application program, and determining the preference value of the marked application program according to the use frequency and the label;

the calculation formula of the preference value is as follows: p ═ α B × L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.

As a further limitation of the technical scheme of the invention: the step of sequentially acquiring search records and determining keywords according to the search records specifically comprises:

acquiring a search record, and inputting the search record into a trained part-of-speech analysis model to obtain a search record with part-of-speech tags;

extracting nouns according to the part of speech marks, and determining similar words according to a similar word library;

and sequencing the similar meaning words according to a preset arrangement mode, and intercepting the end similar meaning words as keywords.

As a further limitation of the technical scheme of the invention: comparing the feedback answer with a preset reference answer, determining a risk probability according to a comparison result, and executing emergency measures when the risk probability is greater than a preset probability threshold specifically comprises the following steps:

establishing a connection channel with a question database, and reading corresponding reference answers according to the risk questions;

receiving a feedback answer, and judging whether the feedback answer is the same as the reference answer;

when the feedback answer is the same as the reference answer, reducing the risk probability according to a preset adjusting probability, and when the feedback answer is different from the reference answer, increasing the risk probability according to the preset adjusting probability;

and when the number of times of the feedback answer being empty reaches a preset second number threshold and the empty feedback answer is received again, judging that the feedback answer is different from the reference answer.

As a further limitation of the technical scheme of the invention: the step of receiving the access request, determining a verification problem, and judging whether the sender of the access request is a real person according to the verification problem further comprises the following steps:

receiving a user access request, acquiring a user position, and generating an access report according to the user position, wherein the access report comprises a position name item and an access frequency item;

based on the position name traversal access report, judging whether the position name appears repeatedly; if so, positioning the corresponding access times item based on the position name, and reading the corresponding access times; if not, inserting the position name into an access report, and assigning the corresponding access times as one;

and judging whether the access times are larger than a preset third time threshold value or not, and correcting the first time threshold value according to a judgment result.

The technical scheme of the invention also provides a cloud desktop multi-factor security authentication method and a system, wherein the system comprises the following steps:

the identity authentication module is used for receiving the access request, determining an authentication problem and judging whether a sender of the access request is a real person or not according to the authentication problem;

the account verification module is used for acquiring account information when the access request is sent by a real person and comparing the account information with preset registration information;

the risk question display module is used for acquiring a user operation record when the account information is the same as the registration information, determining a risk question according to the user operation record, displaying the risk question at regular time and receiving a feedback answer;

and the risk probability judging module is used for comparing the feedback answer with a preset reference answer, determining the risk probability according to the comparison result, and executing emergency measures when the risk probability is greater than a preset probability threshold.

As a further limitation of the technical scheme of the invention: the risk problem display module specifically comprises:

the marking unit is used for sequentially acquiring the latest use time of each application program, and marking the application programs when the latest use time is within a preset time range;

the preference value calculating unit is used for counting the marked application programs, calculating the preference values of the marked application programs in sequence and arranging the marked application programs in an ascending sequence according to the preference values;

the keyword determining unit is used for sequentially acquiring search records and determining keywords according to the search records;

and the display unit is used for reading the risk questions according to the keywords, displaying the risk questions at regular time and receiving feedback answers.

As a further limitation of the technical scheme of the invention: the preference value calculating unit includes:

the label generation subunit is used for counting the marked application programs, sequentially arranging the marked application programs according to the latest service time corresponding to the marked application programs and generating labels;

the execution subunit is used for calculating the use frequency of the marked application program and determining the preference value of the marked application program according to the use frequency and the mark number;

the calculation formula of the preference value is as follows: p ═ α B × L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.

Compared with the prior art, the invention has the beneficial effects that: according to the method and the device, the user operation record is obtained, the risk problem is determined according to the user operation record and displayed at regular time, the feedback answer is received, and the feedback answer is judged, so that the safety verification is performed in the using process of the user, and the safety of the system is improved.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention.

Fig. 1 shows a flow diagram of a cloud desktop multi-factor security authentication method.

Fig. 2 illustrates a first sub-flow block diagram of a cloud desktop multi-factor security authentication method.

Fig. 3 illustrates a second sub-flow block diagram of a cloud desktop multi-factor security authentication method.

Fig. 4 illustrates a third sub-flow block diagram of a cloud desktop multi-factor security authentication method.

Fig. 5 illustrates a fourth sub-flow block diagram of a cloud desktop multi-factor security authentication method.

Fig. 6 illustrates a fifth sub-flow block diagram of a cloud desktop multi-factor security authentication method.

Fig. 7 illustrates a sixth sub-flow block diagram of a cloud desktop multi-factor security authentication method.

Fig. 8 shows a block diagram of a component structure of the cloud desktop multi-factor security authentication system.

Fig. 9 is a block diagram illustrating a structure of a risk problem display module in the cloud desktop multi-factor security authentication system.

Fig. 10 is a block diagram showing the constitutional structure of the preference value calculating unit in the risk issue display module.

Detailed Description

In order to make the technical problems, technical solutions and advantageous effects to be solved by the present invention more clearly apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

Example 1

Fig. 1 shows a flow diagram of a cloud desktop multi-factor security authentication method, and in an embodiment of the present invention, the cloud desktop multi-factor security authentication method includes steps S100 to S400:

step S100: receiving an access request, determining a verification problem, and judging whether a sender of the access request is a real person or not according to the verification problem;

the purpose of step S100 is very clear, whether the visitor is a real person is verified, and mainly for this purpose, the computer decrypts the account information by enumerating within a certain range, and then uses the computing resource, which is a common verification code corresponding to the prior art, and is mostly used for some web pages to log in.

Step S200: when the access request is sent by a real person, acquiring account information, and comparing the account information with preset registration information;

the verification process of the account information is simple and can be simply compared, generally, a user account serves as a public key, a password during registration is located according to the user account, and then whether the password input by the user is the same as the password during registration or not is judged.

Step S300: when the account information is the same as the registration information, acquiring a user operation record, determining a risk problem according to the user operation record, displaying the risk problem at regular time, and receiving a feedback answer;

step S300 is a core step of the present invention, and is also a step different from other verification methods, and a determination process occurs during a user using process, from the perspective of the user, when working through a cloud desktop, some questions may be displayed from time to time, and then the user needs to answer the questions, and further determines whether the user is safe according to answers answered by the user. It is worth mentioning that the above-mentioned timed display means that a question is displayed for a short time, and when the displayed time is over, the question automatically disappears and the answer answered by the user is regarded as empty.

Step S400: comparing the feedback answer with a preset reference answer, determining a risk probability according to a comparison result, and executing emergency measures when the risk probability is greater than a preset probability threshold;

step S400 is an execution process, in which feedback answers answered by the user are continuously compared with preset reference answers, and whether the answer is safe is determined according to the answer result, the specific determination process is performed according to the risk probability, and the risk probability is influenced to a certain extent when the user answers a risk question every time, so that the risk probability represents the system safety.

Fig. 2 shows a first sub-flow block diagram of the cloud desktop multi-factor security authentication method, where the step of receiving an access request and determining a verification problem specifically includes steps S101 to S103:

step S101: receiving an access request, generating access times, and stopping receiving the access request when the access times are greater than a preset first time threshold;

step S101 is a triggering step, when the access times are too large, the system is locked, and the access request is stopped to be received; of course, the first time threshold is also large enough to give normal people a chance of trial and error, such as thousands of times, and a normal person hardly tries a thousand of times, and once thousands of times of trials are found, the visitor can be considered as some malicious devices.

Step S102: when the access times are smaller than a preset first time threshold value, determining difficulty levels according to the access times;

step S103: determining a verification problem according to the difficulty level; the format of the verification question at least comprises a picture and audio;

step S102 to step S103 are a small innovation of the present invention, and the implication is that the authentication problem is more than one, and it is conceivable that each person has different abilities, faces the difficult authentication problem, and is difficult to pass the authentication, which is not in accordance with the original intention of the authentication problem. For example, one of the existing verification problems is to provide a series of cut images, select pictures including certain features, and then perform multiple continuous verifications with a little error in between or network fluctuation, which is thought to cause the user to feel repugnance, and after the multiple verifications fail, the mood of the user is seriously affected. In an extreme case, if a system has a problem, every authentication is wrong by default, and under the authentication problem with extremely high difficulty, a user can think that the user is a problem, but does not doubt the system, and can think that the user really encounters the situation, the user's patience will be exhausted, and the system problem is very common, and almost everyone encounters the situation that the input of the authentication code is wrong no matter how.

Fig. 3 shows a second sub-flow block diagram of the cloud desktop multi-factor security authentication method, where when the account information is the same as the registration information, a user operation record is obtained, a risk problem is determined according to the user operation record and is displayed at regular time, and the step of receiving a feedback answer specifically includes steps S301 to S304:

step S301: sequentially acquiring the latest use time of each application program, and marking the application programs when the latest use time is within a preset time range;

the function of step S301 is to mark, but there is a premise that the preset time range is within a certain time range, for example, if the preset time range is a month, then the application program whose latest usage time is within the month will be marked, and the analysis value is high.

Step S302: counting the marked application programs, sequentially calculating preference values of the marked application programs, and performing ascending arrangement on the marked application programs according to the preference values;

the ascending preference value means that the application program with low preference value is arranged in front, and the purpose of doing so is to reduce the user's dislike degree about information leakage;

step S303: sequentially acquiring search records, and determining keywords according to the search records;

step S304: and reading risk questions according to the keywords, displaying the risk questions at regular time, and receiving feedback answers.

The purpose of steps S303 to S304 is to determine a process of a risk question, where the risk question is determined according to a keyword, and is related to a specific question form, and as an example, the determination step of the risk question is described.

Fig. 4 shows a third sub-flow block diagram of the cloud desktop multi-factor security authentication method, where the step of counting the marked application programs and sequentially calculating the preference values of the marked application programs specifically includes steps S3021 to S3022:

step S3021: counting the marked application programs, sequentially arranging the marked application programs according to the latest service time corresponding to the marked application programs, and generating marks;

step S3022: calculating the use frequency of the marked application program, and determining the preference value of the marked application program according to the use frequency and the label;

the calculation formula of the preference value is as follows: p ═ α B × L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.

The above is a specific calculation process, wherein the application programs are firstly arranged in sequence according to the latest usage time, and as a result of the arrangement, the closer the application program row is to the actual time, the larger the corresponding label is; in other words, the larger the number, the higher the user's preference for the application.

In addition, the use frequency is calculated according to the number of access times in a certain time; it is contemplated that the higher the frequency of use, the higher the user's preference for the application.

It should be noted that if the preference values are in reverse order, the preference values should be inversely proportional to the labels and the corresponding formula should be adjusted to: p ═ α B/L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.

Fig. 5 shows a fourth sub-flow block diagram of the cloud desktop multi-factor security authentication method, where the step of sequentially acquiring search records and determining a keyword according to the search records specifically includes steps S3031 to S3033:

step S3031: acquiring a search record, and inputting the search record into a trained part-of-speech analysis model to obtain a search record with part-of-speech tags;

step S3032: extracting nouns according to the part of speech marks, and determining similar words according to a similar word library;

step S3033: and sequencing the similar meaning words according to a preset arrangement mode, and intercepting the end similar meaning words as keywords.

Step S3031 to step S3033 are the determining process of the keywords, first, we need to analyze the part of speech, and some existing typing software have this function, that is, the part of speech analysis model is not detailed; in addition, the nouns obtained need to be unified, such as "potato" and "egg", and the words refer to the same object and can be replaced by "potato".

Fig. 6 shows a fifth sub-flow block diagram of the cloud desktop multi-factor security authentication method, where the feedback answer is compared with a preset reference answer, a risk probability is determined according to a comparison result, and when the risk probability is greater than a preset probability threshold, the step of executing the emergency measure specifically includes steps S401 to S403:

step S401: establishing a connection channel with a question database, and reading corresponding reference answers according to the risk questions;

step S402: receiving a feedback answer, and judging whether the feedback answer is the same as the reference answer;

step S403: when the feedback answer is the same as the reference answer, reducing the risk probability according to a preset adjusting probability, and when the feedback answer is different from the reference answer, increasing the risk probability according to the preset adjusting probability;

the comparison process between the feedback answer and the reference answer is not complicated, but it should be noted that the feedback answer is empty, and one solution is: when the number of times of the feedback answer being empty reaches a preset second time threshold value and the empty feedback answer is received again, judging that the feedback answer is different from the reference answer; wherein the purpose of the second threshold is to give the user a certain error limit. Of course, there is also a solution where several empty feedback answers can be treated as one different case, thereby increasing the risk probability.

Fig. 7 shows a sixth sub-flow block diagram of the cloud desktop multi-factor security authentication method, where the step of receiving the access request, determining a verification problem, and determining whether the sender of the access request is a real person according to the verification problem further includes steps S104 to S106:

step S104: receiving a user access request, acquiring a user position, and generating an access report according to the user position, wherein the access report comprises a position name item and an access frequency item;

step S105: based on the position name traversal access report, judging whether the position name appears repeatedly; if so, positioning the corresponding access times item based on the position name, and reading the corresponding access times; if not, inserting the position name into an access report, and assigning the corresponding access times as one;

step S106: and judging whether the access times are larger than a preset third time threshold value or not, and correcting the first time threshold value according to a judgment result.

Step S104 to step S106 are a correction technical solution, which aims to correct the first time threshold, the working principle of which is a place where the user frequently logs in popular language, the security is high, and the verification frequency threshold, that is, the first time threshold may be a little more, otherwise, the first time threshold is a little less.

Example 2

Fig. 8 is a block diagram illustrating a composition structure of a cloud desktop multi-factor security authentication system, in an embodiment of the present invention, a cloud desktop multi-factor security authentication system includes:

the identity authentication module 11 is used for receiving the access request, determining an authentication problem, and judging whether a sender of the access request is a real person according to the authentication problem;

the identity verification module 11 is configured to complete step S100;

the account verification module 12 is configured to obtain account information when the access request is sent by a real person, and compare the account information with preset registration information;

the account verification module 12 is configured to complete step S200;

the risk question display module 13 is configured to obtain a user operation record when the account information is the same as the registration information, determine a risk question according to the user operation record, display the risk question at regular time, and receive a feedback answer;

the risk question display module 13 is configured to complete step S300;

a risk probability judging module 14, configured to compare the feedback answer with a preset reference answer, determine a risk probability according to a comparison result, and execute an emergency measure when the risk probability is greater than a preset probability threshold;

the risk probability judging module 14 is configured to complete step S400;

fig. 9 is a block diagram illustrating a structure of a risk problem display module in the cloud desktop multi-factor security authentication system, where the risk problem display module 13 specifically includes:

the marking unit 131 is configured to sequentially obtain the latest usage time of each application program, and mark the application program when the latest usage time is within a preset time range;

the marking unit 131 is used for completing the step S301;

a preference value calculating unit 132, configured to count the marked applications, sequentially calculate preference values of the marked applications, and perform ascending order arrangement on the marked applications according to the preference values;

the preference value calculating unit 132 is configured to complete step S302;

a keyword determining unit 133, configured to sequentially obtain search records, and determine a keyword according to the search records;

the keyword determination unit 133 is configured to complete step S303;

the display unit 134 is used for reading risk questions according to the keywords, displaying the risk questions at regular time and receiving feedback answers;

the display unit 134 is used to complete step S304.

Fig. 10 is a block diagram showing a configuration of a preference value calculating unit in the risk issue display module, wherein the preference value calculating unit 132 includes:

a label generation subunit 1321, configured to count tagged applications, sequentially arrange the tagged applications according to the latest usage time corresponding to the tagged applications, and generate labels;

the label generation subunit 1321 is configured to complete step S3021;

an execution subunit 1322, configured to calculate a usage frequency of the marked application program, and determine a preference value of the marked application program according to the usage frequency and the mark number;

the execution subunit 1322 is configured to complete step S3022;

the calculation formula of the preference value is as follows: p ═ α B × L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.

The functions that can be realized by the cloud desktop multi-factor security authentication method are all completed by computer equipment, wherein the computer equipment comprises one or more processors and one or more memories, at least one program code is stored in the one or more memories, and the program code is loaded and executed by the one or more processors to realize the functions of the cloud desktop multi-factor security authentication method.

The processor fetches instructions and analyzes the instructions one by one from the memory, then completes corresponding operations according to the instruction requirements, generates a series of control commands, enables all parts of the computer to automatically, continuously and coordinately act to form an organic whole, realizes the input of programs, the input of data, the operation and the output of results, and the arithmetic operation or the logic operation generated in the process is completed by the arithmetic unit; the Memory comprises a Read-Only Memory (ROM) for storing a computer program, and a protection device is arranged outside the Memory.

Illustratively, a computer program can be partitioned into one or more modules, which are stored in memory and executed by a processor to implement the present invention. One or more of the modules may be a series of computer program instruction segments capable of performing certain functions, which are used to describe the execution of the computer program in the terminal device.

Those skilled in the art will appreciate that the above description of the service device is merely exemplary and not limiting of the terminal device, and may include more or less components than those described, or combine certain components, or different components, such as may include input output devices, network access devices, buses, etc.

The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like, which is the control center of the terminal equipment and connects the various parts of the entire user terminal using various interfaces and lines.

The memory may be used to store computer programs and/or modules, and the processor may implement various functions of the terminal device by operating or executing the computer programs and/or modules stored in the memory and calling data stored in the memory. The memory mainly comprises a storage program area and a storage data area, wherein the storage program area can store an operating system, application programs (such as an information acquisition template display function, a product information publishing function and the like) required by at least one function and the like; the storage data area may store data created according to the use of the berth-state display system (e.g., product information acquisition templates corresponding to different product types, product information that needs to be issued by different product providers, etc.), and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.

The terminal device integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the modules/units in the system according to the above embodiment may be implemented by a computer program, which may be stored in a computer-readable storage medium and used by a processor to implement the functions of the embodiments of the system. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying computer program code, recording medium, U.S. disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution media, and the like.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A cloud desktop multi-factor security authentication method, the method comprising:

receiving an access request, determining a verification problem, and judging whether a sender of the access request is a real person or not according to the verification problem;

when the access request is sent by a real person, acquiring account information, and comparing the account information with preset registration information;

when the account information is the same as the registration information, acquiring a user operation record, determining a risk problem according to the user operation record, displaying the risk problem at regular time, and receiving a feedback answer;

and comparing the feedback answer with a preset reference answer, determining the risk probability according to the comparison result, and executing emergency measures when the risk probability is greater than a preset probability threshold.

2. The cloud desktop multi-factor security authentication method according to claim 1, wherein the step of receiving an access request and determining a verification problem specifically comprises:

receiving an access request, generating access times, and stopping receiving the access request when the access times are greater than a preset first time threshold;

when the access times are smaller than a preset first time threshold value, determining difficulty levels according to the access times;

determining a verification problem according to the difficulty level; the format of the verification question at least comprises a picture and audio.

3. The cloud desktop multi-factor security authentication method according to claim 1, wherein when the account information is the same as the registration information, obtaining a user operation record, determining a risk problem according to the user operation record, and displaying the risk problem at regular time, and the step of receiving a feedback answer specifically includes:

sequentially acquiring the latest use time of each application program, and marking the application programs when the latest use time is within a preset time range;

counting the marked application programs, sequentially calculating preference values of the marked application programs, and performing ascending arrangement on the marked application programs according to the preference values;

sequentially acquiring search records, and determining keywords according to the search records;

and reading risk questions according to the keywords, displaying the risk questions at regular time, and receiving feedback answers.

4. The cloud desktop multi-factor security authentication method according to claim 3, wherein the step of counting the marked application programs and sequentially calculating the preference values of the marked application programs specifically comprises:

counting the marked application programs, sequentially arranging the marked application programs according to the latest service time corresponding to the marked application programs, and generating marks;

calculating the use frequency of the marked application program, and determining the preference value of the marked application program according to the use frequency and the label;

the calculation formula of the preference value is as follows: p ═ α B × L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.

5. The cloud desktop multi-factor security authentication method according to claim 3, wherein the step of sequentially obtaining search records and determining keywords according to the search records specifically comprises:

acquiring a search record, and inputting the search record into a trained part-of-speech analysis model to obtain a search record with part-of-speech tags;

extracting nouns according to the part of speech marks, and determining similar words according to a similar word library;

and sequencing the similar meaning words according to a preset arrangement mode, and intercepting the end similar meaning words as keywords.

6. The cloud desktop multi-factor security authentication method according to claim 1, wherein the step of comparing the feedback answer with a preset reference answer and determining a risk probability according to a comparison result, and when the risk probability is greater than a preset probability threshold, the step of executing an emergency measure specifically comprises:

establishing a connection channel with a question database, and reading corresponding reference answers according to the risk questions;

receiving a feedback answer, and judging whether the feedback answer is the same as the reference answer;

when the feedback answer is the same as the reference answer, reducing the risk probability according to a preset adjusting probability, and when the feedback answer is different from the reference answer, increasing the risk probability according to the preset adjusting probability;

and when the number of times of the feedback answer being empty reaches a preset second number threshold and the empty feedback answer is received again, judging that the feedback answer is different from the reference answer.

7. The cloud desktop multi-factor security authentication method of any one of claims 1-6, wherein the receiving an access request, determining a verification question, and determining whether a sender of the access request is a real person based on the verification question further comprises:

receiving a user access request, acquiring a user position, and generating an access report according to the user position, wherein the access report comprises a position name item and an access frequency item;

based on the position name traversal access report, judging whether the position name appears repeatedly; if so, positioning the corresponding access times item based on the position name, and reading the corresponding access times; if not, inserting the position name into an access report, and assigning the corresponding access times as one;

and judging whether the access times are larger than a preset third time threshold value or not, and correcting the first time threshold value according to a judgment result.

8. A cloud desktop multi-factor security authentication system, the system comprising:

the identity authentication module is used for receiving the access request, determining an authentication problem and judging whether a sender of the access request is a real person or not according to the authentication problem;

the account verification module is used for acquiring account information when the access request is sent by a real person and comparing the account information with preset registration information;

the risk question display module is used for acquiring a user operation record when the account information is the same as the registration information, determining a risk question according to the user operation record, displaying the risk question at regular time and receiving a feedback answer;

and the risk probability judging module is used for comparing the feedback answer with a preset reference answer, determining the risk probability according to the comparison result, and executing emergency measures when the risk probability is greater than a preset probability threshold.

9. The cloud desktop multi-factor security authentication system of claim 8, wherein the risk issue display module specifically comprises:

the marking unit is used for sequentially acquiring the latest use time of each application program, and marking the application programs when the latest use time is within a preset time range;

the preference value calculating unit is used for counting the marked application programs, calculating the preference values of the marked application programs in sequence and arranging the marked application programs in an ascending sequence according to the preference values;

the keyword determining unit is used for sequentially acquiring search records and determining keywords according to the search records;

and the display unit is used for reading the risk questions according to the keywords, displaying the risk questions at regular time and receiving feedback answers.

10. The cloud desktop multi-factor security authentication system of claim 9, wherein the preference value calculation unit comprises:

the label generation subunit is used for counting the marked application programs, sequentially arranging the marked application programs according to the latest service time corresponding to the marked application programs and generating labels;

the execution subunit is used for calculating the use frequency of the marked application program and determining the preference value of the marked application program according to the use frequency and the mark number;

the calculation formula of the preference value is as follows: p ═ α B × L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.

Images