CN113761514A - Cloud desktop multi-factor security authentication method and system - Google Patents
Cloud desktop multi-factor security authentication method and system Download PDFInfo
- Publication number
- CN113761514A CN113761514A CN202110958567.XA CN202110958567A CN113761514A CN 113761514 A CN113761514 A CN 113761514A CN 202110958567 A CN202110958567 A CN 202110958567A CN 113761514 A CN113761514 A CN 113761514A
- Authority
- CN
- China
- Prior art keywords
- risk
- determining
- preset
- answer
- application programs
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000012795 verification Methods 0.000 claims abstract description 39
- 238000004364 calculation method Methods 0.000 claims description 9
- 238000012937 correction Methods 0.000 claims description 8
- 230000001174 ascending effect Effects 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 5
- 238000012163 sequencing technique Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 abstract description 19
- 238000010586 diagram Methods 0.000 description 20
- 230000015654 memory Effects 0.000 description 16
- 238000004590 computer program Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 10
- 235000002595 Solanum tuberosum Nutrition 0.000 description 2
- 244000061456 Solanum tuberosum Species 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000036651 mood Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/237—Lexical tools
- G06F40/247—Thesauruses; Synonyms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Abstract
The invention relates to the technical field of cloud system operation, and particularly discloses a cloud desktop multi-factor security authentication method and a cloud desktop multi-factor security authentication system, wherein the method comprises the following steps: receiving an access request, determining a verification problem, and judging whether a sender of the access request is a real person or not according to the verification problem; when the access request is sent by a real person, acquiring account information, and comparing the account information with preset registration information; when the account information is the same as the registration information, acquiring a user operation record, determining a risk problem according to the user operation record, displaying the risk problem at regular time, and receiving a feedback answer; and judging the feedback answers to determine emergency measures. According to the method and the device, the user operation record is obtained, the risk problem is determined according to the user operation record and displayed at regular time, the feedback answer is received, and the feedback answer is judged, so that the safety verification is performed in the using process of the user, and the safety of the system is improved.
Description
Technical Field
The invention relates to the technical field of cloud system operation, in particular to a cloud desktop multi-factor security authentication method and system.
Background
The cloud desktop is also called desktop virtualization and cloud computer, and is a new mode for replacing the traditional computer; after the cloud desktop is adopted, a user does not need to purchase a computer host, all components such as a CPU (central processing unit), a memory, a hard disk and the like contained in the computer host are virtualized in a server at the back end, and 1-50 different virtual computers can be virtualized by a single high-performance server; the main stream of the front-end equipment is that a client (equipment similar to a television set-top box) is connected with a display and a keyboard and mouse, and a user accesses a virtual machine host on a back-end server through a special communication protocol after installing the client to realize interactive operation, so that the experience effect consistent with that of a computer is achieved; meanwhile, the cloud desktop not only supports the replacement of a traditional computer, but also supports other intelligent devices such as a mobile phone and a tablet to access the Internet, and is also the latest solution of mobile office.
It can be expected that the central device providing the cloud desktop service is extremely high in calculation capacity and can easily become an attacked target, if a true attack succeeds, not only can user information be read, but also some very large projects can be completed by means of the central device, and all the projects violate benefits of a cloud desktop service provider, so that the cloud desktop can be really put into use on the premise that the cloud desktop is safe enough.
However, the center of gravity of the existing security guarantee mode is placed in the login process, such as password requirement improvement, difficulty increase of verification codes and the like, but the security verification in the use process is almost not performed, so that an attacker can attack the system only by adopting a method to bypass security measures in the login process, and the security is low.
Disclosure of Invention
The invention aims to provide a cloud desktop multi-factor security authentication method and a cloud desktop multi-factor security authentication system to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme:
a cloud desktop multi-factor security authentication method, the method comprising:
receiving an access request, determining a verification problem, and judging whether a sender of the access request is a real person or not according to the verification problem;
when the access request is sent by a real person, acquiring account information, and comparing the account information with preset registration information;
when the account information is the same as the registration information, acquiring a user operation record, determining a risk problem according to the user operation record, displaying the risk problem at regular time, and receiving a feedback answer;
and comparing the feedback answer with a preset reference answer, determining the risk probability according to the comparison result, and executing emergency measures when the risk probability is greater than a preset probability threshold.
As a further limitation of the technical scheme of the invention: the step of receiving an access request and determining a verification problem specifically includes:
receiving an access request, generating access times, and stopping receiving the access request when the access times are greater than a preset first time threshold;
when the access times are smaller than a preset first time threshold value, determining difficulty levels according to the access times;
determining a verification problem according to the difficulty level; the format of the verification question at least comprises a picture and audio.
As a further limitation of the technical scheme of the invention: when the account information is the same as the registration information, acquiring a user operation record, determining a risk problem according to the user operation record and displaying the risk problem at regular time, wherein the step of receiving a feedback answer specifically comprises the following steps:
sequentially acquiring the latest use time of each application program, and marking the application programs when the latest use time is within a preset time range;
counting the marked application programs, sequentially calculating preference values of the marked application programs, and performing ascending arrangement on the marked application programs according to the preference values;
sequentially acquiring search records, and determining keywords according to the search records;
and reading risk questions according to the keywords, displaying the risk questions at regular time, and receiving feedback answers.
As a further limitation of the technical scheme of the invention: the step of calculating the preference values of the marked application program sequentially by the application program with the statistical mark specifically comprises:
counting the marked application programs, sequentially arranging the marked application programs according to the latest service time corresponding to the marked application programs, and generating marks;
calculating the use frequency of the marked application program, and determining the preference value of the marked application program according to the use frequency and the label;
the calculation formula of the preference value is as follows: p ═ α B × L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.
As a further limitation of the technical scheme of the invention: the step of sequentially acquiring search records and determining keywords according to the search records specifically comprises:
acquiring a search record, and inputting the search record into a trained part-of-speech analysis model to obtain a search record with part-of-speech tags;
extracting nouns according to the part of speech marks, and determining similar words according to a similar word library;
and sequencing the similar meaning words according to a preset arrangement mode, and intercepting the end similar meaning words as keywords.
As a further limitation of the technical scheme of the invention: comparing the feedback answer with a preset reference answer, determining a risk probability according to a comparison result, and executing emergency measures when the risk probability is greater than a preset probability threshold specifically comprises the following steps:
establishing a connection channel with a question database, and reading corresponding reference answers according to the risk questions;
receiving a feedback answer, and judging whether the feedback answer is the same as the reference answer;
when the feedback answer is the same as the reference answer, reducing the risk probability according to a preset adjusting probability, and when the feedback answer is different from the reference answer, increasing the risk probability according to the preset adjusting probability;
and when the number of times of the feedback answer being empty reaches a preset second number threshold and the empty feedback answer is received again, judging that the feedback answer is different from the reference answer.
As a further limitation of the technical scheme of the invention: the step of receiving the access request, determining a verification problem, and judging whether the sender of the access request is a real person according to the verification problem further comprises the following steps:
receiving a user access request, acquiring a user position, and generating an access report according to the user position, wherein the access report comprises a position name item and an access frequency item;
based on the position name traversal access report, judging whether the position name appears repeatedly; if so, positioning the corresponding access times item based on the position name, and reading the corresponding access times; if not, inserting the position name into an access report, and assigning the corresponding access times as one;
and judging whether the access times are larger than a preset third time threshold value or not, and correcting the first time threshold value according to a judgment result.
The technical scheme of the invention also provides a cloud desktop multi-factor security authentication method and a system, wherein the system comprises the following steps:
the identity authentication module is used for receiving the access request, determining an authentication problem and judging whether a sender of the access request is a real person or not according to the authentication problem;
the account verification module is used for acquiring account information when the access request is sent by a real person and comparing the account information with preset registration information;
the risk question display module is used for acquiring a user operation record when the account information is the same as the registration information, determining a risk question according to the user operation record, displaying the risk question at regular time and receiving a feedback answer;
and the risk probability judging module is used for comparing the feedback answer with a preset reference answer, determining the risk probability according to the comparison result, and executing emergency measures when the risk probability is greater than a preset probability threshold.
As a further limitation of the technical scheme of the invention: the risk problem display module specifically comprises:
the marking unit is used for sequentially acquiring the latest use time of each application program, and marking the application programs when the latest use time is within a preset time range;
the preference value calculating unit is used for counting the marked application programs, calculating the preference values of the marked application programs in sequence and arranging the marked application programs in an ascending sequence according to the preference values;
the keyword determining unit is used for sequentially acquiring search records and determining keywords according to the search records;
and the display unit is used for reading the risk questions according to the keywords, displaying the risk questions at regular time and receiving feedback answers.
As a further limitation of the technical scheme of the invention: the preference value calculating unit includes:
the label generation subunit is used for counting the marked application programs, sequentially arranging the marked application programs according to the latest service time corresponding to the marked application programs and generating labels;
the execution subunit is used for calculating the use frequency of the marked application program and determining the preference value of the marked application program according to the use frequency and the mark number;
the calculation formula of the preference value is as follows: p ═ α B × L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.
Compared with the prior art, the invention has the beneficial effects that: according to the method and the device, the user operation record is obtained, the risk problem is determined according to the user operation record and displayed at regular time, the feedback answer is received, and the feedback answer is judged, so that the safety verification is performed in the using process of the user, and the safety of the system is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention.
Fig. 1 shows a flow diagram of a cloud desktop multi-factor security authentication method.
Fig. 2 illustrates a first sub-flow block diagram of a cloud desktop multi-factor security authentication method.
Fig. 3 illustrates a second sub-flow block diagram of a cloud desktop multi-factor security authentication method.
Fig. 4 illustrates a third sub-flow block diagram of a cloud desktop multi-factor security authentication method.
Fig. 5 illustrates a fourth sub-flow block diagram of a cloud desktop multi-factor security authentication method.
Fig. 6 illustrates a fifth sub-flow block diagram of a cloud desktop multi-factor security authentication method.
Fig. 7 illustrates a sixth sub-flow block diagram of a cloud desktop multi-factor security authentication method.
Fig. 8 shows a block diagram of a component structure of the cloud desktop multi-factor security authentication system.
Fig. 9 is a block diagram illustrating a structure of a risk problem display module in the cloud desktop multi-factor security authentication system.
Fig. 10 is a block diagram showing the constitutional structure of the preference value calculating unit in the risk issue display module.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects to be solved by the present invention more clearly apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Example 1
Fig. 1 shows a flow diagram of a cloud desktop multi-factor security authentication method, and in an embodiment of the present invention, the cloud desktop multi-factor security authentication method includes steps S100 to S400:
step S100: receiving an access request, determining a verification problem, and judging whether a sender of the access request is a real person or not according to the verification problem;
the purpose of step S100 is very clear, whether the visitor is a real person is verified, and mainly for this purpose, the computer decrypts the account information by enumerating within a certain range, and then uses the computing resource, which is a common verification code corresponding to the prior art, and is mostly used for some web pages to log in.
Step S200: when the access request is sent by a real person, acquiring account information, and comparing the account information with preset registration information;
the verification process of the account information is simple and can be simply compared, generally, a user account serves as a public key, a password during registration is located according to the user account, and then whether the password input by the user is the same as the password during registration or not is judged.
Step S300: when the account information is the same as the registration information, acquiring a user operation record, determining a risk problem according to the user operation record, displaying the risk problem at regular time, and receiving a feedback answer;
step S300 is a core step of the present invention, and is also a step different from other verification methods, and a determination process occurs during a user using process, from the perspective of the user, when working through a cloud desktop, some questions may be displayed from time to time, and then the user needs to answer the questions, and further determines whether the user is safe according to answers answered by the user. It is worth mentioning that the above-mentioned timed display means that a question is displayed for a short time, and when the displayed time is over, the question automatically disappears and the answer answered by the user is regarded as empty.
Step S400: comparing the feedback answer with a preset reference answer, determining a risk probability according to a comparison result, and executing emergency measures when the risk probability is greater than a preset probability threshold;
step S400 is an execution process, in which feedback answers answered by the user are continuously compared with preset reference answers, and whether the answer is safe is determined according to the answer result, the specific determination process is performed according to the risk probability, and the risk probability is influenced to a certain extent when the user answers a risk question every time, so that the risk probability represents the system safety.
Fig. 2 shows a first sub-flow block diagram of the cloud desktop multi-factor security authentication method, where the step of receiving an access request and determining a verification problem specifically includes steps S101 to S103:
step S101: receiving an access request, generating access times, and stopping receiving the access request when the access times are greater than a preset first time threshold;
step S101 is a triggering step, when the access times are too large, the system is locked, and the access request is stopped to be received; of course, the first time threshold is also large enough to give normal people a chance of trial and error, such as thousands of times, and a normal person hardly tries a thousand of times, and once thousands of times of trials are found, the visitor can be considered as some malicious devices.
Step S102: when the access times are smaller than a preset first time threshold value, determining difficulty levels according to the access times;
step S103: determining a verification problem according to the difficulty level; the format of the verification question at least comprises a picture and audio;
step S102 to step S103 are a small innovation of the present invention, and the implication is that the authentication problem is more than one, and it is conceivable that each person has different abilities, faces the difficult authentication problem, and is difficult to pass the authentication, which is not in accordance with the original intention of the authentication problem. For example, one of the existing verification problems is to provide a series of cut images, select pictures including certain features, and then perform multiple continuous verifications with a little error in between or network fluctuation, which is thought to cause the user to feel repugnance, and after the multiple verifications fail, the mood of the user is seriously affected. In an extreme case, if a system has a problem, every authentication is wrong by default, and under the authentication problem with extremely high difficulty, a user can think that the user is a problem, but does not doubt the system, and can think that the user really encounters the situation, the user's patience will be exhausted, and the system problem is very common, and almost everyone encounters the situation that the input of the authentication code is wrong no matter how.
Fig. 3 shows a second sub-flow block diagram of the cloud desktop multi-factor security authentication method, where when the account information is the same as the registration information, a user operation record is obtained, a risk problem is determined according to the user operation record and is displayed at regular time, and the step of receiving a feedback answer specifically includes steps S301 to S304:
step S301: sequentially acquiring the latest use time of each application program, and marking the application programs when the latest use time is within a preset time range;
the function of step S301 is to mark, but there is a premise that the preset time range is within a certain time range, for example, if the preset time range is a month, then the application program whose latest usage time is within the month will be marked, and the analysis value is high.
Step S302: counting the marked application programs, sequentially calculating preference values of the marked application programs, and performing ascending arrangement on the marked application programs according to the preference values;
the ascending preference value means that the application program with low preference value is arranged in front, and the purpose of doing so is to reduce the user's dislike degree about information leakage;
step S303: sequentially acquiring search records, and determining keywords according to the search records;
step S304: and reading risk questions according to the keywords, displaying the risk questions at regular time, and receiving feedback answers.
The purpose of steps S303 to S304 is to determine a process of a risk question, where the risk question is determined according to a keyword, and is related to a specific question form, and as an example, the determination step of the risk question is described.
Fig. 4 shows a third sub-flow block diagram of the cloud desktop multi-factor security authentication method, where the step of counting the marked application programs and sequentially calculating the preference values of the marked application programs specifically includes steps S3021 to S3022:
step S3021: counting the marked application programs, sequentially arranging the marked application programs according to the latest service time corresponding to the marked application programs, and generating marks;
step S3022: calculating the use frequency of the marked application program, and determining the preference value of the marked application program according to the use frequency and the label;
the calculation formula of the preference value is as follows: p ═ α B × L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.
The above is a specific calculation process, wherein the application programs are firstly arranged in sequence according to the latest usage time, and as a result of the arrangement, the closer the application program row is to the actual time, the larger the corresponding label is; in other words, the larger the number, the higher the user's preference for the application.
In addition, the use frequency is calculated according to the number of access times in a certain time; it is contemplated that the higher the frequency of use, the higher the user's preference for the application.
It should be noted that if the preference values are in reverse order, the preference values should be inversely proportional to the labels and the corresponding formula should be adjusted to: p ═ α B/L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.
Fig. 5 shows a fourth sub-flow block diagram of the cloud desktop multi-factor security authentication method, where the step of sequentially acquiring search records and determining a keyword according to the search records specifically includes steps S3031 to S3033:
step S3031: acquiring a search record, and inputting the search record into a trained part-of-speech analysis model to obtain a search record with part-of-speech tags;
step S3032: extracting nouns according to the part of speech marks, and determining similar words according to a similar word library;
step S3033: and sequencing the similar meaning words according to a preset arrangement mode, and intercepting the end similar meaning words as keywords.
Step S3031 to step S3033 are the determining process of the keywords, first, we need to analyze the part of speech, and some existing typing software have this function, that is, the part of speech analysis model is not detailed; in addition, the nouns obtained need to be unified, such as "potato" and "egg", and the words refer to the same object and can be replaced by "potato".
Fig. 6 shows a fifth sub-flow block diagram of the cloud desktop multi-factor security authentication method, where the feedback answer is compared with a preset reference answer, a risk probability is determined according to a comparison result, and when the risk probability is greater than a preset probability threshold, the step of executing the emergency measure specifically includes steps S401 to S403:
step S401: establishing a connection channel with a question database, and reading corresponding reference answers according to the risk questions;
step S402: receiving a feedback answer, and judging whether the feedback answer is the same as the reference answer;
step S403: when the feedback answer is the same as the reference answer, reducing the risk probability according to a preset adjusting probability, and when the feedback answer is different from the reference answer, increasing the risk probability according to the preset adjusting probability;
the comparison process between the feedback answer and the reference answer is not complicated, but it should be noted that the feedback answer is empty, and one solution is: when the number of times of the feedback answer being empty reaches a preset second time threshold value and the empty feedback answer is received again, judging that the feedback answer is different from the reference answer; wherein the purpose of the second threshold is to give the user a certain error limit. Of course, there is also a solution where several empty feedback answers can be treated as one different case, thereby increasing the risk probability.
Fig. 7 shows a sixth sub-flow block diagram of the cloud desktop multi-factor security authentication method, where the step of receiving the access request, determining a verification problem, and determining whether the sender of the access request is a real person according to the verification problem further includes steps S104 to S106:
step S104: receiving a user access request, acquiring a user position, and generating an access report according to the user position, wherein the access report comprises a position name item and an access frequency item;
step S105: based on the position name traversal access report, judging whether the position name appears repeatedly; if so, positioning the corresponding access times item based on the position name, and reading the corresponding access times; if not, inserting the position name into an access report, and assigning the corresponding access times as one;
step S106: and judging whether the access times are larger than a preset third time threshold value or not, and correcting the first time threshold value according to a judgment result.
Step S104 to step S106 are a correction technical solution, which aims to correct the first time threshold, the working principle of which is a place where the user frequently logs in popular language, the security is high, and the verification frequency threshold, that is, the first time threshold may be a little more, otherwise, the first time threshold is a little less.
Example 2
Fig. 8 is a block diagram illustrating a composition structure of a cloud desktop multi-factor security authentication system, in an embodiment of the present invention, a cloud desktop multi-factor security authentication system includes:
the identity authentication module 11 is used for receiving the access request, determining an authentication problem, and judging whether a sender of the access request is a real person according to the authentication problem;
the identity verification module 11 is configured to complete step S100;
the account verification module 12 is configured to obtain account information when the access request is sent by a real person, and compare the account information with preset registration information;
the account verification module 12 is configured to complete step S200;
the risk question display module 13 is configured to obtain a user operation record when the account information is the same as the registration information, determine a risk question according to the user operation record, display the risk question at regular time, and receive a feedback answer;
the risk question display module 13 is configured to complete step S300;
a risk probability judging module 14, configured to compare the feedback answer with a preset reference answer, determine a risk probability according to a comparison result, and execute an emergency measure when the risk probability is greater than a preset probability threshold;
the risk probability judging module 14 is configured to complete step S400;
fig. 9 is a block diagram illustrating a structure of a risk problem display module in the cloud desktop multi-factor security authentication system, where the risk problem display module 13 specifically includes:
the marking unit 131 is configured to sequentially obtain the latest usage time of each application program, and mark the application program when the latest usage time is within a preset time range;
the marking unit 131 is used for completing the step S301;
a preference value calculating unit 132, configured to count the marked applications, sequentially calculate preference values of the marked applications, and perform ascending order arrangement on the marked applications according to the preference values;
the preference value calculating unit 132 is configured to complete step S302;
a keyword determining unit 133, configured to sequentially obtain search records, and determine a keyword according to the search records;
the keyword determination unit 133 is configured to complete step S303;
the display unit 134 is used for reading risk questions according to the keywords, displaying the risk questions at regular time and receiving feedback answers;
the display unit 134 is used to complete step S304.
Fig. 10 is a block diagram showing a configuration of a preference value calculating unit in the risk issue display module, wherein the preference value calculating unit 132 includes:
a label generation subunit 1321, configured to count tagged applications, sequentially arrange the tagged applications according to the latest usage time corresponding to the tagged applications, and generate labels;
the label generation subunit 1321 is configured to complete step S3021;
an execution subunit 1322, configured to calculate a usage frequency of the marked application program, and determine a preference value of the marked application program according to the usage frequency and the mark number;
the execution subunit 1322 is configured to complete step S3022;
the calculation formula of the preference value is as follows: p ═ α B × L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.
The functions that can be realized by the cloud desktop multi-factor security authentication method are all completed by computer equipment, wherein the computer equipment comprises one or more processors and one or more memories, at least one program code is stored in the one or more memories, and the program code is loaded and executed by the one or more processors to realize the functions of the cloud desktop multi-factor security authentication method.
The processor fetches instructions and analyzes the instructions one by one from the memory, then completes corresponding operations according to the instruction requirements, generates a series of control commands, enables all parts of the computer to automatically, continuously and coordinately act to form an organic whole, realizes the input of programs, the input of data, the operation and the output of results, and the arithmetic operation or the logic operation generated in the process is completed by the arithmetic unit; the Memory comprises a Read-Only Memory (ROM) for storing a computer program, and a protection device is arranged outside the Memory.
Illustratively, a computer program can be partitioned into one or more modules, which are stored in memory and executed by a processor to implement the present invention. One or more of the modules may be a series of computer program instruction segments capable of performing certain functions, which are used to describe the execution of the computer program in the terminal device.
Those skilled in the art will appreciate that the above description of the service device is merely exemplary and not limiting of the terminal device, and may include more or less components than those described, or combine certain components, or different components, such as may include input output devices, network access devices, buses, etc.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like, which is the control center of the terminal equipment and connects the various parts of the entire user terminal using various interfaces and lines.
The memory may be used to store computer programs and/or modules, and the processor may implement various functions of the terminal device by operating or executing the computer programs and/or modules stored in the memory and calling data stored in the memory. The memory mainly comprises a storage program area and a storage data area, wherein the storage program area can store an operating system, application programs (such as an information acquisition template display function, a product information publishing function and the like) required by at least one function and the like; the storage data area may store data created according to the use of the berth-state display system (e.g., product information acquisition templates corresponding to different product types, product information that needs to be issued by different product providers, etc.), and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The terminal device integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the modules/units in the system according to the above embodiment may be implemented by a computer program, which may be stored in a computer-readable storage medium and used by a processor to implement the functions of the embodiments of the system. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying computer program code, recording medium, U.S. disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution media, and the like.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A cloud desktop multi-factor security authentication method, the method comprising:
receiving an access request, determining a verification problem, and judging whether a sender of the access request is a real person or not according to the verification problem;
when the access request is sent by a real person, acquiring account information, and comparing the account information with preset registration information;
when the account information is the same as the registration information, acquiring a user operation record, determining a risk problem according to the user operation record, displaying the risk problem at regular time, and receiving a feedback answer;
and comparing the feedback answer with a preset reference answer, determining the risk probability according to the comparison result, and executing emergency measures when the risk probability is greater than a preset probability threshold.
2. The cloud desktop multi-factor security authentication method according to claim 1, wherein the step of receiving an access request and determining a verification problem specifically comprises:
receiving an access request, generating access times, and stopping receiving the access request when the access times are greater than a preset first time threshold;
when the access times are smaller than a preset first time threshold value, determining difficulty levels according to the access times;
determining a verification problem according to the difficulty level; the format of the verification question at least comprises a picture and audio.
3. The cloud desktop multi-factor security authentication method according to claim 1, wherein when the account information is the same as the registration information, obtaining a user operation record, determining a risk problem according to the user operation record, and displaying the risk problem at regular time, and the step of receiving a feedback answer specifically includes:
sequentially acquiring the latest use time of each application program, and marking the application programs when the latest use time is within a preset time range;
counting the marked application programs, sequentially calculating preference values of the marked application programs, and performing ascending arrangement on the marked application programs according to the preference values;
sequentially acquiring search records, and determining keywords according to the search records;
and reading risk questions according to the keywords, displaying the risk questions at regular time, and receiving feedback answers.
4. The cloud desktop multi-factor security authentication method according to claim 3, wherein the step of counting the marked application programs and sequentially calculating the preference values of the marked application programs specifically comprises:
counting the marked application programs, sequentially arranging the marked application programs according to the latest service time corresponding to the marked application programs, and generating marks;
calculating the use frequency of the marked application program, and determining the preference value of the marked application program according to the use frequency and the label;
the calculation formula of the preference value is as follows: p ═ α B × L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.
5. The cloud desktop multi-factor security authentication method according to claim 3, wherein the step of sequentially obtaining search records and determining keywords according to the search records specifically comprises:
acquiring a search record, and inputting the search record into a trained part-of-speech analysis model to obtain a search record with part-of-speech tags;
extracting nouns according to the part of speech marks, and determining similar words according to a similar word library;
and sequencing the similar meaning words according to a preset arrangement mode, and intercepting the end similar meaning words as keywords.
6. The cloud desktop multi-factor security authentication method according to claim 1, wherein the step of comparing the feedback answer with a preset reference answer and determining a risk probability according to a comparison result, and when the risk probability is greater than a preset probability threshold, the step of executing an emergency measure specifically comprises:
establishing a connection channel with a question database, and reading corresponding reference answers according to the risk questions;
receiving a feedback answer, and judging whether the feedback answer is the same as the reference answer;
when the feedback answer is the same as the reference answer, reducing the risk probability according to a preset adjusting probability, and when the feedback answer is different from the reference answer, increasing the risk probability according to the preset adjusting probability;
and when the number of times of the feedback answer being empty reaches a preset second number threshold and the empty feedback answer is received again, judging that the feedback answer is different from the reference answer.
7. The cloud desktop multi-factor security authentication method of any one of claims 1-6, wherein the receiving an access request, determining a verification question, and determining whether a sender of the access request is a real person based on the verification question further comprises:
receiving a user access request, acquiring a user position, and generating an access report according to the user position, wherein the access report comprises a position name item and an access frequency item;
based on the position name traversal access report, judging whether the position name appears repeatedly; if so, positioning the corresponding access times item based on the position name, and reading the corresponding access times; if not, inserting the position name into an access report, and assigning the corresponding access times as one;
and judging whether the access times are larger than a preset third time threshold value or not, and correcting the first time threshold value according to a judgment result.
8. A cloud desktop multi-factor security authentication system, the system comprising:
the identity authentication module is used for receiving the access request, determining an authentication problem and judging whether a sender of the access request is a real person or not according to the authentication problem;
the account verification module is used for acquiring account information when the access request is sent by a real person and comparing the account information with preset registration information;
the risk question display module is used for acquiring a user operation record when the account information is the same as the registration information, determining a risk question according to the user operation record, displaying the risk question at regular time and receiving a feedback answer;
and the risk probability judging module is used for comparing the feedback answer with a preset reference answer, determining the risk probability according to the comparison result, and executing emergency measures when the risk probability is greater than a preset probability threshold.
9. The cloud desktop multi-factor security authentication system of claim 8, wherein the risk issue display module specifically comprises:
the marking unit is used for sequentially acquiring the latest use time of each application program, and marking the application programs when the latest use time is within a preset time range;
the preference value calculating unit is used for counting the marked application programs, calculating the preference values of the marked application programs in sequence and arranging the marked application programs in an ascending sequence according to the preference values;
the keyword determining unit is used for sequentially acquiring search records and determining keywords according to the search records;
and the display unit is used for reading the risk questions according to the keywords, displaying the risk questions at regular time and receiving feedback answers.
10. The cloud desktop multi-factor security authentication system of claim 9, wherein the preference value calculation unit comprises:
the label generation subunit is used for counting the marked application programs, sequentially arranging the marked application programs according to the latest service time corresponding to the marked application programs and generating labels;
the execution subunit is used for calculating the use frequency of the marked application program and determining the preference value of the marked application program according to the use frequency and the mark number;
the calculation formula of the preference value is as follows: p ═ α B × L; wherein, P is a preference value, B is a label, L is a use frequency, and α is a correction coefficient.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110958567.XA CN113761514B (en) | 2021-08-20 | 2021-08-20 | Cloud desktop multi-factor security authentication method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110958567.XA CN113761514B (en) | 2021-08-20 | 2021-08-20 | Cloud desktop multi-factor security authentication method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113761514A true CN113761514A (en) | 2021-12-07 |
CN113761514B CN113761514B (en) | 2024-03-19 |
Family
ID=78790531
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110958567.XA Active CN113761514B (en) | 2021-08-20 | 2021-08-20 | Cloud desktop multi-factor security authentication method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113761514B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115001751A (en) * | 2022-05-06 | 2022-09-02 | 上海增融信息科技有限公司 | Dynamic verification method and device, electronic equipment and storage medium |
CN115720148A (en) * | 2022-10-12 | 2023-02-28 | 上海慧程工程技术服务有限公司 | Industrial Internet of things information visualization method, server and storage medium |
CN115730283A (en) * | 2022-10-19 | 2023-03-03 | 广州易幻网络科技有限公司 | Account login wind control system and method, computer equipment and storage medium |
CN115720148B (en) * | 2022-10-12 | 2024-04-26 | 上海慧程工程技术服务有限公司 | Industrial Internet of things information visualization method, server and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105989256A (en) * | 2015-02-09 | 2016-10-05 | 阿里巴巴集团控股有限公司 | User behaviour based data verification method and device |
CN110708326A (en) * | 2019-10-14 | 2020-01-17 | 北京明略软件系统有限公司 | Method and device for determining abnormal probability of service request |
CN111125672A (en) * | 2019-12-30 | 2020-05-08 | 广东智媒云图科技股份有限公司 | Method and device for generating image verification code |
CN113194104A (en) * | 2021-06-30 | 2021-07-30 | 南京敏宇数行信息技术有限公司 | Secure remote access system, method, computer equipment and storage medium |
-
2021
- 2021-08-20 CN CN202110958567.XA patent/CN113761514B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105989256A (en) * | 2015-02-09 | 2016-10-05 | 阿里巴巴集团控股有限公司 | User behaviour based data verification method and device |
CN110708326A (en) * | 2019-10-14 | 2020-01-17 | 北京明略软件系统有限公司 | Method and device for determining abnormal probability of service request |
CN111125672A (en) * | 2019-12-30 | 2020-05-08 | 广东智媒云图科技股份有限公司 | Method and device for generating image verification code |
CN113194104A (en) * | 2021-06-30 | 2021-07-30 | 南京敏宇数行信息技术有限公司 | Secure remote access system, method, computer equipment and storage medium |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115001751A (en) * | 2022-05-06 | 2022-09-02 | 上海增融信息科技有限公司 | Dynamic verification method and device, electronic equipment and storage medium |
CN115001751B (en) * | 2022-05-06 | 2024-01-09 | 上海增融信息科技有限公司 | Dynamic verification method and device, electronic equipment and storage medium |
CN115720148A (en) * | 2022-10-12 | 2023-02-28 | 上海慧程工程技术服务有限公司 | Industrial Internet of things information visualization method, server and storage medium |
CN115720148B (en) * | 2022-10-12 | 2024-04-26 | 上海慧程工程技术服务有限公司 | Industrial Internet of things information visualization method, server and storage medium |
CN115730283A (en) * | 2022-10-19 | 2023-03-03 | 广州易幻网络科技有限公司 | Account login wind control system and method, computer equipment and storage medium |
CN115730283B (en) * | 2022-10-19 | 2023-06-23 | 广州易幻网络科技有限公司 | Account login wind control system, method, computer equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN113761514B (en) | 2024-03-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10740411B2 (en) | Determining repeat website users via browser uniqueness tracking | |
US9424516B2 (en) | Comprehensive human computation framework | |
Benton et al. | Studying the effectiveness of android application permissions requests | |
US20200193010A1 (en) | Method and system for generating verification codes | |
US20150244737A1 (en) | Detecting malicious advertisements using source code analysis | |
US10614223B2 (en) | Security vulnerability detection | |
CN111767095A (en) | Micro-service generation method and device, terminal equipment and storage medium | |
US11301357B1 (en) | Method to check application programming interface correctness in software | |
CN113761514B (en) | Cloud desktop multi-factor security authentication method and system | |
US20140164296A1 (en) | Chatbot system and method with entity-relevant content from entity | |
CN110471632B (en) | File printing and viewing method and device, electronic equipment and readable storage medium | |
CN113076104A (en) | Page generation method, device, equipment and storage medium | |
US20180114159A1 (en) | Task Transformation Responsive to Confidentiality Assessments | |
US8898740B2 (en) | Mask based challenge response test | |
US10225152B1 (en) | Access control policy evaluation and remediation | |
CN110414989A (en) | Method for detecting abnormality and device, electronic equipment and computer readable storage medium | |
CN111737692A (en) | Application program risk detection method and device, equipment and storage medium | |
CN111552865A (en) | User interest portrait method and related equipment | |
US20230186212A1 (en) | System, method, electronic device, and storage medium for identifying risk event based on social information | |
CN111813816B (en) | Data processing method, device, computer readable storage medium and computer equipment | |
CN111783119A (en) | Form data security control method and device, electronic equipment and storage medium | |
CN112347457A (en) | Abnormal account detection method and device, computer equipment and storage medium | |
CN114356747A (en) | Display content testing method, device, equipment, storage medium and program product | |
CN112181482B (en) | Version verification method and device, electronic equipment and storage medium | |
CN111679862A (en) | Cloud host shutdown method and device, electronic equipment and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |