CN113779521B - Identity authentication method and device, storage medium and electronic equipment - Google Patents
Identity authentication method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN113779521B CN113779521B CN202111058121.8A CN202111058121A CN113779521B CN 113779521 B CN113779521 B CN 113779521B CN 202111058121 A CN202111058121 A CN 202111058121A CN 113779521 B CN113779521 B CN 113779521B
- Authority
- CN
- China
- Prior art keywords
- user
- users
- credit
- login
- credit rating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 230000003247 decreasing effect Effects 0.000 claims abstract description 7
- 230000004044 response Effects 0.000 claims description 10
- 238000013475 authorization Methods 0.000 claims description 8
- 230000006399 behavior Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000003064 k means clustering Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
One or more embodiments of the present invention provide an identity authentication method, an apparatus, a storage medium, and an electronic device, where the identity authentication method includes: responding to a login request of a first user, and acquiring a credit rating of the first user, wherein the credit rating is related to the historical login condition of the first user; determining whether to allow the first user to log in according to the credit rating of the first user; according to the login condition of the first user, the credit rating of the first user is increased or decreased, and the identity authentication method provided by the embodiment of the invention can effectively provide the security and stability of the system.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an identity authentication method, an identity authentication device, a storage medium, and an electronic device.
Background
Identity authentication is an important means of ensuring the security of computer systems. Currently, identity authentication is typically handled for identity security of a single user. Some identity authentication methods can only control the current authority of the user. Moreover, identity authentication is only performed when a user logs in, so that if the user tamper access in other ways after logging in, the authentication state of the current user cannot be changed, and the system is in danger.
Disclosure of Invention
In view of this, one or more embodiments of the present invention provide an identity authentication method, an apparatus, a storage medium, and an electronic device, which can effectively improve the security of a system.
One or more embodiments of the present invention provide an identity authentication method, including: responding to a login request of a first user, and acquiring a credit rating of the first user, wherein the credit rating is related to the historical login condition of the first user; determining whether to allow the first user to log in according to the credit rating of the first user; and improving or reducing the credit rating of the first user according to the login condition of the first user.
Optionally, after determining whether to allow the first user to log in according to the score of the first user, the method further includes: and improving or reducing credit scores of other users associated with the first user according to the login condition of the first user, wherein the other users associated with the first user are users belonging to the same group with the first user.
Optionally, before obtaining the credit score of the first user in response to the login request of the first user, the method further includes: acquiring characteristic data of a user, wherein the characteristic data at least comprises one of the following: user name, group to which the user belongs, category of the user, credit rating of the user; and grouping the users according to the characteristic data.
Optionally, after the first user logs in, the method further includes: acquiring a safety index of the system; and if the security index indicates that the system is in an unsafe state, reducing the credit scores of the first user and other users associated with the first user.
Optionally, before obtaining the credit score of the first user in response to the login request of the first user, the method further includes: and dividing the users into single-point credit giving users and common users according to the credit giving scores of the users, wherein the single-point credit giving users have the authority of improving the credit giving scores of the common users in the group.
Optionally, after the first user logs in, the method further includes: acquiring a safety index of the system; if the safety index indicates that the system is in an unsafe state, prohibiting the common user from logging in; acquiring a request of the single-point credit giving user for improving the authorization scores of other second users in the group; improving the credit rating of the second user according to the request; and determining whether to allow the second user to log in according to the credit rating of the second user.
One or more embodiments of the present invention further provide an identity authentication device, including: the first acquisition module is configured to respond to a login request of a first user and acquire a credit rating of the first user, wherein the credit rating is determined by the historical login condition of the first user; a determining module configured to determine whether to allow the first user to log in according to the credit score of the first user; the first scoring module is configured to increase or decrease the credit rating of the first user according to the login condition of the first user.
Optionally, the apparatus further includes: and the second scoring module is configured to increase or decrease the credit rating of other users associated with the first user according to the login condition of the first user after determining whether the first user is allowed to login according to the rating of the first user, wherein the other users associated with the first user are users belonging to the same group with the first user.
Optionally, the apparatus further includes: the second acquisition module is configured to acquire the characteristic data of the user before responding to the login request of the first user and acquiring the credit rating of the first user, wherein the characteristic data at least comprises one of the following: user name, group to which the user belongs, category of the user, credit rating of the user; and the grouping module is configured to group the users according to the characteristic data.
Optionally, the apparatus further includes: the third acquisition module is configured to acquire the safety index of the system after the first user logs in; and a third scoring module configured to reduce the credit rating of the first user and other users associated with the first user if the security indicator indicates that the system is in an unsafe state.
Optionally, the apparatus further includes: the division module is configured to divide the users into single-point credit giving users and common users according to the credit giving scores of the users before responding to the login request of the first user and acquiring the credit giving scores of the first user, wherein the single-point credit giving users have the authority of improving the credit giving scores of the common users in the group.
Optionally, the apparatus further includes: a fourth obtaining module configured to obtain a security index of the system after the first user logs in; the disabling module is configured to disable the login of the common user if the security index indicates that the system is in an unsafe state; a fifth obtaining module configured to obtain a request of the single point trusted user to increase the authorization score of other second users in the group; a fourth scoring module configured to increase a credit rating of the second user based on the request; and the determining module is configured to determine whether to allow the second user to log in according to the credit rating of the second user.
One or more embodiments of the present invention also provide an electronic device including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to respective circuits or devices of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing any one of the authentication methods described above.
One or more embodiments of the present invention also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform any one of the identity authentication methods described above.
According to the identity authentication method, the device, the storage medium and the electronic equipment of one or more embodiments of the invention, the credit rating of the first user is obtained in response to the login request of the first user, whether the first user is allowed to login is determined according to the credit rating of the first user, and the credit rating of the first user is increased or decreased according to the login condition of the first user, so that the identity authentication can be performed on the user according to the historical login condition of the user, and the security of the computer system can be effectively ensured.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow diagram illustrating an identity authentication method in accordance with one or more embodiments of the present invention;
FIG. 2 is a flow diagram illustrating an identity authentication method in accordance with one or more embodiments of the present invention;
FIG. 3 is a schematic diagram of an identity authentication device according to one or more embodiments of the present invention;
Fig. 4 is a schematic structural view of an electronic device according to one or more embodiments of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are merely some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
FIG. 1 is a flow diagram illustrating an identity authentication method, as shown in FIG. 1, according to one or more embodiments of the present invention, the method comprising:
Step 101: responding to a login request of a first user, and acquiring a credit rating of the first user, wherein the credit rating is related to the historical login condition of the first user;
Optionally, the login request of the first user may include identity information of the first user, for example, a user name and a login password of the first user may be included. In the step 101, it may be checked whether the user name and the login password of the first user are correct, and based on the user name and the login password of the first user are correct, the trust score of the first user is obtained. Whether the credit rating of the first user meets the preset credit rating threshold is checked later, so that the first user is allowed to log in under the condition that the user name and the password of the first user are correct and the credit rating of the first user also meets the preset credit rating threshold
In one or more embodiments of the present invention, a unified scoring mechanism may be used to score each user according to the condition of the user logging in the system, so as to obtain a score corresponding to each user, for example, if the user a successfully logs in the system, the score of the user a is improved, for example, if the user B has a problem in the process of logging in the system, such as a login failure or abnormal login, the score of the user B is reduced. And the unified scoring mechanism is adopted to score the user, so that the manual intervention in the identity authentication process can be reduced, and the authentication flow is simplified. And the credit rating of the user can be used as the basis of subsequent identity authentication.
Step 102: determining whether to allow the first user to log in according to the credit rating of the first user;
In one or more embodiments of the present invention, the system on which the user logs in may refer to, for example, a computer system, based on which, for computers of different risk classes, authentication of the user to log in may be performed based on different authentication criteria. For example, computers are classified by risk level into high risk computers (e.g., top-secret computers), medium risk computers (e.g., secret-involved computers), and low risk computers (e.g., open computers), with computers of different risk levels corresponding to different trust scoring thresholds. The confidence score threshold corresponding to the high risk computer is highest, the confidence score threshold corresponding to the medium risk computer is next highest, and the confidence score threshold corresponding to the low risk computer is lowest. In step 102, if the credit rating of the first user is not lower than the credit rating threshold corresponding to the risk level of the computer to be logged in, the first user is allowed to log in, otherwise, the first user is not allowed to log in.
Step 103: and improving or reducing the credit rating of the first user according to the login condition of the first user.
In one or more embodiments of the present invention, if the first user logs in successfully this time, the credit rating of the first user may be increased, for example, a preset score may be increased based on the original credit rating of the first user. If the first user fails to log in this time or logs in abnormally, the credit rating of the first user can be reduced, for example, the preset score can be reduced on the basis of the original credit rating of the first user.
According to the identity authentication method of one or more embodiments of the present invention, the login request of the first user is responded, the credit rating of the first user is obtained, whether the first user is allowed to login is determined according to the credit rating of the first user, and the credit rating of the first user is increased or decreased according to the current login condition of the first user, so that the identity authentication can be performed on the user according to the historical login condition of the user, and the security of the computer system can be effectively ensured.
In one or more embodiments of the present invention, after the user logs in the system, the authentication information of the user needs to be processed in real time, so as to realize full-period coverage of the security of the user, and based on this, after determining whether to allow the first user to log in according to the score of the first user, the identity authentication method may further include:
And improving or reducing credit scores of other users associated with the first user according to the login condition of the first user, wherein the other users associated with the first user are users belonging to the same group with the first user. The login condition of the first user at this time includes but is not limited to successful login, failed login and abnormal login. When the first user successfully logs in, a preset score can be increased on the basis of the original credit scores of the first user and other users related to the first user; when the first user fails to log in or logs in abnormally, the preset score is subtracted from the original credit scores of the first user and other users related to the first user, and if dangerous log-in exists in the system, the log-in of the user with the intra-group credit score lower than a threshold value can be limited. Based on the method, each user under the system can be guaranteed to score according to the login condition of the user or the members in the group to which the user belongs.
In one or more embodiments of the present invention, before obtaining the trust score of the first user in response to the login request of the first user, the identity authentication method may further include:
Acquiring characteristic data of a user, wherein the characteristic data at least comprises one of the following:
User name, group to which the user belongs, category of the user, credit rating of the user;
The feature data of the acquiring user may be feature data of all users of the acquiring system. The user name is used for identifying the identity of the user; the group to which the user belongs may be, for example, a group designated at the time of creating the user, which may be different from or may be the same as the group divided according to the user characteristic data, and the category of the user may include, for example: a user corresponding to data (a user having rights to use certain data), a user of a service (a user having rights to use certain services), a user corresponding to middleware (a user having rights to use certain middleware), and a user of an administrator identity.
And grouping the users according to the characteristic data.
Alternatively, the users may be grouped according to the feature data of each user using a clustering algorithm, for example, a K-Means clustering algorithm or other known clustering algorithm, which is not specifically limited in the embodiment of the present invention.
In one or more embodiments of the present invention, after the first user logs in, the identity authentication method may further include: acquiring a safety index of the system; and if the security index indicates that the system is in an unsafe state, reducing the credit scores of the first user and other users associated with the first user. The acquiring the security index of the system may include, for example: whether the user has dangerous operation behaviors or whether the login device is in a dangerous state or not, and if the user has dangerous operation behaviors or the login device is in a dangerous state, determining that the system is in an unsafe state. Dangerous operational behaviors may include, for example, abnormal behaviors of the user, threatening behaviors, mishandling behaviors, and the like. Wherein decreasing the credit score of the first user and the other users associated with the first user may be subtracting a preset score based on the existing authorization scores of the first user and the other users associated with the first user, respectively.
In one or more embodiments of the present invention, before obtaining the trust score of the first user in response to the login request of the first user, the identity authentication method may further include: and dividing the users into single-point credit giving users and common users according to the credit giving scores of the users, wherein the single-point credit giving users have the authority of improving the credit giving scores of the common users in the group. As described above, the system scores each user according to a unified scoring system, so that each user has a corresponding credit rating. When dividing users, each user in each group can be divided into a single-point credit giving user and a common user by taking the group as a unit. For example, for a plurality of users within a group, users in which the credit score is much higher (e.g., higher than other users by some preset value) than other users, and in which the credit score is higher than a preset standard credit value, may be classified as single point credit users, and the remaining users may be classified as normal users. Or all the users of the system can be directly divided into single-point credit giving users and common users, the users with credit giving scores far higher than other users and credit giving scores higher than the preset standard credit giving values in the users of the system are divided into single-point credit giving users, and the other users are divided into common users. Based on the division of the single-point trust user and the common user, when the system is in an unsafe state, the trust grading of the common user can be improved or the login authority of the common user can be directly given by the way that the single-point trust user trust the common user, so that the common user can log in safely when the system is in an unsafe state.
In one or more embodiments of the present invention, after the first user logs in, the identity authentication method may further include:
Acquiring a safety index of the system;
If the safety index indicates that the system is in an unsafe state, prohibiting the common user from logging in;
acquiring a request of the single-point credit giving user for improving the authorization scores of other second users in the group; optionally, the single point trusted user may request that the trust score of the users in its group be directly increased to the trust score threshold, or request that the trust score of the users in the group be increased by a specified score.
Improving the credit rating of the second user according to the request; optionally, when the credit rating of the second user is improved, the second user can be identified, and whether the second user is a user causing the system to be in an unsafe state is judged, if the second user is a user causing the system to be in an unsafe state, the credit rating of the second user can not be improved, so that dynamic credit is realized, the limitation that authentication can only be performed when the user logs in the traditional identity authentication mode is broken through, and the identity security can cover the full period of user operation.
In one or more embodiments of the invention, when serious danger information exists in a computer or the system is attacked, a common user can be forbidden to log in, and an associated user can also be forbidden to log in. However, in order to ensure the stability of the system, it is necessary to ensure that the single point credit subscriber can log in normally. By processing the authentication information in real time, the single point trust user can start the authorization mode. The user associated with the single-point trusted user is trusted by the single-point trusted user, so that a part of users can be ensured to log in normally. Therefore, the situation that the system cannot work normally due to the fact that too many users cannot log in can be prevented, and the stability of the system is guaranteed.
And determining whether to allow the second user to log in according to the credit rating of the second user. In addition, if the second user is not considered to be the user causing the unsafe state of the system when the credit rating of the second user is improved, the second user can be judged when the second user is allowed to log in or not is determined, and if the second user is determined to be the user causing the unsafe state of the system, the login of the second user is limited; and if the second user is not the user causing the system to be in an unsafe state, allowing the second user to log in when the credit rating of the second user meets the credit rating threshold.
According to the identity authentication method, the device, the storage medium and the electronic equipment of one or more embodiments of the invention, the credit rating of the first user is obtained in response to the login request of the first user, whether the first user is allowed to login is determined according to the credit rating of the first user, and the credit rating of the first user is increased or decreased according to the login condition of the first user, so that the identity authentication can be performed on the user according to the historical login condition of the user, and the security of the computer system can be effectively ensured. After the first user logs in, the credit scores of other users related to the first user are increased or decreased according to the current login condition of the first user, so that full-period coverage can be realized for the safety of the user. The users are grouped, so that the users with similar characteristics can be divided into a group, the credit rating of the users can be adjusted by taking the group as a unit, and the management of the users is facilitated. After the first user logs in, the credit rating of the first user and the related user is processed according to the security state of the system, so that the harm of dangerous users to the system can be effectively reduced. The users are divided into single-point credit users and common users according to the credit scores of the users, and the single-point credit users are endowed with rights for the common users in the group, so that the common users in the group can safely log in the system when the system is in an unsafe state, and the stability of the system is ensured. When the system is in an unsafe state, the credit rating of the common users in the group is improved through the single-point credit granting users, so that the common users in the group can safely log in the system, the problem that the system cannot work normally due to the fact that too many users cannot log in is avoided, and the stability of the system is guaranteed.
In order to facilitate understanding of the identity authentication method according to the embodiment of the present invention, an example of the identity authentication method according to the embodiment of the present invention is described below with reference to fig. 2. As shown in fig. 2, the method includes:
Step 201: uniformly scoring all users;
step 202: distinguishing the user's level according to a score (such as the credit score described above);
step 203: judging whether the user is a high-scoring user, for example, the user with the score far higher than that of other users, determining the high-scoring user as a single-point credit giving user, and determining the low-scoring user as a common user;
step 204: and clustering the users, wherein the users belonging to a group with the single-point trusted user are associated authentication users (namely the associated users) of the single-point trusted user.
Step 205: processing real-time authentication information, if a user logs in safely, improving the score of the associated authentication user, if dangerous information exists in the system, reducing the score of the associated authentication user, and if the score of the associated authentication user is lower than a designated score, prohibiting the associated authentication user from logging in;
step 206: if serious dangerous information exists or the system is attacked, the associated authentication user is trusted and logged in through the single-point trusted user.
Fig. 3 is a schematic structural diagram of an identity authentication device according to one or more embodiments of the present invention, and as shown in fig. 3, the device 30 includes:
A first obtaining module 31, configured to obtain a credit score of a first user in response to a login request of the first user, where the credit score is related to a historical login situation of the first user;
a determining module 32 configured to determine whether to allow the first user to log in based on the trust score of the first user;
the first scoring module 33 is configured to increase or decrease the credit rating of the first user according to the login condition of the first user.
In one or more embodiments of the present invention, the identity authentication device may further include:
And the second scoring module is configured to increase or decrease the credit rating of other users associated with the first user according to the login condition of the first user after determining whether the first user is allowed to login according to the rating of the first user, wherein the other users associated with the first user are users belonging to the same group with the first user.
In one or more embodiments of the present invention, the identity authentication device may further include:
The second acquisition module is configured to acquire the characteristic data of the user before responding to the login request of the first user and acquiring the credit rating of the first user, wherein the characteristic data at least comprises one of the following: user name, group to which the user belongs, category of the user, credit rating of the user; and the grouping module is configured to group the users according to the characteristic data.
In one or more embodiments of the present invention, the identity authentication device may further include:
the third acquisition module is configured to acquire the safety index of the system after the first user logs in;
And a third scoring module configured to reduce the credit rating of the first user and other users associated with the first user if the security indicator indicates that the system is in an unsafe state.
In one or more embodiments of the present invention, the identity authentication device may further include:
The division module is configured to divide the users into single-point credit giving users and common users according to the credit giving scores of the users before responding to the login request of the first user and acquiring the credit giving scores of the first user, wherein the single-point credit giving users have the authority of improving the credit giving scores of the common users in the group.
In one or more embodiments of the present invention, the identity authentication device may further include:
a fourth obtaining module configured to obtain a security index of the system after the first user logs in;
The disabling module is configured to disable the login of the common user if the security index indicates that the system is in an unsafe state;
A fifth obtaining module configured to obtain a request of the single point trusted user to increase the authorization score of other second users in the group;
a fourth scoring module configured to increase a credit rating of the second user based on the request;
And the determining module is configured to determine whether to allow the second user to log in according to the credit rating of the second user.
One or more embodiments of the present invention also provide an electronic device including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to respective circuits or devices of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing any one of the authentication methods described above.
One or more embodiments of the present invention also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform any one of the identity authentication methods described above.
Accordingly, as shown in fig. 4, the electronic device provided by the embodiment of the present invention may include: the device comprises a shell 41, a processor 42, a memory 43, a circuit board 44 and a power circuit 45, wherein the circuit board 44 is arranged in a space surrounded by the shell 41, and the processor 42 and the memory 43 are arranged on the circuit board 44; a power circuit 45 for powering the various circuits or devices of the server; the memory 43 is for storing executable program code; the processor 42 runs a program corresponding to the executable program code by reading the executable program code stored in the memory 43 for executing any one of the authentication methods provided in the foregoing embodiments.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments.
In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
For convenience of description, the above apparatus is described as being functionally divided into various units/modules, respectively. Of course, the functions of the various elements/modules may be implemented in the same piece or pieces of software and/or hardware when implementing the present invention.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random-access Memory (Random Access Memory, RAM), or the like.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the scope of the present invention should be included in the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (7)
1. An identity authentication method, comprising:
Responding to a login request of a first user, and checking whether a user name and a login password of the first user are correct; under the condition that the user name and the login password of the first user are correct, acquiring a credit rating of the first user, wherein the credit rating is related to the historical login condition of the first user;
determining whether to allow the first user to log in according to the credit rating of the first user;
according to the login condition of the first user, the credit rating of the first user is increased or decreased;
Before obtaining the credit rating of the first user in response to the login request of the first user, the method further comprises: dividing the users into single-point credit giving users and common users according to credit giving scores of the users, wherein the single-point credit giving users have the authority of improving the credit giving scores of the common users in the group;
after the first user logs in, the method further comprises:
Acquiring a safety index of the system;
If the safety index indicates that the system is in an unsafe state, prohibiting the common user from logging in;
acquiring a request of the single-point credit giving user for improving the authorization scores of other second users in the group;
improving the credit rating of the second user according to the request;
And determining whether to allow the second user to log in according to the credit rating of the second user.
2. The method of claim 1, wherein after determining whether to allow the first user to log in based on the score of the first user, the method further comprises:
And improving or reducing credit scores of other users associated with the first user according to the login condition of the first user, wherein the other users associated with the first user are users belonging to the same group with the first user.
3. The method of claim 1, wherein prior to obtaining a trust score for a first user in response to a login request for the first user, the method further comprises:
Acquiring characteristic data of a user, wherein the characteristic data at least comprises one of the following:
User name, group to which the user belongs, category of the user, credit rating of the user;
And grouping the users according to the characteristic data.
4. The method of claim 1, wherein after the first user logs in, the method further comprises:
Acquiring a safety index of the system;
And if the security index indicates that the system is in an unsafe state, reducing the credit scores of the first user and other users associated with the first user.
5. An identity authentication device, comprising:
The first acquisition module is configured to respond to a login request of a first user and check whether a user name and a login password of the first user are correct; under the condition that the user name and the login password of the first user are correct, acquiring a credit rating of the first user, wherein the credit rating is determined by the historical login condition of the first user;
A determining module configured to determine whether to allow the first user to log in according to the credit score of the first user;
The first scoring module is configured to increase or decrease the credit rating of the first user according to the login condition of the first user;
Before the first obtaining module is configured to obtain the credit score of the first user in response to the login request of the first user, the apparatus further includes: the system comprises a dividing module, a first user identification module and a second user identification module, wherein the dividing module is configured to divide users into single-point credit giving users and common users according to credit giving scores of the users, and the single-point credit giving users have the authority of improving the credit giving scores of the common users in the group;
The apparatus further comprises:
a fourth obtaining module configured to obtain a security index of the system after the first user logs in;
The disabling module is configured to disable the login of the common user if the security index indicates that the system is in an unsafe state;
A fifth obtaining module configured to obtain a request of the single point trusted user to increase the authorization score of other second users in the group;
a fourth scoring module configured to increase a credit rating of the second user based on the request;
The determining module is configured to determine whether to allow the second user to log in according to the credit rating of the second user.
6. An electronic device, the electronic device comprising: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to respective circuits or devices of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing the authentication method according to any one of the preceding claims 1 to 4.
7. A non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the identity authentication method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111058121.8A CN113779521B (en) | 2021-09-09 | 2021-09-09 | Identity authentication method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111058121.8A CN113779521B (en) | 2021-09-09 | 2021-09-09 | Identity authentication method and device, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113779521A CN113779521A (en) | 2021-12-10 |
| CN113779521B true CN113779521B (en) | 2024-05-24 |
Family
ID=78842181
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111058121.8A Active CN113779521B (en) | 2021-09-09 | 2021-09-09 | Identity authentication method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113779521B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2014026020A (en) * | 2012-07-25 | 2014-02-06 | Kyocera Document Solutions Inc | Image forming apparatus |
| WO2015184894A2 (en) * | 2015-01-27 | 2015-12-10 | 中兴通讯股份有限公司 | Method and device for implementing multi-user login mode |
| CN107343007A (en) * | 2017-07-17 | 2017-11-10 | 广西科技大学 | Distributed file management method and system based on user identity and purview certification |
| CN108076018A (en) * | 2016-11-16 | 2018-05-25 | 阿里巴巴集团控股有限公司 | Identity authorization system, method, apparatus and account authentication method |
| CN108574658A (en) * | 2017-03-07 | 2018-09-25 | 腾讯科技(深圳)有限公司 | A kind of application login method and its equipment |
| CN110166438A (en) * | 2019-04-19 | 2019-08-23 | 平安科技(深圳)有限公司 | Login method, device, computer equipment and the computer storage medium of account information |
| WO2019195143A1 (en) * | 2018-04-05 | 2019-10-10 | Visa International Service Association | System, method, and apparatus for authenticating a user |
| EP3567536A1 (en) * | 2018-05-09 | 2019-11-13 | Capital One Services, LLC | Real-time selection of authentication procedures based on risk assessment |
| CN112417416A (en) * | 2020-11-19 | 2021-02-26 | 深圳市德普光业科技有限公司 | Authentication interaction method, system and storage medium of service system |
| CN112653679A (en) * | 2020-12-14 | 2021-04-13 | 北京指掌易科技有限公司 | Dynamic identity authentication method, device, server and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11038896B2 (en) * | 2015-06-02 | 2021-06-15 | Dipankar Dasgupta | Adaptive multi-factor authentication system with multi-user permission strategy to access sensitive information |
| US10834084B2 (en) * | 2018-07-20 | 2020-11-10 | International Business Machines Corporation | Privileged identity authentication based on user behaviors |
| US11388167B2 (en) * | 2019-12-02 | 2022-07-12 | Transmit Security Ltd. | Contextual scoring of authenticators |
-
2021
- 2021-09-09 CN CN202111058121.8A patent/CN113779521B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2014026020A (en) * | 2012-07-25 | 2014-02-06 | Kyocera Document Solutions Inc | Image forming apparatus |
| WO2015184894A2 (en) * | 2015-01-27 | 2015-12-10 | 中兴通讯股份有限公司 | Method and device for implementing multi-user login mode |
| CN108076018A (en) * | 2016-11-16 | 2018-05-25 | 阿里巴巴集团控股有限公司 | Identity authorization system, method, apparatus and account authentication method |
| CN108574658A (en) * | 2017-03-07 | 2018-09-25 | 腾讯科技(深圳)有限公司 | A kind of application login method and its equipment |
| CN107343007A (en) * | 2017-07-17 | 2017-11-10 | 广西科技大学 | Distributed file management method and system based on user identity and purview certification |
| WO2019195143A1 (en) * | 2018-04-05 | 2019-10-10 | Visa International Service Association | System, method, and apparatus for authenticating a user |
| EP3567536A1 (en) * | 2018-05-09 | 2019-11-13 | Capital One Services, LLC | Real-time selection of authentication procedures based on risk assessment |
| CN110166438A (en) * | 2019-04-19 | 2019-08-23 | 平安科技(深圳)有限公司 | Login method, device, computer equipment and the computer storage medium of account information |
| CN112417416A (en) * | 2020-11-19 | 2021-02-26 | 深圳市德普光业科技有限公司 | Authentication interaction method, system and storage medium of service system |
| CN112653679A (en) * | 2020-12-14 | 2021-04-13 | 北京指掌易科技有限公司 | Dynamic identity authentication method, device, server and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 企业级信息管理系统认证统一管理的设计与实现;郭威;;南方能源建设(第S1期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113779521A (en) | 2021-12-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11899808B2 (en) | Machine learning for identity access management | |
| US7849320B2 (en) | Method and system for establishing a consistent password policy | |
| US9332019B2 (en) | Establishment of a trust index to enable connections from unknown devices | |
| CN111917714B (en) | Zero trust architecture system and use method thereof | |
| US20200134165A1 (en) | Risk based brute-force attack prevention | |
| CN112231726B (en) | Access control method and device based on trusted verification and computer equipment | |
| CN112653714A (en) | Access control method, device, equipment and readable storage medium | |
| CN112613020A (en) | Identity verification method and device | |
| CN111953635B (en) | Interface request processing method and computer-readable storage medium | |
| CN110751488A (en) | Intelligent terminal safety payment method, terminal and medium | |
| CN114785720B (en) | Internet surfing behavior supervision platform for enterprise local area network | |
| CN111309978A (en) | Transformer substation system safety protection method and device, computer equipment and storage medium | |
| KR101768942B1 (en) | System and method for secure authentication to user access | |
| CN113779521B (en) | Identity authentication method and device, storage medium and electronic equipment | |
| CN112464213B (en) | Operating system access control method, device, equipment and storage medium | |
| CN113987458A (en) | Spring Security based Security authentication method, device and medium | |
| CN110955884B (en) | Method and device for determining upper limit times of password trial and error | |
| CN116541815B (en) | Computer equipment operation and maintenance data safety management system | |
| CN116232875B (en) | Remote office method, device, equipment and medium | |
| CN111131273A (en) | Internet access control system for network engineering | |
| CN110717160A (en) | Method and device for periodically checking and correcting privileged account | |
| CN112138404A (en) | Game APP login verification method and system | |
| CN111193687B (en) | Validity verification method, device, equipment and computer readable storage medium | |
| CN108462713B (en) | Method and system for client to perform credibility verification | |
| CN117857221B (en) | Authority management method and system for remote service platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |