CN113987466A - Information sequencing auditing method and device based on middlebox and storage medium - Google Patents
Information sequencing auditing method and device based on middlebox and storage medium Download PDFInfo
- Publication number
- CN113987466A CN113987466A CN202111610574.7A CN202111610574A CN113987466A CN 113987466 A CN113987466 A CN 113987466A CN 202111610574 A CN202111610574 A CN 202111610574A CN 113987466 A CN113987466 A CN 113987466A
- Authority
- CN
- China
- Prior art keywords
- auditing
- authentication
- target
- information
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method, a device and a storage medium for information sequencing and auditing based on a central station, wherein the method comprises the following steps: extracting a user attribute label in an access request sent by an access terminal, and selecting a corresponding dynamic auditing strategy based on the user attribute label; selecting a corresponding number of target auditing modes based on the dynamic auditing strategy, and determining corresponding authentication demand data and auditing judgment data according to the target auditing modes; sequencing the selected target auditing modes according to respective authentication attributes to obtain authentication sequencing results; decomposing the total authentication data to obtain a plurality of sub-authentication acquisition information; corresponding sub-audit information is called according to the authentication sorting result to authenticate the sub-authentication acquisition information; if the plurality of sub-audit information respectively pass the authentication of the corresponding plurality of sub-authentication acquisition information, allowing the access terminal to access the center; and if the sub-verification information does not pass the sub-authentication acquisition information, rejecting the access request of the access terminal to the middle station.
Description
Technical Field
The present invention relates to data processing technologies, and in particular, to a method, an apparatus, and a storage medium for information sequencing and auditing based on a middlebox.
Background
When a plurality of clients need to access data in a server, a login request and authentication information of the login request are sent to the server, and after the server authenticates the authentication information, the clients have conditions for accessing the server. In some sensitive data, however, a higher level of authentication is required for the visitor to prevent access to the sensitive data of the server, database, and central station by illegal persons. In many current scenes, in order to ensure that the sensitive data is not accessed by other people, the sensitive data can only be accessed by a corresponding terminal, which is inconvenient.
In the prior art, a strict information auditing mode does not exist, the safety and the tightness of identity authentication can be guaranteed, and the operation of a user is easy.
Disclosure of Invention
The embodiment of the invention provides a middlebox-based information sequencing auditing method, a middlebox-based information sequencing auditing device and a storage medium, which can authenticate and audit identities of users according to a plurality of target auditing modes respectively, and can adopt various forms when the users access target data in the middlebox, so that the security of sensitive data is improved, and the users can operate conveniently.
In a first aspect of the embodiments of the present invention, a method for auditing information sequencing based on a middlebox is provided, including:
extracting a user attribute label in an access request sent by an access terminal, and selecting a corresponding dynamic auditing strategy based on the user attribute label;
selecting a corresponding number of target auditing modes from an auditing mode set based on the dynamic auditing strategy, determining corresponding authentication demand data and auditing judgment data according to the target auditing modes, and sending the authentication demand data to a target terminal;
sequencing the selected target auditing modes according to respective authentication attributes to obtain authentication sequencing results;
receiving total authentication data sent by a target terminal, and decomposing the total authentication data to obtain a plurality of sub-authentication acquisition information;
the auditing judgment data comprises a plurality of sub-auditing information, and corresponding sub-auditing information is called according to the authentication sequencing result so as to authenticate the sub-authentication acquisition information;
if the plurality of sub-audit information respectively pass the authentication of the corresponding plurality of sub-authentication acquisition information, allowing the access terminal to access the center;
and if the sub-verification information does not pass the sub-authentication acquisition information, rejecting the access request of the access terminal to the middle station.
Optionally, in a possible implementation manner of the first aspect, the extracting a user attribute tag in an access request sent by an access terminal, and selecting a corresponding dynamic audit policy based on the user attribute tag includes:
extracting the grade information in the user attribute label, and selecting quantity information corresponding to the grade based on the grade information;
and generating a dynamic auditing strategy based on the quantity information, wherein the dynamic auditing strategy is a target auditing mode of randomly selecting corresponding quantity information.
Optionally, in a possible implementation manner of the first aspect, selecting a corresponding number of target auditing manners from an auditing manner set based on the dynamic auditing policy, and determining corresponding authentication requirement data and auditing judgment data according to the target auditing manners includes:
randomly selecting a target auditing mode with the quantity corresponding to the quantity information from an auditing mode set according to the dynamic auditing strategy, wherein the target auditing mode comprises any one or more of face identification auditing, iris identification auditing, fingerprint identification auditing, password information auditing and machine information auditing;
and extracting a target auditing mode corresponding to the user attribute tag, and generating authentication demand data and auditing judgment data according to a plurality of target auditing modes, wherein the authentication demand data and the auditing judgment data respectively correspond to the user attribute tag and the target auditing mode.
Optionally, in a possible implementation manner of the first aspect, the obtaining an authentication ranking result by ranking the selected target auditing manners according to respective authentication attributes includes:
acquiring the historical auditing time of each target auditing mode and the number of times of authentication failure of each target auditing mode;
respectively calculating target auditing coefficients of the selected target auditing modes based on the historical auditing time of the target auditing modes and the times of failure in authentication of the target auditing modes;
and sequencing the target auditing coefficients from small to large to obtain an authentication sequencing result.
Optionally, in a possible implementation manner of the first aspect, calculating the target audit coefficients of the selected target audit mode respectively based on the historical audit time of the target audit mode and the number of times that the target audit mode fails to pass the authentication includes:
the target audit coefficient is calculated by the following formula,
wherein S is a target audit coefficient,
in the target auditing mode
The number of historical audit time, N, C, the number of times of authentication failure,
the number of times of passing is preset, L is a preset constant, and P is a preset weight value of the target audit coefficient.
Optionally, in a possible implementation manner of the first aspect, the method further includes:
presetting a preset number of randomly selected slot positions to obtain the total slot position number of the slot positions;
obtaining the corresponding slot position number corresponding to each target auditing mode based on the target auditing coefficients and the slot position total number of all the target auditing modes;
and filling the auditing mark into the slot positions with the corresponding slot position number.
Optionally, in a possible implementation manner of the first aspect, obtaining the corresponding slot number corresponding to each target auditing manner based on the target auditing coefficients and the slot total number of all the target auditing manners includes:
the corresponding slot number is calculated by the following formula,
wherein X is the corresponding slot number corresponding to the target auditing mode, Z is a preset power value, T is the total slot number,
is as follows
A target auditing coefficient of each target auditing mode,
is as follows
The number of corresponding slots of each target auditing mode.
Optionally, in a possible implementation manner of the first aspect, the method further includes:
obtaining the current type number of all target auditing modes, updating the total slot number through the following formula to obtain the updated slot number,
wherein R is the total number of the updated slot positions,
is a target ofThe number of the preset types of the auditing modes,
the current type number of the target auditing mode.
In a second aspect of the embodiments of the present invention, an information sequencing auditing apparatus based on a middlebox is provided, including:
the access terminal comprises an extraction module, a dynamic audit module and a verification module, wherein the extraction module is used for extracting a user attribute label in an access request sent by the access terminal and selecting a corresponding dynamic audit strategy based on the user attribute label;
the selecting module is used for selecting a corresponding number of target auditing modes from the auditing mode set based on the dynamic auditing strategy, determining corresponding authentication demand data and auditing judgment data according to the target auditing modes, and sending the authentication demand data to a target terminal;
the sorting module is used for sorting the selected target auditing modes according to respective authentication attributes to obtain authentication sorting results;
the decomposition module is used for receiving total authentication data sent by a target terminal and decomposing the total authentication data to obtain a plurality of sub-authentication acquisition information;
the verification judging data comprises a plurality of sub-verification information and is used for calling corresponding sub-verification information according to the verification sequencing result so as to verify the sub-verification acquisition information;
the authentication passing module is used for allowing the access terminal to access the center if the plurality of sub-audit information respectively pass the authentication of the corresponding plurality of sub-authentication acquisition information;
and the authentication refusing module is used for refusing the access request of the access terminal to the middle station if the sub-audit information passes the authentication of the sub-authentication acquisition information.
In a third aspect of the embodiments of the present invention, a storage medium is provided, in which a computer program is stored, which, when being executed by a processor, is adapted to implement the method according to the first aspect of the present invention and various possible designs of the first aspect of the present invention.
According to the information sequencing auditing method and device based on the middlebox and the storage medium, in the identity authentication dimension, the corresponding dynamic auditing strategy can be selected according to the attribute tags of the users, and the corresponding number of target auditing modes can be randomly selected according to the dynamic auditing strategy, so that the diversity and randomness of user auditing and authentication are guaranteed. According to the invention, in the user login dimension, the access terminal for the user to access the data and the target terminal for sending the total authentication data are different terminals, so that the data access and the identity authentication are separated, the user is not limited to login and access by using only one terminal any more, more appropriate equipment can be selected according to the actual scene, and the operation is easy.
Because the invention adopts various target auditing modes when authenticating and auditing the identity of the user, and increases the processing capacity of devices such as a middle station, a server and the like, in order to improve the authentication efficiency, the invention can sequence the selected target auditing modes, and places the target auditing mode which is most difficult for the user to pass in the history at the top, so that when authenticating the identity of the user, the invention firstly selects the target auditing mode which is most difficult for the user to pass to authenticate the identity, thereby quickly determining the access requests which are not approved to pass, effectively reducing the authentication and auditing number of the target auditing modes when rejecting the user to access, and further reducing the data processing capacity on the whole.
When the target auditing mode is selected, a plurality of slot positions are preset, each slot position is provided with an auditing mark corresponding to the target auditing mode, and the target auditing mode is determined by randomly selecting the corresponding slot position.
Drawings
FIG. 1 is a flow chart of a first embodiment of a middlebox-based information ranking auditing method;
FIG. 2 is a flow chart of a second embodiment of a middlebox-based information ranking auditing method;
fig. 3 is a block diagram of an embodiment of a middlebox-based information ranking and auditing apparatus.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the internal logic of the processes, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
It should be understood that in the present application, "comprising" and "having" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that, in the present invention, "a plurality" means two or more. "and/or" is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "comprises A, B and C" and "comprises A, B, C" means that all three of A, B, C comprise, "comprises A, B or C" means that one of A, B, C comprises, "comprises A, B and/or C" means that any 1 or any 2 or 3 of A, B, C comprises.
It should be understood that in the present invention, "B corresponding to a", "a corresponds to B", or "B corresponds to a" means that B is associated with a, and B can be determined from a. Determining B from a does not mean determining B from a alone, but may be determined from a and/or other information. And the matching of A and B means that the similarity of A and B is greater than or equal to a preset threshold value.
As used herein, "if" may be interpreted as "at … …" or "when … …" or "in response to a determination" or "in response to a detection", depending on the context.
The technical solution of the present invention will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
The invention provides a method for checking information sequencing based on a middlebox, which is shown as a flow chart in figure 1 and comprises the following steps:
step S110, extracting a user attribute label in an access request sent by an access terminal, and selecting a corresponding dynamic auditing strategy based on the user attribute label. The software method provided by the invention is completed based on the middle station, a plurality of user attribute labels are pre-stored in the middle station, for example, a principal and an administrator of a department, and the like all have different user attribute labels, different user data labels may have different authority ranges, for example, the authority range of the user data label corresponding to the administrator is to view a small part of sensitive data, and the authority range of the user data label corresponding to the principal and the principal is to view a large part of sensitive data.
In the technical solution provided by the present invention, as shown in fig. 2, step S110 specifically includes:
step S1101, extracting the level information in the user attribute tag, and selecting quantity information corresponding to the level based on the level information. The level information in the present invention may be a numerical value, such as a first level, a second level, or a third level. Or the position information of the chief and the staff. Different level information may have different amount information, for example, the amount information corresponding to the principal is 3, and the amount information corresponding to the administrator is 2. Generally, the quantity information corresponding to the user attribute tag having the larger authority is larger, and the quantity information may be set according to an actual scene.
Step S1102, generating a dynamic auditing strategy based on the quantity information, wherein the dynamic auditing strategy is a target auditing mode of randomly selecting corresponding quantity information. According to the method and the device, after the quantity information is obtained, a dynamic auditing strategy can be obtained, the dynamic auditing strategy can select a corresponding quantity of target auditing modes according to the quantity information, for example, in the scheme provided by the invention, 6 types of target auditing modes are provided, at the moment, the quantity information is 3, 3 target auditing modes can be randomly selected from the 6 types of target auditing modes, the random quantity is at least 2, and the more the target auditing modes are, the higher the data processing quantity of the middle station is. Therefore, the present invention determines the quantity information according to the rank information in order to appropriately allocate the middlebox data processing amount. The higher the rank information is, the higher the number value in the number information is.
And S120, selecting a corresponding number of target auditing modes from the auditing mode set based on the dynamic auditing strategy, determining corresponding authentication requirement data and auditing judgment data according to the target auditing modes, and sending the authentication requirement data to a target terminal. Each target auditing mode corresponds to one piece of sub-auditing information and sub-authentication requirement information respectively, and the method generates a plurality of sub-auditing information and a set of sub-authentication requirement information according to the selected and selected target auditing mode to obtain authentication requirement data and auditing judgment data.
In the technical solution provided by the present invention, step S120 specifically includes:
and randomly selecting a number of target auditing modes corresponding to the number information in an auditing mode set according to the dynamic auditing strategy, wherein the target auditing modes comprise any one or more of face identification auditing, iris identification auditing, fingerprint identification auditing, password information auditing and machine information auditing. The auditing method provided by the invention comprises a plurality of auditing modes.
The face identification audit corresponds to the face identifier audit information, the fingerprint identification audit corresponds to the fingerprint identifier audit information, the password information audit corresponds to the codon audit information and the like. The face identification verification corresponds to the face identifier authentication requirement information, the fingerprint identification verification corresponds to the fingerprint identifier authentication requirement information, the password information verification corresponds to the codon authentication requirement information and the like.
And extracting a target auditing mode corresponding to the user attribute tag, and generating authentication demand data and auditing judgment data according to a plurality of target auditing modes, wherein the authentication demand data and the auditing judgment data respectively correspond to the user attribute tag and the target auditing mode. The authentication requirement data and the auditing judgment data correspond to a user attribute label and a plurality of target auditing modes respectively.
And S130, sequencing the selected target auditing modes according to respective authentication attributes to obtain authentication sequencing results. The invention can sequence a plurality of target auditing modes according to the authentication attributes of the target auditing modes, and the mode can determine the priority authentication sequence of each target auditing mode. The authentication attributes may include the historical auditing time of each target auditing manner and the number of times of authentication failure of each target auditing manner.
In the technical solution provided by the present invention, step S130 specifically includes:
and acquiring the historical auditing time of each target auditing mode and the number of times of authentication failure of each target auditing mode. The invention can count the historical auditing time of each target auditing mode, for example, at the first time, the auditing information of the face identifier is 1.8 seconds when the auditing information of the face identifier authentication acquisition information is audited, and at the second time, the auditing information of the face identifier is 2.1 seconds when the auditing information of the face identifier authentication acquisition information is audited, and the like. The present invention also counts the number of times of non-passing of each target verification mode, for example, a target verification mode has 100 times of total number of times that the identified user cannot pass, that is, the face identifier verification information may be that the face identifier authentication acquisition information is not passed.
And respectively calculating the target auditing coefficients of the selected target auditing modes based on the historical auditing time of the target auditing modes and the times of failure in authentication of the target auditing modes. The historical auditing time of each target auditing mode can reflect the efficiency of the auditing mode, and the authentication failure times of the target auditing mode can reflect which authentication mode is not easy to pass by a user. Through the mode, the optimal strategy of the invention is to find out the target auditing mode which has higher auditing efficiency and is difficult to pass user authentication as the first target auditing mode for auditing the user. At the moment, the combination of the auditing efficiency and the times of user authentication failure can be comprehensively reflected through the target auditing coefficient.
And sequencing the target auditing coefficients from small to large to obtain an authentication sequencing result. The smaller the target auditing coefficient is, the highest profitability is proved that the comprehensive auditing efficiency and the user authentication do not pass through two dimensions, and the profitability is the most suitable target auditing mode for authenticating the user by comprehensively considering the auditing efficiency and the user authentication.
According to the technical scheme provided by the invention, respectively calculating the target auditing coefficients of the selected target auditing modes based on the historical auditing time of the target auditing modes and the times of failure in authentication of the target auditing modes comprises the following steps:
the target audit coefficient is calculated by the following formula,
wherein S is a target audit coefficient,
in the target auditing mode
A historical audit time, N is the number of historical audit times,Cin order to authenticate the number of times of failure,
a preset weight value of the number of times of non-passing,Land P is a preset weight value of the target auditing coefficient.
By passing
The historical average auditing time of each target auditing mode can be obtained, so that the time length of the target auditing mode is reflected, and the quantity value of the target auditing mode is reduced. By passing
The number of times of authentication failure can be reflected. When in use
The larger the value is, the longer the auditing time of the target auditing mode is, and when the value is larger, the auditing time of the target auditing mode is longer
The larger the result is, the higher the probability that the auditing mode cannot pass is proved to be. The invention needs to comprehensively determine a target auditing mode with smaller auditing time and higher passing probability, so that the target auditing mode passes
A target audit coefficient can be obtained synthetically.
The technical scheme provided by the invention further comprises the following steps:
presetting a preset number of randomly selected slot positions to obtain the total slot position number of the slot positions. The present invention presets a corresponding number of randomly selected slots, say 10, 20, 100, etc.
And obtaining the corresponding slot position number corresponding to each target auditing mode based on the target auditing coefficients and the slot position total number of all the target auditing modes. The invention distributes the slot positions, so that one target auditing mode can have a plurality of slot positions. And the corresponding slot position number corresponding to each target auditing mode is obtained according to the target auditing coefficient and the slot position total number, so that the number of each slot position is associated with the target auditing coefficient.
And filling the auditing mark into the corresponding slot positions with the number of the corresponding slot positions, wherein the auditing mark can be filled into the corresponding slot positions.
The invention has a plurality of selection modes when the target auditing mode is randomly selected by the slot position, for example, 2 target auditing modes need to be selected, first round of random selection is carried out, a slot position is randomly selected from all slot positions, the auditing identification corresponding to the slot position is obtained, and the corresponding first round of selected target auditing mode is determined according to the auditing identification. And then closing all the slot positions corresponding to the auditing identification of the first round of random selection, further carrying out a second round of random selection to obtain auditing labels of the second round of random selection, and determining a target auditing mode of the second round of selection according to the auditing labels of the second round of random selection.
According to the technical scheme provided by the invention, the obtaining of the corresponding slot position number corresponding to each target auditing mode based on the target auditing coefficients and the slot position total number of all the target auditing modes comprises the following steps:
the corresponding slot number is calculated by the following formula,
wherein X is the corresponding slot number corresponding to the target auditing mode,Zis a preset power value, T is the total number of the slot positions,
is as follows
A target auditing coefficient of each target auditing mode,
is as follows
The number of corresponding slots of each target auditing mode.
By passing
The ratio of the target audit coefficient of a certain target audit mode to the target audit coefficients of all target audit modes can be calculated, and when S is smaller, the ratio is smaller
The larger the slot position is, the slot position number of each target auditing mode can be adjusted through a preset power value which is presetZThe setting can be made according to the corresponding scene. By passing
As a limitation, to
And limiting to avoid the condition of an empty slot position. When in use
In time, an output alert may be made. Through the access, more slot positions can be provided for the target auditing mode with smaller target auditing coefficient, and therefore when the target auditing mode is randomly selected, more appropriate target auditing modes can be selected with higher probabilityAnd (4) a target auditing mode of the processing efficiency.
The technical scheme provided by the invention further comprises the following steps:
obtaining the current type number of all target auditing modes, updating the total slot number through the following formula to obtain the updated slot number,
wherein R is the total number of the updated slot positions,
the number of preset types of target auditing modes,
the current type number of the target auditing mode.
The purpose of setting a plurality of slots is to increase or reduce the probability of a certain target auditing mode being selected during random selection. Because the system is required to be updated, the target auditing mode can be added or deleted. The invention can determine a proper amount of slot positions as long as the probability that a certain target auditing mode is selected can be increased or reduced, and the less the slot positions are, the less the data processing amount of the middle station is, and the processing efficiency can be improved. However, if the number of slots is not changed and the number of target auditing modes is increased, the probability that a certain target auditing mode cannot be selected in a random selection process may be caused, so the invention adjusts the total number of slots each time the target auditing mode is increased or decreased. By passing
Can reflect the increased trend value of the target auditing mode, and can pass through
The trend value of the target auditing mode reduced can be reflected, and the invention can increase according to the trend valueThe trend value and the reduced trend value dynamically adjust the total slot number T, so that the total slot number can be changed no matter how the target auditing mode is changed, and certain emphasis is ensured when the target auditing mode is randomly selected.
And S140, receiving total authentication data sent by the target terminal, and decomposing the total authentication data to obtain a plurality of sub-authentication acquisition information.
After receiving the authentication requirement data, the target terminal decomposes the authentication requirement data to obtain a plurality of sub-authentication requirement information, and extracts corresponding data according to the sub-authentication requirement information, for example, the sub-authentication requirement information is face identification sub-authentication requirement information, and at this time, the target terminal extracts face data of a user to obtain face identification information, and at this time, the face identification information is sub-authentication acquisition information.
The target terminal collects corresponding information of the user according to the plurality of sub-authentication requirement information, such as facial identification information, iris identification information and the like, and packages the information into total authentication data according to the collected facial identification information and iris identification information. The collected face identification information is one of the sub-authentication collection information, and the iris identification information is the other sub-authentication collection information. The user can acquire a plurality of sub-authentication acquisition information through an input device at the target terminal, such as a face extraction means, an iris extraction means, a touch screen, or the like.
And S150, the auditing judgment data comprise a plurality of sub-auditing information, and corresponding sub-auditing information is called according to the authentication sequencing result so as to authenticate the sub-authentication acquisition information. According to the method, the sub-audit information and the sub-authentication acquisition information in the corresponding sequence are sequentially selected according to the authentication sequencing result, and the sub-authentication acquisition information is authenticated and compared through the sub-audit information.
When the sub-authentication acquisition information is face identification information, the corresponding sub-audit information is face identifier audit information, the face identifier audit information can be face information of a user which is stored in advance, and the face information of the user which is stored in advance and the sub-authentication acquisition information are compared and authenticated. The authentication mode of the corresponding sub-authentication acquisition information by the other sub-audit information is similar to that of the face identifier audit information, and the invention is not repeated.
Step S160, if the plurality of sub-audit information respectively pass the authentication of the corresponding plurality of sub-authentication acquisition information, allowing the access terminal to access the center. The invention can collect a plurality of sub-authentication collection information, authenticate the sub-authentication collection information through a plurality of sub-audit information, and after the plurality of sub-authentication collection information are respectively authenticated by a plurality of corresponding sub-audit information, prove that the user is a real user at the moment and can access sensitive data in the middle station, so that the access terminal can access the middle station at the moment.
Step S170, if one piece of sub-audit information is present and the sub-authentication acquisition information is not authenticated, the access request of the access terminal to the middle station is refused. When one piece of sub-audit information fails to pass the sub-authentication acquisition information, it is proved that the user may be abnormal at this time, and at this time, the access request of the access terminal to the middle station needs to be denied, so that the sensitive data leakage is avoided.
In the technical scheme provided by the invention, the target terminal and the access terminal can be the same terminal or different terminals, and the target terminal can be a device only having information and data acquisition functions, or a mobile phone, a computer and the like. In the invention, each user attribute label in the middle station has a unique corresponding target terminal, and the middle station can collect various information of the user through the target terminal. For example, if the target terminal is a mobile phone and the user needs to view sensitive data on a computer, the computer is an access terminal. It needs to send access request to the middle station through the computer, and execute the authentication from step S110 to step S170 in the method provided by the present invention, and finally determine that the computer can or cannot access the middle station and the sensitive data in the middle station. Through the mode, the target terminal is fixed, and the access terminal can be converted according to requirements, so that the authentication safety of the invention is ensured, and meanwhile, the operation of a user is facilitated.
An embodiment of the present invention further provides an information sorting and auditing apparatus based on a middlebox, as shown in fig. 3, including:
the access terminal is used for sending an access request to the access terminal, and the access request comprises a user attribute label and a corresponding dynamic auditing strategy;
the selection module is used for selecting a corresponding number of target auditing modes from the auditing mode set based on the dynamic auditing strategy, determining corresponding authentication demand data and auditing judgment data according to the target auditing modes, and sending the authentication demand data to a target terminal;
the sorting module is used for sorting the selected target auditing modes according to respective authentication attributes to obtain authentication sorting results;
the decomposition module is used for receiving total authentication data sent by a target terminal and decomposing the total authentication data to obtain a plurality of sub-authentication acquisition information;
the verification judging data comprises a plurality of sub-verification information and is used for calling corresponding sub-verification information according to the verification sequencing result to authenticate the sub-verification acquisition information;
the authentication passing module is used for allowing the access terminal to access the center if the plurality of sub-audit information respectively pass the authentication of the corresponding plurality of sub-authentication acquisition information;
and the authentication refusing module is used for refusing the access request of the access terminal to the middle station if the sub-audit information passes the authentication of the sub-authentication acquisition information.
The storage medium may be a computer storage medium or a communication medium. Communication media includes any medium that facilitates transfer of a computer program from one place to another. Computer storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, a storage medium is coupled to the processor such that the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuits (ASIC). Additionally, the ASIC may reside in user equipment. Of course, the processor and the storage medium may reside as discrete components in a communication device. The storage medium may be read-only memory (ROM), random-access memory (RAM), CD-ROMs, magnetic tapes, floppy disks, optical data storage devices, and the like.
The present invention also provides a program product comprising execution instructions stored in a storage medium. The at least one processor of the device may read the execution instructions from the storage medium, and the execution of the execution instructions by the at least one processor causes the device to implement the methods provided by the various embodiments described above.
In the above embodiments of the terminal or the server, it should be understood that the Processor may be a Central Processing Unit (CPU), other general-purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. The information sequencing auditing method based on the middle station is characterized by comprising the following steps:
extracting a user attribute label in an access request sent by an access terminal, and selecting a corresponding dynamic auditing strategy based on the user attribute label;
selecting a corresponding number of target auditing modes from an auditing mode set based on the dynamic auditing strategy, determining corresponding authentication demand data and auditing judgment data according to the target auditing modes, and sending the authentication demand data to a target terminal;
sequencing the selected target auditing modes according to respective authentication attributes to obtain authentication sequencing results;
receiving total authentication data sent by a target terminal, and decomposing the total authentication data to obtain a plurality of sub-authentication acquisition information;
the auditing judgment data comprises a plurality of sub-auditing information, and corresponding sub-auditing information is called according to the authentication sequencing result so as to authenticate the sub-authentication acquisition information;
if the plurality of sub-audit information respectively pass the authentication of the corresponding plurality of sub-authentication acquisition information, allowing the access terminal to access the center;
and if the at least one piece of sub-audit information does not pass the authentication of the sub-authentication acquisition information, rejecting the access request of the access terminal to the middle station.
2. The middlebox-based information sequencing auditing method according to claim 1,
extracting a user attribute tag in an access request sent by an access terminal, and selecting a corresponding dynamic auditing strategy based on the user attribute tag comprises the following steps:
extracting the grade information in the user attribute label, and selecting quantity information corresponding to the grade based on the grade information;
and generating a dynamic auditing strategy based on the quantity information, wherein the dynamic auditing strategy is a target auditing mode of randomly selecting corresponding quantity information.
3. The middlebox-based information sequencing auditing method according to claim 2,
selecting a corresponding number of target auditing modes from an auditing mode set based on the dynamic auditing strategy, and determining corresponding authentication requirement data and auditing judgment data according to the target auditing modes comprises the following steps:
randomly selecting a target auditing mode with the quantity corresponding to the quantity information from an auditing mode set according to the dynamic auditing strategy, wherein the target auditing mode comprises any one or more of face identification auditing, iris identification auditing, fingerprint identification auditing, password information auditing and machine information auditing;
and extracting a target auditing mode corresponding to the user attribute tag, and generating authentication demand data and auditing judgment data according to a plurality of target auditing modes, wherein the authentication demand data and the auditing judgment data respectively correspond to the user attribute tag and the target auditing mode.
4. The middlebox-based information sequencing auditing method according to claim 2,
the step of sequencing the selected target auditing modes according to respective authentication attributes to obtain authentication sequencing results comprises the following steps:
acquiring the historical auditing time of each target auditing mode and the number of times of authentication failure of each target auditing mode;
respectively calculating target auditing coefficients of the selected target auditing modes based on the historical auditing time of the target auditing modes and the times of failure in authentication of the target auditing modes;
and sequencing the target auditing coefficients from small to large to obtain an authentication sequencing result.
5. The middlebox-based information sequencing auditing method according to claim 4,
respectively calculating the target auditing coefficients of the selected target auditing modes based on the historical auditing time of the target auditing modes and the times of failure in authentication of the target auditing modes, wherein the target auditing coefficients comprise:
the target audit coefficient is calculated by the following formula,
wherein S is a target audit coefficient,
in the target auditing mode
The time of the historical audit is used,Nthe number of historical audit times, C the number of authentication failures,ka preset weight value of the number of times of non-passing,Land P is a preset weight value of the target auditing coefficient.
6. The middlebox-based information sequencing auditing method according to claim 5, further comprising:
presetting a preset number of randomly selected slot positions to obtain the total slot position number of the slot positions;
obtaining the corresponding slot position number corresponding to each target auditing mode based on the target auditing coefficients and the slot position total number of all the target auditing modes;
and filling the auditing mark into the slot positions with the corresponding slot position number.
7. The middlebox-based information sequencing auditing method according to claim 6,
obtaining the corresponding slot position number corresponding to each target auditing mode based on the target auditing coefficients and the slot position total number of all the target auditing modes comprises the following steps:
the corresponding slot number is calculated by the following formula,
wherein X is the corresponding slot number corresponding to the target auditing mode, Z is a preset power value, T is the total slot number,
is as follows
A target auditing coefficient of each target auditing mode,
is as follows
The number of corresponding slots of each target auditing mode.
8. The middlebox-based information sequencing auditing method according to claim 7, further comprising:
obtaining the current type number of all target auditing modes, updating the total slot number through the following formula to obtain the updated slot number,
wherein R is the total number of the updated slot positions,
the number of preset types of target auditing modes,
the current type number of the target auditing mode.
9. Information sequencing auditing device based on middleboxes is characterized by comprising:
the access terminal comprises an extraction module, a dynamic audit module and a verification module, wherein the extraction module is used for extracting a user attribute label in an access request sent by the access terminal and selecting a corresponding dynamic audit strategy based on the user attribute label;
the selection module is used for selecting a corresponding number of target auditing modes from the auditing mode set based on the dynamic auditing strategy, determining corresponding authentication demand data and auditing judgment data according to the target auditing modes, and sending the authentication demand data to a target terminal;
the sorting module is used for sorting the selected target auditing modes according to respective authentication attributes to obtain authentication sorting results;
the decomposition module is used for receiving total authentication data sent by a target terminal and decomposing the total authentication data to obtain a plurality of sub-authentication acquisition information;
the verification judging data comprises a plurality of sub-verification information and is used for calling corresponding sub-verification information according to the verification sequencing result to authenticate the sub-verification acquisition information;
the authentication passing module is used for allowing the access terminal to access the center if the plurality of sub-audit information respectively pass the authentication of the corresponding plurality of sub-authentication acquisition information;
and the authentication refusing module is used for refusing the access request of the access terminal to the middle station if the sub-audit information passes the authentication of the sub-authentication acquisition information.
10. Storage medium, characterized in that a computer program is stored in the storage medium, which computer program, when being executed by a processor, is adapted to carry out the method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111610574.7A CN113987466B (en) | 2021-12-27 | 2021-12-27 | Information sequencing auditing method and device based on middlebox and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111610574.7A CN113987466B (en) | 2021-12-27 | 2021-12-27 | Information sequencing auditing method and device based on middlebox and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113987466A true CN113987466A (en) | 2022-01-28 |
| CN113987466B CN113987466B (en) | 2022-04-12 |
Family
ID=79734538
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111610574.7A Active CN113987466B (en) | 2021-12-27 | 2021-12-27 | Information sequencing auditing method and device based on middlebox and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113987466B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114638729A (en) * | 2022-05-18 | 2022-06-17 | 国网浙江省电力有限公司 | Electric power inspection method of double-middlebox architecture based on energy internet marketing service |
| CN114677184A (en) * | 2022-05-25 | 2022-06-28 | 国网浙江省电力有限公司宁波供电公司 | Data processing method and platform based on operation decision auxiliary model |
| CN114978749A (en) * | 2022-06-14 | 2022-08-30 | 中国电信股份有限公司 | Login authentication method and system, storage medium and electronic equipment |
| CN115796889A (en) * | 2023-01-10 | 2023-03-14 | 开鑫科技信息服务(南京)有限公司 | Data processing method suitable for trading platform |
| CN116362692A (en) * | 2023-04-13 | 2023-06-30 | 国网浙江省电力有限公司信息通信分公司 | Collaborative data processing method and system suitable for administrative office OA platform |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123500A (en) * | 2006-08-11 | 2008-02-13 | 华为技术有限公司 | A biologic verification method and device |
| US20150004599A1 (en) * | 2013-06-27 | 2015-01-01 | Verizon Patent And Licensing Inc. | Real-time dna-based identity solution |
| CN105453524A (en) * | 2013-05-13 | 2016-03-30 | 霍约什实验室Ip有限公司 | System and method for authorizing access to access-controlled environments |
| CN105760725A (en) * | 2016-01-29 | 2016-07-13 | 广东欧珀移动通信有限公司 | Identity authentication method and user terminal |
| CN108076018A (en) * | 2016-11-16 | 2018-05-25 | 阿里巴巴集团控股有限公司 | Identity authorization system, method, apparatus and account authentication method |
| CN110334489A (en) * | 2019-07-12 | 2019-10-15 | 广州大白互联网科技有限公司 | A kind of unified single sign-on system and method |
| CN112580952A (en) * | 2020-12-09 | 2021-03-30 | 腾讯科技(深圳)有限公司 | User behavior risk prediction method and device, electronic equipment and storage medium |
| CN112687042A (en) * | 2020-12-23 | 2021-04-20 | 中国工商银行股份有限公司 | Authentication method, authentication device and electronic equipment |
-
2021
- 2021-12-27 CN CN202111610574.7A patent/CN113987466B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123500A (en) * | 2006-08-11 | 2008-02-13 | 华为技术有限公司 | A biologic verification method and device |
| CN105453524A (en) * | 2013-05-13 | 2016-03-30 | 霍约什实验室Ip有限公司 | System and method for authorizing access to access-controlled environments |
| US20150004599A1 (en) * | 2013-06-27 | 2015-01-01 | Verizon Patent And Licensing Inc. | Real-time dna-based identity solution |
| CN105760725A (en) * | 2016-01-29 | 2016-07-13 | 广东欧珀移动通信有限公司 | Identity authentication method and user terminal |
| CN108076018A (en) * | 2016-11-16 | 2018-05-25 | 阿里巴巴集团控股有限公司 | Identity authorization system, method, apparatus and account authentication method |
| CN110334489A (en) * | 2019-07-12 | 2019-10-15 | 广州大白互联网科技有限公司 | A kind of unified single sign-on system and method |
| CN112580952A (en) * | 2020-12-09 | 2021-03-30 | 腾讯科技(深圳)有限公司 | User behavior risk prediction method and device, electronic equipment and storage medium |
| CN112687042A (en) * | 2020-12-23 | 2021-04-20 | 中国工商银行股份有限公司 | Authentication method, authentication device and electronic equipment |
Non-Patent Citations (2)
| Title |
|---|
| G.A.S. TORRELLAS ET AL: "An authentication protocol for agent platform security manager", 《IEEE》 * |
| 李爱宁 等: "基于RBAC的多等级移动Agent系统访问控制机制", 《计算机系统应用》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114638729A (en) * | 2022-05-18 | 2022-06-17 | 国网浙江省电力有限公司 | Electric power inspection method of double-middlebox architecture based on energy internet marketing service |
| CN114638729B (en) * | 2022-05-18 | 2022-08-02 | 国网浙江省电力有限公司 | Electric power inspection method of double-middling platform architecture based on energy internet marketing service |
| CN114677184A (en) * | 2022-05-25 | 2022-06-28 | 国网浙江省电力有限公司宁波供电公司 | Data processing method and platform based on operation decision auxiliary model |
| CN114677184B (en) * | 2022-05-25 | 2022-08-26 | 国网浙江省电力有限公司宁波供电公司 | Data processing method and platform based on operation decision auxiliary model |
| CN114978749A (en) * | 2022-06-14 | 2022-08-30 | 中国电信股份有限公司 | Login authentication method and system, storage medium and electronic equipment |
| CN114978749B (en) * | 2022-06-14 | 2023-10-10 | 中国电信股份有限公司 | Login authentication method and system, storage medium and electronic equipment |
| CN115796889A (en) * | 2023-01-10 | 2023-03-14 | 开鑫科技信息服务(南京)有限公司 | Data processing method suitable for trading platform |
| CN115796889B (en) * | 2023-01-10 | 2023-04-18 | 开鑫科技信息服务(南京)有限公司 | Data processing method suitable for trading platform |
| CN116362692A (en) * | 2023-04-13 | 2023-06-30 | 国网浙江省电力有限公司信息通信分公司 | Collaborative data processing method and system suitable for administrative office OA platform |
| CN116362692B (en) * | 2023-04-13 | 2023-09-29 | 国网浙江省电力有限公司信息通信分公司 | Collaborative data processing method and system suitable for administrative office OA platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113987466B (en) | 2022-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113987466B (en) | Information sequencing auditing method and device based on middlebox and storage medium | |
| EP3719678B1 (en) | Identity verification method and apparatus | |
| CN112182519B (en) | Computer storage system security access method and access system | |
| US10114935B2 (en) | Technologies for login pattern based multi-factor authentication | |
| EP2748781B1 (en) | Multi-factor identity fingerprinting with user behavior | |
| US6076167A (en) | Method and system for improving security in network applications | |
| US9971949B2 (en) | Imaging processing system and method and management apparatus | |
| WO2014114998A1 (en) | User authentication | |
| CN112464200B (en) | Authentication risk detection method and system | |
| US11429698B2 (en) | Method and apparatus for identity authentication, server and computer readable medium | |
| CN109871673B (en) | Continuous identity authentication method and system based on different context environments | |
| CN109245902A (en) | Protection method and device for instant messaging information verification code | |
| CN111274046A (en) | Service call validity detection method and device, computer equipment and computer storage medium | |
| CN110830445A (en) | Method and device for identifying abnormal access object | |
| US20170171188A1 (en) | Non-transitory computer-readable recording medium, access monitoring method, and access monitoring apparatus | |
| CN115348037A (en) | Identity authentication method, device and equipment of terminal equipment | |
| CN111835773B (en) | User identity authentication system based on edge calculation | |
| CN113239333A (en) | Browser user identity authentication method and system based on cross-domain resource access | |
| CN116777441A (en) | Information verification method, device, equipment and computer readable storage medium | |
| CN112272195B (en) | Dynamic detection authentication system and method thereof | |
| CN116846555A (en) | Data access method and device | |
| CN112615936A (en) | Method and device for improving safety of Internet of things | |
| CN113254901B (en) | Data security access method and device | |
| CN114666164B (en) | Computer network user identity login verification system and method | |
| CN117118750B (en) | Data sharing method and device based on white-box password, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |