CN115248910A - Identity authentication method and device applied to mobile terminal - Google Patents
Identity authentication method and device applied to mobile terminal Download PDFInfo
- Publication number
- CN115248910A CN115248910A CN202210879197.5A CN202210879197A CN115248910A CN 115248910 A CN115248910 A CN 115248910A CN 202210879197 A CN202210879197 A CN 202210879197A CN 115248910 A CN115248910 A CN 115248910A
- Authority
- CN
- China
- Prior art keywords
- user
- authentication
- password
- samples
- password input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/084—Backpropagation, e.g. using gradient descent
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Biophysics (AREA)
- Computing Systems (AREA)
- Molecular Biology (AREA)
- Evolutionary Computation (AREA)
- Mathematical Physics (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Biomedical Technology (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention provides an identity authentication method and device applied to a mobile terminal, relating to the technical field of identity recognition, wherein the method comprises the following steps: detecting the typing behavior of a user on a password input interface, and verifying the password input by the user to obtain a password verification result; starting sensor monitoring on the password input interface, and collecting sensor data corresponding to the typing behavior of a user on the password input interface; inputting the sensor data into a typing behavior prediction model to obtain an authentication distance output by the typing behavior prediction model; and performing user identity authentication according to the password verification result and the authentication distance output by the model. The method can improve the safety, can finish the double identity authentication in the background without perception when the user inputs the password, and can adopt different wind control means aiming at the double identity authentication result, thereby improving the user experience.
Description
Technical Field
The invention relates to the technical field of identity recognition, in particular to an identity authentication method and device applied to a mobile terminal.
Background
Biological characteristics such as human faces, fingerprints, irises, voiceprints and the like are called hard biological characteristics, at present, the supervision on the hard biological characteristics is increasingly strict, and once the hard biological characteristics are leaked, the influence on a user is extremely long-term or even lifelong. The authorization degree required by the hard biometric features is high, user cooperation is basically required to achieve detection effects during detection, and user experience is poor.
Therefore, most users still tend to adopt the traditional password login mode. However, most password login interfaces of the mobile phone terminal do not have an imperceptible identity authentication mode matched with the password login interfaces, if the password is leaked or is operated instead, the logged-in account is actually in a non-real-control person operation state, and the risk is extremely high.
How to protect the privacy of the user to the maximum extent in the identity authentication process, so that no long-term damage is caused in case of data leakage, and the required authority is not so high, so that the authorization process has universality, which needs to be considered in the future of identity authentication.
Disclosure of Invention
In view of the above, the present invention provides an identity authentication method and apparatus applied to a mobile terminal, where a double authentication method of password authentication and user operation behavior authentication is adopted, the method not only can improve security, but also can complete double identity authentication in a background without perception when a user inputs a password, and can adopt different wind control means for a double identity authentication result, thereby improving user experience.
Based on the above purpose, the present invention provides an identity authentication method applied to a mobile terminal, which comprises the following steps:
detecting the typing behavior of a user on a password input interface, and verifying the password input by the user to obtain a password verification result;
starting sensor monitoring on the password input interface, and collecting sensor data corresponding to the typing behavior of a user on the password input interface;
inputting the sensor data into a typing behavior prediction model to obtain an authentication distance output by the typing behavior prediction model;
and performing user identity authentication according to the password verification result and the authentication distance output by the model:
if the password passes the verification and the authentication distance output by the model passes the comparison with the threshold value, determining that the user identity authentication passes;
if the password passes the verification and the comparison between the authentication distance output by the model and the threshold value fails, judging that illegal user login is possible, and starting a first wind control means to control or start biological characteristic authentication;
if the password verification fails and the authentication distance output by the model is compared with the threshold value, the user is judged to have the possibility of password input error, and the password input fault-tolerant times are increased;
if the password verification fails and the comparison between the authentication distance output by the model and the threshold value fails, the high-risk illegal user is judged to log in, and the password input fault-tolerant times are reduced or a second wind control means is started for controlling or starting the biological feature authentication.
Optionally, the collecting sensor data corresponding to the typing behavior of the user on the password input interface specifically includes the following steps:
judging whether the mobile terminal is currently positioned on a password input interface;
if so, starting a sensor for monitoring, and acquiring input behavior data of the user by using the sensor of the mobile terminal; the sensor comprises a linear accelerometer and a gyroscope which are arranged in the mobile terminal;
dividing the input behavior data into small time windows, dividing long-time data into a plurality of small time window samples, and taking the small time window samples as training samples or samples to be predicted of the typing behavior prediction model; and marking the home subscriber identity of each small time window sample.
Optionally, the typing behavior prediction model is trained based on template samples of password input users and template samples of other users; specifically, the typing behavior prediction model is obtained by training through the following steps:
constructing a training sample pair based on the template sample of the user and the template samples of other users;
and training the training sample pair as input data for training in a deep learning mode to obtain the typing behavior prediction model for generating the identity recognition result of the sensor data.
Optionally, the typing behavior prediction model is trained based on features extracted from template samples of users who input passwords and template samples of other users, and specifically, the typing behavior prediction model is trained by the following steps:
constructing a training sample pair based on the template sample of the user and the template samples of other users;
extracting training features of the training sample pairs;
and training the training characteristic pair as input data for training in a deep learning mode to obtain the typing behavior prediction model for generating the identity recognition result of the sensor data.
Optionally, the training features include statistical features, local features, signal features, frequency domain features, and cross features.
Optionally, after the step of constructing the training sample pair based on the template sample of the user and the template samples of other users, the method further includes the following steps:
preprocessing the training sample pairs; the preprocessing mode comprises smoothing filtering, median filtering, average filtering and Kalman filtering.
Optionally, in a training stage of the typing behavior prediction model, training samples of the typing behavior prediction model include template samples, positive samples, and negative samples, where the template samples, the positive samples, and the negative samples are obtained by collecting the sensor data of each user on a password input interface, and the authentication distance is a mean square distance between the template samples and the positive samples and the negative samples, respectively, so as to learn a behavior difference between a password input habit of the user and a password input habit of an illegal user; in the prediction stage of the typing behavior prediction model, the authentication distance is the mean square distance between the sample to be judged and the template sample, and the authentication distance is compared with a threshold value, and the method specifically comprises the following steps:
inputting sensor data of a current user into a typing behavior prediction model to obtain an authentication distance output by the typing behavior prediction model; the current user is a user corresponding to a training sample in the typing behavior prediction model or an untrained new user in the typing behavior prediction model;
judging the relation between the authentication distance and a preset distance threshold;
if the authentication distance is larger than the preset distance threshold, the identity authentication result is that the comparison between the authentication distance and the threshold fails;
and if the authentication distance is smaller than the preset distance threshold, the identity authentication result is that the authentication distance and the threshold are compared to pass.
The invention also provides an identity authentication device applied to the mobile terminal, which comprises the following steps:
the first verification module is used for detecting the typing behavior of a user on the password input interface, verifying the password input by the user and obtaining a password verification result;
the second verification module is used for starting sensor monitoring on the password input interface and collecting sensor data corresponding to the typing behavior of the user on the password input interface; inputting the sensor data into a typing behavior prediction model to obtain an authentication distance output by the typing behavior prediction model;
and the data analysis module is used for carrying out user identity authentication according to the password verification result and the authentication distance output by the model:
if the password passes the verification and the authentication distance output by the model passes the comparison with the threshold value, determining that the user identity authentication passes;
if the password passes the verification and the comparison between the authentication distance output by the model and the threshold value fails, judging that illegal user login is possible, and starting a first wind control means to control or start biological characteristic authentication;
if the password verification fails and the authentication distance output by the model is compared with the threshold value, the user is judged to have the possibility of password input error, and the password input fault-tolerant times are increased;
if the password verification fails and the comparison between the authentication distance output by the model and the threshold value fails, the high-risk illegal user is judged to log in, and the password input fault-tolerant times are reduced or a second wind control means is started for controlling or starting the biological feature authentication.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the steps of the identity authentication method applied to the mobile terminal.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of any of the above-described identity authentication methods applied to a mobile terminal.
The invention adopts a double verification method of password verification and user operation behavior verification, the method not only can improve the safety, but also can finish double identity authentication in the background without perception when the user inputs the password, and different wind control means can be adopted aiming at the double identity authentication result, thereby improving the user experience.
As can be seen from the above, the identity authentication method and apparatus applied to the mobile terminal provided by the present invention, when the user uses the mobile terminal, for example, uses an Application (App) installed on the mobile terminal, a series of verifications are completed in the background of the mobile terminal without sensing, and there is no need to interrupt App operation for biometric authentication as a human face or a fingerprint; the data acquired by the sensor is adopted for identity authentication, so that the privacy of a user is more friendly, the verification effect can be achieved, the harm to the user can be reduced to the greatest extent during leakage, meanwhile, the sensor data has timeliness, and after a period of time, the data can automatically lose efficacy under the influence of changed input habits or other objective factors, so that the accuracy of identity authentication is improved; the model constructed based on the data of the sensor has universality and meets the requirement of accuracy.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to specific embodiments.
It is to be noted that technical terms or scientific terms used in the embodiments of the present invention should have the ordinary meanings as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in this disclosure is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item preceding the word comprises the element or item listed after the word and its equivalent, but does not exclude other elements or items.
As a preferred embodiment of the present invention, the present invention provides an identity authentication method applied to a mobile terminal, including the steps of:
detecting the typing behavior of a user on a password input interface, and verifying the password input by the user to obtain a password verification result;
starting sensor monitoring on the password input interface, and collecting sensor data corresponding to the typing behavior of a user on the password input interface;
inputting the sensor data into a typing behavior prediction model to obtain an authentication distance output by the typing behavior prediction model;
and performing user identity authentication according to the password verification result and the authentication distance output by the model:
if the password passes the verification and the authentication distance output by the model passes the comparison with the threshold value, determining that the user identity authentication passes;
if the password passes the verification and the comparison between the authentication distance output by the model and the threshold value fails, judging that illegal user login is possible, and starting a first wind control means to control or start biological characteristic authentication;
if the password verification fails and the authentication distance output by the model is compared with the threshold value, the user is judged to have the possibility of password input error, and the password input fault-tolerant times are increased;
if the password verification fails and the comparison between the authentication distance output by the model and the threshold value fails, the high-risk illegal user is judged to log in, and the password input fault-tolerant times are reduced or a second wind control means is started for controlling or starting the biological feature authentication.
Wherein the wind control level of the first wind control means is lower than the wind control level of the second wind control means. For example, the first wind control means adopts any one of telephone or short message notification, short message verification code verification and the like, and the second wind control means adopts any one of bank card authentication, identity card authentication, face living body detection and the like.
In a preferred embodiment, the password is a combination of a first password and a second password, the first password is composed of more than one of numbers, letters and symbols, the second password is a specific track, and the specific track is formed by connecting lines of touch operations (such as inputting numbers, letters and symbols) of a user or by sliding operations of the user. Verifying the password input by the user, wherein the verification of the first password and the verification of the second password are included; and starting sensor monitoring on the password input interface, namely triggering the sensor monitoring after the first password is input, wherein the sensor data corresponding to the typing action is the sensor data corresponding to the user when operating the input action of the second password. Therefore, the password input behavior of the user can be accurately captured, and the interference of other operation behaviors is avoided; and the sensor data is combined with a specific track, so that the robustness of the sensor data can be greatly improved.
By the identity authentication method and the identity authentication device applied to the mobile terminal, when a user uses the mobile terminal, such as an App installed on the mobile terminal, a series of verification is finished on a background of the mobile terminal without perception, and the App operation does not need to be interrupted like a human face and a fingerprint to specially carry out biological feature authentication; the data acquired by the sensor is adopted for identity authentication, so that the privacy of a user is more friendly, the verification effect can be achieved, the harm to the user can be reduced to the greatest extent during leakage, meanwhile, the sensor data has timeliness, and after a period of time, the data can automatically lose efficacy under the influence of changed input habits or other objective factors, so that the accuracy of identity authentication is improved; the model constructed based on the data of the sensor has universality and meets the requirement of accuracy.
It is understood that mobile terminals include, but are not limited to, cell phones, notebooks, tablets, and wearable devices. The method comprises the steps of acquiring the movement acceleration, the rotation angular velocity change and the like of a user using App of a mobile terminal by using a linear accelerometer and a gyroscope, and setting the sampling frequency of each sensor before acquisition, such as 50Hz and 100 Hz. When a user using the mobile terminal has an input behavior, the sensor is started to monitor, and sensor data during typing of the user is collected.
In the early stage, because the sensor data lacks the template data of the user, the sensor data which is collected to the user and passes face and fingerprint verification in the same session can be stored and warehoused as the sample template of the authenticated user. The sample template is collected for the subsequent judgment of unknown samples and is used as reference data for authentication comparison. Meanwhile, in the previous data collection stage, other biometric authentication modes such as fingerprints and human faces can be combined for marking the data of the user.
In this embodiment, the collecting sensor data corresponding to the typing behavior of the user on the password input interface specifically includes the following steps:
judging whether the mobile terminal is currently positioned on a password input interface or not;
if so, starting a sensor for monitoring, and acquiring input behavior data of the user by using the sensor of the mobile terminal; the sensor comprises a linear accelerometer and a gyroscope which are installed in the mobile terminal;
dividing the input behavior data into small time windows, dividing long-time data into a plurality of small time window samples, and taking the small time window samples as training samples or samples to be predicted of the typing behavior prediction model; and marking the home subscriber identity of each small time window sample. For example, when the input behavior data of the user is accumulated for a certain period of time, the input behavior data is divided into small time windows, the time windows can be selected from 0.2 second and 0.5 second, and the long-time data is divided into a plurality of small time window samples.
In a preferred embodiment a, the typing behavior prediction model is trained by:
and A110, constructing a training sample pair based on the template sample of the user and the template samples of other users.
And A120, training the training sample pair as input data for training by adopting a deep learning mode to obtain a typing behavior prediction model for generating an identity recognition result of the sensor data.
In this method, a template sample is required in the construction of a sample pair, and there are two main ways to select the template sample. The first method is a single sample method, in which a sample having user representativeness is called a template sample or a registration sample, and a common template sample obtaining method is that before the user performs identity authentication by typing for the first time, the user inputs a predetermined input content after passing through other identity verification means, and sensor data when inputting the content is used as the template sample of the user. It can be understood that this is one of the generation manners of the template samples, or the optimal template sample can be selected by calculation from the authenticated historical data, one of the methods is to perform time domain and frequency domain conversion on the small time window samples by using fast fourier transform, calculate the features on the frequency domain, traverse the existing samples, calculate the similarity of each sample with respect to other samples, and select the sample with the highest comprehensive similarity as the template sample. When the single-sample method is adopted, the template sample is not changed in a short period, and only one template sample is arranged in the short period, so the method is called as the single-sample method. The second method is a random sample method, which randomly extracts an authenticated historical sample as a template sample. After the template sample is constructed, positive and negative samples which need to be trained and tested are constructed, and the construction mode is positive sampling and negative sampling. And combining the template sample with other samples to obtain a plurality of sample pairs, and further constructing a complete sample set. The other samples refer to the sample of the user or the samples of other users, if the sample of the user is the sample of the user, the sample is taken as a positive example sample, and the behavior patterns of the template sample and the other samples are consistent; if the sample of other users is considered as a negative sample, the behavior pattern between the template sample and other samples is not consistent. Thus, each sample pair is labeled with a corresponding matching label according to whether the sample pair is matched or not when the training sample pair is formed.
In another preferred embodiment B, the typing behavior prediction model is further trained by:
and B110, constructing a training sample pair based on the template sample of the user and the template samples of other users. The process of step B110 to construct training sample pairs is identical to step a110 and will not be described in detail herein.
And B120, extracting training characteristics of the training sample pairs.
In the method, the training sample pair includes two schemes, the first scheme is a characteristic engineering scheme corresponding to the step B120, and the second scheme is an end-to-end scheme corresponding to the step A120. The feature engineering scheme is characterized in that features are manually extracted, then a model is constructed, and the extracted features comprise general statistical features, local features, signal features, frequency domain features, cross features and the like, such as minimum values, maximum values, mean values, variances, frequency domain features, spectral entropies, amplitudes, rolling features, zero penetration rates, peak numbers, change rates and the like. The second scheme is to directly input the original data into the deep learning model and directly extract the features by the deep learning model.
And B130, training the training characteristic pairs as input data for training by adopting a deep learning mode to obtain a typing behavior prediction model for generating an identity recognition result of the sensor data.
In the method, the model construction mainly adopts a metric learning method, and one of the metric learning methods is to construct a twin network structure. The twin network has two inputs, where there are two feature extraction networks, the two sub-network weights are shared. Because two schemes are adopted in the process of processing the training sample pairs, the sub-network structures are different for different schemes. If the feature engineering corresponds to step B120, the sub-network structure is mainly composed of full connection layers. If an end-to-end scheme is adopted to correspond to step a120, that is, the input of the model is the original data of the template sample and other samples, the sub-network structure needs to adopt a structure with a time sequence model extraction capability, such as a recurrent neural network, a time sequence convolution structure, a time sequence transformer structure, a full connection structure, and the like, and the combination of different structures can have a feature extraction capability.
In this embodiment, the subnetwork structure in the first mode is stacked in multiple layers by using a one-dimensional convolution and a Wavenet network, where the one-dimensional convolution is combined with a bidirectional long-and-short-term memory network, and is preferably a one-dimensional convolution and Wavenet network structure.
The model between the one-dimensional convolution and the Wavenet network scheme is as follows:
a first layer: 16-kernel one-dimensional convolution is carried out, the kernel size is 1, the filling mode is same, and the activation function is hash;
a second layer: a 16-core Wavenet module, wherein the core size is 3, and the stacking layer number in the Wavenet module is 16;
and a third layer: 32-kernel one-dimensional convolution is carried out, the kernel size is 1, the filling mode is same, and the activation function is hash;
a fourth layer: 32 cores of the Wavenet module, wherein the size of each core is 3, and the number of stacking layers in the Wavenet module is 8;
a fifth layer: performing 64-kernel one-dimensional convolution, wherein the kernel size is 1, the filling mode is same, and the activation function is hash;
a sixth layer: a 64-core Wavenet module, wherein the core size is 3, and the number of stacking layers in the Wavenet module is 4;
a seventh layer: performing 128-kernel one-dimensional convolution, wherein the kernel size is 1, the filling mode is same, and the activation function is hash;
an eighth layer: a 128-core Wavenet module, wherein the core size is 3, and the stacking layer number in the Wavenet module is 1;
ninth layer: one-dimensional global average pooling.
Therefore, there are two ways for model output, the first way is to splice, find the difference or otherwise extract the features of the template sample and other samples, then connect the full connection layer or other discriminant models, and finally output is a two-class output, i.e. if the template sample and other samples come from the same user, the output is matched, and if the template sample and other samples do not belong to the same user, the output is not matched. The second way is to optimize the network by using a pair-based loss function, such as triple loss, constrained loss, etc. Taking the triplet loss as an example, constructing a training set comprising template samples, positive samples and negative samples, extracting the sensor data depth features of the training set by adopting a twin network basic network sharing weight values, inputting the extracted depth embedding features into the triplet loss for error calculation after the extraction is successful, and then adopting an error back propagation method for training the twin network. In this embodiment, the loss function is preferably a triplet loss. Meanwhile, if triplet loss is selected, a main network needs to be defined in the training stage, a basic network (base network) needs to be defined in the main network, the basic network is a weight sharing model, a time sequence-based neural network architecture is mainly adopted for extracting characteristics of samples, and the application of the basic network is different according to different loss functions. And the main network needs to input the template sample, the positive sample and the negative sample at the same time, and uses the basic network sharing the weight to extract the features of the three samples respectively. And taking the extracted three types of sample characteristics as the output of the main network. The master network performs loss calculations on the three types of sample outputs using triplet loss. In the training process of the basic network and the main network, the related activation functions comprise relu, mish, sigmoid, tanh and the like, the optimizer adopts a Ranger optimizer, the optimization strategy adopts a BN optimization strategy, L2 weight attenuation item regularization, an early stop method, dropout and the like are used, and Bayesian optimization is used for optimizing parameters of the main network and the basic network.
After step a110 and step B110, the method further comprises the steps of:
A111/B111, preprocessing a training sample pair; the pre-processing is performed by using some filtering and noise reduction techniques for filtering noise, for example, noise reduction methods of scenes such as smoothing filtering, median filtering, average filtering, kalman filtering, and the like may be used to perform noise reduction on the training sample pair.
The basic network outputs different types of samples to form the output of the main network, and a triplet loss is taken as an example for explanation, wherein the triplet loss is used for controlling the characteristics learned by the basic network, so that the characteristics of the positive sample are closer to the characteristics of the template sample, the characteristics of the negative sample are farther from the characteristics of the template sample, and the basic network learns the characteristic difference among different personnel sensor data. In the prediction stage, taking a login scene as an example, when a certain account is logged in, sensor data to be authenticated is generated, a template sample is extracted from authenticated data of a user of the account, a trained typing behavior prediction model is used for calculating embedded feature expressions of the sensor data and the typing behavior prediction model of the authenticated template sample respectively, then the feature distance of the sensor data and the embedded feature expressions of the typing behavior prediction model is calculated, the authentication distance is compared with a preset distance threshold value, namely an authentication passing threshold value, set during verification of the typing behavior prediction model, if the authentication distance is greater than the preset distance threshold value, the authentication is not passed, if the authentication distance is smaller than the preset distance threshold value, the identity authentication result is not the user, and if the identity authentication result is not the user.
On the basis of the above preferred embodiment B, another preferred embodiment of the present invention may also be:
in the training stage of the typing behavior prediction model, the training samples of the typing behavior prediction model comprise template samples, positive samples and negative samples, the template samples, the positive samples and the negative samples are obtained by collecting the sensor data of each user on a password input interface, and the authentication distance refers to the mean square distance between the template samples and the positive samples and the negative samples respectively so as to learn the behavior difference between the password input habits of the user and the password input habits of illegal users; in the prediction stage of the typing behavior prediction model, the authentication distance is a mean square distance between a sample to be judged and the template sample, and the authentication distance is compared with a threshold value, and the method specifically comprises the following steps:
inputting sensor data of a current user into a typing behavior prediction model to obtain an authentication distance output by the typing behavior prediction model; the current user is a user corresponding to a training sample in the typing behavior prediction model or an untrained new user in the typing behavior prediction model;
the invention judges the relation between the authentication distance and the preset distance threshold, and specifically comprises the following steps:
if the authentication distance is larger than the preset distance threshold, the identity authentication result is that the comparison between the authentication distance and the threshold fails;
and if the authentication distance is smaller than the preset distance threshold, the identity authentication result is that the authentication distance and the threshold are compared to pass.
When the method is used for training a model, distances between template samples and positive samples and between template samples and negative samples, such as mean square distances, are calculated on a verification set respectively, then reasonable distance thresholds are divided according to indexes, the samples larger than the distances are regarded as samples which do not pass the authentication, and the samples smaller than the distance thresholds are regarded as samples which pass the authentication. And during prediction, calculating the distance between the sample to be judged and the template sample, and judging according to a threshold value. The template sample at this time is the template sample corresponding to the selected login account. Because the metric learning method is applied, the model constructed in the previous step learns the difference between the operation of the user and the password input habit of the user, and the final discrimination distance between the user and other people is far through a large amount of training data, so that the metric learning method has the capability of being generalized to novel users. For example, for a new user who has samples in the database but does not enter the model training, the constructed model can also identify the differences between the input patterns of other users, i.e., the new user can make a decision without retraining the previous model.
In the steps, the input habit distance between the unknown person who inputs the password and the account holder is obtained according to model prediction, and finally, the condition that password authentication needs to be combined is judged.
There are four results for double authentication:
1. password verification is passed, model output distance is compared with a threshold value, and the comparison result is passed: in this case, the user is certified to pass the double authentication and is released.
2. And if the password verification fails, comparing the model output distance with a threshold value by: under the condition, the condition that the user himself inputs the password incorrectly or forgets the password may exist, the password input fault-tolerant times can be properly increased under the condition, the account number is prevented from being frozen as usual due to the user himself, the fault-tolerant times are dynamically adjusted, and the user experience is improved.
3. The password verification is passed, and the comparison of the model output distance and the threshold value fails: in this case, there may be a situation where a non-account holder illegally logs in the account, the risk is high, and different wind control means may be used for control, for example, a relatively loose wind control means is to immediately send a short message or call to notify an account real controller, and a relatively strict wind control means is to immediately call other hard biometric authentication means to perform re-authentication.
4. Password verification fails, and comparison of the model output distance with a threshold value fails: in this case, it is considered that the user has a very high risk of non-self-login, and the wind control means can be upgraded by reducing the number of times of password input fault tolerance or by immediately calling the hard biometric authentication means.
The identity authentication device provided by the present invention is described below, and the identity authentication device described below and the identity authentication method described above may be referred to in correspondence with each other.
The apparatus of this embodiment specifically includes:
the first verification module is used for detecting the typing behavior of a user on the password input interface, verifying the password input by the user and obtaining a password verification result;
the second verification module is used for starting sensor monitoring on the password input interface and collecting sensor data corresponding to the typing behavior of the user on the password input interface; inputting the sensor data into a typing behavior prediction model to obtain an authentication distance output by the typing behavior prediction model;
and the data analysis module is used for carrying out user identity authentication according to the password verification result and the authentication distance output by the model:
if the password passes the verification and the authentication distance output by the model passes the comparison with the threshold value, determining that the user identity authentication passes;
if the password passes the verification and the comparison between the authentication distance output by the model and the threshold value fails, judging that illegal user login is possible, and starting a first wind control means to control or start biological characteristic authentication;
if the password verification fails and the authentication distance output by the model is compared with the threshold value, the user is judged to have the possibility of password input error, and the password input fault-tolerant times are increased;
if the password verification fails and the comparison between the authentication distance output by the model and the threshold value fails, the high-risk illegal user is judged to log in, and the password input fault-tolerant times are reduced or a second wind control means is started for controlling or starting the biological feature authentication.
According to the method, when a user uses a mobile terminal, such as an App installed on the mobile terminal, a series of verification is completed on a background of the mobile terminal without perception through a data acquisition module, and the App operation does not need to be interrupted like a human face and a fingerprint to specially perform biological feature authentication; the data acquired by the sensor is used for identity authentication, so that the privacy of a user is more friendly, the verification effect can be achieved, the harm to the user can be reduced as much as possible when the user is exposed, meanwhile, the sensor data has timeliness, and after a period of time, the data can automatically lose efficacy under the influence of changed input habits or other objective factors, so that the accuracy of identity authentication is improved; the model constructed by the behavior prediction module based on the data of the sensor has universality and meets the requirement of accuracy.
The invention utilizes the linear accelerometer and the gyroscope to acquire the movement acceleration, the rotation angular velocity change and the like when a user uses App of the mobile terminal, and the sampling frequency of each sensor, such as 50Hz, 100Hz and the like, needs to be set before acquisition. When a user using the mobile terminal has an input behavior, the sensor is started to monitor, and sensor data during typing of the user is collected.
In the early stage, because the sensor data lacks the template data of the user, the sensor data which is collected to the user and passes face and fingerprint verification in the same session can be stored and warehoused as the sample template of the authenticated user. The sample template is collected for the subsequent determination of unknown samples and is used as reference data for authentication comparison. Meanwhile, in the previous data collection stage, other biometric authentication modes such as fingerprints and human faces can be combined for marking the data of the user.
The basic network outputs different types of samples to form the output of the main network, and a triplet loss is taken as an example for explanation, wherein the triplet loss is used for controlling the characteristics learned by the basic network, so that the characteristics of the positive sample are closer to the characteristics of the template sample, the characteristics of the negative sample are farther from the characteristics of the template sample, and the basic network learns the characteristic difference among different personnel sensor data. In the prediction stage, taking a login scene as an example, when a certain account is logged in, sensor data to be authenticated is generated, a template sample is extracted from authenticated data of a user of the account, a trained typing behavior prediction model is used for calculating embedded feature expressions of the sensor data and the typing behavior prediction model of the authenticated template sample respectively, then the feature distance of the sensor data and the embedded feature expressions of the typing behavior prediction model is calculated, the authentication distance is compared with a preset distance threshold value, namely an authentication passing threshold value, set during verification of the typing behavior prediction model, if the authentication distance is greater than the preset distance threshold value, the authentication is not passed, if the authentication distance is smaller than the preset distance threshold value, the identity authentication result is not the user, if the authentication distance is smaller than the preset distance threshold value, the identity authentication result is passed, and if the identity authentication result is the user.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The identity authentication method and the identity authentication device have the following beneficial effects:
1. according to the method, when the user inputs the password, the double authentication can be finished in the background without perception, different wind control means can be adopted according to the double authentication result, and the user experience is improved.
2. The identity authentication is carried out by adopting the sensor data, so that the privacy of the user is more friendly, the verification effect can be achieved, and the harm to the user can be reduced as much as possible when the user is exposed.
3. The identity authentication by adopting the sensor input behavior has extremely high accuracy, the AUC under the test set constructed by the scheme can reach 0.81, and the accuracy is higher.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the invention, also features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity.
The embodiments of the invention are intended to embrace all such alternatives, modifications and variances that fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalents, improvements, and the like that may be made without departing from the spirit or scope of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. An identity authentication method applied to a mobile terminal is characterized by comprising the following steps:
detecting the typing behavior of a user on a password input interface, and verifying the password input by the user to obtain a password verification result;
starting sensor monitoring on the password input interface, and collecting sensor data corresponding to the typing behavior of a user on the password input interface;
inputting the sensor data into a typing behavior prediction model to obtain an authentication distance output by the typing behavior prediction model;
and performing user identity authentication according to the password verification result and the authentication distance output by the model:
if the password passes the verification and the authentication distance output by the model passes the comparison with the threshold value, determining that the user identity authentication passes;
if the password passes the verification and the comparison between the authentication distance output by the model and the threshold value fails, judging that illegal user login is possible, and starting a first wind control means to control or start biological characteristic authentication;
if the password verification fails and the authentication distance output by the model is compared with the threshold value, the user is judged to have the possibility of password input error, and the password input fault-tolerant times are increased;
if the password verification fails and the comparison between the authentication distance output by the model and the threshold value fails, the high-risk illegal user is judged to log in, and the password input fault-tolerant times are reduced or a second wind control means is started for controlling or starting the biological feature authentication.
2. The identity authentication method applied to the mobile terminal according to claim 1, wherein the collecting of the sensor data corresponding to the typing behavior of the user on the password input interface specifically comprises the following steps:
judging whether the mobile terminal is currently positioned on a password input interface;
if so, starting a sensor for monitoring, and acquiring input behavior data of the user by using the sensor of the mobile terminal; the sensor comprises a linear accelerometer and a gyroscope which are arranged in the mobile terminal;
dividing the input behavior data into small time windows, dividing long-time data into a plurality of small time window samples, and taking the small time window samples as training samples or samples to be predicted of the typing behavior prediction model; and marking the home subscriber identity of each small time window sample.
3. The identity authentication method applied to the mobile terminal according to claim 1, wherein the typing behavior prediction model is trained based on template samples of password input users and template samples of other users; specifically, the typing behavior prediction model is obtained by training through the following steps:
constructing a training sample pair based on the template sample of the user and the template samples of other users;
and training the training sample pair as input data for training in a deep learning mode to obtain the typing behavior prediction model for generating the identity recognition result of the sensor data.
4. The identity authentication method applied to the mobile terminal according to claim 1, wherein the typing behavior prediction model is trained based on the template samples of the password input user and the extracted features of the template samples of other users, and in particular, the typing behavior prediction model is trained by the following steps:
constructing a training sample pair based on the template sample of the user and the template samples of other users;
extracting training features of the training sample pairs;
and training the training characteristic pair as input data for training in a deep learning mode to obtain the typing behavior prediction model for generating the identity recognition result of the sensor data.
5. The identity authentication method applied to the mobile terminal according to claim 4, wherein the training features comprise statistical features, local features, signal features, frequency domain features and cross features.
6. The identity authentication method applied to the mobile terminal according to any one of claims 3 to 5, wherein after the step of constructing the training sample pair based on the template sample of the user and the template samples of other users, the method further comprises the following steps:
preprocessing the training sample pairs; the preprocessing mode comprises smoothing filtering, median filtering, average filtering and Kalman filtering.
7. The identity authentication method applied to a mobile terminal according to claim 1, wherein in the training phase of the typing behavior prediction model, the training samples of the typing behavior prediction model include template samples, positive samples and negative samples, the template samples, the positive samples and the negative samples are obtained by collecting the sensor data of each user on a password input interface, and the authentication distance is a mean square distance between the template samples and the positive samples and the negative samples respectively, so as to learn the behavior difference between the password input habit of the user and the password input habit of an illegal user; in the prediction stage of the typing behavior prediction model, the authentication distance is the mean square distance between the sample to be judged and the template sample, and the authentication distance is compared with a threshold value, and the method specifically comprises the following steps:
inputting sensor data of a current user into a typing behavior prediction model to obtain an authentication distance output by the typing behavior prediction model; the current user is a user corresponding to a training sample in the typing behavior prediction model or an untrained new user in the typing behavior prediction model;
judging the relation between the authentication distance and a preset distance threshold;
if the authentication distance is larger than the preset distance threshold, the identity authentication result is that the comparison between the authentication distance and the threshold fails;
and if the authentication distance is smaller than the preset distance threshold, the identity authentication result is that the authentication distance and the threshold are compared to pass.
8. An identity authentication device applied to a mobile terminal is characterized by comprising the following steps:
the first verification module is used for detecting the typing behavior of a user on the password input interface, verifying the password input by the user and obtaining a password verification result;
the second verification module is used for starting sensor monitoring on the password input interface and collecting sensor data corresponding to the typing behavior of the user on the password input interface; inputting the sensor data into a typing behavior prediction model to obtain an authentication distance output by the typing behavior prediction model;
and the data analysis module is used for carrying out user identity authentication according to the password verification result and the authentication distance output by the model:
if the password passes the verification and the authentication distance output by the model passes the comparison with the threshold value, determining that the user identity authentication passes;
if the password passes the verification and the comparison between the authentication distance output by the model and the threshold value fails, judging that illegal user login is possible, and starting a first wind control means to control or start biological characteristic authentication;
if the password verification fails and the authentication distance output by the model is compared with the threshold value, the user is judged to have the possibility of password input error, and the password input fault-tolerant times are increased;
if the password verification fails and the comparison between the authentication distance output by the model and the threshold value fails, the high-risk illegal user is judged to log in, and the password input fault-tolerant times are reduced or a second wind control means is started for controlling or starting the biological feature authentication.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the identity authentication method as claimed in any one of claims 1 to 7 applied to a mobile terminal when executing the program.
10. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of the identity authentication method applied to a mobile terminal according to any one of claims 1 to 7.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110839741.9A CN113626783A (en) | 2021-07-23 | 2021-07-23 | Identity authentication method and device applied to mobile terminal |
| CN2021108397419 | 2021-07-23 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115248910A true CN115248910A (en) | 2022-10-28 |
Family
ID=78380850
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110839741.9A Pending CN113626783A (en) | 2021-07-23 | 2021-07-23 | Identity authentication method and device applied to mobile terminal |
| CN202210879197.5A Pending CN115248910A (en) | 2021-07-23 | 2022-07-25 | Identity authentication method and device applied to mobile terminal |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110839741.9A Pending CN113626783A (en) | 2021-07-23 | 2021-07-23 | Identity authentication method and device applied to mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN113626783A (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115103127B (en) * | 2022-08-22 | 2022-11-08 | 环球数科集团有限公司 | Embedded intelligent camera design method and system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109977639B (en) * | 2018-10-26 | 2021-05-04 | 招商银行股份有限公司 | Identity authentication method and device and computer readable storage medium |
| EP3699790B1 (en) * | 2019-02-19 | 2022-11-02 | Nxp B.V. | Method for enabling a biometric template |
| CN110324350B (en) * | 2019-07-09 | 2021-12-07 | 中国工商银行股份有限公司 | Identity authentication method and server based on mobile terminal non-sensitive sensor data |
-
2021
- 2021-07-23 CN CN202110839741.9A patent/CN113626783A/en active Pending
-
2022
- 2022-07-25 CN CN202210879197.5A patent/CN115248910A/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| CN113626783A (en) | 2021-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20170227995A1 (en) | Method and system for implicit authentication | |
| US10164985B2 (en) | Device, system, and method of recovery and resetting of user authentication factor | |
| RU2737509C2 (en) | User authentication biometric binding | |
| CN106068512B (en) | Method and apparatus for verifying user on the mobile device | |
| CN107437074B (en) | Identity authentication method and device | |
| CN104408341B (en) | Smart phone user identity identifying method based on gyroscope behavioural characteristic | |
| WO2019192253A1 (en) | Mobile device-based user identity authentication method and system | |
| Buriro et al. | Please hold on: Unobtrusive user authentication using smartphone's built-in sensors | |
| WO2018082011A1 (en) | Living fingerprint recognition method and device | |
| CN102890776A (en) | Method for searching emoticons through facial expression | |
| CN104143083A (en) | Face recognition system based on process management | |
| JP2013122679A (en) | Biometric authentication system with high safety | |
| Sun et al. | A 3‐D hand gesture signature based biometric authentication system for smartphones | |
| CN102890777A (en) | Computer system capable of identifying facial expressions | |
| CN111625792A (en) | Identity recognition method based on abnormal behavior detection | |
| CN115248910A (en) | Identity authentication method and device applied to mobile terminal | |
| CN110276189B (en) | User identity authentication method based on gait information | |
| Dybczak et al. | Continuous authentication on mobile devices using behavioral biometrics | |
| CN113343198B (en) | Video-based random gesture authentication method and system | |
| Yang et al. | Bubblemap: Privilege mapping for behavior-based implicit authentication systems | |
| Wang et al. | Towards DTW-based unlock scheme using handwritten graphics on smartphones | |
| Yang et al. | Retraining and dynamic privilege for implicit authentication systems | |
| Li et al. | Hand in motion: enhanced authentication through wrist and mouse movement | |
| CN112272195B (en) | Dynamic detection authentication system and method thereof | |
| Batool et al. | Biometric authentication in cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |