CN115396183B

CN115396183B - User identity recognition method and device

Info

Publication number: CN115396183B
Application number: CN202211014793.3A
Authority: CN
Inventors: 杜悦艺; 郭帆; 秦新瑞; 翟伟杰; 徐诣博; 孙亚生; 应蕊
Original assignee: Beijing Baidu Netcom Science and Technology Co Ltd
Current assignee: Beijing Baidu Netcom Science and Technology Co Ltd
Priority date: 2022-08-23
Filing date: 2022-08-23
Publication date: 2023-08-11
Anticipated expiration: 2042-08-23
Also published as: CN115396183A

Abstract

The disclosure provides a user identity recognition method, a device, equipment, a storage medium and a computer program product, relates to the technical field of artificial intelligence, in particular to the technical field of deep learning, and can be applied to scenes such as user identity recognition. The specific implementation scheme is as follows: acquiring the access flow of a target site; acquiring the identification stage of the target site from the pre-configured identification information; analyzing the access flow to obtain a target message corresponding to the identification stage; and identifying the target message to obtain the identity of the access user. The accuracy of user identification is improved.

Description

User identity recognition method and device

Technical Field

The disclosure relates to the technical field of artificial intelligence, in particular to the technical field of deep learning, which can be applied to scenes such as user identification, and particularly relates to a user identification method, a device, equipment, a storage medium and a computer program product.

Background

At present, when an access user of a site is identified, a set of special codes are usually designed for user identification for the site, but different codes are required to be designed for different sites by the method, so that the code redundancy is high, and the development and maintenance cost is high. Or analyzing the access flow of the site to obtain a hypertext transfer protocol message, and based on preset user identity starting characteristics and user identity ending characteristics, matching the hypertext transfer protocol message to obtain the user identity, wherein the user identity characteristics of the same site are possibly not unique, so that the method has a larger recognition failure rate.

Disclosure of Invention

The present disclosure provides a user identification method, apparatus, device, storage medium and computer program product, which improves accuracy of user identification.

According to an aspect of the present disclosure, there is provided a user identity recognition method, including: acquiring the access flow of a target site; acquiring the identification stage of the target site from the pre-configured identification information; analyzing the access flow to obtain a target message corresponding to the identification stage; and identifying the target message to obtain the identity of the access user.

According to another aspect of the present disclosure, there is provided a user identity recognition apparatus, including: the first acquisition module is configured to acquire the access flow of the target site; the second acquisition module is configured to acquire an identification stage of the target site from the pre-configured identification information; the first analysis module is configured to analyze the access flow to obtain a target message corresponding to the identification stage; and the identification module is configured to identify the target message to obtain the identity of the access user.

According to still another aspect of the present disclosure, there is provided an electronic apparatus including: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the user identification method.

According to yet another aspect of the present disclosure, there is provided a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the user identification method.

According to yet another aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements the above-described user identification method.

It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification.

Drawings

The drawings are for a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:

FIG. 1 is an exemplary system architecture diagram to which the present disclosure may be applied;

FIG. 2 is a flow chart of one embodiment of a user identification method according to the present disclosure;

FIG. 3 is a flow chart of another embodiment of a user identification method according to the present disclosure;

FIG. 4 is a flow chart of yet another embodiment of a user identification method according to the present disclosure;

FIG. 5 is a schematic diagram of a structure of one embodiment of a user identification device according to the present disclosure;

fig. 6 is a block diagram of an electronic device for implementing a user identification method of an embodiment of the present disclosure.

Detailed Description

Exemplary embodiments of the present disclosure are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present disclosure to facilitate understanding, and should be considered as merely exemplary. Accordingly, one of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

Fig. 1 illustrates an exemplary system architecture 100 in which embodiments of a user identification method or user identification device of the present disclosure may be applied.

As shown in fig. 1, a system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.

The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to obtain the identity of the accessing user, etc. Various client applications, such as an information configuration application, etc., may be installed on the terminal devices 101, 102, 103.

The terminal devices 101, 102, 103 may be hardware or software. When the terminal devices 101, 102, 103 are hardware, they may be various electronic devices including, but not limited to, smartphones, tablets, laptop and desktop computers, and the like. When the terminal devices 101, 102, 103 are software, they can be installed in the above-described electronic devices. Which may be implemented as a plurality of software or software modules, or as a single software or software module. The present invention is not particularly limited herein.

Server 105 may provide various services based on determining the identity of the accessing user. For example, the server 105 may analyze and process configuration information obtained from the terminal devices 101, 102, 103 and generate processing results (e.g., determine the identity of the accessing user, etc.).

The server 105 may be hardware or software. When the server 105 is hardware, it may be implemented as a distributed server cluster formed by a plurality of servers, or as a single server. When server 105 is software, it may be implemented as a plurality of software or software modules (e.g., to provide distributed services), or as a single software or software module. The present invention is not particularly limited herein.

It should be noted that, the method for identifying a user provided in the embodiment of the present disclosure is generally executed by the server 105, and accordingly, the device for identifying a user is generally disposed in the server 105.

It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.

With continued reference to FIG. 2, a flow 200 of one embodiment of a user identification method according to the present disclosure is shown. The user identity recognition method comprises the following steps:

step 201, access traffic of a target site is obtained.

In this embodiment, the executing body of the user identification method (for example, the server 105 shown in fig. 1) may obtain the access flow of the target site. One site is a storage area which is built in the execution body and stores all contents of one website, the target site is a target website needing to identify the identity of the access user, and the access flow of the target site is the user access data of the target website, which can include login information of the access user, browser information used by the access user, access time, uniform resource locators of the access page and the like by way of example, and the disclosure is not limited to this.

The executing body may acquire the access traffic of the target site based on the access traffic acquiring tool, or may read the access traffic from the data storage area of the target site, which is not limited in this disclosure.

Step 202, acquiring an identification stage of the target site from the pre-configured identification information.

In this embodiment, after determining the target site, the executing body may acquire the identification stage of the target site from the preconfigured identification information. Specifically, before user identification is performed on the target site, identification information configuration may be performed on the target site in advance. The configured identification information may include the identification stage of the target site, and may also include other information, which is not limited in this disclosure. The identification stage may be a specific access period, or may be a field range specified in the access traffic information. The execution subject may directly read the identification phase from the configured identification information.

And 203, analyzing the access flow to obtain a target message corresponding to the identification stage.

In this embodiment, after the executing body obtains the identification phase, the executing body may analyze the access flow to obtain the target packet corresponding to the identification phase. Specifically, the acquired access flow may include a plurality of pieces of user access data, where each piece of user access data includes, for example, a parameter value of fields such as access time, login information of the access user, browser information used by the access user, and a uniform resource locator of the access page. And in response to the identification phase being a specific access time period, each piece of user access data in the access flow can be respectively matched with the access time period, and the user access data with the access time within the access time period is determined to be a target message corresponding to the identification phase.

In some optional implementations of this embodiment, in response to the identification stage being a field range specified in the access traffic information, a field in the access traffic may be matched with the specified field range, and a successfully matched field in the access traffic and a parameter value thereof may be determined as the target packet corresponding to the identification stage.

And 204, identifying the target message to obtain the identity of the access user.

In this embodiment, after obtaining the target message, the executing body may identify the target message, to obtain the identity of the access user. Specifically, the user identity field can be found from the target message, and the parameter value of the user identity field is determined as the identity of the access user.

In the technical scheme of the disclosure, the related processes of collecting, storing, using, processing, transmitting, providing, disclosing and the like of the personal information of the user accord with the regulations of related laws and regulations, and the public order is not violated.

According to the user identity identification method provided by the embodiment of the disclosure, the access flow of the target site is firstly obtained, then the identification stage of the target site is obtained from the preconfigured identification information, then the access flow is analyzed to obtain the target message corresponding to the identification stage, and finally the target message is identified to obtain the identity of the access user. The identity of the access user can be obtained only by simple configuration, so that the maintenance cost is reduced, the identity of the access user is obtained by identifying in a designated identification stage, and the accuracy of the identity identification of the user is improved.

With further continued reference to fig. 3, a flow 300 of another embodiment of a user identification method according to the present disclosure is shown. The user identity recognition method comprises the following steps:

step 301, obtaining the access flow of the target site.

Step 302, acquiring an identification stage of the target site from the pre-configured identification information.

In this embodiment, the specific operations of steps 301 to 302 are described in detail in the embodiment shown in fig. 2 and steps 201 to 202 are not described herein.

It should be noted that, the access flow of the target site includes relevant data of the whole process of the user accessing the target site. Specifically, the process of accessing the target website by the user may include an access request stage and an access response stage, where the access request stage is that the user inputs a uniform resource locator in the client, the client sends a browsing request to the server based on the uniform resource locator, the server generates a browsing page in response to the browsing request, and it should be noted that before the server generates the browsing page, the server may also perform identity authentication on the access user based on a set of standard frameworks, specifically, the server may challenge the browsing request, and the client provides an identity verification credential according to the challenge. The access response stage is that the server side sends the generated browsing page to the client side, and the client side displays the process of browsing the page to the user.

All data of the access request stage are stored in a request message in a fixed format, wherein the request message can comprise a request row, a request header and request body information, and the data generated by the server side in the identity authentication stage of the access user based on a set of standard frameworks can be stored in the request header information of the request message. All data of the access response phase is stored in a fixed format in a response message, which may include status lines, a response header, and response body information. I.e. the access traffic of the target site may include a request message and a response message.

In the pre-configured identification information, the identification stage of the target site can be any one of a transmission protocol authentication stage, an access request stage and an access response stage, wherein the transmission protocol authentication stage is a stage that the server performs identity authentication on the access user based on a set of standard frameworks.

After the identification phase is obtained, the access flow can be analyzed to obtain a target message corresponding to the identification phase, and the target message is identified to obtain the identity of the access user. In particular, steps 303'-306', or 303"-305", or 303 '"-304'" may be performed based on the specific content of the identification phase.

Step 303', in response to the identification phase being the transport protocol authentication phase, the request header information is parsed from the access traffic as a target message.

In this embodiment, after the identification phase is obtained, the executing body may parse the request header information from the access flow as the target packet in response to the identification phase being the transport protocol authentication phase. Specifically, when the server performs identity authentication on the access user based on a set of standard framework, the server may return an unauthorized status code to the client, and add at least one information how to perform identity authentication in the request header information, and the client may return identity authentication credential information in a user identity field of the request header information, where relevant data in the identity authentication stage are all stored in the request header information. Therefore, in response to the identification phase being the transmission protocol authentication phase, the request header information can be obtained from the access traffic in a parsing mode to serve as a target message, so that the identity of the access user can be further identified based on the target message.

Step 304', determining the identification mode corresponding to the transmission protocol authentication stage, wherein the identification mode is a basic authentication mode or a digest authentication mode.

In this embodiment, after determining that the identification phase is the transport protocol authentication phase, the executing body may determine an identification mode corresponding to the transport protocol authentication phase. Specifically, if the identification phase is the transport protocol authentication phase in the preconfigured identification information, a specific identification mode may be further configured in the identification information, and the preconfigured identification mode may be directly read from the identification information.

When the server side performs identity authentication on the access user based on a set of standard frameworks, two standard authentication modes exist, namely a basic authentication mode or a digest authentication mode. In the basic authentication mode, when the client returns authentication credential information in the user identity field of the request header information, the user name and the password are encoded into a character string and then returned. In the digest authentication mode, the client does not send a complete password, but only sends a digest of the password to prove that the client knows the password, and the server performs authentication by matching according to the digest.

If the read identification mode is the basic authentication mode, step 305 'may be further executed to identify the request header information obtained by analysis, so as to obtain the identity of the access user, and if the read identification mode is the digest authentication mode, step 306' may be further executed to obtain the identity of the access user.

And step 305', in response to the identification mode being the basic authentication mode, reversely decoding the request header information to obtain the identity of the access user.

In this embodiment, after determining that the identification mode is the basic authentication mode, the executing body may reversely decode the request header information to obtain the identity of the access user. Specifically, the basic authentication mode is to encode the user name and the password into a character string and then return the character string and store the character string and the character string in the request header information, so the request header information can be reversely decoded, and the user name information can be obtained by decoding the request header information and is used as the identity of the access user.

Step 306', in response to the identification mode being the digest authentication mode, acquiring the parameter value of the user identity field in the request header information as the identity of the accessing user.

In this embodiment, after determining that the identification mode is the digest authentication mode, the executing body may specifically directly obtain the parameter value of the user identity field in the request header information as the identity of the accessing user.

Step 303", in response to the identification phase being the access request phase, resolving the request message from the access traffic as the target message.

In this embodiment, after the identification phase is obtained, the executing body may parse the request packet from the access flow in response to the identification phase being the access request phase, and use the request packet as the target packet. Specifically, all data of the access request stage are stored in the request message in a fixed format, so that in response to the identification stage being the access request stage, the request message can be obtained by analyzing the access flow as a target message, so that the identity of the access user can be further identified based on the target message.

Step 304", judge whether the successful judgement condition of login is satisfied based on the request message.

In this embodiment, after determining that the identification phase is the access request phase, the executing body may determine whether the login success determination condition is satisfied based on the request message. Specifically, if the identification phase is the access request phase in the pre-configured identification information, the identification information may further be configured with a request identification field, a login success judgment condition, and a request identification position, and the request identification field, the login success judgment condition, and the request identification position may be directly read from the identification information.

The request identification field is a preconfigured identification field name, and the parameter value of the request identification field is the identity of the access user. The request identification location, i.e. the location of a preconfigured identification field in the request message, may be a uniform resource locator parameter of a request line location in the request message, or a request header location, or a request body location. The login success judgment condition is used for judging whether the identity of the access user carried in the request message is valid, and exemplary login success judgment conditions can be judging whether a status code or request header information comprises a certain field or whether an object profile meets a certain expression or not, and the disclosure is not limited to the above.

Specifically, the status code, the request header information, or the request body information may be obtained from the request message, and the preset login success judgment condition may be substituted to judge whether the login success judgment condition is satisfied.

Step 305", in response to the establishment, obtaining the parameter value of the request identification field from the request identification position in the request message as the identity of the access user.

In this embodiment, after determining that the preset login success determination condition is met, the executing body may obtain, from the request identification location in the request packet, a parameter value of the request identification field as an identity of the accessing user. Specifically, the parameter value of the field successfully matched with the request identification field can be obtained from the request identification position, the request line position, the request head position or the request body position in the request message as an identification mark of the access user.

Step 303', in response to the identification phase being the access response phase, analyzing from the access flow to obtain a response message as a target message.

In this embodiment, after the identification phase is obtained, the executing body may parse the response packet from the access flow as the target packet in response to the identification phase being the access response phase. Specifically, all data of the access response stage are stored in the response message in a fixed format, so that the response message can be obtained by analyzing the access flow as a target message in response to the identification stage being the access response stage, so that the identity of the access user can be further identified based on the target message.

Step 304', based on the response identification mode, acquiring the parameter value of the response identification field from the response message as the identity of the access user.

In this embodiment, after obtaining the response message, the executing body may obtain, based on the response identification manner, a parameter value of the response identification field from the response message, as the identity of the accessing user. Specifically, if the identification phase is the access response phase in the pre-configured identification information, the identification information may be further configured with a response identification field and a response identification manner, and the response identification field and the response identification manner may be directly read from the identification information. The response identification field is a preconfigured identification field name, and the parameter value of the response identification field is the identity of the access user. The response recognition method, that is, a method of recognizing parameter values of the response recognition field, which is preconfigured, may be exemplified by extracting parameter values of the response recognition field from the object profile, extracting parameter values of the response recognition field using a regular expression, or extracting parameter values of the response recognition field based on a text matching method.

Specifically, in response to the pre-configured response identification mode being extracted from the object numbered musical notation, a parameter value of a field successfully matched with the response identification field is obtained from a response body in the response message and is used as an identity of the access user. And in response to the preset response identification mode, extracting by using a regular expression, executing regular expression matching in a response body in the response message, and taking a matching result as an identity of the access user. And responding to the preset response identification mode to extract based on the text matching mode, and acquiring the content between the start separator and the end separator in the response graph as the identity of the access user.

After steps 303'-306', or 303"-305", or 303 '"-304'" have been performed, the step 307 may be continued after the identity of the accessing user has been obtained.

Step 307, analyzing the access flow to obtain the client information.

In this embodiment, after obtaining the identity of the access user, the executing body may parse the access flow to obtain the client information. Specifically, the request header information may be parsed from the access traffic, the client field may be parsed from the request header information, and the parameter value of the client field may be extracted as the client information. By way of example, the client information may be a content type, a currently set language, and the like.

Step 308, performing joint calculation on the identity of the access user and the client information to obtain the identity fingerprint of the access user.

In this embodiment, after obtaining the identity of the access user and the client information, the executing body may perform joint calculation on the identity of the access user and the client information to obtain the identity fingerprint of the access user. Specifically, the identity of the accessing user and the client information can be encoded to obtain a new character string, and the character string is used as the identity fingerprint of the accessing user.

Step 309, storing the identity fingerprint of the access user in the client corresponding to the target message, and storing the identity fingerprint of the access user and the identity identifier of the access user in the user fingerprint mapping table of the server corresponding to the target message.

In this embodiment, after obtaining the identity fingerprint of the access user, the executing body may store the identity fingerprint of the access user in the client and the server corresponding to the target packet. Specifically, the data in the target message describes the relevant data of the process of accessing the target website by the user, and the process is associated with a unique client and a service end. After the access user identity fingerprint is obtained, the access user identity fingerprint can be stored in an associated client, the access user identity fingerprint and the identity of the access user are stored in an associated server, wherein the storage position in the server is stored in a user fingerprint mapping table, specifically, a record can be added in the user fingerprint mapping table, and the identity of the access user and the access user identity fingerprint obtained through record identification can be recorded.

As can be seen from fig. 3, compared with the embodiment corresponding to fig. 2, the user identity identification method in this embodiment can identify the identity of the accessing user in the transmission protocol authentication phase, or the access request phase or the access response phase, and since the user identity of most websites is transmitted in the transmission protocol authentication phase, or the access request phase or the access response phase, the user identity identification method in this embodiment is more general; the identification is carried out in each identification stage based on a plurality of modes of configuration, so that the accuracy of identifying the user identity is further improved; the identity of the access user and the client information are stored in an associated mode, so that all request flows of the user can be found at any time conveniently, and convenience is improved.

With further continued reference to fig. 4, a flow 400 of yet another embodiment of a user identification method according to the present disclosure is shown. The user identity recognition method comprises the following steps:

Step 401, obtaining the access flow of the target site.

Step 402, acquiring an identification stage of the target site from the pre-configured identification information.

In this embodiment, the specific operations of steps 401 to 402 are described in detail in the embodiment shown in fig. 3 and steps 301 to 302 are not described herein.

It should be noted that the preset identification information further includes a preset request action, a preset user name acquisition address and a preset host address, and the preset request action, the preset user name acquisition address and the preset host address can be directly read from the identification information. The preset request action is a description of the server and is used for describing how to process the requested resource, and exemplary preset request actions may be obtaining the resource, transmitting the file, deleting the file, tracking the path, and the like, which is not limited in this disclosure. The preset user name obtains the address, namely the preset uniform resource locator carrying the user identity.

Step 403, analyzing the access flow to obtain the current request action, the current user name acquisition address and the current host address.

In this embodiment, after the execution body obtains the access flow of the target site, the execution body may parse the access flow to obtain the current request action, the current username obtaining address, and the current host address. The current request action is how to process the requested resource in the access flow, and the current user name obtains the address, namely the uniform resource locator carrying the user identity in the access flow.

Step 404, matching the preset request action and the current request action, the preset user name acquisition address and the current user name acquisition address, and the preset host address and the current host address respectively.

In this embodiment, after the executing body obtains the preset request action, the preset user name obtaining address, the preset host address, the current request action, the current user name obtaining address, and the current host address, the executing body may compare the preset request action with the current request action, the preset user name obtaining address, the current user name obtaining address, the preset host address, and the current host address, respectively, to determine whether the preset request action, the current request action, the preset user name obtaining address, the current user name obtaining address, the preset host address, and the current host address are the same.

Steps 405-409 may be continued in response to the preset request action and the current request action, the preset username acquisition address and the current username acquisition address, the preset host address and the current host address all matching successfully, and step 410 may be continued in response to the preset request action and the current request action, the preset host address and the current host address all matching successfully, the preset username acquisition address and the current username acquisition address failing to match.

And step 405, responding to the preset request action and the current request action, the preset user name acquisition address and the current user name acquisition address, and the preset host address and the current host address which are successfully matched, and executing analysis on the access flow to obtain a target message corresponding to the identification stage.

In this embodiment, when the executing body determines that the preset request action and the current request action, the preset user name acquisition address and the current user name acquisition address, and the preset host address and the current host address are all successfully matched, the executing body may determine that the current access user has not logged in the target website, and may execute analysis on the access flow, so as to obtain the target message corresponding to the identification stage.

In this embodiment, the analyzing the access flow in step 405 to obtain the target message corresponding to the identification stage, and the specific operation is described in detail in step 303', or 303″ or 303' "in the embodiment shown in fig. 3, which is not described herein.

Step 406, identifying the target message to obtain the identity of the access user.

In this embodiment, the specific operation of step 406 is described in detail in steps 304' -306', or 304"-305", or 304' "in the embodiment shown in fig. 3, and will not be described herein.

Step 407, analyzing the access flow to obtain the client information.

Step 408, performing joint calculation on the identity of the access user and the client information to obtain the identity fingerprint of the access user.

Step 409, storing the identity fingerprint of the access user in the client corresponding to the target message, and storing the identity fingerprint of the access user and the identity identifier of the access user in the user fingerprint mapping table of the server corresponding to the target message.

In this embodiment, the specific operations of steps 407-409 are described in detail in steps 307-309 in the embodiment shown in fig. 3, and are not described herein.

Step 410, in response to the successful matching of the preset request action and the current request action, the preset host address and the current host address, the matching of the preset user name acquisition address and the current user name acquisition address fails, and the identity of the access user is obtained based on the standby identification mode.

In this embodiment, when the executing body determines that the preset request action and the current request action, the preset host address and the current host address are successfully matched, and the matching between the preset user name acquisition address and the current user name acquisition address fails, the executing body may determine that the current access user has logged in the target website, and may obtain the identity of the access user based on the standby identification mode. Specifically, the identification stage and the access flow can be used as input data to be input into the user identification model, and the identification of the access user can be output from the output end of the user identification model.

In some optional implementations of the present embodiments, a user fingerprint mapping table and an access user identity fingerprint in the client may be obtained; determining a fingerprint matched with the identity fingerprint of the access user in the user fingerprint mapping table as a target fingerprint; and acquiring a user identity corresponding to the target fingerprint from the user fingerprint mapping table as the identity of the access user.

Specifically, a pre-stored user fingerprint mapping table may be obtained from the execution body, and an access user identity fingerprint corresponding to the current login account may be obtained from a client corresponding to the access flow of the target site. And matching the access user identity fingerprint with the fingerprints in the user fingerprint mapping table, and determining the fingerprints matched with the access user identity fingerprint in the user fingerprint mapping table as target fingerprints. And acquiring a user identity corresponding to the target fingerprint from the user fingerprint mapping table as the identity of the access user.

As can be seen from fig. 4, in the user identity recognition method in this embodiment, when it is determined that the current access user has logged in to the target website, the pre-stored access user identity fingerprint and the user fingerprint mapping table can be directly matched, so as to obtain the identity of the access user, and improve the user identity recognition efficiency.

With further reference to fig. 5, as an implementation of the above-described user identification method, the present disclosure provides an embodiment of a user identification apparatus, where the apparatus embodiment corresponds to the method embodiment shown in fig. 2, and the apparatus may be specifically applied to various electronic devices.

As shown in fig. 5, the user identity recognition device 500 of the present embodiment may include a first obtaining module 501, a second obtaining module 502, a first parsing module 503, and a recognition module 504. Wherein, the first obtaining module 501 is configured to obtain the access flow of the target site; a second obtaining module 502 configured to obtain an identification phase of the target site from the pre-configured identification information; a first parsing module 503, configured to parse the access traffic to obtain a target message corresponding to the identification stage; the identifying module 504 is configured to identify the target message, and obtain the identity of the access user.

In this embodiment, the user identification device 500: the specific processing and technical effects of the first obtaining module 501, the second obtaining module 502, the first analyzing module 503, and the identifying module 504 may refer to the description of steps 201 to 204 in the corresponding embodiment of fig. 2, and are not described herein.

In some optional implementations of the present embodiment, the identification phase includes any one of a transport protocol authentication phase, an access request phase, and an access response phase; the first parsing module 503 includes: the first analysis submodule is configured to respond to the identification phase as a transmission protocol authentication phase, and analyze the access flow to obtain request header information as a target message; the second analysis submodule is configured to respond to the identification phase as an access request phase, and analyze the access flow to obtain a request message as a target message; and the third analysis submodule is configured to analyze the access flow to obtain a response message from the access flow as a target message in response to the identification stage being the access response stage.

In some alternative implementations of the present embodiment, the identification phase is a transport protocol authentication phase; the identification module 504 includes: the determining submodule is configured to determine an identification mode corresponding to the transmission protocol authentication stage, wherein the identification mode is a basic authentication mode or a digest authentication mode; the first identification sub-module is configured to reversely decode the request header information to obtain the identity of the access user in response to the identification mode being a basic authentication mode; and the second identification sub-module is configured to acquire a parameter value of a user identity field in the request header information as an identity identifier of the access user in response to the identification mode being a digest authentication mode.

In some optional implementations of this embodiment, the identification phase is an access request phase, and the identification information further includes a request identification field, a login success judgment condition, and a request identification location; the identification module 504 includes: a judging sub-module configured to judge whether a login success judgment condition is satisfied based on the request message; and the third identification sub-module is configured to respond to the establishment, acquire the parameter value of the request identification field from the request identification position in the request message and serve as the identity of the access user.

In some optional implementations of this embodiment, the identification phase is an access response phase, and the identification information further includes a response identification field and a response identification manner; the identification module 504 includes: and the fourth recognition sub-module is configured to acquire the parameter value of the response recognition field from the response message based on the response recognition mode and serve as the identity of the access user.

In some optional implementations of this embodiment, the user identification apparatus 500 further includes: the second analysis module is configured to analyze the access flow to obtain client information; the computing module is configured to perform joint computation on the identity of the access user and the client information to obtain an identity fingerprint of the access user; the storage module is configured to store the identity fingerprint of the access user into a client corresponding to the target message, and store the identity fingerprint of the access user and the identity identifier of the access user into a user fingerprint mapping table of a server corresponding to the target message.

In some optional implementations of this embodiment, the identification information further includes a preset request action, a preset user name acquisition address, and a preset host address; the first parsing module 503 further includes: the fourth analysis sub-module is configured to analyze the current request action, the current user name acquisition address and the current host address from the access flow; the matching sub-module is configured to match the preset request action with the current request action, the preset user name acquisition address with the current user name acquisition address, and the preset host address with the current host address respectively; and the fifth analysis submodule is configured to respond to successful matching of the preset request action and the current request action, the preset user name acquisition address and the current user name acquisition address, and the preset host address and the current host address, and is used for executing analysis on the access flow to obtain a target message corresponding to the identification stage.

In some optional implementations of this embodiment, the first parsing module 503 further includes: and the fifth identification sub-module is configured to respond to successful matching of the preset request action and the current request action, the preset host address and the current host address, and failure matching of the preset user name acquisition address and the current user name acquisition address, and obtain the identity of the access user based on the standby identification mode.

In some optional implementations of this embodiment, the fifth recognition submodule includes: the acquisition unit is configured to acquire a user fingerprint mapping table and an access user identity fingerprint in the client; a determining unit configured to determine, as a target fingerprint, a fingerprint matching the access user identity fingerprint in the user fingerprint mapping table; the identification unit is configured to acquire the user identity corresponding to the target fingerprint from the user fingerprint mapping table and serve as the identity of the accessing user.

According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium and a computer program product.

Fig. 6 illustrates a schematic block diagram of an example electronic device 600 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.

As shown in fig. 6, the apparatus 600 includes a computing unit 601 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM) 602 or a computer program loaded from a storage unit 608 into a Random Access Memory (RAM) 603. In the RAM603, various programs and data required for the operation of the device 600 may also be stored. The computing unit 601, ROM 602, and RAM603 are connected to each other by a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.

Various components in the device 600 are connected to the I/O interface 605, including: an input unit 606 such as a keyboard, mouse, etc.; an output unit 607 such as various types of displays, speakers, and the like; a storage unit 608, such as a magnetic disk, optical disk, or the like; and a communication unit 609 such as a network card, modem, wireless communication transceiver, etc. The communication unit 609 allows the device 600 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.

The computing unit 601 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 601 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 601 performs the various methods and processes described above, such as a user identification method. For example, in some embodiments, the user identification method may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 608. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 600 via the ROM 602 and/or the communication unit 609. When the computer program is loaded into RAM603 and executed by computing unit 601, one or more of the steps of the user identification method described above may be performed. Alternatively, in other embodiments, the computing unit 601 may be configured to perform the user identification method by any other suitable means (e.g. by means of firmware).

Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.

Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.

The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a server of a distributed system or a server that incorporates a blockchain. The server can also be a cloud server, or an intelligent cloud computing server or an intelligent cloud host with artificial intelligence technology. The server may be a server of a distributed system or a server that incorporates a blockchain. The server can also be a cloud server, or an intelligent cloud computing server or an intelligent cloud host with artificial intelligence technology.

It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel or sequentially or in a different order, provided that the desired results of the technical solutions of the present disclosure are achieved, and are not limited herein.

The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.

Claims

1. A user identity recognition method, comprising:

acquiring the access flow of a target site;

acquiring the identification stage of the target site from the pre-configured identification information;

analyzing the access flow to obtain a target message corresponding to the identification stage, wherein the target message comprises: in response to the identification phase being a specific access time period, respectively matching each piece of user access data in the access flow with the access time period, and determining the user access data with the access time within the access time period as a target message corresponding to the identification phase;

And identifying the target message to obtain the identity of the access user.

2. The method of claim 1, wherein the identification phase comprises any one of a transport protocol authentication phase, an access request phase, and an access response phase;

the analyzing the access flow to obtain the target message corresponding to the identification stage comprises the following steps:

responding to the identification stage as the transmission protocol authentication stage, resolving the access flow to obtain request header information as the target message;

responding to the identification stage as the access request stage, and analyzing from the access flow to obtain a request message as the target message;

and responding to the identification stage as the access response stage, and analyzing the access flow to obtain a response message serving as the target message.

3. The method of claim 2, wherein the identification phase is the transport protocol authentication phase;

the step of identifying the target message to obtain the identity of the access user comprises the following steps:

determining an identification mode corresponding to the transmission protocol authentication stage, wherein the identification mode is a basic authentication mode or a digest authentication mode;

Reversely decoding the request header information to obtain the identity of the access user in response to the identification mode being the basic authentication mode;

and responding to the identification mode as the abstract authentication mode, and acquiring a parameter value of a user identity field in the request header information as the identity of the access user.

4. The method of claim 2, wherein the identification phase is the access request phase, the identification information further comprising a request identification field, a login success judgment condition, and a request identification location;

judging whether the login success judging condition is met or not based on the request message;

and responding to the establishment, acquiring the parameter value of the request identification field from the request identification position in the request message as the identity of the access user.

5. The method of claim 2, wherein the identification phase is the access response phase, the identification information further comprising a response identification field and a response identification manner;

And based on the response identification mode, acquiring the parameter value of the response identification field from the response message as the identity of the access user.

6. The method of any of claims 3-5, further comprising:

analyzing the access flow to obtain client information;

performing joint calculation on the identity of the access user and the client information to obtain an access user identity fingerprint;

storing the access user identity fingerprint into a client corresponding to the target message, and storing the access user identity fingerprint and the identity of the access user into a user fingerprint mapping table of a server corresponding to the target message.

7. The method of any of claims 1-5, wherein the identification information further comprises a preset request action, a preset user name acquisition address, and a preset host address;

the analyzing the access flow to obtain the target message corresponding to the identification stage further comprises:

analyzing the access flow to obtain a current request action, a current user name acquisition address and a current host address;

respectively matching a preset request action with a current request action, a preset user name acquisition address with a current user name acquisition address, a preset host address and a current host address;

And responding to the preset request action and the current request action, the preset user name acquisition address and the current user name acquisition address, and the preset host address and the current host address which are successfully matched, and executing the analysis of the access flow to obtain the target message corresponding to the identification stage.

8. The method of claim 7, wherein the parsing the access traffic to obtain the target message corresponding to the identification phase further comprises:

and responding to successful matching of the preset request action and the current request action, the preset host address and the current host address, and failure matching of the preset user name acquisition address and the current user name acquisition address, and obtaining the identity of the access user based on a standby identification mode.

9. The method of claim 8, wherein the obtaining the identity of the access user based on the alternate identification means comprises:

acquiring a user fingerprint mapping table and an access user identity fingerprint in a client;

determining the fingerprint matched with the access user identity fingerprint in the user fingerprint mapping table as a target fingerprint;

and acquiring a user identity corresponding to the target fingerprint from the user fingerprint mapping table as the identity of the access user.

10. A user identification device, the device comprising:

the first acquisition module is configured to acquire the access flow of the target site;

the second acquisition module is configured to acquire the identification phase of the target site from the pre-configured identification information;

the first analyzing module is configured to analyze the access flow to obtain a target message corresponding to the identification stage, and includes: in response to the identification phase being a specific access time period, respectively matching each piece of user access data in the access flow with the access time period, and determining the user access data with the access time within the access time period as a target message corresponding to the identification phase;

and the identification module is configured to identify the target message to obtain the identity of the access user.

11. The apparatus of claim 10, wherein the identification phase comprises any one of a transport protocol authentication phase, an access request phase, and an access response phase;

the first parsing module includes:

the first analyzing sub-module is configured to respond to the identification phase as the transmission protocol authentication phase and analyze the access flow to obtain request header information as the target message;

The second analysis submodule is configured to respond to the identification phase as the access request phase and analyze the access flow to obtain a request message as the target message;

and the third analysis sub-module is configured to respond to the identification phase as the access response phase and analyze the access flow to obtain a response message serving as the target message.

12. The apparatus of claim 11, wherein the identification phase is the transport protocol authentication phase;

the identification module comprises:

the determining submodule is configured to determine an identification mode corresponding to the transmission protocol authentication stage, wherein the identification mode is a basic authentication mode or a digest authentication mode;

the first identification sub-module is configured to reversely decode the request header information to obtain the identity of the access user in response to the identification mode being the basic authentication mode;

and the second identification sub-module is configured to respond to the identification mode as the digest authentication mode and acquire the parameter value of the user identity field in the request header information as the identity of the access user.

13. The apparatus of claim 11, wherein the identification phase is the access request phase, the identification information further comprising a request identification field, a login success determination condition, and a request identification location;

The identification module comprises:

a judging sub-module configured to judge whether the login success judgment condition is satisfied based on the request message;

and the third identification sub-module is configured to respond to the establishment, acquire the parameter value of the request identification field from the request identification position in the request message and serve as the identity of the access user.

14. The apparatus of claim 11, wherein the identification phase is the access response phase, the identification information further comprising a response identification field and a response identification manner;

the identification module comprises:

and the fourth identification sub-module is configured to acquire the parameter value of the response identification field from the response message based on the response identification mode and serve as the identity of the access user.

15. The apparatus of any of claims 12-14, further comprising:

the second analysis module is configured to analyze the access flow to obtain client information;

the computing module is configured to perform joint computation on the identity of the access user and the client information to obtain an access user identity fingerprint;

the storage module is configured to store the identity fingerprint of the access user into a client corresponding to the target message, and store the identity fingerprint of the access user and the identity identifier of the access user into a user fingerprint mapping table of a server corresponding to the target message.

16. The apparatus of any of claims 10-14, wherein the identification information further comprises a preset request action, a preset username retrieval address, and a preset host address;

the first parsing module further includes:

the fourth analysis submodule is configured to analyze the access flow to obtain a current request action, a current user name acquisition address and a current host address;

the matching sub-module is configured to match the preset request action with the current request action, the preset user name acquisition address with the current user name acquisition address, and the preset host address with the current host address respectively;

and the fifth analysis submodule is configured to respond to successful matching of the preset request action and the current request action, the preset user name acquisition address and the current user name acquisition address, and the preset host address and the current host address, and execute the analysis of the access flow to obtain the target message corresponding to the identification stage.

17. The apparatus of claim 16, wherein the first parsing module further comprises:

and the fifth identification sub-module is configured to respond to successful matching of the preset request action and the current request action, the preset host address and the current host address, and the failure of matching of the preset user name acquisition address and the current user name acquisition address, and obtain the identity identification of the access user based on a standby identification mode.

18. The apparatus of claim 17, wherein the fifth recognition submodule comprises:

the acquisition unit is configured to acquire a user fingerprint mapping table and an access user identity fingerprint in the client;

a determining unit configured to determine, as a target fingerprint, a fingerprint matching the access user identity fingerprint in the user fingerprint mapping table;

and the identification unit is configured to acquire the user identity corresponding to the target fingerprint from the user fingerprint mapping table as the identity of the access user.

19. An electronic device, comprising:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein,,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-9.

20. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-9.

21. A computer system comprising a readable storage medium storing a computer program which, when executed by a processor, implements the method according to any one of claims 1-9.