CN117118765A - IPV6 identity security authentication method and system - Google Patents
IPV6 identity security authentication method and system Download PDFInfo
- Publication number
- CN117118765A CN117118765A CN202311391360.4A CN202311391360A CN117118765A CN 117118765 A CN117118765 A CN 117118765A CN 202311391360 A CN202311391360 A CN 202311391360A CN 117118765 A CN117118765 A CN 117118765A
- Authority
- CN
- China
- Prior art keywords
- user
- authentication
- identification
- degree
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 230000005856 abnormality Effects 0.000 claims abstract description 31
- 238000012549 training Methods 0.000 claims description 37
- 238000013528 artificial neural network Methods 0.000 claims description 25
- 238000012545 processing Methods 0.000 claims description 22
- 238000004364 calculation method Methods 0.000 claims description 17
- 238000004458 analytical method Methods 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 4
- 230000001934 delay Effects 0.000 claims description 3
- 230000011218 segmentation Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 8
- 238000012795 verification Methods 0.000 description 10
- 238000003709 image segmentation Methods 0.000 description 4
- 238000003672 processing method Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000002159 abnormal effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000013527 convolutional neural network Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005242 forging Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003062 neural network model Methods 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 229910002056 binary alloy Inorganic materials 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000008451 emotion Effects 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000008921 facial expression Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The present disclosure provides an IPV6 identity security authentication method and system, and relates to identity authentication technology, the method includes: collecting a user authentication image; generating a device identifier according to the physical information of the processor, generating an IPV6 address by combining address prefix information, and transmitting an authentication image and an authentication service class to an authentication end; identifying service characteristic information according to the address prefix information, and identifying equipment identification information through an equipment identifier; user identification is carried out, user similarity is obtained, and identification residual error degree is calculated; analyzing the degree of abnormality of the equipment; analyzing the user anomaly degree according to the identification residual error degree, and combining the device anomaly degree to obtain the user identity authentication anomaly degree; and further obtaining an identity security authentication result. The method can solve the technical problem of low identity authentication accuracy in the existing user identity authentication method, can improve the accuracy and efficiency of user identity authentication, and effectively prevent network attack and fraudulent conduct, thereby further guaranteeing the use safety of user accounts.
Description
Technical Field
The present disclosure relates to identity authentication technology, and more particularly, to an IPV6 identity security authentication method and system.
Background
The identity authentication technology is an effective solution method generated in the process of confirming the identity of an operator in a computer network, and comprises a plurality of methods such as face recognition, password verification, fingerprint recognition and the like, and the safety of user account operation and use can be improved by carrying out identity authentication.
The existing user identity authentication method generally performs identity authentication according to a single authentication method, and the method is easy to be interfered and attacked by the outside.
The existing user identity authentication method has the following defects: the accuracy of identity authentication is low.
Disclosure of Invention
Therefore, in order to solve the above technical problems, the technical solution adopted in the embodiments of the present disclosure is as follows:
an IPV6 identity security authentication method comprises the following steps: collecting an authentication image of a user through a user side; the processor physical information of the user terminal is called, a device identifier is generated according to the processor physical information, address prefix information distributed to the user terminal by a core network is combined, a user IPV6 address of the user terminal is generated, and the authentication image and the current authentication service class are sent to an authentication terminal through the user IPV6 address; identifying service characteristic information of the user terminal according to address prefix information in the user IPV6 address through an authentication terminal, and identifying equipment identification information of the user terminal through the equipment identifier; when the authentication service class accords with the service characteristic information, user identification is carried out in an authentication end through the authentication image, a user identification result is obtained, the user identification result comprises user similarity, and identification residual error degree is obtained according to the user similarity calculation; when the user similarity is larger than a similarity threshold, analyzing the equipment anomaly degree of the authentication task of the authentication business class through the user side according to the equipment identification information and the authentication business class; analyzing the user anomaly degree of the authentication image for user authentication according to the identification residual error degree, and calculating to obtain the current identity authentication anomaly degree of the user by combining the equipment anomaly degree; and judging whether the identity authentication anomaly degree is larger than an authentication anomaly degree threshold value, and obtaining an identity security authentication result.
An IPV6 identity security authentication system, comprising: the user authentication image acquisition module is used for acquiring an authentication image of a user through a user side; the user IPV6 address generation module is used for calling the processor physical information of the user terminal, generating a device identifier according to the processor physical information, combining address prefix information distributed to the user terminal by a core network, generating a user IPV6 address of the user terminal, and transmitting the authentication image and the current authentication service class to the authentication terminal through the user IPV6 address; the user terminal information identification module is used for identifying the service characteristic information of the user terminal according to the address prefix information in the user IPV6 address through the authentication terminal and identifying the equipment identification information of the user terminal through the equipment identifier; the identification residual error degree acquisition module is used for carrying out user identification through the authentication image in the authentication end when the authentication service class accords with the service characteristic information to obtain a user identification result, wherein the user identification result comprises user similarity, and the identification residual error degree is obtained according to the user similarity calculation; the device anomaly analysis module is used for analyzing the device anomaly of the authentication task of the authentication service class through the user side according to the device identification information and the authentication service class when the user similarity is larger than a similarity threshold; the identity authentication anomaly degree calculation module is used for analyzing the user anomaly degree of the authentication image for user authentication according to the identification residual error degree and calculating to obtain the current identity authentication anomaly degree of the user by combining the equipment anomaly degree; the identity security authentication result obtaining module is used for judging whether the identity authentication anomaly degree is larger than an authentication anomaly degree threshold value or not, and obtaining an identity security authentication result.
By adopting the technical method, compared with the prior art, the technical progress of the present disclosure has the following points:
(1) The technical problem that the existing user identity authentication method has low identity authentication accuracy can be solved, firstly, a user authentication image and processor physical information are acquired through a user side; generating a device identifier according to the physical information of the processor, generating a user IPV6 address by combining address prefix information of a user side, and then transmitting a user authentication image and an authentication service class to an authentication side through the user IPV6 address; in the authentication end, identifying the service characteristic information of the user end according to the prefix information in the user IPV6 address, and identifying the equipment identification information of the user end through the equipment identifier; when the service authentication category accords with the service characteristic information, in an authentication end, user image similarity recognition is carried out through the authentication image to obtain user similarity, and recognition residual error degree calculation is further carried out according to the user similarity to obtain recognition residual error degree; when the user similarity is larger than a similarity threshold, analyzing the equipment anomaly degree of the user for performing the authentication task according to the equipment identification information and the authentication service class to obtain the equipment anomaly degree; performing abnormality degree analysis of user image authentication according to the identification residual degree to obtain user abnormality degree; according to the equipment anomaly degree and the user anomaly degree, calculating the identity authentication anomaly degree of the current user to obtain the identity authentication anomaly degree; and finally judging the identity authentication anomaly degree according to an authentication anomaly degree threshold, wherein when the identity authentication anomaly degree is larger than the authentication anomaly degree threshold, the identity authentication fails, and when the identity authentication anomaly degree is smaller than or equal to the authentication anomaly degree threshold, the identity authentication passes. The method can improve the accuracy and efficiency of user identity authentication, and effectively prevent network attack and fraudulent conduct, thereby further guaranteeing the use safety of the user account.
(2) The recognition residual error degree is calculated according to the user similarity, and the recognition residual error degree is subjected to anomaly analysis to obtain the user anomaly degree, so that the micro expression change of the user during face recognition can be considered, the accuracy and the practicability of obtaining the user anomaly degree are improved, and the accuracy of user identity authentication can be improved.
(3) By generating the equipment identifier according to the processor physical information of the user side, the network attack can be effectively prevented and the accuracy of user identity authentication can be improved because the processor physical information has the characteristics of uniqueness and non-falsification.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are used in the description of the embodiments will be briefly described below.
FIG. 1 is a schematic flow chart of an IPV6 identity security authentication method;
FIG. 2 is a schematic diagram of a process for obtaining identity authentication anomaly in an IPV6 identity security authentication method;
fig. 3 is a schematic structural diagram of an IPV6 identity security authentication system according to the present application.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure. All other embodiments, which can be made by one of ordinary skill in the art without inventive effort, based on the embodiments in this disclosure are intended to be within the scope of this disclosure.
Based on the above description, as shown in fig. 1, the present disclosure provides an IPV6 identity security authentication method, including:
IPV6 is the abbreviation of the 6 th edition of internet protocol, is used for replacing IPV4, has a plurality of advantages of large address space, high safety, flexible use, high message processing speed and the like compared with IPV4, and can improve the safety and the efficiency of user identity authentication by carrying out identity authentication based on IPV 6. The method provided by the application is used for carrying out identity authentication on the user based on the IPV6 so as to achieve the effect of improving the accuracy of the user identity authentication, and is concretely implemented in an IPV6 identity security authentication system.
Collecting an authentication image of a user through a user side;
in the embodiment of the application, firstly, when a user needs to perform identity authentication, a user authentication image is acquired through a user terminal, wherein the user terminal refers to mobile terminal equipment for performing identity authentication, and the mobile terminal equipment has an image acquisition function, for example: smart phones, smart watches, tablet computers, and other devices; the user authentication image refers to a face recognition image of a user, and an authentication image of the user is obtained. By obtaining the authentication image, data support is provided for user identity authentication.
The processor physical information of the user terminal is called, a device identifier is generated according to the processor physical information, address prefix information distributed to the user terminal by a core network is combined, a user IPV6 address of the user terminal is generated, and the authentication image and the current authentication service class are sent to an authentication terminal through the user IPV6 address;
in one embodiment, the method further comprises:
invoking a plurality of pieces of physical characteristic information of a processor of the user side, wherein the pieces of physical characteristic information comprise threshold voltages of a plurality of transistors and processing delays of a plurality of processing paths;
taking the plurality of pieces of physical characteristic information as processor physical information;
and based on the PUF, the physical information of the processor is allocated to obtain the equipment identifier of the user terminal.
In the embodiment of the application, firstly, the threshold voltage of the transistor and the processing delay of the path of the processor at the user side are collected and extracted to obtain a plurality of pieces of physical characteristic information, wherein the plurality of pieces of physical characteristic information comprise the threshold voltage of the plurality of transistors and the processing delay of the plurality of processing paths, and then the plurality of pieces of physical characteristic information are taken as the physical information of the processor.
PUF technology is a hardware security technology that has unique and unclonable features by outputting an unclonable unique device response based on physical differences in device hardware, and the device response can be used as a unique and unique identifier for the device hardware. And carrying out device response of the processor according to the physical information of the processor by using a PUF technology, and taking a device response result as a device identifier of the processor of the user side.
By generating the equipment identifier based on the PUF technology, the unique corresponding equipment identifier can be distributed according to the physical characteristics of the processor, thereby avoiding illegal users forging the access address of the user terminal processor and improving the accuracy and safety of equipment identification information identification.
Based on IPV6, address prefix information allocated to the user side by the core network is obtained, where the address prefix information may carry multiple pieces of user information, for example: information such as user service type, service bearing equipment and the like; and generating a user IPV6 address of the user side according to the address prefix information and the equipment identifier, wherein the length of the user IPV6 address is 128 bits, and the address prefix information comprises the first 64 bits and the equipment identifier comprises the last 64 bits. And then sending the authentication image and the current authentication service class to an authentication end according to the user IPV6 address, wherein the authentication service class refers to the service type of the current authentication service, for example: the APP login verification of the banking company, the login verification of the public accumulation account number and the like; the authentication end refers to a terminal system capable of performing user identity authentication.
By generating the user IPV6 address to transmit the user authentication image and the authentication service class, the security and the efficiency of the transmission of the user authentication image and the authentication service class can be improved.
Identifying service characteristic information of the user terminal according to address prefix information in the user IPV6 address through an authentication terminal, and identifying equipment identification information of the user terminal through the equipment identifier;
in the embodiment of the application, firstly, address prefix information in the user IPV6 address is read in an authentication end, and then service characteristic information of the user end is identified according to the address prefix information, wherein the service characteristic information comprises a service type executable by a user and bearing equipment required by executing a task; reading the equipment identifier, and identifying equipment identification information of the user side according to the equipment identifier, wherein the equipment identification information comprises information such as equipment type, equipment model and the like; and obtaining the service characteristic information and the equipment identification information of the user side. By obtaining the service characteristic information and the equipment identification information, support is provided for user identity authentication of the next step.
When the authentication service class accords with the service characteristic information, user identification is carried out in an authentication end through the authentication image, a user identification result is obtained, the user identification result comprises user similarity, and identification residual error degree is obtained according to the user similarity calculation;
in one embodiment, the method further comprises:
acquiring a plurality of service categories executable by a user side in the service characteristic information, judging whether the authentication service category falls into the plurality of service categories, and if not, failing authentication;
in the embodiment of the application, firstly, a plurality of service categories executable by a user side in the service characteristic information are extracted to obtain a plurality of service categories. And judging whether the multiple service categories comprise the authentication service category, if not, indicating that the multiple service categories do not comprise the authentication service category, indicating that the user does not have the capability of executing the authentication service category, and failing authentication.
If yes, carrying out local division and feature discrimination on the authentication image to obtain user feature distribution information, carrying out user identification to obtain a user identification result, and calculating to obtain identification residual error degree.
If yes, the various service categories are described to comprise the authentication service category, and the user is characterized by having the capability of executing the authentication service category, and then user identification is performed in the authentication end according to the authentication image.
In one embodiment, the method further comprises:
graying treatment is carried out on the authentication image, and a user identification operator is adopted to carry out traversal segmentation on the gray authentication image so as to obtain a plurality of local areas;
judging the gray values of other pixel points by taking the gray value of the central pixel point in each local area as a judging reference, marking the gray value of the other pixel points as 1 if the gray value is larger than the gray value, marking as-1 if the gray value is smaller than the gray value, marking as 0 if the gray value is equal to the gray value of the central pixel point in each local area, and marking to obtain user characteristic distribution information;
in the embodiment of the application, firstly, the authentication image is subjected to graying processing, wherein the graying processing refers to a process of converting the authentication image from a color image into a gray image, and pixels are represented by gray values in the gray image; the common image graying processing methods include a maximum value graying processing method, an average value graying processing method, a weighted average graying processing method and the like, and a person skilled in the art can select an adaptive method to carry out graying processing according to the actual situation of the authentication image, so as to obtain a graying authentication image with the graying processing completed. By performing graying processing on the authentication image, the complexity of the image processing can be reduced, and the speed and accuracy of the image processing can be improved.
Setting a user identification operator, wherein the user identification operator is used for carrying out image segmentation on the gray authentication image, and a person skilled in the art can carry out custom setting according to the actual size and shape of the gray authentication image, for example: when the authentication image is in an elliptical shape, the user recognition operator can be set to be a circular area with a radius of 3 pixels. And according to the user identification operator, carrying out image segmentation on the gray authentication image to obtain a plurality of gray authentication image segmentation results, namely a plurality of local areas.
And taking the gray value of the central pixel point in each local area as a discrimination standard, discriminating the gray values of other pixel points in the local area according to the discrimination standard, marking the pixel point with the gray value larger than the discrimination standard as 1, marking the pixel point with the gray value equal to the discrimination standard as 0, marking the pixel point smaller than the discrimination standard as-1, obtaining a local feature marking result, expressing the local feature marking result by adopting binary system, obtaining a plurality of local features, and forming user feature distribution information according to the plurality of local features. By obtaining the user characteristic distribution information, support is provided for comparing and identifying the texture characteristics of the authentication image, and the accuracy of similarity comparison of the authentication image can be improved.
Training a similarity identifier based on the twin network;
adopting a similarity identifier to identify the user characteristic distribution information to obtain user similarity, and taking the user similarity as the user identification result;
in one embodiment, the method further comprises:
according to the user authentication data record of the authentication end, a plurality of sample user characteristic distribution information sets and a plurality of sample similarity sets of a plurality of sample users are obtained through processing;
based on the twin network, constructing a neural network identification channel with two shared weights;
training two neural network identification channels by adopting a plurality of sample user characteristic distribution information sets and a plurality of sample similarity sets of the plurality of sample users until convergence to obtain a similarity identifier;
and respectively combining the user characteristic distribution information with other sample user characteristic distribution information of the user, inputting the user characteristic distribution information into the similarity identifier, identifying and obtaining a plurality of similarities, and calculating a mean value to obtain the user similarity.
In the embodiment of the application, firstly, a user authentication data record of the authentication end is obtained, and the user authentication data record is classified according to users, so as to obtain a plurality of sample user characteristic distribution information sets and a plurality of sample similarity sets of a plurality of sample users.
Based on a twin network, constructing two neural network identification channels with shared weights, wherein the neural network identification channels are convolution neural network models, input data of the neural network identification channels are user characteristic distribution information, and output data are similarity; in the neural network identification channel with the shared two weights, the framework, the parameter or the weight value change of any one neural network identification channel is also applicable to the other neural network identification channel.
And constructing a training data set of the neural network identification channels by adopting a plurality of sample user characteristic distribution information sets and a plurality of sample similarity sets of the plurality of sample users, and performing supervision training on any one of the two neural network identification channels according to the training data set.
Firstly, randomly selecting a first group of training data in the training data set, performing supervised training on a neural network identification channel through the first group of training data to obtain a first output result of the neural network identification channel, comparing the first output result with sample similarity in the first group of training data, and performing supervised training on the neural network identification channel according to the next group of training data when the results are consistent; and when the results are inconsistent, calculating a similarity error of the sample similarity between the first output result and the first group of training data, carrying out parameter adjustment on the neural network identification channel according to the similarity error, and then carrying out supervision training on the next group of training data. Setting an output accuracy index, wherein the output accuracy index can be set by a person skilled in the art according to actual requirements, and the higher the accuracy identification requirement is, the larger the output accuracy index is, for example: the output accuracy index was set to 96%. And carrying out iterative training on the neural network identification channel by using training data until the accuracy of the output result of the neural network identification channel is greater than or equal to the output accuracy index, and then, representing that the training of the neural network identification channel is completed and reaching a convergence state. And constructing a similarity identifier according to the two trained neural network identification channels to obtain the similarity identifier. By constructing the similarity identifier based on the twin network, compared with the traditional convolutional neural network model, the data training time can be reduced, and the efficiency and accuracy of user similarity identification can be further improved.
And then combining the user characteristic distribution information with other sample user characteristic distribution information of the user respectively, and sequentially inputting the sample user characteristic distribution information into a similarity identifier, wherein the sample user characteristic distribution information is obtained through a plurality of historical authentication images of the user, a plurality of similarities are output, then the similarities are subjected to average calculation, and the average calculation result of the similarities is used as the user similarity.
Subtracting the user similarity from 1 to obtain the identification residual error.
In the embodiment of the application, the user similarity is subtracted by 1 to obtain a similarity difference value, and the similarity difference value is used as an identification residual error degree, wherein the identification residual error degree is used for representing the deviation degree of the user authentication image and the historical authentication image. Because the environment and the emotion of the user are different when the user performs face recognition each time, the facial expression or action of the user can be slightly changed, so that the residual error degree in a reasonable range can exist when the user performs face recognition actually, and the residual error degree is not identical to the historical authentication image. By calculating the recognition residual error degree during image authentication, support is provided for recognition of user abnormality degree in the next step, and accuracy, safety and practicability of user image authentication can be improved.
When the user similarity is larger than a similarity threshold, analyzing the equipment anomaly degree of the authentication task of the authentication business class through the user side according to the equipment identification information and the authentication business class;
in one embodiment, the method further comprises:
acquiring a sample user set, a sample authentication business class set and a sample equipment identification information set according to an authentication data record of an authentication end;
according to the times that different authentication service categories are carried out by different sample users by different user terminals, evaluating and acquiring a sample equipment abnormality degree set;
taking a user, an authentication service class and equipment identification information as input, taking equipment anomaly degree as output, and taking a sample user set, a sample authentication service class set, a sample equipment identification information set and a sample equipment anomaly degree set as training data to train and acquire an equipment anomaly degree identifier;
and identifying the user, the equipment identification information and the authentication service class by adopting an equipment anomaly identifier to obtain the equipment anomaly.
In the embodiment of the present application, first, a similarity threshold is set, where the similarity threshold is used to determine the similarity of the user authentication image, and a person skilled in the art may set according to the actual situation, for example: the similarity threshold is set to 85% similarity. And judging the similarity of the user according to the similarity threshold, and when the similarity is larger than the similarity threshold, characterizing that the user authentication image meets authentication requirements, namely that the identity preliminary authentication passes, and analyzing the equipment abnormality of the user performing authentication tasks through the user side according to the equipment identification information and the authentication service class.
Firstly, an authentication data record of an authentication end is called, and a sample user set, a sample authentication service class set and a sample equipment identification information set are obtained by dividing according to users according to the authentication data record, wherein the sample user, the sample authentication service class and the sample equipment identification information have a corresponding relationship. And then counting the number of times of use of the user terminal equipment when the user with different sample identities performs authentication service identity authentication according to the authentication service type, obtaining the authentication service type and the corresponding frequencies of a plurality of user terminal equipment with different types, and evaluating the abnormality degree of the user terminal equipment for executing the authentication service according to the frequencies of the user terminal equipment, wherein the higher the frequency is, the higher the trust degree of the user terminal equipment is represented, and the lower the abnormality degree of the equipment is. The method for calculating the abnormality degree of the equipment can be set according to actual conditions, for example: assuming that the authentication service authenticates 100 times in total, the used user terminal equipment is of 5 types, the average value of the equipment use frequency is 20 times, and when the use frequency of the user terminal equipment is greater than or equal to the average value of the frequency, the equipment anomaly degree is 0; when the frequency of use of the user equipment is smaller than the frequency average value, the equipment anomaly degree is larger than 0, and at the moment, the larger the difference value between the frequency of use of the user equipment and the frequency average value is, the larger the equipment anomaly degree is, wherein the equipment anomaly degree is used for representing the safety degree of identity authentication of equipment, and the larger the equipment anomaly degree is, the lower the safety degree of the equipment is represented.
Based on BP neural network, constructing an equipment abnormality degree identifier, wherein the equipment abnormality degree identifier is a neural network model capable of performing iterative optimization, input data of the equipment abnormality degree identifier are user, authentication service class and equipment identification information, output data are equipment abnormality degrees, a sample user set, a sample authentication service class set, a sample equipment identification information set and a sample equipment abnormality degree set are adopted as training data sets, the training data sets are divided into a sample training set and a sample verification set according to preset data division proportion, the preset data division proportion can be set according to actual conditions, and the preset data division proportion is set as follows: 80% of sample training set and 20% of sample verification set. Firstly, performing iterative supervision training on the equipment anomaly degree identifier through a sample training set, when the equipment anomaly degree output by the equipment anomaly degree identifier tends to a stable state, then performing iterative verification training on the accuracy of the output result of the equipment anomaly degree identifier through the sample verification set, setting a verification accuracy index, and setting according to actual conditions, for example: the verification accuracy index is set to 98%. And when the output result of the equipment abnormality degree identifier is greater than or equal to the verification accuracy index, obtaining the trained equipment abnormality degree identifier.
And then inputting the user, the equipment identification information and the authentication business category into a trained equipment abnormality degree identifier for abnormality degree identification, and outputting the equipment abnormality degree. By constructing the equipment abnormality degree identifier based on the BP neural network to perform equipment abnormality degree identification, the accuracy and the efficiency of equipment abnormality degree identification can be improved, and the accuracy and the efficiency of user identity authentication are further improved.
Analyzing the user anomaly degree of the authentication image for user authentication according to the identification residual error degree, and calculating to obtain the current identity authentication anomaly degree of the user by combining the equipment anomaly degree;
as shown in fig. 2, in one embodiment, the method further comprises:
acquiring a sample identification residual error degree set according to authentication data records of a user;
evaluating and acquiring a sample user anomaly degree set according to the deviation between the identification residual degrees of a plurality of samples and the average identification residual degree, wherein the magnitude of the deviation is in direct proportion to the magnitude of the user anomaly degree;
fitting a mapping relation between the sample identification residual error degree set and the sample user anomaly degree set to obtain a user anomaly identifier;
identifying the identification residual error degree by adopting a user anomaly identifier to obtain the user anomaly degree;
And weighting and calculating the equipment anomaly degree and the user anomaly degree to obtain the identity authentication anomaly degree.
In the embodiment of the application, firstly, the identification residual degree of each image authentication of a user is extracted from the authentication data record of the user, and a sample identification residual degree set is obtained. And carrying out residual error degree average calculation on the sample identification residual error degrees in the sample identification residual error degree set to obtain average identification residual error degrees. And then sequentially carrying out residual error degree deviation calculation on the plurality of sample identification residual error degrees and the average identification residual error degrees to obtain a plurality of residual error degree deviations, and carrying out user anomaly degree assessment according to the plurality of residual error degree deviations, wherein the residual error degree deviation is in direct proportion to the user anomaly degree, namely, the larger the residual error degree deviation is, the larger the user anomaly degree is, so as to obtain a sample user anomaly degree set.
And then fitting the mapping relation between the sample identification residual error degree set and the sample user anomaly degree set to construct a user anomaly identifier. For example: and taking the sample identification residual error degree as an X axis, taking the sample user anomaly degree as a Y axis to construct a two-dimensional rectangular coordinate system, distributing the sample identification residual error degree set and the sample user anomaly degree set in the two-dimensional rectangular coordinate system according to a corresponding relation, connecting and fitting all distributed data points in the two-dimensional rectangular coordinate system from small to large according to the size of the X axis, and taking a function curve obtained by fitting as a user anomaly identifier. And inputting the identification residual error degree into the user anomaly identifier to perform user anomaly degree matching, so as to obtain user anomaly degree.
The method comprises the steps of obtaining weight values of equipment anomaly degree and user anomaly degree, wherein the weight values can be set by a person skilled in the art according to actual conditions, the user anomaly degree weight value is larger than the equipment anomaly degree weight value, a specific weight value can be set according to the actual influence degree of the equipment anomaly degree and the user anomaly degree on identity authentication safety, the larger the influence degree is, the larger the weight value is, the weight can be given through an existing variation coefficient method, the variation coefficient method is a common weight giving means for the person skilled in the art, and the equipment anomaly degree weight value and the user anomaly degree weight value are obtained without unfolding description. And carrying out weighted calculation on the equipment anomaly degree and the user anomaly degree according to the equipment anomaly degree weight value and the user anomaly degree weight value, and taking a weighted calculation result as identity authentication anomaly degree. By setting different weight values according to actual conditions and carrying out weighted calculation on the equipment anomaly degree and the user anomaly degree, the rationality and the accuracy of obtaining the identity authentication anomaly degree can be improved.
And judging whether the identity authentication anomaly degree is larger than an authentication anomaly degree threshold value, and obtaining an identity security authentication result.
In the embodiment of the application, the authentication anomaly degree threshold is set, wherein the authentication anomaly degree threshold can be set according to the actual authentication requirement, and the higher the identity authentication security requirement is, the smaller the authentication anomaly degree threshold is. Judging the identity authentication anomaly degree according to the authentication anomaly degree threshold value, and if the identity authentication anomaly degree is larger than the authentication anomaly degree threshold value, characterizing that the user identity authentication risk is too large, and failing authentication; and when the identity authentication anomaly degree is smaller than or equal to the authentication anomaly degree threshold value, the identity authentication risk of the user is represented to be within a reasonable risk range, and authentication is passed. The method solves the technical problem of low identity authentication accuracy in the existing user identity authentication method, can improve the accuracy and efficiency of user identity authentication, and effectively prevents network attack and fraudulent conduct, thereby further guaranteeing the use safety of user accounts.
In one embodiment, as shown in fig. 3, there is provided an IPV6 identity security authentication system comprising:
the user authentication image acquisition module is used for acquiring an authentication image of a user through a user side;
the user IPV6 address generation module is used for calling the processor physical information of the user terminal, generating a device identifier according to the processor physical information, combining address prefix information distributed to the user terminal by a core network, generating a user IPV6 address of the user terminal, and transmitting the authentication image and the current authentication service class to the authentication terminal through the user IPV6 address;
the user terminal information identification module is used for identifying the service characteristic information of the user terminal according to the address prefix information in the user IPV6 address through the authentication terminal and identifying the equipment identification information of the user terminal through the equipment identifier;
the identification residual error degree acquisition module is used for carrying out user identification through the authentication image in the authentication end when the authentication service class accords with the service characteristic information to obtain a user identification result, wherein the user identification result comprises user similarity, and the identification residual error degree is obtained according to the user similarity calculation;
The device anomaly analysis module is used for analyzing the device anomaly of the authentication task of the authentication service class through the user side according to the device identification information and the authentication service class when the user similarity is larger than a similarity threshold;
the identity authentication anomaly degree calculation module is used for analyzing the user anomaly degree of the authentication image for user authentication according to the identification residual error degree and calculating to obtain the current identity authentication anomaly degree of the user by combining the equipment anomaly degree;
the identity security authentication result obtaining module is used for judging whether the identity authentication anomaly degree is larger than an authentication anomaly degree threshold value or not, and obtaining an identity security authentication result.
In one embodiment, the system further comprises:
the system comprises a physical characteristic information retrieving module, a processing module and a processing module, wherein the physical characteristic information retrieving module is used for retrieving a plurality of items of physical characteristic information of a processor of the user side, and the items of physical characteristic information comprise threshold voltages of a plurality of transistors and processing delays of a plurality of processing paths;
the processor physical information obtaining module is used for taking the plurality of pieces of physical characteristic information as processor physical information;
And the device identifier obtaining module is used for obtaining the device identifier of the user side through physical information distribution of the processor based on the PUF.
In one embodiment, the system further comprises:
the authentication business category judging module is used for acquiring a plurality of business categories executable by a user side in the business characteristic information and judging whether the authentication business categories fall into the business categories or not, if not, authentication fails;
and the user identification result obtaining module is used for carrying out local division and feature discrimination on the authentication image if the authentication image is obtained, obtaining user feature distribution information, carrying out user identification, obtaining a user identification result and calculating and obtaining identification residual error degree.
In one embodiment, the system further comprises:
the image segmentation module is used for carrying out graying treatment on the authentication image, and carrying out traversal segmentation on the gray authentication image by adopting a user identification operator to obtain a plurality of local areas;
the user characteristic distribution information obtaining module is used for judging the gray values of other pixel points by taking the gray value of the central pixel point in each local area as a judging reference, marking the gray values as 1 if the gray values are larger than the gray values, marking as-1 if the gray values are smaller than the gray values, marking as 0 if the gray values are equal to the gray values of the central pixel points in each local area, and marking to obtain user characteristic distribution information;
The similarity recognizer training module is used for training a similarity recognizer based on a twin network;
the user identification result obtaining module is used for identifying the user characteristic distribution information by adopting a similarity identifier to obtain user similarity as the user identification result;
and the identification residual error degree obtaining module is used for subtracting the user similarity from 1 to serve as the identification residual error degree.
In one embodiment, the system further comprises:
the sample information acquisition module is used for processing and acquiring a plurality of sample user characteristic distribution information sets and a plurality of sample similarity sets of a plurality of sample users according to the user authentication data record of the authentication end;
the neural network identification channel construction module is used for constructing a neural network identification channel shared by two weights based on a twin network;
the similarity identifier obtaining module is used for training two neural network identification channels by adopting a plurality of sample user characteristic distribution information sets and a plurality of sample similarity sets of the plurality of sample users until convergence to obtain a similarity identifier;
And the user similarity obtaining module is used for respectively combining the user characteristic distribution information with other sample user characteristic distribution information of the user, inputting the user characteristic distribution information into the similarity identifier, identifying and obtaining a plurality of similarities, and calculating a mean value to obtain the user similarity.
In one embodiment, the system further comprises:
the sample information acquisition module is used for acquiring a sample user set, a sample authentication service class set and a sample equipment identification information set according to the authentication data record of the authentication end;
the sample equipment anomaly degree set acquisition module is used for evaluating and acquiring a sample equipment anomaly degree set according to the times that different authentication service categories are carried out by different user terminals by different sample users;
the device abnormality degree identifier training module is used for taking user, authentication service class and device identification information as input, taking device abnormality degree as output, taking a sample user set, a sample authentication service class set, a sample device identification information set and a sample device abnormality degree set as training data, and training and obtaining a device abnormality degree identifier;
The device anomaly degree obtaining module is used for identifying the user, the device identification information and the authentication service category by adopting a device anomaly degree identifier to obtain the device anomaly degree.
In one embodiment, the system further comprises:
the sample identification residual error degree set obtaining module is used for obtaining a sample identification residual error degree set according to authentication data records of a user;
the sample user abnormal degree collection acquisition module is used for evaluating and acquiring a sample user abnormal degree collection according to the deviation between the identification residual degrees of a plurality of samples and the average identification residual degrees, wherein the magnitude of the deviation is in direct proportion to the magnitude of the user abnormal degree;
the user anomaly identifier obtaining module is used for fitting a mapping relation between the sample identification residual error degree set and the sample user anomaly degree set to obtain a user anomaly identifier;
the residual error degree identification module is used for identifying the identification residual error degree by adopting a user abnormality identifier to obtain the user abnormality degree;
The identity authentication anomaly degree obtaining module is used for weighting and calculating the equipment anomaly degree and the user anomaly degree to obtain the identity authentication anomaly degree.
In summary, compared with the prior art, the embodiments of the present disclosure have the following technical effects:
the technical problem that the existing user identity authentication method has low identity authentication accuracy is solved, the user identity authentication accuracy and efficiency can be improved by carrying out identity security authentication on the user based on the IPV6, network attack and fraudulent conduct are effectively prevented, and therefore the use safety of a user account is further guaranteed.
(2) The device identifier is generated based on the PUF technology, and the unique corresponding device identifier can be distributed according to the physical characteristics of the processor, so that illegal users are prevented from forging the access address of the user side processor, and the accuracy and the safety of the identification of the device identifier information are improved.
(3) The similarity identifier is built based on the twin network, so that compared with a traditional convolutional neural network model, the data training time can be reduced, and the efficiency and accuracy of user similarity identification can be further improved.
(4) By calculating the recognition residual error degree during image authentication and analyzing the user abnormality degree according to the recognition residual error degree, the accuracy, rationality and practicability of obtaining the user abnormality degree can be improved.
The above examples merely represent a few embodiments of the present disclosure and are not to be construed as limiting the scope of the invention. Accordingly, various alterations, modifications and variations may be made by those having ordinary skill in the art without departing from the scope of the disclosed concept as defined by the following claims and all such alterations, modifications and variations are intended to be included within the scope of the present disclosure.
Claims (8)
1. An IPV6 identity security authentication method, the method comprising:
collecting an authentication image of a user through a user side;
the processor physical information of the user terminal is called, a device identifier is generated according to the processor physical information, address prefix information distributed to the user terminal by a core network is combined, a user IPV6 address of the user terminal is generated, and the authentication image and the current authentication service class are sent to an authentication terminal through the user IPV6 address;
identifying service characteristic information of the user terminal according to address prefix information in the user IPV6 address through an authentication terminal, and identifying equipment identification information of the user terminal through the equipment identifier;
when the authentication service class accords with the service characteristic information, user identification is carried out in an authentication end through the authentication image, a user identification result is obtained, the user identification result comprises user similarity, and identification residual error degree is obtained according to the user similarity calculation;
When the user similarity is larger than a similarity threshold, analyzing the equipment anomaly degree of the authentication task of the authentication business class through the user side according to the equipment identification information and the authentication business class;
analyzing the user anomaly degree of the authentication image for user authentication according to the identification residual error degree, and calculating to obtain the current identity authentication anomaly degree of the user by combining the equipment anomaly degree;
and judging whether the identity authentication anomaly degree is larger than an authentication anomaly degree threshold value, and obtaining an identity security authentication result.
2. The method according to claim 1, characterized in that the method comprises:
invoking a plurality of pieces of physical characteristic information of a processor of the user side, wherein the pieces of physical characteristic information comprise threshold voltages of a plurality of transistors and processing delays of a plurality of processing paths;
taking the plurality of pieces of physical characteristic information as processor physical information;
and based on the PUF, the physical information of the processor is allocated to obtain the equipment identifier of the user terminal.
3. The method according to claim 1, characterized in that the method comprises:
acquiring a plurality of service categories executable by a user side in the service characteristic information, judging whether the authentication service category falls into the plurality of service categories, and if not, failing authentication;
If yes, carrying out local division and feature discrimination on the authentication image to obtain user feature distribution information, carrying out user identification to obtain a user identification result, and calculating to obtain identification residual error degree.
4. A method according to claim 3, characterized in that the method comprises:
graying treatment is carried out on the authentication image, and a user identification operator is adopted to carry out traversal segmentation on the gray authentication image so as to obtain a plurality of local areas;
judging the gray values of other pixel points by taking the gray value of the central pixel point in each local area as a judging reference, marking the gray value of the other pixel points as 1 if the gray value is larger than the gray value, marking as-1 if the gray value is smaller than the gray value, marking as 0 if the gray value is equal to the gray value of the central pixel point in each local area, and marking to obtain user characteristic distribution information;
training a similarity identifier based on the twin network;
adopting a similarity identifier to identify the user characteristic distribution information to obtain user similarity, and taking the user similarity as the user identification result;
subtracting the user similarity from 1 to obtain the identification residual error.
5. The method according to claim 4, characterized in that the method comprises:
according to the user authentication data record of the authentication end, a plurality of sample user characteristic distribution information sets and a plurality of sample similarity sets of a plurality of sample users are obtained through processing;
Based on the twin network, constructing a neural network identification channel with two shared weights;
training two neural network identification channels by adopting a plurality of sample user characteristic distribution information sets and a plurality of sample similarity sets of the plurality of sample users until convergence to obtain a similarity identifier;
and respectively combining the user characteristic distribution information with other sample user characteristic distribution information of the user, inputting the user characteristic distribution information into the similarity identifier, identifying and obtaining a plurality of similarities, and calculating a mean value to obtain the user similarity.
6. The method according to claim 1, characterized in that the method comprises:
acquiring a sample user set, a sample authentication business class set and a sample equipment identification information set according to an authentication data record of an authentication end;
according to the times that different authentication service categories are carried out by different sample users by different user terminals, evaluating and acquiring a sample equipment abnormality degree set;
taking a user, an authentication service class and equipment identification information as input, taking equipment anomaly degree as output, and taking a sample user set, a sample authentication service class set, a sample equipment identification information set and a sample equipment anomaly degree set as training data to train and acquire an equipment anomaly degree identifier;
And identifying the user, the equipment identification information and the authentication service class by adopting an equipment anomaly identifier to obtain the equipment anomaly.
7. The method according to claim 1, characterized in that the method comprises:
acquiring a sample identification residual error degree set according to authentication data records of a user;
evaluating and acquiring a sample user anomaly degree set according to the deviation between the identification residual degrees of a plurality of samples and the average identification residual degree, wherein the magnitude of the deviation is in direct proportion to the magnitude of the user anomaly degree;
fitting a mapping relation between the sample identification residual error degree set and the sample user anomaly degree set to obtain a user anomaly identifier;
identifying the identification residual error degree by adopting a user anomaly identifier to obtain the user anomaly degree;
and weighting and calculating the equipment anomaly degree and the user anomaly degree to obtain the identity authentication anomaly degree.
8. An IPV6 identity security authentication system, characterized by the steps for performing any one of the IPV6 identity security authentication methods of claims 1-7, said system comprising:
the user authentication image acquisition module is used for acquiring an authentication image of a user through a user side;
The user IPV6 address generation module is used for calling the processor physical information of the user terminal, generating a device identifier according to the processor physical information, combining address prefix information distributed to the user terminal by a core network, generating a user IPV6 address of the user terminal, and transmitting the authentication image and the current authentication service class to the authentication terminal through the user IPV6 address;
the user terminal information identification module is used for identifying the service characteristic information of the user terminal according to the address prefix information in the user IPV6 address through the authentication terminal and identifying the equipment identification information of the user terminal through the equipment identifier;
the identification residual error degree acquisition module is used for carrying out user identification through the authentication image in the authentication end when the authentication service class accords with the service characteristic information to obtain a user identification result, wherein the user identification result comprises user similarity, and the identification residual error degree is obtained according to the user similarity calculation;
the device anomaly analysis module is used for analyzing the device anomaly of the authentication task of the authentication service class through the user side according to the device identification information and the authentication service class when the user similarity is larger than a similarity threshold;
The identity authentication anomaly degree calculation module is used for analyzing the user anomaly degree of the authentication image for user authentication according to the identification residual error degree and calculating to obtain the current identity authentication anomaly degree of the user by combining the equipment anomaly degree;
the identity security authentication result obtaining module is used for judging whether the identity authentication anomaly degree is larger than an authentication anomaly degree threshold value or not, and obtaining an identity security authentication result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311391360.4A CN117118765B (en) | 2023-10-25 | 2023-10-25 | IPV6 identity security authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311391360.4A CN117118765B (en) | 2023-10-25 | 2023-10-25 | IPV6 identity security authentication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117118765A true CN117118765A (en) | 2023-11-24 |
| CN117118765B CN117118765B (en) | 2023-12-22 |
Family
ID=88811432
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311391360.4A Active CN117118765B (en) | 2023-10-25 | 2023-10-25 | IPV6 identity security authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117118765B (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790129A (en) * | 2016-12-27 | 2017-05-31 | 中国银联股份有限公司 | A kind of identity authentication method and device |
| US20180234413A1 (en) * | 2017-02-13 | 2018-08-16 | Zentel Japan Corporation | Authenticated Network |
| US20190075101A1 (en) * | 2017-09-01 | 2019-03-07 | Leadot Innovation, Inc. | Multi-functional Identification Recognition System Capable of Recognizing the Identity of Users |
| CN110517097A (en) * | 2019-09-09 | 2019-11-29 | 平安普惠企业管理有限公司 | Identify method, apparatus, equipment and the storage medium of abnormal user |
| CN111327561A (en) * | 2018-12-13 | 2020-06-23 | 中国电信股份有限公司 | Authentication method, system, authentication server, and computer-readable storage medium |
| US20200396092A1 (en) * | 2019-06-12 | 2020-12-17 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Secure enrollment for physical unclonable function devices |
| CN112272094A (en) * | 2020-10-23 | 2021-01-26 | 国网江苏省电力有限公司信息通信分公司 | Internet of things equipment identity authentication method, system and storage medium based on PUF (physical unclonable function) and CPK (compact public key) algorithm |
| WO2021120480A1 (en) * | 2019-12-19 | 2021-06-24 | 深圳壹账通智能科技有限公司 | Evidence collection method and system based on image recognition, and computer device and storage medium |
| CN113259134A (en) * | 2021-07-06 | 2021-08-13 | 浙江宇视科技有限公司 | Server protection method, device, equipment and medium based on face recognition |
| CN113259136A (en) * | 2021-07-07 | 2021-08-13 | 浙江宇视科技有限公司 | Multi-client cooperative authentication method, device, equipment and medium for feature recognition |
| CN113961902A (en) * | 2021-11-15 | 2022-01-21 | 济南丽阳神州智能科技有限公司 | Household skill level authentication method, equipment and medium |
| CN114301670A (en) * | 2021-12-28 | 2022-04-08 | 天翼物联科技有限公司 | Terminal authentication method, device, equipment and medium based on IPV6 address |
| CN114338527A (en) * | 2021-12-30 | 2022-04-12 | 中国电信股份有限公司 | IPv6 active identifier processing method and system |
| CN115118489A (en) * | 2022-06-24 | 2022-09-27 | 广州根链国际网络研究院有限公司 | Network access authentication system and method for binding user, equipment and IPv6 network address |
| CN116366263A (en) * | 2023-05-11 | 2023-06-30 | 安徽大学 | Authentication method based on PUF and revocable biological characteristics and application thereof |
-
2023
- 2023-10-25 CN CN202311391360.4A patent/CN117118765B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790129A (en) * | 2016-12-27 | 2017-05-31 | 中国银联股份有限公司 | A kind of identity authentication method and device |
| US20180234413A1 (en) * | 2017-02-13 | 2018-08-16 | Zentel Japan Corporation | Authenticated Network |
| US20190075101A1 (en) * | 2017-09-01 | 2019-03-07 | Leadot Innovation, Inc. | Multi-functional Identification Recognition System Capable of Recognizing the Identity of Users |
| CN111327561A (en) * | 2018-12-13 | 2020-06-23 | 中国电信股份有限公司 | Authentication method, system, authentication server, and computer-readable storage medium |
| US20200396092A1 (en) * | 2019-06-12 | 2020-12-17 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Secure enrollment for physical unclonable function devices |
| CN110517097A (en) * | 2019-09-09 | 2019-11-29 | 平安普惠企业管理有限公司 | Identify method, apparatus, equipment and the storage medium of abnormal user |
| WO2021120480A1 (en) * | 2019-12-19 | 2021-06-24 | 深圳壹账通智能科技有限公司 | Evidence collection method and system based on image recognition, and computer device and storage medium |
| CN112272094A (en) * | 2020-10-23 | 2021-01-26 | 国网江苏省电力有限公司信息通信分公司 | Internet of things equipment identity authentication method, system and storage medium based on PUF (physical unclonable function) and CPK (compact public key) algorithm |
| CN113259134A (en) * | 2021-07-06 | 2021-08-13 | 浙江宇视科技有限公司 | Server protection method, device, equipment and medium based on face recognition |
| CN113259136A (en) * | 2021-07-07 | 2021-08-13 | 浙江宇视科技有限公司 | Multi-client cooperative authentication method, device, equipment and medium for feature recognition |
| CN113961902A (en) * | 2021-11-15 | 2022-01-21 | 济南丽阳神州智能科技有限公司 | Household skill level authentication method, equipment and medium |
| CN114301670A (en) * | 2021-12-28 | 2022-04-08 | 天翼物联科技有限公司 | Terminal authentication method, device, equipment and medium based on IPV6 address |
| CN114338527A (en) * | 2021-12-30 | 2022-04-12 | 中国电信股份有限公司 | IPv6 active identifier processing method and system |
| CN115118489A (en) * | 2022-06-24 | 2022-09-27 | 广州根链国际网络研究院有限公司 | Network access authentication system and method for binding user, equipment and IPv6 network address |
| CN116366263A (en) * | 2023-05-11 | 2023-06-30 | 安徽大学 | Authentication method based on PUF and revocable biological characteristics and application thereof |
Non-Patent Citations (2)
| Title |
|---|
| CONG LI ET AL.: "An IPv6-based Identity Authentication Scheme for IoT Devices in 5G Private Network", 《2023 IEEE INTERNATIONAL SYMPOSIUM ON BROADBAND MULTIMEDIA SYSTEMS AND BROADCASTING》 * |
| 赵锦阳等: "Rucklidge系统的同步及其在保密通讯中的应用", 《通讯世界》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117118765B (en) | 2023-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107292154B (en) | Terminal feature identification method and system | |
| WO2021189364A1 (en) | Method and device for generating adversarial image, equipment, and readable storage medium | |
| CN108256591B (en) | Method and apparatus for outputting information | |
| CN111031071B (en) | Malicious traffic identification method and device, computer equipment and storage medium | |
| CN110830445B (en) | Method and device for identifying abnormal access object | |
| CN111260220B (en) | Group control equipment identification method and device, electronic equipment and storage medium | |
| CN110675252A (en) | Risk assessment method and device, electronic equipment and storage medium | |
| CN109347785A (en) | A kind of terminal type recognition methods and device | |
| CN110162957B (en) | Authentication method and device for intelligent equipment, storage medium and electronic device | |
| CN117118765B (en) | IPV6 identity security authentication method and system | |
| CN113705604A (en) | Botnet flow classification detection method and device, electronic equipment and storage medium | |
| CN111488950A (en) | Classification model information output method and device | |
| CN114091016A (en) | Method, apparatus and computer program product for anomaly detection | |
| Bui et al. | A clustering-based shrink autoencoder for detecting anomalies in intrusion detection systems | |
| CN112688897A (en) | Traffic identification method and device, storage medium and electronic equipment | |
| CN116232696A (en) | Encryption traffic classification method based on deep neural network | |
| CN114550224A (en) | Fingerprint image identification comparison method and device based on deep learning and electronic equipment | |
| CN113949653A (en) | Encryption protocol identification method and system based on deep learning | |
| Jin et al. | Zero-day traffic identification using one-dimension convolutional neural networks and auto encoder machine | |
| CN109933969B (en) | Verification code identification method and device, electronic equipment and readable storage medium | |
| CN111639718A (en) | Classifier application method and device | |
| CN111935127A (en) | Malicious behavior detection, identification and safety encryption device in cloud computing | |
| CN113792683B (en) | Training method, training device, training equipment and training storage medium for text recognition model | |
| Harmer et al. | Direct template-free encryption key generation from palm-veins | |
| CN113986956B (en) | Data exception query analysis method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |