CN117938423A - Adaptive identity authentication system and method - Google Patents

Adaptive identity authentication system and method Download PDF

Info

Publication number
CN117938423A
CN117938423A CN202311668437.8A CN202311668437A CN117938423A CN 117938423 A CN117938423 A CN 117938423A CN 202311668437 A CN202311668437 A CN 202311668437A CN 117938423 A CN117938423 A CN 117938423A
Authority
CN
China
Prior art keywords
identity
authentication
current operation
operation user
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311668437.8A
Other languages
Chinese (zh)
Inventor
袁建
武臻
贾家琛
谢鹏飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Bidding Branch Of China Huaneng Group Co ltd
Huaneng Information Technology Co Ltd
Original Assignee
Beijing Bidding Branch Of China Huaneng Group Co ltd
Huaneng Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Bidding Branch Of China Huaneng Group Co ltd, Huaneng Information Technology Co Ltd filed Critical Beijing Bidding Branch Of China Huaneng Group Co ltd
Priority to CN202311668437.8A priority Critical patent/CN117938423A/en
Publication of CN117938423A publication Critical patent/CN117938423A/en
Pending legal-status Critical Current

Links

Abstract

The invention relates to the technical field of identity authentication, and discloses an adaptive identity authentication system and method, wherein the adaptive identity authentication system comprises the following steps: the invention can accurately identify the identity of the current operation user, improve the identity identification efficiency and accuracy and improve the safety and reliability of the identity identification.

Description

Adaptive identity authentication system and method
Technical Field
The invention relates to the technical field of identity authentication, in particular to an adaptive identity authentication system and method.
Background
With the development of network technology, networks are increasingly permeated into daily life of people, and when users use the networks, private information such as own real names, identity card numbers, bank accounts and the like is often required to perform certain operations, so that network security problems are becoming more important. When a large number of devices request access to the network, the server performs identity authentication on the devices requesting access to prevent counterfeit and illegal users from accessing the network and damaging legal rights of other users in the network management domain, but attack events from the inside of the network management domain still occur at some time, and not all network environments are safe, so that great threats are brought to privacy information, property safety and the like of the users. Therefore, an identity authentication method is needed to authenticate the identity of a user requesting access to a network, so as to ensure the security and reliability of the network environment.
Currently, when identity authentication is performed by using face feature information in each application scene, the identity information of the user is generally identified by pre-establishing a corresponding relationship between the face feature information and the identity information, and then matching the collected face feature information of the user with the pre-established corresponding relationship. However, when the face feature information of some users is similar, the identity authentication is performed by adopting the method in the prior art, which may cause an identity authentication error.
Therefore, how to provide an adaptive identity authentication system and method is a technical problem to be solved at present.
Disclosure of Invention
The embodiment of the invention provides an adaptive identity authentication system and an adaptive identity authentication method, which are used for solving the technical problems that the identity of a user cannot be accurately identified, the identity authentication accuracy cannot be improved and the information security of the user cannot be ensured in the prior art.
To achieve the above object, the present invention provides an adaptive identity authentication system, comprising:
The input module is used for acquiring the behavior characteristics of the current operation user, inputting the behavior characteristics into the behavior characteristic model and obtaining the identity probability of the current operation user, wherein the behavior characteristics comprise the account number input times and the password input times of the current operation user;
The authentication module is used for acquiring the identity authentication ciphertext information of the current operation user based on the terminal equipment and carrying out bidirectional identity authentication based on the identity authentication ciphertext information when the identity probability authentication of the current operation user is successful, wherein the identity authentication ciphertext information comprises an identity authentication key and an anti-identity authentication key;
a judging module for determining the identity grade of the current operation user based on the account information of the current operation user when the two-way authentication is successful, judging whether to perform the secondary identity authentication based on the identity grade and the preset identity grade,
If the identity level of the current operation user is greater than the preset identity level, judging that secondary identity authentication is needed;
And if the identity level of the current operation user is smaller than or equal to the preset identity level, judging that secondary identity authentication is not needed.
In one embodiment, the authentication module is specifically configured to:
The authentication module is used for judging that the identity probability authentication of the current operation user is successful when the identity probability of the current operation user is larger than the preset identity probability;
and the authentication module is used for judging that the identity probability authentication of the current operation user is unsuccessful when the identity probability of the current operation user is smaller than or equal to the preset identity probability.
In one embodiment, the authentication module is specifically configured to:
the authentication module is used for determining the number of key generation based on a preset key production rule;
the authentication module is used for acquiring true random numbers with the same number as the key generation number from the quantum random number generator according to the key generation number;
The authentication module is used for generating a first key factor and a second key factor by taking the true random number as a true random number seed;
the authentication module is used for respectively generating a first decryption factor of the first key factor and a second decryption factor of the second key factor;
The authentication module is used for taking the first key factor and the first decryption factor as the identity authentication key, wherein the identity authentication key is sent to the terminal equipment;
the authentication module is used for taking the second key factor and the second decryption factor as the anti-identity authentication key, wherein the anti-identity authentication key is sent to the current operation user.
In one embodiment, the authentication module is specifically configured to:
the authentication module is used for sending the first key factor to a current operation user;
the authentication module is used for sending the second key factor to the terminal equipment;
The authentication module is used for generating a bidirectional authentication identifier and judging that the bidirectional authentication is successful when the current operation user successfully inputs the first decryption factor and the terminal equipment successfully inputs the second decryption factor;
The authentication module is used for counting the input times of the decryption factors in the preset time when the current operation user does not successfully input the first decryption factors or the terminal equipment does not successfully input the second decryption factors;
And the authentication module is used for judging that the bidirectional authentication is lost when the input times of the decryption factors are larger than the preset input times.
In one embodiment, the judging module is specifically configured to:
the judging module is used for randomly generating a random fingerprint verification instruction when judging that secondary identity authentication is needed, and sending the random fingerprint verification instruction to a current operation user;
The judging module is used for acquiring fingerprint information input by the current operation user according to the random fingerprint verification instruction, and extracting static fingerprint information and dynamic fingerprint information of the current operation user based on the fingerprint information;
The judging module is used for judging whether the static fingerprint information is matched with preset original fingerprint information or not and judging whether the dynamic fingerprint information is matched with preset dynamic fingerprint information or not;
and the judging module is used for judging that the secondary identity authentication of the current operation user passes when the static fingerprint information and the dynamic fingerprint information are successfully matched.
In order to achieve the above object, the present invention provides an adaptive identity authentication method, the method comprising:
acquiring behavior characteristics of a current operation user, inputting the behavior characteristics into the behavior characteristic model, and obtaining identity probability of the current operation user, wherein the behavior characteristics comprise account number input times and password input times of the current operation user;
when the identity probability authentication of the current operation user is successful, acquiring identity authentication ciphertext information of the current operation user based on terminal equipment, and performing bidirectional identity authentication based on the identity authentication ciphertext information, wherein the identity authentication ciphertext information comprises an identity authentication key and an anti-identity authentication key;
when the two-way authentication is successful, determining the identity grade of the current operation user based on the account information of the current operation user, judging whether to perform the secondary identity authentication based on the identity grade and the preset identity grade,
If the identity level of the current operation user is greater than the preset identity level, judging that secondary identity authentication is needed;
And if the identity level of the current operation user is smaller than or equal to the preset identity level, judging that secondary identity authentication is not needed.
In one embodiment, after obtaining the identity probability of the current operation user, the method further comprises:
When the identity probability of the current operation user is larger than the preset identity probability, judging that the identity probability authentication of the current operation user is successful;
and when the identity probability of the current operation user is smaller than or equal to the preset identity probability, judging that the identity probability authentication of the current operation user is unsuccessful.
In one embodiment, before acquiring the identity authentication ciphertext information of the current operation user based on the terminal device and performing bidirectional identity authentication based on the identity authentication ciphertext information, the method further includes:
determining the number of key generation based on a preset key production rule;
obtaining true random numbers with the same number as the key generation number from a quantum random number generator according to the key generation number;
Generating a first key factor and a second key factor by taking the true random number as a true random number seed;
Generating a first decryption factor of the first key factor and a second decryption factor of the second key factor respectively;
the first key factor and the first decryption factor are used as the identity authentication key, wherein the identity authentication key is sent to the terminal equipment;
And taking the second key factor and the second decryption factor as the anti-identity authentication key, wherein the anti-identity authentication key is sent to the current operation user.
In one embodiment, when acquiring the identity authentication ciphertext information of the current operation user based on the terminal device and performing bidirectional identity authentication based on the identity authentication ciphertext information, the method includes:
Transmitting the first key factor to a current operation user;
Transmitting the second key factor to the terminal device;
When the current operation user successfully inputs the first decryption factor and the terminal equipment successfully inputs the second decryption factor, generating a bidirectional authentication identifier and judging that the bidirectional authentication is successful;
When the current operation user does not successfully input the first decryption factor or the terminal equipment does not successfully input the second decryption factor, counting the input times of the decryption factor in a preset time;
And when the input times of the decryption factors are larger than the preset input times, judging that the bidirectional authentication is lost.
In one embodiment, when determining that the secondary identity authentication is required, the method includes:
When judging that secondary identity authentication is needed, randomly generating a random fingerprint authentication instruction and sending the random fingerprint authentication instruction to a current operation user;
Acquiring fingerprint information input by a current operation user according to the random fingerprint verification instruction, and extracting static fingerprint information and dynamic fingerprint information of the current operation user based on the fingerprint information;
Judging whether the static fingerprint information is matched with preset original fingerprint information or not, and judging whether the dynamic fingerprint information is matched with preset dynamic fingerprint information or not;
and when the static fingerprint information and the dynamic fingerprint information are successfully matched, judging that the secondary identity authentication of the current operation user passes.
The invention provides an adaptive identity authentication system and method, which have the following beneficial effects compared with the prior art:
The invention discloses an adaptive identity authentication system and method, comprising the following steps: the invention can accurately identify the identity of the current operation user, improve the identity identification efficiency and accuracy and improve the safety and reliability of the identity identification.
Drawings
FIG. 1 is a schematic diagram of an adaptive identity authentication system according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of an adaptive identity authentication method according to an embodiment of the present invention.
Detailed Description
The following describes in further detail the embodiments of the present invention with reference to the drawings and examples. The following examples are illustrative of the invention and are not intended to limit the scope of the invention.
In the description of the present application, it should be understood that the terms "center," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like indicate orientations or positional relationships based on the orientation or positional relationships shown in the drawings, merely to facilitate describing the present application and simplify the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present application.
The terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. In the description of the present application, unless otherwise indicated, the meaning of "a plurality" is two or more.
In the description of the present application, it should be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present application will be understood in specific cases by those of ordinary skill in the art.
The following is a description of preferred embodiments of the invention, taken in conjunction with the accompanying drawings.
As shown in fig. 1, an embodiment of the present invention discloses an adaptive identity authentication system, the system comprising: the device comprises an input module, an identification module and a judgment module.
It should be understood that the input module is configured to obtain a behavior feature of a current operation user, input the behavior feature to the behavior feature model, and obtain an identity probability of the current operation user, where the behavior feature includes an account number input number and a password input number of the current operation user; the authentication module is used for acquiring the identity authentication ciphertext information of the current operation user based on the terminal equipment and carrying out bidirectional identity authentication based on the identity authentication ciphertext information when the identity probability authentication of the current operation user is successful, wherein the identity authentication ciphertext information comprises an identity authentication key and an anti-identity authentication key; the judging module is used for determining the identity grade of the current operation user based on the account information of the current operation user when the bidirectional authentication is successful, judging whether secondary identity authentication is performed or not based on the identity grade and a preset identity grade, and judging that the secondary identity authentication is required to be performed if the identity grade of the current operation user is greater than the preset identity grade; and if the identity level of the current operation user is smaller than or equal to the preset identity level, judging that secondary identity authentication is not needed.
In the embodiment, the invention can accurately identify the identity of the current operation user, improves the identity identification efficiency and accuracy, and improves the safety and reliability of the identity identification.
In some embodiments of the application, the authentication module is specifically configured to:
The authentication module is used for judging that the identity probability authentication of the current operation user is successful when the identity probability of the current operation user is larger than the preset identity probability;
and the authentication module is used for judging that the identity probability authentication of the current operation user is unsuccessful when the identity probability of the current operation user is smaller than or equal to the preset identity probability.
In this embodiment, the behavior feature model may be constructed in advance according to the history data.
In this embodiment, the identity probability of the current operation user can be output by inputting the account number input times and the password input times of the current operation user into the behavior feature model.
The beneficial effects of the technical scheme are as follows: the invention can lay a foundation for identifying the identity of the current operation user by obtaining the identity probability of the current operation user.
In some embodiments of the application, the authentication module is specifically configured to:
the authentication module is used for determining the number of key generation based on a preset key production rule;
the authentication module is used for acquiring true random numbers with the same number as the key generation number from the quantum random number generator according to the key generation number;
The authentication module is used for generating a first key factor and a second key factor by taking the true random number as a true random number seed;
the authentication module is used for respectively generating a first decryption factor of the first key factor and a second decryption factor of the second key factor;
The authentication module is used for taking the first key factor and the first decryption factor as the identity authentication key, wherein the identity authentication key is sent to the terminal equipment;
the authentication module is used for taking the second key factor and the second decryption factor as the anti-identity authentication key, wherein the anti-identity authentication key is sent to the current operation user.
In this embodiment, the key production rule may be set in advance.
In this embodiment, the number of key generation refers to the number of bits for generating the key, for example, generation 4 is a key factor, or generation 5 is a key factor.
In this embodiment, the first key factor and the second key factor are specific numbers, such as 4856 or 7852.
In this embodiment, the first decryption factor and the first key factor correspond to each other, and the second decryption factor and the second key factor correspond to each other, for example, the first key factor is 4856, and the first decryption factor is 5623.
In this embodiment, the authentication key is used to authenticate the identity of the currently operating user.
In this embodiment, the anti-identity authentication key is used to authenticate the identity of the terminal device.
The beneficial effects of the technical scheme are as follows: the invention can realize the bidirectional authentication of the current operation user and the terminal equipment by the identity authentication key and the anti-identity authentication key, ensure the accuracy and the safety of the identity authentication and avoid the loss of user information.
In some embodiments of the application, the authentication module is specifically configured to:
the authentication module is used for sending the first key factor to a current operation user;
the authentication module is used for sending the second key factor to the terminal equipment;
The authentication module is used for generating a bidirectional authentication identifier and judging that the bidirectional authentication is successful when the current operation user successfully inputs the first decryption factor and the terminal equipment successfully inputs the second decryption factor;
The authentication module is used for counting the input times of the decryption factors in the preset time when the current operation user does not successfully input the first decryption factors or the terminal equipment does not successfully input the second decryption factors;
And the authentication module is used for judging that the bidirectional authentication is lost when the input times of the decryption factors are larger than the preset input times.
In this embodiment, the authentication key and the anti-authentication key are sent to the correct terminal device and the correct operating user in advance.
In this embodiment, if the number of times of inputting the decryption factor is large in the preset time, it is indicated that the terminal device or the current operation user is not correct, possibly an lawbreaker, and is tampering or attempting to input the correct password.
The beneficial effects of the technical scheme are as follows: the invention can further ensure the accuracy of the identity authentication of the user through the bidirectional authentication, simultaneously ensure the accuracy of the terminal equipment, avoid the possibility of tampering the terminal equipment, and improve the safety and the reliability.
In some embodiments of the present application, the determining module is specifically configured to:
the judging module is used for randomly generating a random fingerprint verification instruction when judging that secondary identity authentication is needed, and sending the random fingerprint verification instruction to a current operation user;
The judging module is used for acquiring fingerprint information input by the current operation user according to the random fingerprint verification instruction, and extracting static fingerprint information and dynamic fingerprint information of the current operation user based on the fingerprint information;
The judging module is used for judging whether the static fingerprint information is matched with preset original fingerprint information or not and judging whether the dynamic fingerprint information is matched with preset dynamic fingerprint information or not;
and the judging module is used for judging that the secondary identity authentication of the current operation user passes when the static fingerprint information and the dynamic fingerprint information are successfully matched.
In this embodiment, account information of the current operation user corresponds to the identity level of the current operation user.
In this embodiment, when the current operation user inputs a fingerprint, the current operation user may be in a static state or in a dynamic state, so that static fingerprint information and dynamic fingerprint information are collected.
The beneficial effects of the technical scheme are as follows: the invention matches the static fingerprint information and the dynamic fingerprint information, can perform identity authentication in multiple directions, and has high safety, and even if the secret key is acquired by other people, the identity cannot be faked.
In order to further explain the technical idea of the invention, the technical scheme of the invention is described with specific application scenarios.
Correspondingly, as shown in fig. 2, the application also provides an adaptive identity authentication method, which comprises the following steps:
S110: acquiring behavior characteristics of a current operation user, inputting the behavior characteristics into the behavior characteristic model, and obtaining identity probability of the current operation user, wherein the behavior characteristics comprise account number input times and password input times of the current operation user;
S120: when the identity probability authentication of the current operation user is successful, acquiring identity authentication ciphertext information of the current operation user based on terminal equipment, and performing bidirectional identity authentication based on the identity authentication ciphertext information, wherein the identity authentication ciphertext information comprises an identity authentication key and an anti-identity authentication key;
S130: when the two-way authentication is successful, determining the identity grade of the current operation user based on the account information of the current operation user, judging whether to perform the secondary identity authentication based on the identity grade and the preset identity grade,
If the identity level of the current operation user is greater than the preset identity level, judging that secondary identity authentication is needed;
And if the identity level of the current operation user is smaller than or equal to the preset identity level, judging that secondary identity authentication is not needed.
In some embodiments of the present application, after obtaining the identity probability of the current operation user, the method further includes:
When the identity probability of the current operation user is larger than the preset identity probability, judging that the identity probability authentication of the current operation user is successful;
and when the identity probability of the current operation user is smaller than or equal to the preset identity probability, judging that the identity probability authentication of the current operation user is unsuccessful.
In some embodiments of the present application, before acquiring the identity authentication ciphertext information of the current operation user based on the terminal device and performing bidirectional identity authentication based on the identity authentication ciphertext information, the method further includes:
determining the number of key generation based on a preset key production rule;
obtaining true random numbers with the same number as the key generation number from a quantum random number generator according to the key generation number;
Generating a first key factor and a second key factor by taking the true random number as a true random number seed;
Generating a first decryption factor of the first key factor and a second decryption factor of the second key factor respectively;
the first key factor and the first decryption factor are used as the identity authentication key, wherein the identity authentication key is sent to the terminal equipment;
And taking the second key factor and the second decryption factor as the anti-identity authentication key, wherein the anti-identity authentication key is sent to the current operation user.
In some embodiments of the present application, when acquiring the identity authentication ciphertext information of the current operation user based on the terminal device and performing bidirectional identity authentication based on the identity authentication ciphertext information, the method includes:
Transmitting the first key factor to a current operation user;
Transmitting the second key factor to the terminal device;
When the current operation user successfully inputs the first decryption factor and the terminal equipment successfully inputs the second decryption factor, generating a bidirectional authentication identifier and judging that the bidirectional authentication is successful;
When the current operation user does not successfully input the first decryption factor or the terminal equipment does not successfully input the second decryption factor, counting the input times of the decryption factor in a preset time;
And when the input times of the decryption factors are larger than the preset input times, judging that the bidirectional authentication is lost.
In some embodiments of the present application, when determining that secondary identity authentication is required, the method includes:
When judging that secondary identity authentication is needed, randomly generating a random fingerprint authentication instruction and sending the random fingerprint authentication instruction to a current operation user;
Acquiring fingerprint information input by a current operation user according to the random fingerprint verification instruction, and extracting static fingerprint information and dynamic fingerprint information of the current operation user based on the fingerprint information;
Judging whether the static fingerprint information is matched with preset original fingerprint information or not, and judging whether the dynamic fingerprint information is matched with preset dynamic fingerprint information or not;
and when the static fingerprint information and the dynamic fingerprint information are successfully matched, judging that the secondary identity authentication of the current operation user passes.
In the description of the above embodiments, particular features, structures, materials, or characteristics may be combined in any suitable manner in any one or more embodiments or examples.
Although the invention has been described hereinabove with reference to embodiments, various modifications thereof may be made and equivalents may be substituted for elements thereof without departing from the scope of the invention. In particular, the features of the disclosed embodiments may be combined with each other in any manner as long as there is no structural conflict, and the entire description of these combinations is not made in the present specification merely for the sake of omitting the descriptions and saving resources. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.
Those of ordinary skill in the art will appreciate that: the above is only a preferred embodiment of the present invention, and the present invention is not limited thereto, but it is to be understood that the present invention is described in detail with reference to the foregoing embodiments, and modifications and equivalents of some of the technical features described in the foregoing embodiments may be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. An adaptive identity authentication system, the system comprising:
The input module is used for acquiring the behavior characteristics of the current operation user, inputting the behavior characteristics into the behavior characteristic model and obtaining the identity probability of the current operation user, wherein the behavior characteristics comprise the account number input times and the password input times of the current operation user;
The authentication module is used for acquiring the identity authentication ciphertext information of the current operation user based on the terminal equipment and carrying out bidirectional identity authentication based on the identity authentication ciphertext information when the identity probability authentication of the current operation user is successful, wherein the identity authentication ciphertext information comprises an identity authentication key and an anti-identity authentication key;
a judging module for determining the identity grade of the current operation user based on the account information of the current operation user when the two-way authentication is successful, judging whether to perform the secondary identity authentication based on the identity grade and the preset identity grade,
If the identity level of the current operation user is greater than the preset identity level, judging that secondary identity authentication is needed;
And if the identity level of the current operation user is smaller than or equal to the preset identity level, judging that secondary identity authentication is not needed.
2. The adaptive identity authentication system of claim 1, wherein the authentication module is specifically configured to:
The authentication module is used for judging that the identity probability authentication of the current operation user is successful when the identity probability of the current operation user is larger than the preset identity probability;
and the authentication module is used for judging that the identity probability authentication of the current operation user is unsuccessful when the identity probability of the current operation user is smaller than or equal to the preset identity probability.
3. The adaptive identity authentication system of claim 1, wherein the authentication module is specifically configured to:
the authentication module is used for determining the number of key generation based on a preset key production rule;
the authentication module is used for acquiring true random numbers with the same number as the key generation number from the quantum random number generator according to the key generation number;
The authentication module is used for generating a first key factor and a second key factor by taking the true random number as a true random number seed;
the authentication module is used for respectively generating a first decryption factor of the first key factor and a second decryption factor of the second key factor;
The authentication module is used for taking the first key factor and the first decryption factor as the identity authentication key, wherein the identity authentication key is sent to the terminal equipment;
the authentication module is used for taking the second key factor and the second decryption factor as the anti-identity authentication key, wherein the anti-identity authentication key is sent to the current operation user.
4. An adaptive identity authentication system according to claim 3, wherein the authentication module is specifically configured to:
the authentication module is used for sending the first key factor to a current operation user;
the authentication module is used for sending the second key factor to the terminal equipment;
The authentication module is used for generating a bidirectional authentication identifier and judging that the bidirectional authentication is successful when the current operation user successfully inputs the first decryption factor and the terminal equipment successfully inputs the second decryption factor;
The authentication module is used for counting the input times of the decryption factors in the preset time when the current operation user does not successfully input the first decryption factors or the terminal equipment does not successfully input the second decryption factors;
And the authentication module is used for judging that the bidirectional authentication is lost when the input times of the decryption factors are larger than the preset input times.
5. The adaptive identity authentication system of claim 1, wherein the determination module is specifically configured to:
the judging module is used for randomly generating a random fingerprint verification instruction when judging that secondary identity authentication is needed, and sending the random fingerprint verification instruction to a current operation user;
The judging module is used for acquiring fingerprint information input by the current operation user according to the random fingerprint verification instruction, and extracting static fingerprint information and dynamic fingerprint information of the current operation user based on the fingerprint information;
The judging module is used for judging whether the static fingerprint information is matched with preset original fingerprint information or not and judging whether the dynamic fingerprint information is matched with preset dynamic fingerprint information or not;
and the judging module is used for judging that the secondary identity authentication of the current operation user passes when the static fingerprint information and the dynamic fingerprint information are successfully matched.
6. An adaptive identity authentication method, the method comprising:
acquiring behavior characteristics of a current operation user, inputting the behavior characteristics into the behavior characteristic model, and obtaining identity probability of the current operation user, wherein the behavior characteristics comprise account number input times and password input times of the current operation user;
when the identity probability authentication of the current operation user is successful, acquiring identity authentication ciphertext information of the current operation user based on terminal equipment, and performing bidirectional identity authentication based on the identity authentication ciphertext information, wherein the identity authentication ciphertext information comprises an identity authentication key and an anti-identity authentication key;
when the two-way authentication is successful, determining the identity grade of the current operation user based on the account information of the current operation user, judging whether to perform the secondary identity authentication based on the identity grade and the preset identity grade,
If the identity level of the current operation user is greater than the preset identity level, judging that secondary identity authentication is needed;
And if the identity level of the current operation user is smaller than or equal to the preset identity level, judging that secondary identity authentication is not needed.
7. The adaptive identity authentication method according to claim 6, further comprising, after obtaining the identity probability of the current operating user:
When the identity probability of the current operation user is larger than the preset identity probability, judging that the identity probability authentication of the current operation user is successful;
and when the identity probability of the current operation user is smaller than or equal to the preset identity probability, judging that the identity probability authentication of the current operation user is unsuccessful.
8. The adaptive identity authentication method according to claim 6, further comprising, before acquiring the identity authentication ciphertext information of the current operation user based on the terminal device and performing bidirectional identity authentication based on the identity authentication ciphertext information:
determining the number of key generation based on a preset key production rule;
obtaining true random numbers with the same number as the key generation number from a quantum random number generator according to the key generation number;
Generating a first key factor and a second key factor by taking the true random number as a true random number seed;
Generating a first decryption factor of the first key factor and a second decryption factor of the second key factor respectively;
the first key factor and the first decryption factor are used as the identity authentication key, wherein the identity authentication key is sent to the terminal equipment;
And taking the second key factor and the second decryption factor as the anti-identity authentication key, wherein the anti-identity authentication key is sent to the current operation user.
9. The adaptive identity authentication method according to claim 8, wherein when acquiring the identity authentication ciphertext information of the current operation user based on the terminal device and performing bidirectional identity authentication based on the identity authentication ciphertext information, comprising:
Transmitting the first key factor to a current operation user;
Transmitting the second key factor to the terminal device;
When the current operation user successfully inputs the first decryption factor and the terminal equipment successfully inputs the second decryption factor, generating a bidirectional authentication identifier and judging that the bidirectional authentication is successful;
When the current operation user does not successfully input the first decryption factor or the terminal equipment does not successfully input the second decryption factor, counting the input times of the decryption factor in a preset time;
And when the input times of the decryption factors are larger than the preset input times, judging that the bidirectional authentication is lost.
10. The adaptive identity authentication method according to claim 6, wherein when it is judged that the secondary identity authentication is required, comprising:
When judging that secondary identity authentication is needed, randomly generating a random fingerprint authentication instruction and sending the random fingerprint authentication instruction to a current operation user;
Acquiring fingerprint information input by a current operation user according to the random fingerprint verification instruction, and extracting static fingerprint information and dynamic fingerprint information of the current operation user based on the fingerprint information;
Judging whether the static fingerprint information is matched with preset original fingerprint information or not, and judging whether the dynamic fingerprint information is matched with preset dynamic fingerprint information or not;
and when the static fingerprint information and the dynamic fingerprint information are successfully matched, judging that the secondary identity authentication of the current operation user passes.
CN202311668437.8A 2023-12-06 2023-12-06 Adaptive identity authentication system and method Pending CN117938423A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311668437.8A CN117938423A (en) 2023-12-06 2023-12-06 Adaptive identity authentication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311668437.8A CN117938423A (en) 2023-12-06 2023-12-06 Adaptive identity authentication system and method

Publications (1)

Publication Number Publication Date
CN117938423A true CN117938423A (en) 2024-04-26

Family

ID=90751341

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311668437.8A Pending CN117938423A (en) 2023-12-06 2023-12-06 Adaptive identity authentication system and method

Country Status (1)

Country Link
CN (1) CN117938423A (en)

Similar Documents

Publication Publication Date Title
US20080189772A1 (en) Method for generating digital fingerprint using pseudo random number code
CN106850209A (en) A kind of identity identifying method and device
CN102790674A (en) Authentication method, equipment and system
CN101340436A (en) Method and apparatus implementing remote access control based on portable memory apparatus
CN103853950A (en) Authentication method based on mobile terminal and mobile terminal
CN103001773A (en) Fingerprint authentication system and fingerprint authentication method based on near field communication (NFC)
SG178726A1 (en) Method and system for generating digital fingerprint
CN109448271A (en) A kind of no card withdrawal method, computer readable storage medium and server
CN109347875A (en) Internet of things equipment, platform of internet of things and the method and system for accessing platform of internet of things
CN104767617A (en) Message processing method, system and related device
JP2015088080A (en) Authentication system, authentication method, and program
CN109285256A (en) Computer room based on block chain authentication enter permission give method
CN113595985A (en) Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip
US20120284787A1 (en) Personal Secured Access Devices
CN107645474A (en) Log in the method for open platform and log in the device of open platform
CN105071993B (en) Encrypted state detection method and system
CN103986724B (en) Email real name identification method and system
CN103178955B (en) A kind of authentication method, equipment and system
CN117938423A (en) Adaptive identity authentication system and method
CN109933974A (en) Cryptographic initialization method, apparatus, computer equipment and storage medium
CN109859349A (en) A kind of entrance guard authentication method and system based on data SMS technology
CN115473655A (en) Terminal authentication method, device and storage medium for access network
CN114422266A (en) IDaaS system based on dual verification mechanism
CN114495352A (en) Electronic fund payment system and method based on payment terminal identity authentication control mechanism
KR20160114437A (en) System for performing authentication using mac address and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination