CN118035969A

CN118035969A - Application authentication method, device, electronic equipment and computer readable medium

Info

Publication number: CN118035969A
Application number: CN202410116560.7A
Authority: CN
Inventors: 尹春阳
Original assignee: Yuanzheng Digital Intelligence Shanghai Technology Co ltd
Current assignee: Yuanzheng Digital Intelligence Shanghai Technology Co ltd
Priority date: 2024-01-26
Filing date: 2024-01-26
Publication date: 2024-05-14

Abstract

Embodiments of the present disclosure disclose an application authentication method, apparatus, electronic device, and computer-readable medium. One embodiment of the method comprises the following steps: in response to receiving a user interaction operation request corresponding to a preset application sent by user terminal equipment, determining an operation type corresponding to the user interaction operation request; in response to determining that the operation type is a shared content viewing operation type, performing a key authentication process; sending the key authentication result to the user terminal equipment; in response to determining the operation type is a restricted content viewing operation type, performing the following: determining the first input information as user name information; determining the second input information as first key information to be verified; generating a key authentication result; acquiring user access data; executing hardware sampling authentication processing; and sending the hardware sampling authentication result to the user terminal equipment so as to enable the user terminal equipment to execute user interaction operation. This embodiment improves security of application access and operation.

Description

Application authentication method, device, electronic equipment and computer readable medium

Technical Field

Embodiments of the present disclosure relate to the field of computer technology, and in particular, to an application authentication method, an apparatus, an electronic device, and a computer readable medium.

Background

With the development of information technology, copying and dissemination of digital contents in applications becomes easy. It becomes particularly important to ensure that only authorized users can access certain data and resources. The development of application authentication can effectively control the access of digital content in an application and the authority of the application operation by a user so as to prevent the access and the operation of the application by an unauthorized user. Currently, when authenticating an application, the following methods are generally adopted: authentication is performed based on the user name and password only for different operations in the application.

However, when the application is authenticated in the above manner, there are often the following technical problems:

First, authentication is performed based on the user name and password only for different operations in the application. If all operations are authenticated by relying on the same user name and password, the authentication verification factor is single, and when the user name and the password are revealed, an unauthorized user can execute all access and operations in the application, so that the security of the access and the operation of the application is lower.

However, in practice, it is found that when hardware authentication is performed according to the acquired face image, there are often the following technical problems:

Second, authentication is performed only on the basis of the acquired face image, and the face image is easily forged or falsified. An attacker can forge the face image of the authorized user by using a printed photo, a mask, a 3D printing model and the like, so that the security of the authentication of the face verification hardware is lower, and further, the security of application access and operation is lower.

Disclosure of Invention

The disclosure is in part intended to introduce concepts in a simplified form that are further described below in the detailed description. The disclosure is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. Some embodiments of the present disclosure propose application authentication generation methods, apparatuses, electronic devices, and computer-readable media to solve one or more of the technical problems mentioned in the background section above.

In a first aspect, some embodiments of the present disclosure provide a method for application authentication, the method comprising: in response to receiving a user interaction operation request corresponding to a preset application sent by user terminal equipment, determining an operation type corresponding to the user interaction operation request, wherein the user interaction operation request corresponds to a logged-in user account, and the operation type comprises one of the following steps: sharing the content viewing operation type, restricting the content viewing operation type and the value circulation operation type; in response to determining that the operation type is the shared content viewing operation type, executing key authentication processing to obtain a key authentication result; transmitting the key authentication result to the user terminal equipment in response to determining that the key authentication result represents authentication passing, so that the user terminal equipment executes user interaction operation corresponding to the key authentication result; in response to determining that the operation type is the restricted content viewing operation type, performing the following: in response to receiving first input information sent by the user terminal equipment, determining the first input information as user name information; in response to receiving second input information sent by the user terminal equipment, determining the second input information as first key information to be verified; generating a key authentication result according to the user name information and the first key information to be verified; responding to the fact that the key authentication result represents that the key authentication passes, and acquiring user access data corresponding to the user account in a first preset time period; executing hardware sampling authentication processing according to the user access data to obtain a hardware sampling authentication result; and in response to determining that the hardware sampling authentication result characterizes authentication passing, sending the hardware sampling authentication result to the user terminal equipment so as to enable the user terminal equipment to execute user interaction operation corresponding to the hardware sampling authentication result.

In a second aspect, some embodiments of the present disclosure provide an application authentication apparatus, the apparatus comprising: the determining unit is configured to determine an operation type corresponding to a user interaction operation request corresponding to a preset application sent by user terminal equipment in response to receiving the user interaction operation request, wherein the user interaction operation request corresponds to a logged-in user account, and the operation type comprises one of the following steps: sharing the content viewing operation type, restricting the content viewing operation type and the value circulation operation type; the first execution unit is configured to execute key authentication processing to obtain a key authentication result in response to determining that the operation type is the shared content viewing operation type; a transmitting unit configured to transmit the key authentication result to the user terminal device in response to determining that the key authentication result characterizes authentication passing, so as to perform a user interaction operation corresponding to the key authentication result by the user terminal device; a second execution unit configured to execute, in response to determining that the operation type is the above-described restricted content viewing operation type, the following processing: in response to receiving first input information sent by the user terminal equipment, determining the first input information as user name information; in response to receiving second input information sent by the user terminal equipment, determining the second input information as first key information to be verified; generating a key authentication result according to the user name information and the first key information to be verified; responding to the fact that the key authentication result represents that the key authentication passes, and acquiring user access data corresponding to the user account in a first preset time period; executing hardware sampling authentication processing according to the user access data to obtain a hardware sampling authentication result; and in response to determining that the hardware sampling authentication result characterizes authentication passing, sending the hardware sampling authentication result to the user terminal equipment so as to enable the user terminal equipment to execute user interaction operation corresponding to the hardware sampling authentication result.

In a third aspect, some embodiments of the present disclosure provide an electronic device comprising: one or more processors; a storage device having one or more programs stored thereon, which when executed by one or more processors causes the one or more processors to implement the method described in any of the implementations of the first aspect above.

In a fourth aspect, some embodiments of the present disclosure provide a computer readable medium having a computer program stored thereon, wherein the program, when executed by a processor, implements the method described in any of the implementations of the first aspect above.

The above embodiments of the present disclosure have the following advantageous effects: by the application authentication method of some embodiments of the present disclosure, security of application access and operation is improved. Specifically, the reason for the poor security of application access and operation is that: authentication is performed based on the user name and password only for different operations in the application. If all operations are authenticated by relying on the same user name and password, the authentication verification factor is single, and when the user name and the password are revealed, an unauthorized user can execute all access and operations in the application, so that the security of the access and the operation of the application is lower. Based on this, in the application authentication method of some embodiments of the present disclosure, first, in response to receiving a user interaction operation request corresponding to a preset application sent by a user terminal device, an operation type corresponding to the user interaction operation request is determined, where the user interaction operation request corresponds to a logged-in user account, and the operation type includes one of the following: the shared content viewing operation type, the restricted content viewing operation type, and the value stream operation type. Thus, the operation type of the user interactive operation request corresponding to the preset application can be determined. And then, in response to determining that the operation type is the shared content viewing operation type, performing key authentication processing to obtain a key authentication result. Thus, when the operation type is the shared content viewing operation type, the key authentication processing can be performed to improve the security of the application when accessing the shared content. And then, in response to determining that the key authentication result characterizes authentication passing, sending the key authentication result to the user terminal equipment so as to enable the user terminal equipment to execute user interaction operation corresponding to the key authentication result. Then, in response to determining that the operation type is the above-described restricted content viewing operation type, the following processing is performed: and a first step of determining the first input information as user name information in response to receiving the first input information sent by the user terminal equipment. Thereby, user name information for key authentication can be obtained. And a second step of determining the second input information as the first key information to be verified in response to receiving the second input information sent by the user terminal equipment. Thereby, the first key information to be verified for key authentication can be obtained. And thirdly, generating a key authentication result according to the user name information and the first key information to be verified. Thus, the key authentication result can be obtained. And fourthly, responding to the fact that the key authentication result represents that the key authentication passes, and acquiring user access data corresponding to the user account in a first preset time period. Thereby, user access data for performing hardware sample authentication processing can be obtained. And fifthly, executing hardware sampling authentication processing according to the user access data to obtain a hardware sampling authentication result. Therefore, hardware sampling authentication processing can be performed on the basis of passing of the key authentication, and the security of limiting content viewing is further improved. And in response to determining that the hardware sampling authentication result characterizes authentication passing, sending the hardware sampling authentication result to the user terminal equipment so as to enable the user terminal equipment to execute user interaction operation corresponding to the hardware sampling authentication result. And because different authentication processes corresponding to different operations are performed according to different operations of the application, the diversity of authentication and verification factors is improved, the security risk diffusion of the whole application caused by user name and password leakage is reduced, and the security of application access and operation is further improved.

Drawings

The above and other features, advantages, and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. The same or similar reference numbers will be used throughout the drawings to refer to the same or like elements. It should be understood that the figures are schematic and that elements and components are not necessarily drawn to scale.

FIG. 1 is a flow chart of some embodiments of an application authentication method according to the present disclosure;

Fig. 2 is a schematic structural diagram of some embodiments of an application authentication device according to the present disclosure;

fig. 3 is a schematic structural diagram of an electronic device suitable for use in implementing some embodiments of the present disclosure.

Detailed Description

Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete. It should be understood that the drawings and embodiments of the present disclosure are for illustration purposes only and are not intended to limit the scope of the present disclosure.

It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings. Embodiments of the present disclosure and features of embodiments may be combined with each other without conflict.

It should be noted that the terms "first," "second," and the like in this disclosure are merely used to distinguish between different devices, modules, or units and are not used to define an order or interdependence of functions performed by the devices, modules, or units.

It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.

The names of messages or information interacted between the various devices in the embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.

The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.

Fig. 1 illustrates a flow 100 of some embodiments of applying an authentication method according to the present disclosure. The application authentication method comprises the following steps:

step 101, determining an operation type corresponding to the user interaction operation request in response to receiving the user interaction operation request corresponding to the preset application sent by the user terminal equipment.

In some embodiments, an execution body (for example, a computing device) of the application authentication method may determine, in response to receiving a user interaction operation request corresponding to a preset application sent by a user terminal device, an operation type corresponding to the user interaction operation request. The user interaction operation request corresponds to a logged-in user account, and the operation type comprises one of the following: the shared content viewing operation type, the restricted content viewing operation type, and the value stream operation type. The user terminal device may be a terminal device on which the preset application is loaded. For example, the user terminal device may be one of the following: a mobile phone and a computer. The user interaction request may be a network request for performing user interaction on a preset application. The operation type may be a name of an operation provided corresponding to the preset application. The shared content viewing operation type may be an operation name corresponding to the shared content viewing operation. The shared content viewing operation may be an operation for viewing preset contents in the preset application. The above-described restricted content viewing operation type may be an operation name corresponding to the restricted content viewing operation. The above-described restricted content viewing operation may be an operation for viewing a preset restricted content in the above-described preset application. The above-described value circulation operation type may be an operation name corresponding to the value circulation operation. The above-described value flow operation may be an operation for performing value flow (e.g., payment). The user interaction operation may be an operation in the preset application. The execution body may be a server.

And 102, in response to determining that the operation type is the shared content viewing operation type, performing key authentication processing to obtain a key authentication result.

In some embodiments, the executing body may execute the key authentication process in response to determining that the operation type is the shared content viewing operation type, to obtain a key authentication result.

In some optional implementations of some embodiments, the executing entity may perform a key authentication process in response to determining that the operation type is the shared content viewing operation type, to obtain a key authentication result by:

And a first step of responding to the received first input information sent by the user terminal equipment. The first input information corresponds to a user name input box displayed in an authentication page of the preset application. The first input information may be a user name input by a user. The authentication page may be an application page for authenticating an operation of a preset application in the user terminal device. The user name input box may be an interactive element for a user to input a user name. The user may be a user who uses the preset application.

And a second step of determining the first input information as user name information.

And thirdly, determining reservation verification information corresponding to the user name information as target information. Wherein the reservation verification information includes respective characters.

Fourth, the number of characters included in the target information is determined as a check length.

And fifthly, responding to the second input information sent by the user terminal equipment, and determining the second input information as first key information to be verified. And the second input information corresponds to an application key input box displayed in the authentication page. The two input information may be a password input by the user. The second input information includes characters. The application key input box can be an interactive element for a user to input a password.

And sixthly, determining the number of characters of each character included in the first key information to be verified as the length to be verified.

And seventh, in response to determining that the length to be verified is not equal to the checking length, determining information representing that the authentication is not passed as a key authentication result. The information that the above-mentioned characterization authentication does not pass can be represented by boolean value false.

Eighth, in response to determining that the length to be verified is equal to the verification length, performing the steps of:

And a first sub-step of determining each character included in the first key information to be verified as a first character set.

And a second sub-step of determining each character included in the target information as a second character set.

And a third sub-step of determining information representing authentication passing as a key authentication result in response to determining that the first character set is equal to the second character set. The information that the authentication is passed can be represented by a boolean value true.

Step 103, in response to determining that the key authentication result characterizes authentication passing, the key authentication result is sent to the user terminal device, so that the user terminal device can execute user interaction operation corresponding to the key authentication result.

In some embodiments, the executing body may send the key authentication result to the ue in response to determining that the key authentication result characterizes authentication passing, so as to enable the ue to execute a user interaction operation corresponding to the key authentication result.

Step 104, in response to determining that the operation type is a restricted content viewing operation type, performing the following:

In step 1041, in response to receiving the first input information sent by the user terminal device, the first input information is determined as user name information.

In some embodiments, the executing body may determine the first input information as user name information in response to receiving the first input information transmitted by the user terminal device.

Step 1042, in response to receiving the second input information sent by the user terminal device, determining the second input information as the first key information to be verified.

In some embodiments, the executing body may determine, in response to receiving second input information sent by the user terminal device, the second input information as first key information to be authenticated.

Step 1043, generating a key authentication result according to the user name information and the first key information to be verified.

In some embodiments, the executing entity may generate a key authentication result according to the user name information and the first key information to be verified. In practice, first, the execution subject may determine reservation verification information corresponding to the user name information through the user name information. Then, the execution body may determine a similarity of the reservation verification information and the first key information to be verified as a target similarity. Then, in response to determining that the target similarity is smaller than a preset threshold, the executing body may determine information indicating that authentication is not passed as a key authentication result. In response to determining that the target similarity is greater than or equal to the preset threshold, the executing body may determine information indicating that authentication passes as a key authentication result. The similarity may be cosine similarity.

Step 1044, obtaining user access data corresponding to the user account in the first preset time period in response to determining that the key authentication result represents that the key authentication passes.

In some embodiments, the executing body may obtain the user access data corresponding to the user account in the first preset period of time in response to determining that the key authentication result indicates that the key authentication passes. In practice, the executing body may acquire, from a preset database, user access data corresponding to the user account in a first preset period of time. The preset database may be a MySQL database. The user access data includes: the daily access frequency sequence and the address information set of the user terminal equipment. The daily access frequency in the daily access frequency sequence may be the number of times the user accesses the preset application in a period of time (may be 1 day). The user terminal equipment address information in the user terminal equipment address information set may represent a unique identifier of the terminal equipment used by the user in the network. For example, the above-mentioned user terminal equipment address information may represent an IP address.

Step 1045, executing hardware sampling authentication processing according to the user access data to obtain a hardware sampling authentication result.

In some embodiments, the executing body may execute the hardware sample authentication process according to the user access data to obtain a hardware sample authentication result.

In some optional implementations of some embodiments, the executing body may execute the hardware sample authentication process according to the user access data by:

first, the current date is obtained. The current time may be a system time.

And secondly, determining the week identifier corresponding to the current date as a target week identifier. The week identifier may be used to represent a symbol of the day of the week. For example, the week identifier may be "monday".

And thirdly, grouping the daily access frequency sequences included in the user access data to obtain each access frequency group corresponding to each week identifier. Wherein one of the week identifications corresponds to a corresponding one of the access frequency groups. In practice, the execution body may group the daily access frequency sequences in the daily access frequency sequences according to the corresponding week identifications, and determine each daily access frequency with the same week identification as a group to obtain each access frequency group.

Fourth, for each of the access frequency groups, determining an average value of the access frequencies in the access frequency group as a first value.

And fifthly, determining a first value corresponding to the target week identifier from the determined first values as a target first value.

And sixthly, responding to the fact that the first value of the target is smaller than a first preset threshold value, and acquiring a reserved face image and a reserved infrared thermal image corresponding to the user name from a preset database. The preset database may be a MySQL database. The reserved infrared thermal image may be an image corresponding to a preset face image and used for representing heat distribution of the face surface.

And seventh, executing hardware authentication according to the reserved face image and the reserved infrared thermal image to obtain a hardware authentication result.

And eighth step, determining the obtained hardware authentication result as a hardware sampling authentication result. The hardware sampling authentication result can be expressed by a Boolean value.

In some optional implementations of some embodiments, the executing body may execute hardware authentication according to the reserved face image and the reserved infrared thermography to obtain a hardware authentication result by:

The first step, the reserved face image and the reserved infrared thermal image are input into a feature fusion model trained in advance, and first fusion feature data are obtained. The feature fusion model may be a convolutional neural network (Convolutional Neural Networks, CNN) model. The first fused feature data may be a vector representing a fused feature of the reserved face image and the reserved infrared thermography.

And secondly, controlling the thermal imager on the user terminal equipment to acquire an infrared thermal image of the face of the user.

And thirdly, controlling the camera on the user terminal equipment to acquire face images of the faces of the user.

And step four, inputting the infrared thermal image and the face image into an input layer of a pre-trained face recognition model to obtain first initial identification information corresponding to the infrared thermal image and second initial identification information corresponding to the face image. The face recognition model comprises the following components: the device comprises an input layer, a first preprocessing layer, a second preprocessing layer, a feature extraction layer, an infrared image feature extraction layer, a feature fusion layer and a measurement learning layer. The first initial identification information may represent a vector of the infrared thermographic image. The second initial identification information may be a vector representing an infrared thermographic image.

And fifthly, inputting the first initial identification information and the second initial identification information into the first preprocessing layer to obtain first preprocessing identification information corresponding to the first initial identification information and second preprocessing identification information corresponding to the second initial identification information. The first preprocessing layer may be an upsampling layer for processing a vector of an image to obtain a vector with a changed image size. The first preprocessing identification information may represent a vector corresponding to the infrared thermography after the image size is changed. The second preprocessing identification information may represent a vector corresponding to the face image after the image size is changed.

And sixthly, inputting the second preprocessing identification information into the second preprocessing layer to obtain target preprocessing identification information. The second preprocessing layer may convert the vector corresponding to the face image into a deconvolution layer of the face image. The target preprocessing identification information may represent a face image after the image size is changed.

And seventhly, inputting the target preprocessing identification information into the feature extraction layer to obtain second feature extraction information. The feature extraction layer may be a convolution layer that performs feature extraction on the face image with the changed image size. The second feature extraction information may be a face feature vector.

And eighth step, inputting the first preprocessing identification information into the infrared image feature extraction layer to obtain the face heat distribution information. The infrared image feature extraction layer may be a convolution layer that performs feature extraction on the first preprocessing identification information. The above-mentioned face heat distribution information may represent the extracted face heat distribution feature vector.

And a ninth step of inputting the second feature extraction information and the face heat distribution information into a feature fusion layer to obtain second fusion feature data. The feature fusion layer may be a fusion layer that fuses the face feature vector and the face thermal energy distribution feature vector. The second fused feature data may represent a vector of fused features of the face feature vector and the face thermal energy distribution feature vector.

And tenth, inputting the first fusion characteristic data and the second fusion characteristic data into the measurement learning layer to obtain a face characteristic similar result. The face feature similarity result can be represented by a boolean value.

And eleventh step, in response to determining that the face feature similarity results represent the face similarity, determining the information which represents the passing of authentication as a hardware authentication result.

And twelfth, in response to determining that the similar face features represent dissimilar faces, determining information which represents that authentication is not passed as a hardware authentication result.

The technical scheme and the related content are taken as an invention point of the embodiment of the disclosure, and the technical problem mentioned in the background art is solved, namely the authentication is carried out only according to the acquired face image, and the face image is easy to forge or impersonate. An attacker can forge the face image of the authorized user by using printed photos, masks, 3D printing models and the like, so that the security of the authentication of the face verification hardware is lower, and further, the security of the access and the operation of the application is lower. Factors that lead to lower security of application access and operation tend to be as follows: the authentication is carried out only according to the collected face image, and the face image is easy to forge or impersonate. An attacker can forge the face image of the authorized user by using a printed photo, a mask, a 3D printing model and the like, so that the security of the authentication of the face verification hardware is lower, and further, the security of application access and operation is lower. If the above factors are solved, the effect of improving the security of the access and operation of the application can be achieved. In order to achieve the effect, firstly, the reserved face image and the reserved infrared thermal image are input into a feature fusion model trained in advance, and first fusion feature data are obtained. Thus, first fused feature data for generating a face feature similarity result can be obtained. And then, controlling a thermal imager on the user terminal equipment to acquire an infrared thermal image of the face of the user. Thus, an infrared thermal image of the face of the user can be obtained. And then, controlling the camera on the user terminal equipment to acquire the face image of the face of the user. Thus, a face image of the face of the user can be obtained. And then, inputting the infrared thermal image and the face image into an input layer of a pre-trained face recognition model to obtain first initial identification information corresponding to the infrared thermal image and second initial identification information corresponding to the face image, wherein the face recognition model comprises: the device comprises an input layer, a first preprocessing layer, a second preprocessing layer, a feature extraction layer, an infrared image feature extraction layer, a feature fusion layer and a measurement learning layer. Thus, the first initial identification information representing the infrared thermal image and the second initial identification information representing the face image can be obtained. And then, inputting the first initial identification information and the second initial identification information into the first preprocessing layer to obtain first preprocessing identification information corresponding to the first initial identification information and second preprocessing identification information corresponding to the second initial identification information. Thus, the first initial identification information and the second initial identification information can be preprocessed. And then, inputting the second preprocessing identification information into the second preprocessing layer to obtain target preprocessing identification information. Thus, the target preprocessing identification information for generating the second feature extraction information can be obtained. And then inputting the target preprocessing identification information into the feature extraction layer to obtain second feature extraction information. And then, inputting the first preprocessing identification information into the infrared image characteristic extraction layer to obtain the face heat distribution information. Thus, the face heat distribution information representing the face heat distribution characteristics can be obtained. And then, inputting the second feature extraction information and the facial heat distribution information into a feature fusion layer to obtain second fusion feature data. Thus, second fused feature data representing the fused feature of the face feature vector and the face thermal energy distribution feature vector can be obtained. The second fusion characteristic data is used for generating a similar result of facial characteristics. And then, inputting the first fusion characteristic data and the second fusion characteristic data into the measurement learning layer to obtain a face characteristic similar result. Thus, the similar result of the facial features can be obtained. And then, in response to determining that the face feature similar results represent the face similarity, determining the information which represents the passing of authentication as a hardware authentication result. And then, in response to determining that the face feature similarity results indicate that the faces are dissimilar, determining information indicating that the authentication is not passed as a hardware authentication result. Thus, a hardware authentication result can be obtained. And because the feature fusion is carried out on the reserved face image and the reserved infrared thermal image, the first fusion feature data is obtained. And carrying out feature fusion on the acquired face image and the acquired infrared thermal image of the face of the user to obtain second fusion feature data. And generating a hardware authentication result according to the first fusion characteristic data and the second fusion characteristic data. The risk that the face image is easy to forge or impersonate is reduced by only authenticating according to the collected face image. The security of the authentication of the face verification hardware is improved, and further, the security of application access and operation is improved.

In some optional implementations of some embodiments, after determining, as the target first value, a first value corresponding to the target week identifier in the determined first values, the execution body may further perform the following steps:

in the first step, in response to determining that the target first value is greater than or equal to a first preset threshold, a user terminal equipment address information set included in the user access data is determined as an address information set. The address information of the user terminal equipment in the address information set of the user terminal equipment corresponds to the user terminal equipment which logs in the preset application in the first preset time period.

And step two, obtaining address information corresponding to the user terminal equipment from the preset database.

And thirdly, determining the number of the address information which is the same as the address information in the address information set as a target value.

And step four, in response to determining that the target value is greater than or equal to a second preset threshold value, determining the information for representing the passing of authentication as a hardware sampling authentication result.

And fifthly, responding to the fact that the target value is smaller than the second preset threshold value, and acquiring a reserved face image and a reserved infrared thermal image corresponding to the user name from the preset database.

And sixthly, executing the hardware authentication according to the reserved face image and the reserved infrared thermal image to obtain a hardware authentication result.

And seventh, determining the obtained hardware authentication result as a hardware sampling authentication result.

In some optional implementations of some embodiments, after determining the operation type corresponding to the user interaction operation request in response to receiving the user interaction operation request corresponding to the preset application sent by the user terminal device, the executing body may further execute the following steps:

In response to determining that the operation type is the value flow operation type, performing the following secure user predictive authentication process:

and a first sub-step of determining a receiving time for receiving the user interaction request as a first target time point.

And a second sub-step of acquiring a time stamp sequence of the secure user predictive authentication processing corresponding to the user name from the preset database. The time stamp sequence can represent each time point when the user performs the secure user prediction authentication processing in a preset time period.

And a third sub-step of determining a time point corresponding to the last time stamp in the time stamp sequence as a second target time point.

And a fourth sub-step of generating a secure user predictive authentication processing interval based on the first target time point and the second target time point. In practice, the execution subject may determine a difference between the first target time point and the second target time point as a secure user predicted authentication processing interval.

A fifth substep of, in response to determining that the secure user predictive authentication processing interval is less than a third preset threshold, performing the following first processing step:

And step one, in response to determining that the predicted authentication processing interval of the secure user is smaller than a third preset threshold, executing the key authentication processing to obtain a key authentication result.

And step two, determining the obtained key authentication result as a secure user prediction authentication result.

A sixth substep, in response to determining that the secure user prediction authentication processing interval is greater than or equal to a third preset threshold, of executing the following second processing step:

Step one, acquiring a user browsing duration sequence corresponding to the user name and an operation sequence information sequence corresponding to the user browsing duration sequence in a second preset time period. Wherein, one user browsing duration in the user browsing duration sequence corresponds to a corresponding one of the operation sequence information sequences. The user browsing duration in the user browsing duration sequence may be a login duration for a user to login to the preset application. The operation order information in the operation order information sequence described above may indicate an operation name sequence of each operation performed by the user in login.

And secondly, inquiring a real-time monitoring log from a preset database to obtain the browsing time and the operation sequence information. In practice, first, the execution subject may determine a reception time of receiving the user interaction request as a first time point. Then, the execution subject may determine a login time for logging in the preset application as a second time point. Then, the execution subject may determine a period between the first time point and the second time point as a query period. Finally, the executing body can query the real-time monitoring log corresponding to the query time period to obtain the browsing time and the operation sequence information.

And step three, inputting the user browsing time length sequence, the operation sequence information sequence, the current browsing time and the current operation sequence information into a pre-trained user behavior analysis model to obtain a safe user predicted value. The user behavior analysis model may be a Random Forest (Random Forest) model for predicting a predicted value of the safe user according to the user browsing duration sequence, the operation sequence information sequence, the current browsing time and the current operation sequence information.

And step four, in response to determining that the safe user predicted value is greater than a fourth preset threshold, executing the following steps:

And a first sub-step, executing the key authentication processing to obtain a key authentication result.

And a second sub-step, determining the obtained key authentication result as a secure user prediction authentication result.

And a second step of transmitting the secure user predictive authentication result to the user terminal equipment in response to determining that the secure user predictive authentication result characterizes authentication passing, so as to enable the user terminal equipment to execute user interaction operation corresponding to the value circulation operation type.

In some optional implementations of some embodiments, after the inputting the user browsing duration sequence, the operation sequence information sequence, the current browsing time and the current operation sequence information into a pre-trained user behavior analysis model, the execution body may further execute the following steps:

in the first step, in response to determining that the predicted value of the secure user is smaller than or equal to the fourth preset threshold, a reserved face image and a reserved infrared thermal image corresponding to the user name are obtained from the preset database.

And step two, performing hardware authentication according to the reserved face image and the reserved infrared thermal image to obtain a hardware authentication result.

And thirdly, in response to determining that the hardware authentication result represents authentication passing, executing the key authentication processing to obtain a key authentication result.

And fourthly, determining the obtained key authentication result as a secure user prediction authentication result.

Step 1046, in response to determining that the hardware sampling authentication result characterizes the authentication passing, sending the hardware sampling authentication result to the user terminal device, so that the user terminal device performs a user interaction operation corresponding to the hardware sampling authentication result.

In some embodiments, the executing body may send the hardware sample authentication result to the user terminal device in response to determining that the hardware sample authentication result characterizes authentication passing, so as to enable the user terminal device to execute a user interaction operation corresponding to the hardware sample authentication result.

With further reference to fig. 2, as an implementation of the method shown in the figures, the present disclosure provides some embodiments of an application authentication device, which correspond to those method embodiments shown in fig. 1, and which are particularly applicable in various electronic apparatuses.

As shown in fig. 2, the application authentication device 200 of some embodiments includes: a determining unit 201, a first executing unit 202, a transmitting unit 203, and a second executing unit 204. Wherein the determining unit 201 is configured to determine, in response to receiving a user interaction operation request corresponding to a preset application sent by a user terminal device, an operation type corresponding to the user interaction operation request, where the user interaction operation request corresponds to a logged-in user account, and the operation type includes one of the following: sharing the content viewing operation type, restricting the content viewing operation type and the value circulation operation type; the first execution unit 202 is configured to execute a key authentication process in response to determining that the operation type is the shared content viewing operation type, to obtain a key authentication result; the transmitting unit 203 is configured to transmit the key authentication result to the ue in response to determining that the key authentication result characterizes authentication passing, so as to perform a user interaction operation corresponding to the key authentication result by the ue; the second execution unit 204 is configured to execute, in response to determining that the operation type is the above-described restricted content viewing operation type, the following processing: in response to receiving first input information sent by the user terminal equipment, determining the first input information as user name information; in response to receiving second input information sent by the user terminal equipment, determining the second input information as first key information to be verified; generating a key authentication result according to the user name information and the first key information to be verified; responding to the fact that the key authentication result represents that the key authentication passes, and acquiring user access data corresponding to the user account in a first preset time period; executing hardware sampling authentication processing according to the user access data to obtain a hardware sampling authentication result; and in response to determining that the hardware sampling authentication result characterizes authentication passing, sending the hardware sampling authentication result to the user terminal equipment so as to enable the user terminal equipment to execute user interaction operation corresponding to the hardware sampling authentication result.

It will be appreciated that the elements described in the apparatus 200 correspond to the various steps in the method described with reference to fig. 1. Thus, the operations, features and resulting benefits described above for the method are equally applicable to the apparatus 200 and the units contained therein, and are not described in detail herein.

Referring now to fig. 3, a schematic diagram of an electronic device 300 suitable for use in implementing some embodiments of the present disclosure is shown. The electronic device shown in fig. 3 is merely an example and should not impose any limitations on the functionality and scope of use of embodiments of the present disclosure.

As shown in fig. 3, the electronic device 300 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 301 that may perform various suitable actions and processes in accordance with a program stored in a Read Only Memory (ROM) 302 or a program loaded from a storage means 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data required for the operation of the electronic apparatus 300 are also stored. The processing device 301, the ROM 302, and the RAM 303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.

In general, the following devices may be connected to the I/O interface 305: input devices 306 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 307 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 308 including, for example, magnetic tape, hard disk, etc.; and communication means 309. The communication means 309 may allow the electronic device 300 to communicate with other devices wirelessly or by wire to exchange data. While fig. 3 shows an electronic device 300 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead. Each block shown in fig. 3 may represent one device or a plurality of devices as needed.

In particular, according to some embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, some embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via communications device 309, or from storage device 308, or from ROM 302. The computer program, when executed by the processing means 301, performs the functions defined in the methods of some embodiments of the present disclosure.

It should be noted that, the computer readable medium described in some embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination. In some embodiments of the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In some embodiments of the present disclosure, however, the computer-readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination.

In some embodiments, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (HyperText Transfer Protocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.

The computer readable medium may be embodied in an electronic device; or may exist alone without being incorporated into the electronic device. The computer readable medium carries one or more programs that, when executed by the electronic device, cause the electronic device to: in response to receiving a user interaction operation request corresponding to a preset application sent by user terminal equipment, determining an operation type corresponding to the user interaction operation request, wherein the user interaction operation request corresponds to a logged-in user account, and the operation type comprises one of the following steps: sharing the content viewing operation type, restricting the content viewing operation type and the value circulation operation type; in response to determining that the operation type is the shared content viewing operation type, executing key authentication processing to obtain a key authentication result; transmitting the key authentication result to the user terminal equipment in response to determining that the key authentication result represents authentication passing, so that the user terminal equipment executes user interaction operation corresponding to the key authentication result; in response to determining that the operation type is the restricted content viewing operation type, performing the following: in response to receiving first input information sent by the user terminal equipment, determining the first input information as user name information; in response to receiving second input information sent by the user terminal equipment, determining the second input information as first key information to be verified; generating a key authentication result according to the user name information and the first key information to be verified; responding to the fact that the key authentication result represents that the key authentication passes, and acquiring user access data corresponding to the user account in a first preset time period; executing hardware sampling authentication processing according to the user access data to obtain a hardware sampling authentication result; and in response to determining that the hardware sampling authentication result characterizes authentication passing, sending the hardware sampling authentication result to the user terminal equipment so as to enable the user terminal equipment to execute user interaction operation corresponding to the hardware sampling authentication result.

Computer program code for carrying out operations for some embodiments of the present disclosure may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units described in some embodiments of the present disclosure may be implemented by means of software, or may be implemented by means of hardware. The described units may also be provided in a processor, for example, described as: a processor includes a determination unit, a first execution unit, a transmission unit, and a second execution unit. The names of these units do not constitute a limitation on the unit itself in some cases, and for example, the first execution unit may also be described as "a unit that performs a key authentication process to obtain a key authentication result in response to determining that the operation type is the shared content viewing operation type described above".

The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a Complex Programmable Logic Device (CPLD), and the like.

The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be understood by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of technical features, but encompasses other technical features formed by any combination of technical features or their equivalents without departing from the spirit of the invention. Such as a solution in which features and technical features having similar functions (but not limited to) disclosed in the embodiments of the present disclosure are replaced with each other.

Claims

1. An application authentication method, comprising:

In response to receiving a user interaction operation request corresponding to a preset application sent by user terminal equipment, determining an operation type corresponding to the user interaction operation request, wherein the user interaction operation request corresponds to a logged-in user account, and the operation type comprises one of the following: sharing the content viewing operation type, restricting the content viewing operation type and the value circulation operation type;

In response to determining that the operation type is the shared content viewing operation type, performing key authentication processing to obtain a key authentication result;

responding to the fact that the key authentication result represents authentication passing is determined, and sending the key authentication result to the user terminal equipment so that the user terminal equipment can execute user interaction operation corresponding to the key authentication result;

in response to determining that the operation type is the restricted content viewing operation type, performing the following:

in response to receiving first input information sent by the user terminal equipment, determining the first input information as user name information;

in response to receiving second input information sent by the user terminal equipment, determining the second input information as first key information to be verified;

Generating a key authentication result according to the user name information and the first key information to be verified;

responding to the fact that the key authentication result represents that the key authentication passes, and acquiring user access data corresponding to the user account in a first preset time period;

Executing hardware sampling authentication processing according to the user access data to obtain a hardware sampling authentication result;

And responding to the fact that the hardware sampling authentication result represents authentication passing is determined, and sending the hardware sampling authentication result to the user terminal equipment so that the user terminal equipment can execute user interaction operation corresponding to the hardware sampling authentication result.

2. The method of claim 1, wherein the second input information includes respective characters, and

And in response to determining that the operation type is the shared content viewing operation type, performing key authentication processing to obtain a key authentication result, including:

Responding to the first input information sent by the user terminal equipment;

determining the first input information as user name information;

Determining reservation verification information corresponding to the user name information as target information, wherein the reservation verification information comprises various characters;

determining the number of characters of each character included in the target information as a check length;

In response to receiving the second input information sent by the user terminal equipment, determining the second input information as first key information to be verified;

determining the number of characters of each character included in the first key information to be verified as a length to be verified;

In response to determining that the length to be verified is not equal to the verification length, determining information representing that authentication is not passed as a key authentication result;

in response to determining that the length to be verified is equal to the verification length, performing the steps of:

determining each character included in the first key information to be verified as a first character set;

Determining each character included in the target information as a second character set;

In response to determining that the first set of characters is equal to the second set of characters, determining information characterizing authentication pass as a key authentication result.

3. The method of claim 1, wherein the user access data comprises: daily access frequency sequence and user terminal equipment address information set, and

And executing hardware sampling authentication processing according to the user access data to obtain a hardware sampling authentication result, wherein the hardware sampling authentication result comprises the following steps:

Acquiring a current date;

Determining a week identifier corresponding to the current date as a target week identifier;

Grouping daily access frequency sequences included in the user access data to obtain each access frequency group corresponding to each week identifier, wherein one week identifier in each week identifier corresponds to a corresponding one of the access frequency groups;

For each of the access frequency groups, determining a mean value of the access frequencies in the access frequency group as a first value;

determining a first value corresponding to the target week identifier in the determined first values as a target first value;

Acquiring a reserved face image and a reserved infrared thermal image corresponding to the user name from a preset database in response to determining that the target first value is smaller than a first preset threshold;

executing hardware authentication according to the reserved face image and the reserved infrared thermal image to obtain a hardware authentication result;

and determining the obtained hardware authentication result as a hardware sampling authentication result.

4. The method of claim 3, wherein after the determining of the first value corresponding to the target day of the week identifier among the determined first values as a target first value, the method further comprises:

in response to determining that the target first value is greater than or equal to a first preset threshold, determining a user terminal equipment address information set included in the user access data as an address information set;

acquiring address information corresponding to the user terminal equipment from the preset database;

Determining the number of the address information identical to the address information in the address information set as a target value;

determining the information which is passed by the characterization authentication as a hardware sampling authentication result in response to determining that the target value is greater than or equal to a second preset threshold;

acquiring a reserved face image and a reserved infrared thermal image corresponding to the user name from the preset database in response to determining that the target value is smaller than the second preset threshold;

Executing the hardware authentication according to the reserved face image and the reserved infrared thermal image to obtain a hardware authentication result;

5. The method according to claim 1, after the determining, in response to receiving a user interaction operation request corresponding to a preset application sent by a user terminal device, an operation type corresponding to the user interaction operation request, the method further comprising:

determining a receiving time for receiving the user interaction operation request as a first target time point;

Acquiring a time stamp sequence of the secure user prediction authentication processing corresponding to the user name from the preset database;

Determining a time point corresponding to the last time stamp in the time stamp sequence as a second target time point;

Generating a secure user-predicted authentication processing interval based on the first target time point and the second target time point;

In response to determining that the secure user predictive authentication processing interval is less than a third preset threshold, performing the following first processing step:

in response to determining that the secure user predictive authentication processing interval is less than a third preset threshold, executing the key authentication processing to obtain a key authentication result;

determining the obtained key authentication result as a safe user prediction authentication result;

in response to determining that the secure user predictive authentication processing interval is greater than or equal to a third preset threshold, performing the following second processing step:

Acquiring a user browsing time length sequence corresponding to the user name and an operation sequence information sequence corresponding to the user browsing time length sequence in a second preset time period, wherein one user browsing time length in the user browsing time length sequence corresponds to one operation sequence information corresponding to the operation sequence information sequence;

Inquiring a real-time monitoring log from a preset database to obtain the browsing time and the operation sequence information;

Inputting the user browsing duration sequence, the operation sequence information sequence, the browsing time and the operation sequence information to a pre-trained user behavior analysis model to obtain a safe user predicted value;

in response to determining that the secure user predictor is greater than a fourth preset threshold, performing the steps of:

executing the key authentication processing to obtain a key authentication result;

And responding to the fact that the secure user prediction authentication result represents authentication passing is determined, and sending the secure user prediction authentication result to the user terminal equipment so as to enable the user terminal equipment to execute user interaction operation corresponding to the value circulation operation type.

6. The method according to claim 5, wherein after the inputting the user browsing duration sequence, the operation sequence information sequence, the current browsing time and the current operation sequence information into a pre-trained user behavior analysis model, the method further comprises:

Acquiring a reserved face image and a reserved infrared thermal image corresponding to the user name from the preset database in response to determining that the safe user predicted value is smaller than or equal to the fourth preset threshold;

Responding to the fact that the hardware authentication result represents that authentication passes, executing the key authentication processing to obtain a key authentication result;

And determining the obtained key authentication result as a secure user prediction authentication result.

7. An application authentication apparatus comprising:

the determining unit is configured to determine an operation type corresponding to a user interaction operation request corresponding to a preset application, which is sent by user terminal equipment, in response to receiving the user interaction operation request, wherein the user interaction operation request corresponds to a logged-in user account, and the operation type comprises one of the following: sharing the content viewing operation type, restricting the content viewing operation type and the value circulation operation type;

The first execution unit is configured to execute key authentication processing to obtain a key authentication result in response to determining that the operation type is the shared content viewing operation type;

A sending unit configured to send the key authentication result to the user terminal device in response to determining that the key authentication result characterizes authentication passing, so that the user terminal device performs a user interaction operation corresponding to the key authentication result;

A second execution unit configured to, in response to determining that the operation type is the restricted content viewing operation type, execute: in response to receiving first input information sent by the user terminal equipment, determining the first input information as user name information; in response to receiving second input information sent by the user terminal equipment, determining the second input information as first key information to be verified; generating a key authentication result according to the user name information and the first key information to be verified; responding to the fact that the key authentication result represents that the key authentication passes, and acquiring user access data corresponding to the user account in a first preset time period; executing hardware sampling authentication processing according to the user access data to obtain a hardware sampling authentication result; and responding to the fact that the hardware sampling authentication result represents authentication passing is determined, and sending the hardware sampling authentication result to the user terminal equipment so that the user terminal equipment can execute user interaction operation corresponding to the hardware sampling authentication result.

8. An electronic device, comprising:

One or more processors;

A storage device having one or more programs stored thereon;

When executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1 to 6.

9. A computer readable medium having stored thereon a computer program, wherein the program when executed by a processor implements the method of any of claims 1 to 6.