TWI604334B - Information System Certification Method - Google Patents
Information System Certification Method Download PDFInfo
- Publication number
- TWI604334B TWI604334B TW104100667A TW104100667A TWI604334B TW I604334 B TWI604334 B TW I604334B TW 104100667 A TW104100667 A TW 104100667A TW 104100667 A TW104100667 A TW 104100667A TW I604334 B TWI604334 B TW I604334B
- Authority
- TW
- Taiwan
- Prior art keywords
- information system
- secondary verification
- information
- login
- verification login
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 46
- 230000007613 environmental effect Effects 0.000 claims description 92
- 238000012795 verification Methods 0.000 claims description 88
- 230000003442 weekly effect Effects 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 12
- 230000007246 mechanism Effects 0.000 claims description 8
- 238000012549 training Methods 0.000 claims description 8
- 230000002155 anti-virotic effect Effects 0.000 claims description 5
- 238000013528 artificial neural network Methods 0.000 claims description 5
- 238000003066 decision tree Methods 0.000 claims description 5
- 239000000203 mixture Substances 0.000 claims description 5
- 230000002265 prevention Effects 0.000 claims description 5
- 238000012706 support-vector machine Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000010801 machine learning Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000011157 data evaluation Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Description
本發明係關於一種資訊系統認證之方法,其依據當下資訊系統之各項環境安全狀態,可以自動判斷是否要進行二次驗證登入之資訊系統認證之方法。 The invention relates to a method for information system authentication, which can automatically determine whether to perform a secondary verification login information system authentication method according to various environmental security states of the current information system.
用戶驗證登入技術是任何一個資訊系統的基本功能,特別是針對一些涉及到金融交易或個人資訊相關服務的網站來說,用戶驗證登入技術之安全性顯得相當重要。 User authentication login technology is a basic function of any information system. Especially for websites involving financial transactions or personal information related services, the security of user authentication login technology is very important.
習知的網站驗證登入方式主要是透過在用戶裝置的顯示界面上輸入用戶帳號與密碼來進行一次性驗證登入,但這種驗證登入方式太過簡單容易被破解,相當的不安全,現今的網路環境中,各式各樣的木馬病毒與間諜程式橫行肆虐,相當隱密難以發現,網路駭客經常在用戶毫無察覺的情況下竊取用戶之資料,造成用戶之隱私受到侵犯以及用戶財產之損失。 The conventional website verification login method mainly performs a one-time verification login by inputting a user account and a password on the display interface of the user device, but the verification login method is too simple and easy to be cracked, which is quite insecure, and today's network In the road environment, a variety of Trojan viruses and spyware are rampant, and it is quite hidden and difficult to find. Internet hackers often steal user information without the user's awareness, resulting in user privacy violations and user property. Loss.
因此,網站驗證登入技術相當的重要,習知的網站驗證登入技術並未判斷當下資訊系統之各項環境安全狀態,無論用戶是在網咖此種網路資訊曝露高風險的地方上網登入資訊系統,或用戶只是在家中及公司單純的上網登入資訊系統,皆使用同樣的一次性驗證登入方式來登入資訊系統,其在安全性上有很大的漏洞,並未保障用戶登入資訊系統之安全, 也因此讓用戶在使用網路服務時具有相當高之風險。 Therefore, the website verification login technology is quite important. The traditional website verification login technology does not judge the environmental security status of the current information system, regardless of whether the user is surfing the information system in a high-risk place where Internet information is exposed. Or the user is only at home and the company's simple online login information system, all use the same one-time verification login method to log in to the information system, which has a large loophole in security and does not guarantee the security of the user login information system. Therefore, users are at a high risk when using network services.
有鑑於上述習知技藝之缺失,實有改善之必要,本創作人乃不斷尋求解決之道,終創作出此一更加精良及實用之資訊系統認證之方法,期能造福社會大眾。 In view of the lack of the above-mentioned conventional skills, there is a need for improvement. The creator is constantly seeking solutions, and finally creates a more sophisticated and practical method of information system certification, which can benefit the public.
本發明利用機器學習方式建立一環境安全決策模組並結合專屬當前環境特徵資料,協助資訊系統配置一種安全登入機制模式,藉由環境安全決策模組判斷當前資訊系統之各項環境安全狀態,在一次性帳號密碼驗證登入與二次驗證登入之間自動做選擇,藉以強化網路資訊安全,達到保障用戶資料及兼具用戶登入之便利性。 The invention utilizes a machine learning method to establish an environmental security decision module and combines the current current environmental feature data to assist the information system to configure a secure login mechanism mode, and the environmental security decision module determines the environmental security status of the current information system. One-time account password verification login and secondary verification login automatically make choices to strengthen network information security, to ensure user data and user login convenience.
本發明提供一種資訊系統認證之方法,其包含藉由一網路設備連線至一資訊系統後,進行第一次帳號密碼驗證成功登入,並藉由此資訊系統收集至少一個當前環境特徵資料,將至少一個當前環境特徵資料作為判斷進入此資訊系統所建立之環境安全決策模組判斷之依據。 The invention provides a method for authenticating an information system, comprising: connecting a network device to an information system, performing a first account password verification and successfully logging in, and collecting at least one current environmental feature data by using the information system, At least one current environmental characteristic data is used as a basis for judging the environmental security decision module established by the information system.
其中此資訊系統將至少一個當前環境特徵資料放入此環境安全決策模組中,藉以判斷是否需要進行二次驗證登入,當此環境安全決策模組判斷認為不需要進行二次驗證登入時,此資訊系統顯示出登入之結果,當此環境安全決策模組判斷認為需要進行二次驗證登入時,此資訊系統顯示出一個二次驗證登入畫面。 The information system puts at least one current environmental feature data into the environmental security decision module to determine whether a secondary verification login is required. When the environmental security decision module determines that the secondary verification login is not required, the information system The information system displays the result of the login. When the environmental security decision module determines that a secondary verification login is required, the information system displays a secondary verification login screen.
在此二次驗證登入畫面中透過一二次驗證登入組合之方式進行二次驗證登入,最後此資訊系統顯示出二次驗證登入的結果,其中此二次驗證登入組合包含動態密碼、動態鍵盤、圖形驗證、指紋或虹膜或聲 音辨識、智慧卡憑證插卡、識別身份的徽章、PIN碼、USB碟、安全令牌其中之一或多種之組合。 In the secondary verification login screen, the second verification login is performed by means of a second verification login combination. Finally, the information system displays the result of the secondary verification login, wherein the secondary verification login combination includes a dynamic password, a dynamic keyboard, Graphic verification, fingerprint or iris or sound A combination of one or more of tone recognition, smart card voucher card, identity badge, PIN code, USB disc, and security token.
其中環境安全決策模組之建立步驟流程如下:收集至少一個當前環境特徵資料,其中至少一個當前環境特徵資料包含此資訊系統之網路所在環境為開放式環境或封閉式環境、此資訊系統之網路架構所在環境為公網或內網、此資訊系統之系統目錄、此資訊系統每周或每月或每年之連線用戶總量與當下用戶流量、此資訊系統之資訊安全防毒軟體每周或每月或每年之風險值、此資訊系統每周或每月或每年之被攻擊次數、此資訊系統是否設定代理伺服器或防火牆、此資訊系統是否屬於前端具有資訊安全防蔽機制環境、此資訊系統之目前日期是否為重大節慶或影響系統繁忙運作之日、此資訊系統級別是否為特級系統或一般系統之等級紀錄、此資訊系統嘗試登入錯誤之歷史資訊情境標記的其中之一或任二者以上之組合。 The process of establishing the environmental security decision module is as follows: collecting at least one current environmental characteristic data, wherein at least one current environmental characteristic data includes an environment of the information system, an open environment or a closed environment, and the network of the information system The environment of the road architecture is public or intranet, the system catalog of this information system, the total number of connected users and current user traffic of this information system on a weekly or monthly or yearly basis, the information security antivirus software of this information system weekly or The monthly or annual risk value, the number of times the information system is attacked weekly or monthly or yearly, whether the information system sets a proxy server or firewall, whether the information system belongs to the front end has an information security prevention environment, this information Whether the current date of the system is a major festival or a day that affects the busy operation of the system, whether the information system level is a grade record of a special system or a general system, or one or both of the historical information context markers of the information system attempting to log in. The combination of the above.
將收集到的至少一個當前環境特徵資料根據至少一個當前環境特徵資料的特性進行正規化處理後,以向量集合表示。 The at least one current environmental feature data collected is normalized according to the characteristics of the at least one current environmental feature data, and then represented by a vector set.
將比較選擇出至少一個當前環境特徵資料所適用的監督式學習分類器,其中此監督式學習分類器為決策樹、支持向量機、類神經網路、線性分類器、貝氏分類器或高斯混合模型。 The supervised learning classifier to which at least one current environmental feature data is applied is selected, wherein the supervised learning classifier is a decision tree, a support vector machine, a neural network, a linear classifier, a Bayesian classifier or a Gaussian mixture. model.
透過迭代方式估測出此監督式學習分類器的內部參數值,並透過設定一收斂門檻值或一迭代次數,藉以控制訓練時間與準確度。 The internal parameter values of the supervised learning classifier are estimated by iterative method, and the training time and accuracy are controlled by setting a convergence threshold or an iteration number.
當網路設備連線至資訊系統後,此資訊系統經過一段時間收集至少一個當前環境特徵資料,並將至少一個當前環境特徵資料透過此監督式學習分類 器進行預測。 After the network device is connected to the information system, the information system collects at least one current environmental feature data over a period of time, and classifies at least one current environmental feature data through the supervised learning class. The device makes predictions.
根據估測信心度與此監督式學習分類器所預測的結果來決定是否進行二次驗證登入。 The secondary verification login is determined based on the estimated confidence and the predicted result of the supervised learning classifier.
本發明提供另一種資訊系統認證之方法,其包含透過一資訊系統收集至少一個當前環境特徵資料,將至少一個當前環境特徵資料作為判斷進入資訊系統所建立之環境安全決策模組判斷之依據,其中資訊系統將至少一個當前環境特徵資料放入環境安全決策模組中,藉此判斷是否需要進行二次驗證登入,當環境安全決策模組判斷認為不需要進行二次驗證登入時,透過一網路設備連線至資訊系統並進行第一次帳號密碼驗證登入,以及資訊系統顯示出登入之結果。 The present invention provides another method for authenticating an information system, which comprises collecting at least one current environmental feature data through an information system, and using at least one current environmental feature data as a basis for judging an environmental security decision module established by the entry information system, wherein The information system puts at least one current environmental characteristic data into the environmental security decision module to determine whether a secondary verification login is required, and when the environmental security decision module determines that the secondary verification login is not required, the information is transmitted through a network. The device is connected to the information system and the first account password verification login is performed, and the information system displays the result of the login.
當環境安全決策模組判斷認為需要進行二次驗證登入時,資訊系統顯示出一個二次驗證登入畫面,在二次驗證登入畫面中透過一二次驗證登入組合之方式進行二次驗證登入,最後此資訊系統顯示出二次驗證登入的結果,其中二次驗證登入組合包含動態密碼、動態鍵盤、圖形驗證、指紋或虹膜或聲音辨識、智慧卡憑證插卡、識別身份的徽章、PIN碼、USB碟、安全令牌其中之一或多種之組合。 When the environmental security decision-making module determines that a secondary verification login is required, the information system displays a secondary verification login screen, and in the secondary verification login screen, the secondary verification login is performed by means of a second verification login combination, and finally This information system displays the results of the secondary verification login, which includes the dynamic password, dynamic keyboard, graphic verification, fingerprint or iris or voice recognition, smart card voucher card, identification badge, PIN code, USB A combination of one or more of a disc and a security token.
其中環境安全決策模組之建立步驟流程如下:收集至少一個當前環境特徵資料,其中至少一個當前環境特徵資料包含資訊系統之網路所在環境為開放式環境或封閉式環境、資訊系統之網路架構所在環境為公網或內網、資訊系統之系統目錄、資訊系統每周或每月或每年之連線用戶總量與當下用戶流量、資訊系統之資訊安全防毒軟體每周或每月或每年之風險值、資訊系統每周或每月或每年之被攻擊次數、資訊系 統是否設定代理伺服器或防火牆、資訊系統是否屬於前端具有資訊安全防蔽機制環境、資訊系統之目前日期是否為重大節慶或影響系統繁忙運作之日、資訊系統級別是否為特級系統或一般系統之等級紀錄、資訊系統嘗試登入錯誤之歷史資訊情境標記的其中之一或任二者以上之組合。 The process of establishing the environmental security decision module is as follows: collecting at least one current environmental feature data, wherein at least one current environmental feature data includes an environment of an information system, an open environment or a closed environment, and an information system network architecture The environment is the public or intranet, the system directory of the information system, the information system weekly or monthly or yearly, the total number of connected users and current user traffic, information system information security anti-virus software weekly or monthly or yearly Risk value, number of attacks on the information system weekly or monthly or yearly, information system Does the system set whether the proxy server or firewall or information system belongs to the front end with the information security prevention mechanism environment, whether the current date of the information system is a major festival or the day when the system is busy, and whether the information system level is a special system or a general system. The level record, the information system attempts to log in to the wrong historical information context marker, or a combination of any two or more.
將收集到的至少一個當前環境特徵資料根據至少一個當前環境特徵資料的特性進行正規化處理後,以向量集合表示。 The at least one current environmental feature data collected is normalized according to the characteristics of the at least one current environmental feature data, and then represented by a vector set.
將比較選擇出至少一個當前環境特徵資料所適用的監督式學習分類器,其中監督式學習分類器為決策樹、支持向量機、類神經網路、線性分類器、貝氏分類器或高斯混合模型。 The supervised learning classifier to which at least one current environmental feature data is applied is compared, wherein the supervised learning classifier is a decision tree, a support vector machine, a neural network, a linear classifier, a Bayesian classifier or a Gaussian mixture model. .
透過迭代方式估測出此監督式學習分類器的內部參數值,並透過設定一收斂門檻值或一迭代次數,藉以控制訓練時間與準確度。 The internal parameter values of the supervised learning classifier are estimated by iterative method, and the training time and accuracy are controlled by setting a convergence threshold or an iteration number.
網路設備連線至資訊系統後,資訊系統經過一段時間收集至少一個當前環境特徵資料,並將至少一個當前環境特徵資料透過監督式學習分類器進行預測。 After the network device is connected to the information system, the information system collects at least one current environmental feature data for a period of time, and predicts at least one current environmental feature data through the supervised learning classifier.
根據估測信心度與監督式學習分類器所預測的結果來決定是否進行二次驗證登入。 The secondary verification login is determined based on the estimated confidence and the predicted result of the supervised learning classifier.
本發明之資訊系統認證之方法,其具有下列多項優點: The method of information system authentication of the present invention has the following advantages:
1、本發明利用機器學習方式建立一環境安全決策模組並結合專屬當前環境特徵資料,協助資訊系統配置一種安全登入機制模式,藉由環境安全決策模組判斷當前資訊系統之各項環境安全狀態,在一次性帳號密碼驗證登入與二次驗證登入組合方式驗證登入之間做選擇,讓資訊系統可利用此環境安全決策模組於登入資訊系統當下即自動判斷出是否需要繼續進行二次驗 證登入以兼顧用戶登入之安全性及便利性。 1. The present invention utilizes a machine learning method to establish an environmental security decision module and combines the current current environmental feature data to assist the information system to configure a secure login mechanism mode, and the environmental security decision module determines the environmental security status of the current information system. Select between the one-time account password verification login and the secondary verification login combination verification login, so that the information system can use the environmental security decision module to automatically determine whether it is necessary to continue the second inspection. Login to take into account the security and convenience of user login.
2、本發明之技術加強保障用戶登入資訊系統之安全性,讓用戶在存取網路資源時,能避免受到網路駭客的侵入或盜用,進而避免用戶財產之損失。 2. The technology of the present invention strengthens the security of the user login information system, so that the user can avoid intrusion or misappropriation of the network hacker when accessing the network resources, thereby avoiding the loss of the user property.
S101~S107‧‧‧步驟流程 S101~S107‧‧‧Step procedure
S201~S207‧‧‧步驟流程 S201~S207‧‧‧Step procedure
S301~S306‧‧‧步驟流程 S301~S306‧‧‧Step procedure
401‧‧‧斜線 401‧‧‧Slash
第1圖為本發明之資訊系統認證之方法之流程圖。 Figure 1 is a flow chart of a method for authentication of an information system of the present invention.
第2圖為本發明之另一資訊系統認證之方法之流程圖。 Figure 2 is a flow chart of another method of authentication of the information system of the present invention.
第3圖為本發明之環境安全決策模組建立之流程圖。 Figure 3 is a flow chart showing the establishment of the environmental security decision module of the present invention.
第4圖為本發明之資訊系統連線用戶總量與資訊系統當下用戶流量之關係圖。 Figure 4 is a diagram showing the relationship between the total number of connected users of the information system of the present invention and the current user traffic of the information system.
為利 貴審查員瞭解本發明之技術特徵、內容與優點及其所能達成之功效,茲將本發明配合附圖,並以實施例之表達形式詳細說明如下,而其中所使用之圖式,其主旨僅為示意及輔助說明書之用,未必為本發明實施後之真實比例與精準配置,故不應就所附之圖式的比例與配置關係解讀、侷限本發明於實際實施上的權利範圍,合先敘明。 The technical features, contents, and advantages of the present invention, as well as the advantages thereof, can be understood by the present inventors, and the present invention will be described in detail with reference to the accompanying drawings. The subject matter is only for the purpose of illustration and description. It is not intended to be a true proportion and precise configuration after the implementation of the present invention. Therefore, the scope and configuration relationship of the attached drawings should not be interpreted or limited. First described.
請參閱第1圖所示,為本發明之資訊系統認證之方法流程圖,如圖所示,其步驟流程包含: Please refer to FIG. 1 , which is a flowchart of a method for authenticating an information system according to the present invention. As shown in the figure, the step process includes:
S101:藉由一網路設備連線至一資訊系統後,在一個驗證登入畫面中透過帳號密碼進行第一次驗證成功登入。 S101: After connecting to an information system through a network device, the first verification succeeds in logging in through an account password in a verification login screen.
S102:藉由此資訊系統收集至少一個當前環境特徵資料,將至少一個當前環境特徵資料作為判斷進入此資訊系統運用機器學習方式所建立之環境安 全決策模組判斷之依據。 S102: Collecting at least one current environmental characteristic data by using the information system, and using at least one current environmental characteristic data as an environment environment established by determining to enter the information system using the machine learning mode The basis for the judgment of the full decision-making module.
S103:藉由此資訊系統將至少一個當前環境特徵資料放入此環境安全決策模組中,協助資訊系統配置一種安全登入機制模式,藉此環境安全決策模組可在登入資訊系統當下即判斷出是否需要繼續進行二次驗證登入。 S103: using the information system to put at least one current environmental feature data into the environmental security decision-making module, and assisting the information system to configure a secure login mechanism mode, wherein the environmental security decision-making module can determine the current login information system Is it necessary to continue the secondary verification login?
S104:當此環境安全決策模組判斷認為不需要進行二次驗證登入時,此資訊系統顯示出登入之結果。 S104: When the environmental security decision module determines that the secondary verification login is not required, the information system displays the result of the login.
S105:當此環境安全決策模組判斷認為需要進行二次驗證登入時,此資訊系統顯示出一個二次驗證登入畫面。 S105: When the environmental security decision module determines that a secondary verification login is required, the information system displays a secondary verification login screen.
S106:在此二次驗證登入畫面中透過一二次驗證登入組合之方式進行二次驗證登入,其中此二次驗證登入組合包含動態密碼、動態鍵盤、圖形驗證、指紋或虹膜或聲音辨識、智慧卡憑證插卡、識別身份的徽章、PIN碼、USB碟、安全令牌其中之一或多種之組合。 S106: Perform secondary verification login through the second verification login combination in the secondary verification login screen, wherein the secondary verification login combination includes a dynamic password, a dynamic keyboard, a graphic verification, a fingerprint or an iris or a voice recognition, and wisdom. A combination of one or more of a card voucher card, an identification badge, a PIN code, a USB disc, and a security token.
S107:最後此資訊系統顯示出二次驗證登入的結果,藉由此二次驗證登入組合之方式可加強保障用戶登入資訊系統之安全性,讓用戶在存取網路資源時,能避免受到網路駭客的侵入或盜用,進而避免用戶財產之損失。 S107: Finally, the information system displays the result of the secondary verification login. By means of the second verification of the login combination, the security of the user login information system can be enhanced, and the user can avoid the network when accessing the network resources. Intrusion or misappropriation of road hackers, thereby avoiding the loss of user property.
請參閱第2圖所示,為本發明之另一資訊系統認證之方法流程圖,如圖所示,其步驟流程包含: Please refer to FIG. 2, which is a flowchart of another method for authenticating the information system of the present invention. As shown in the figure, the step process includes:
S201:透過一資訊系統收集至少一個當前環境特徵資料,將至少一個當前環境特徵資料作為判斷進入資訊系統運用機器學習方式所建立之環境安全決策模組判斷之依據。 S201: Collecting at least one current environmental feature data through an information system, and using at least one current environmental feature data as a basis for judging the environmental security decision module established by the information system using the machine learning mode.
S202:藉由資訊系統將至少一個當前環境特徵資料放入環境安全決策模組中,協助資訊系統配置一種安全登入機制模式,利用環境安全決策模組在 登入資訊系統當下即判斷出是否需要進行二次驗證登入。 S202: The at least one current environmental feature data is placed in the environmental security decision module by the information system, and the information system is configured to configure a secure login mechanism mode, and the environmental security decision module is utilized. When logging in to the information system, it is determined whether a secondary verification login is required.
S203:當環境安全決策模組判斷認為不需要進行二次驗證登入時,透過一網路設備連線至資訊系統後,在一個驗證登入畫面中藉由帳號密碼進行第一次驗證登入。 S203: When the environmental security decision module determines that the secondary verification login is not required, after connecting to the information system through a network device, the first verification login is performed by using the account password in a verification login screen.
S204:資訊系統顯示出第一次驗證登入之結果。 S204: The information system displays the result of the first verification login.
S205:當環境安全決策模組判斷認為需要進行二次驗證登入時,資訊系統顯示出一個二次驗證登入畫面。 S205: When the environmental security decision module determines that the secondary verification login is required, the information system displays a secondary verification login screen.
S206:在二次驗證登入畫面中透過一二次驗證登入組合之方式進行二次驗證登入,其中二次驗證登入組合包含動態密碼、動態鍵盤、圖形驗證、指紋或虹膜或聲音辨識、智慧卡憑證插卡、識別身份的徽章、PIN碼、USB碟、安全令牌其中之一或多種之組合。 S206: Perform secondary verification login through a second verification login combination in the secondary verification login screen, wherein the secondary verification login combination includes a dynamic password, a dynamic keyboard, a graphic verification, a fingerprint or iris or voice recognition, and a smart card certificate. A combination of one or more of a card, an identification badge, a PIN code, a USB disc, and a security token.
S207:最後資訊系統顯示出二次驗證登入的結果,藉由二次驗證登入組合之方式可加強保障用戶登入資訊系統之安全性,讓用戶在存取網路資源時,能避免受到網路駭客的侵入或盜用,進而避免用戶財產之損失。 S207: The last information system displays the result of the secondary verification login. By means of the secondary verification of the login combination, the security of the user login information system can be enhanced, and the user can avoid the network when accessing the network resources. Intrusion or misappropriation of customers, thereby avoiding the loss of user property.
請參閱第3圖所示,其中第3圖為本發明之環境安全決策模組建立之流程圖,其中環境安全決策模組之建立步驟流程如下: Please refer to FIG. 3, wherein FIG. 3 is a flow chart of establishing an environmental security decision module of the present invention, wherein the steps of establishing the environmental security decision module are as follows:
S301:收集至少一個當前環境特徵資料。 S301: Collect at least one current environmental feature data.
S302:定義特徵,將收集到的至少一個當前環境特徵資料根據其特性進行正規化處理後,用向量集合表示。 S302: Define a feature, and normalize the collected at least one current environment feature data according to the characteristic, and represent the vector set.
S303:選擇分類器,比較選擇出至少一個當前環境特徵資料所適用的監督式學習分類器,藉此可達到較佳的分類效果。 S303: Select a classifier to compare and select a supervised learning classifier to which at least one current environmental feature data is applied, thereby achieving a better classification effect.
S304:訓練分類器,透過迭代方式估測出此監督式學習分類器的內部參數 值,並透過設定一收斂門檻值或一迭代次數,藉以控制訓練時間與準確度。 S304: Train the classifier to estimate the internal parameters of the supervised learning classifier through an iterative method Value, and by setting a convergence threshold or an iteration number, to control training time and accuracy.
S305:新資料評估,當用戶透過網路設備連線至資訊系統後,資訊系統經過一段時間收集至少一個當前環境特徵資料,並將至少一個當前環境特徵資料透過監督式學習分類器進行預測。 S305: The new data is evaluated. After the user connects to the information system through the network device, the information system collects at least one current environmental feature data for a period of time, and predicts at least one current environmental feature data through the supervised learning classifier.
S306:產生決策方法,根據估測信心度與監督式學習分類器所預測的結果來決定是否進行二次驗證登入。 S306: Generate a decision method, and determine whether to perform the secondary verification login according to the estimated confidence and the predicted result of the supervised learning classifier.
其中流程S301:收集至少一個當前環境特徵資料包含收集資訊系統之網路所在環境為開放式環境或封閉式環境、資訊系統之網路架構所在環境為公網或內網、資訊系統之系統目錄、資訊系統每周或每月或每年之連線用戶總量與當下用戶流量、資訊系統之資訊安全防毒軟體每周或每月或每年之風險值、資訊系統每周或每月或每年之被攻擊次數、資訊系統是否設定代理伺服器或防火牆、資訊系統是否屬於前端具有資訊安全防蔽機制環境、資訊系統之目前日期是否為重大節慶或影響系統繁忙運作之日、資訊系統級別是否為特級系統或一般系統之等級紀錄、資訊系統嘗試登入錯誤之歷史資訊情境標記的其中之一或任二者以上之組合。 The process S301: collecting at least one current environment feature data, where the environment in which the information system is collected is an open environment or a closed environment, and the network architecture of the information system is a public network or an intranet, a system directory of the information system, Information system weekly or monthly or yearly connection of the total number of users and current user traffic, information system information security anti-virus software weekly or monthly or annual risk value, information system weekly or monthly or yearly attack The number of times, whether the information system sets the proxy server or firewall, whether the information system belongs to the front end has the information security prevention mechanism environment, whether the current date of the information system is a major festival or the day when the system is busy, whether the information system level is a special system or One of the general system level records, the information system attempts to log in to the wrong historical information context flag, or a combination of more than two.
其中流程S302:定義特徵包含網路所在環境為開放式環境或封閉式環境,其參數為布林值,資訊系統連線用戶總量與資訊系統當下用戶流量其參數為整數,請參閱下表1所示,其中收集到的至少一個當前環境特徵資料為資訊系統連線用戶總量與資訊系統當下用戶流量,並記錄資訊系統是否使用動態密碼,而使用動態密碼以〝1〞表示,未使用動態密碼則以〝0〞表示。 The process S302: defining the feature includes the environment where the network is an open environment or a closed environment, and the parameter is a Boolean value, the total number of information system connection users and the current user flow of the information system are integers, see Table 1 below. As shown, at least one current environmental feature data collected is the total number of information system connection users and the current user traffic of the information system, and records whether the information system uses the dynamic password, and the dynamic password is represented by 〝1〞, and the unused dynamics are used. The password is indicated by 〝0〞.
其中流程S303:選擇分類器包含比較選擇出至少一個當前環境特徵資料所適用的一線性分類器,其形式為a1.x1+a2.x2+b,其中x1為資訊系統連線用戶總量,x2為資訊系統當下用戶流量,a1、a2與b為可訓練參數,其中監督式學習分類器為決策樹、支持向量機、類神經網路、線性分類器、貝氏分類器或高斯混合模型。 Wherein the process S303: the selection classifier includes a linear classifier for comparing and selecting at least one current environment feature data, and the form is a1. X1+a2. X2+b, where x1 is the total number of users connected to the information system, x2 is the current user traffic of the information system, and a1, a2 and b are trainable parameters, wherein the supervised learning classifier is a decision tree, a support vector machine, a neural network. Road, linear classifier, Bayesian classifier or Gaussian mixture model.
其中流程S304:訓練分類器包含透過迭代方式估測出此線性分類器的可訓練參數,並將此線性分類器的可訓練參數進行訓練,找出此線性分類器所對應的一組參數,請參閱第4圖所示,其中第4圖為本發明之資訊系統連線用戶總量與資訊系統當下用戶流量之關係圖,藉由此參數可將線性分類器之資料點分為資訊系統使用動態密碼類別與資訊系統未使用動態密碼,其中資料點之形狀分為方形(■)與圓形(●),方形(■)為使用動態 密碼類別,圓形(●)為未使用動態密碼,及藉由此參數可將線性分類器依形式a1.x1+a2.x2+b繪製符合形式a1.x1+a2.x2+b之斜線401,並將關係圖分割成資訊系統使用動態密碼類別與資訊系統未使用動態密碼類別,當資料點符合a1.x1+a2.x2>b形式時為斜線401上方之資訊系統使用動態密碼類別,當資料點符合a1.x1+a2.x2≦b形式時為斜線401下方之資訊系統未使用動態密碼類別,藉此以控制訓練時間與準確度。 Wherein the process S304: the training classifier comprises estimating the trainable parameters of the linear classifier through an iterative method, and training the trainable parameters of the linear classifier to find a set of parameters corresponding to the linear classifier, Referring to FIG. 4, FIG. 4 is a diagram showing the relationship between the total number of connected users of the information system of the present invention and the current user flow of the information system, by which the data points of the linear classifier can be classified into information system usage dynamics. The password category and the information system do not use dynamic passwords. The shape of the data points is divided into square (■) and round (●), and square (■) is dynamic. The password category, circle (●) is the unused dynamic password, and by this parameter, the linear classifier can be a1. X1+a2. X2+b is drawn in accordance with the form a1. X1+a2. X2+b slash 401, and the relationship diagram is divided into information system using dynamic password category and information system does not use dynamic password category, when the data point meets a1. X1+a2. The x2>b form uses the dynamic password category for the information system above the slash 401 when the data point matches a1. X1+a2. In the case of x2≦b, the information system below the slash 401 does not use the dynamic password category, thereby controlling the training time and accuracy.
其中流程S305:新資料評估包含將收集到的至少一個當前環境特徵資料透過線性分類器進行預測,以判斷資料點符合a1.x1+a2.x2>b形式或a1.x1+a2.x2≦b形式,藉此決定資訊系統是否使用動態密碼之功能。 The process S305: the new data evaluation comprises predicting the collected at least one current environmental feature data through a linear classifier to determine that the data point meets a1. X1+a2. X2>b form or a1. X1+a2. The x2≦b form is used to determine whether the information system uses dynamic passwords.
其中流程S306:產生決策方法包含根據估測信心度與線性分類器所預測的結果來決定是否進行二次驗證登入。 Wherein the process S306: generating the decision method comprises determining whether to perform the secondary verification login according to the estimated confidence and the result predicted by the linear classifier.
以上所述僅為舉例性,而非為限制性者。任何未脫離本發明之精神與範疇,而對其進行之等效修改或變更,均應包含於後附之申請專利範圍中。 The above is intended to be illustrative only and not limiting. Any equivalent modifications or alterations to the spirit and scope of the invention are intended to be included in the scope of the appended claims.
S101~S107‧‧‧步驟流程 S101~S107‧‧‧Step procedure
Claims (8)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW104100667A TWI604334B (en) | 2015-01-09 | 2015-01-09 | Information System Certification Method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW104100667A TWI604334B (en) | 2015-01-09 | 2015-01-09 | Information System Certification Method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201626281A TW201626281A (en) | 2016-07-16 |
| TWI604334B true TWI604334B (en) | 2017-11-01 |
Family
ID=56985141
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW104100667A TWI604334B (en) | 2015-01-09 | 2015-01-09 | Information System Certification Method |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI604334B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11288348B2 (en) | 2017-12-15 | 2022-03-29 | Advanced New Technologies Co., Ltd. | Biometric authentication, identification and detection method and device for mobile terminal and equipment |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9946899B1 (en) * | 2016-10-14 | 2018-04-17 | Google Llc | Active ASIC intrusion shield |
| TWI643087B (en) * | 2016-12-01 | 2018-12-01 | 財團法人資訊工業策進會 | Authentication method and authentication system |
| CN108765789A (en) * | 2018-05-22 | 2018-11-06 | 北京翔云在线数据技术有限公司 | Intelligence is opened an account robot and account-opening method |
-
2015
- 2015-01-09 TW TW104100667A patent/TWI604334B/en not_active IP Right Cessation
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11288348B2 (en) | 2017-12-15 | 2022-03-29 | Advanced New Technologies Co., Ltd. | Biometric authentication, identification and detection method and device for mobile terminal and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201626281A (en) | 2016-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10104061B2 (en) | Method and system for distinguishing humans from machines and for controlling access to network services | |
| CN106233663B (en) | System and method for carrying strong authentication event on the different channels | |
| CN107276982B (en) | Abnormal login detection method and device | |
| US9654477B1 (en) | Adaptive authentication | |
| WO2019228004A1 (en) | Identity verification method and apparatus | |
| CN108989278A (en) | Identification service system and method | |
| US9160726B1 (en) | Authentication system with selective authentication method based on risk reasoning | |
| US11722510B2 (en) | Monitoring and preventing remote user automated cyber attacks | |
| KR20170041731A (en) | System and method for performing authentication using data analytics | |
| Kim et al. | Social authentication: harder than it looks | |
| Lovisotto et al. | Mobile biometrics in financial services: A five factor framework | |
| TWI604334B (en) | Information System Certification Method | |
| CN107046516B (en) | Wind control method and device for identifying mobile terminal identity | |
| US11985128B2 (en) | Device step-up authentication system | |
| US9674195B1 (en) | Use of highly authenticated operations to detect network address translation | |
| KR101363668B1 (en) | Apparatus and method for authentication user using captcha | |
| WO2021118399A1 (en) | Method and system for dynamic authentication and risk assessment of a user | |
| Alhassan et al. | Threat modeling of electronic health systems and mitigating countermeasures | |
| He et al. | Understanding mobile banking applications’ security risks through blog mining and the workflow technology | |
| CN112272195B (en) | Dynamic detection authentication system and method thereof | |
| SHAKIR | User authentication in public cloud computing through adoption of electronic personal synthesis behavior | |
| CN108241803B (en) | A kind of access control method of heterogeneous system | |
| Nenadic et al. | Levels of authentication assurance: An investigation | |
| Ariffin et al. | A Multi-factor Biometric Authentication Scheme Using Attack Recognition and Key Generator Technique for Security Vulnerabilities to Withstand Attacks | |
| Skračić et al. | Question based user authentication in commercial environments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |