WO2016045225A1 - 基于鼠标行为的密码容错方法 - Google Patents
基于鼠标行为的密码容错方法 Download PDFInfo
- Publication number
- WO2016045225A1 WO2016045225A1 PCT/CN2014/095900 CN2014095900W WO2016045225A1 WO 2016045225 A1 WO2016045225 A1 WO 2016045225A1 CN 2014095900 W CN2014095900 W CN 2014095900W WO 2016045225 A1 WO2016045225 A1 WO 2016045225A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- mouse
- data
- password
- login
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
Definitions
- the invention relates to the field of Internet identity authentication technology.
- the main purpose of access control is to assign different permissions to different users, so that each user operates the system with their own appropriate permissions.
- the first and most important step is user authentication. Only when the system determines the identity of the user can the user be assigned the correct permissions and then proceed with subsequent operations.
- the main user authentication methods include three types: (1) user memory information, such as username/password; (2) auxiliary devices, such as secret security cards, bank cards, etc.; (3) user biometric information, such as fingerprints, etc. .
- the three methods have their own advantages, but the shortcomings are also obvious.
- the user name/password is simpler, but the problems such as password forgetting and password leakage make the security and user experience unsatisfactory.
- the security of the auxiliary device is more secure. High, but when the related auxiliary equipment is lost or stolen, the user information also has the risk of leakage; thus, the authentication method using biological information has emerged, which has high security and reliability, but requires additional equipment support.
- the first method that is, the use of the username/password is the most extensive, but its disadvantages are also obvious when it is widely used.
- the illegal user In terms of security, once the password is leaked, the illegal user It can also be authenticated. This mode will not provide any protection for user data.
- the security problem requires the user to keep their own passwords and change the passwords frequently. Therefore, in terms of security issues, the user's cooperation is required.
- the user name/password mode itself is difficult to improve, but the user experience problem can be improved from the mode.
- the shortcomings start with improving the user experience, so the present invention will mainly focus on the improvement of the user experience.
- the present invention hopes to find a new identity authentication method, in order to effectively supplement and improve the existing methods, and provide identity authentication protection for access control.
- the present invention proposes the concept of password fault tolerance, and it is expected that the identity of the user can be confirmed by other data even when the user cannot provide the correct password.
- the first method is to require the user to provide more identity authentication information, such as questions about user privacy, etc.
- the second method is to use the user's biometrics such as iris, fingerprint and other features for user identity authentication. These two methods have their own shortcomings in solving the problem.
- the first method requires the user to perform additional operations and increases the user's operation.
- the second method requires additional equipment to complete the authentication.
- the present invention selects a scheme for user identity authentication and password fault tolerance based on user behavior characteristics.
- the user's behavioral characteristics mainly refer to the operating characteristics of the input device of the mouse, keyboard, etc. when the user uses the computer. According to relevant literature and experiments, these features can confirm the identity of the user to a certain extent.
- the mouse has become the main input device for human-computer interaction. For this reason, the present invention will design a password fault tolerance method based on the characteristics of the user's behavior, and use the mouse character data of the user to collect the user name/password verification method to analyze whether the user is a legitimate user and implement the password. Fault tolerance.
- a password fault-tolerant method based on mouse behavior characterized in that, based on the mouse behavior data when the user logs in, by collecting and processing the daily behavior data of the user mouse, an identity authentication mode capable of determining the identity of the user is obtained, and each time the user logs in When comparing the similarity between the login data and the user login mode, the password tolerance of the user login process is finally realized.
- an identity authentication mode capable of determining the identity of the user is obtained, and each time the user logs in
- the password tolerance of the user login process is finally realized.
- UI interfaces, software processes, and database operations need to be designed.
- the UI interface is used to guide the user input and display the authentication result, and mainly includes a login interface, a registration interface, and a virtual keyboard, and various prompt windows.
- the login interface and registration interface provide the basic functions of the lander.
- the virtual keyboard is used to collect more user mouse information.
- the design of the front-end interface is completed by using the graphical design capabilities provided by C++Builder.
- the software main process is mainly composed of four steps of feature selection, data collection, mode establishment, and password fault tolerance.
- the feature selection is to select the characteristics of the mouse that can judge the user's identity. After selecting the appropriate feature, the required data is collected and processed to obtain the user's identity authentication mode, and finally the mode is used for identity authentication to implement password fault tolerance.
- the database is mainly operated in accordance with four steps in the software flow, and records the user name, password, mouse identity authentication mode data, and login data, and performs data processing and updating according to software requirements.
- the system After a period of user information data collection and data processing, the system will successfully establish a unique identity authentication mode for the user, and use this mode for password fault tolerance when the user cannot provide the password correctly.
- the main solution at this stage is to use the auxiliary information to verify the user's identity, including providing the user with private information, or verifying the user's biometrics.
- These methods increase the user's operation and require additional equipment. stand by.
- the method adopted by the present invention does not require additional operations and equipment, and directly utilizes the mouse characteristics of the user at login to verify the identity of the user.
- Figure 1 shows the flow chart of software operation, feature selection, data acquisition, mode creation, and password tolerance. The process will be described in detail below.
- Mouse feature information mainly includes two types, one is called user physiological layer feature, which refers to the unique characteristics of the user when using the mouse, and has nothing to do with the application environment, including mouse click frequency, double click frequency, moving direction frequency, average The feature quantity such as speed; the second type is the user dialogue layer feature, which refers to the mouse characteristics of the user in a specific application environment, including the instantaneous movement speed of the mouse, the instantaneous movement direction of the mouse movement, and the like. There are two points to note here.
- the double-click operation is basically not used, so the double-click frequency does not need to be acquired, and secondly, the instantaneous moving speed of the mouse and the instantaneous moving direction. Together, they form the instantaneous motion vector of the mouse.
- the mouse movement vector in continuous time can describe the running track of the mouse over a period of time, so the two data will operate as a whole.
- the system tested their identity authentication performance separately.
- the test invited 4 users to calculate the misrecognition rate and the false rejection rate of each user's identity authentication after training each user's 5 types of data.
- the false positive rate is the probability that the system will pass the verification after the password is fault-tolerant for the illegal user to log in.
- the misunderstanding rate is shown in Figure 2 below.
- the false rejection rate refers to the probability that the system will pass the verification after the password is fault-tolerant for the legitimate user to log in.
- the error rejection rate is shown in Figure 3 below.
- the mouse track, the average moving speed of the mouse and the frequency of the mouse moving direction have higher recognition rate of the user identity, so the three data will be selected as the user identity authentication and password fault tolerance in the software module of the system. in accordance with.
- This speed is the instantaneous moving speed of the mouse at a certain moment, taking the speed between (x1, y1) (x2, y2) as an example;
- the instantaneous vector ( ⁇ , v, t) of the user's mouse can be established to describe the user's mouse trajectory.
- step 2 the instantaneous movement speed of the mouse v1, v2, ..., vn
- the percentage of the four regions where the angle falls in (-180, -90) (-90, 0) (0, 90) and (90, 180) is calculated.
- the five kinds of data required can be calculated from the coordinates of the mouse track, so we need to collect and record the coordinates of the user's mouse movement track.
- the mouse coordinates are collected every 100ms by calling the API function, and stored in the array of the database together with the timestamp, so that when the user login behavior is completed, the record is recorded in our database. User mouse track.
- the authentication mode is a mode unique to each user, mainly including the three data we selected and the user name and password, as shown in Table 1.
- the system compares the identity authentication mode with the data of the current login to determine the result of the password tolerance.
- the user's physiological layer data includes the average moving speed of the mouse and the frequency of the mouse moving direction. For one training, an average speed and a percentage of the movement of the mouse in four directions will be obtained.
- the number of movements in the angular range is A n , [90,180]
- the number of movements in the angular range is B n
- the number of movements in the range of (-180, -90) is C n , [-90, 0) angular range
- the number of internal movements is D n , where n represents the nth training.
- the user's dialogue layer data refers to the mouse track feature, which is composed of the user's mouse instantaneous speed, mouse instantaneous angle and time stamp.
- each time the mouse track data collected includes 100 sets of data, we define symbols for each of the three data.
- the instantaneous speed and the instantaneous angle corresponding to the same time stamp are averaged in the data collected multiple times, and finally the user's dialogue layer feature data is obtained.
- Combining the physiological layer feature data with the dialogue layer feature data constitutes a user identity authentication mode.
- the software module of the system uses the login data of the user to establish a login mode corresponding to the identity authentication mode for the user.
- the similarity between the three data selected in the present invention in the login mode and the identity authentication mode is compared in turn.
- the comparison of the similarity of the mouse trajectory is mainly the comparison of the mouse vector, and the similarity between the average speed and the direction frequency is mainly calculated by relative error. Methods.
- the input data r, q, p is the similarity of the three data calculated in the previous step, w1, w2, and w3 are weights, and the similarity Uk of the login mode and the user identity authentication mode can be obtained by weighted summation.
- Sum is the summation function
- x is the final user identity authentication result. If x is 1, the authentication is successful. The user logs in successfully through the password fault tolerance function. If x is 0, the authentication fails and the user is denied login.
- the weight indicates the degree of influence of each variable on the final verification result. Because each person's habit is different, the value of the weight is different for each user. For example, when a user logs in, the mouse track changes greatly. However, the average speed of the mouse is relatively stable. In this case, the weight w1 of r should be relatively small, and the weight w2 of q should be larger; the feature similarity indicates the stability of the user feature, if the user is daily If the behavior fluctuates greatly, the feature similarity is relatively small, and vice versa. In order to obtain appropriate values, an appropriate method is required when training 20 sets of training data. Here we use the idea of supervised learning in the neural network model. The specific algorithm is as follows.
- the initial three weights w 1 , w 2 , and w 3 are all set to 1/3, that is, the initial state three similarities have the same degree of influence on the final result.
- the first set of data is stored in the database as the initial identity authentication mode, and each subsequent data will be compared with the existing identity authentication mode in the database to obtain three Similarity, select the weight corresponding to the lowest similarity minus 1/500, and increase the highest corresponding weight by 1/500.
- After the completion save the data in the database and get a new identity authentication mode.
- the weight corresponding to the high similarity variable will have a greater impact on the final result, and achieve the purpose of weight adjustment in supervised learning.
- the login interface and registration interface including the input of user name and password, feedback on registration and login status, etc., will describe the process of user interaction in detail.
- the registration process is shown in Figure 7, which mainly includes the judgment of the user name and password length and the judgment of whether the two passwords are the same.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Social Psychology (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
Description
Claims (1)
- 一种基于鼠标行为的密码容错方法,其特征在于,基于用户登陆时的鼠标行为数据,通过采集并处理用户鼠标的日常行为数据,得到可以判断用户身份的身份认证模式,并在每次用户登陆时,比较本次登陆数据与用户登陆模式的相似度,最终实现用户登陆过程的密码容错。分别对系统UI界面、系统软件模块流程以及系统数据库操作进行如下设计,所述的UI界面:为系统前端界面,用以实现引导用户输入、认证结果的展示,主要包括登陆界面、注册界面以及虚拟键盘三个界面,以及各类提示窗口;登陆界面及注册界面提供登陆器的基础功能,虚拟键盘是为了采集到更多的用户鼠标信息;所述的软件模块的流程:包括特征选择、数据采集、模式建立以及密码容错四个步骤组成,特征选择是为了选取可以判断用户身份的鼠标特征,选择到适当的特征后,对所需要的数据进行采集和处理,得到用户的身份认证模式,并最终使用该模式进行身份认证,实现密码容错;所述的数据库:其操作主要是配合软件模块流程中的4个步骤,记录用户的用户名、密码、鼠标身份认证模式数据以及登陆数据等,并根据软件模块要求进行数据处理和更新。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2017100409A AU2017100409A4 (en) | 2014-09-25 | 2017-04-10 | Password fault tolerance method based on mouse behaviour |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410499054.7A CN104281795B (zh) | 2014-09-25 | 2014-09-25 | 基于鼠标行为的密码容错方法 |
CN201410499054.7 | 2014-09-25 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
AU2017100409A Division AU2017100409A4 (en) | 2014-09-25 | 2017-04-10 | Password fault tolerance method based on mouse behaviour |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016045225A1 true WO2016045225A1 (zh) | 2016-03-31 |
Family
ID=52256659
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/095900 WO2016045225A1 (zh) | 2014-09-25 | 2014-12-31 | 基于鼠标行为的密码容错方法 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN104281795B (zh) |
WO (1) | WO2016045225A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106775353A (zh) * | 2016-12-21 | 2017-05-31 | 普华基础软件股份有限公司 | 一种利用鼠标动作解锁桌面操作系统屏幕的方法 |
CN110287664A (zh) * | 2019-07-01 | 2019-09-27 | 贵州大学 | 一种基于多行为特征选择的身份认证方法 |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105991281A (zh) * | 2015-02-04 | 2016-10-05 | 中国移动通信集团公司 | 一种身份认证方法、设备及系统 |
CN104933353A (zh) * | 2015-07-07 | 2015-09-23 | 北京展扬金卡科技有限公司 | 密码操作方法及装置 |
CN107871279A (zh) * | 2017-09-30 | 2018-04-03 | 上海壹账通金融科技有限公司 | 用户身份验证方法及应用服务器 |
CN108629174B (zh) * | 2018-05-08 | 2022-06-07 | 创新先进技术有限公司 | 字符串校验的方法及装置 |
CN109407947A (zh) * | 2018-09-30 | 2019-03-01 | 北京金山云网络技术有限公司 | 界面交互及其验证方法、登录请求生成及验证方法和装置 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101674184A (zh) * | 2009-10-19 | 2010-03-17 | 北京微通新成网络科技有限公司 | 一种基于用户击键特征的身份识别方法 |
CN103152324A (zh) * | 2013-01-29 | 2013-06-12 | 北京凯华信业科贸有限责任公司 | 基于行为特征的用户认证方法 |
CN103533546A (zh) * | 2013-10-29 | 2014-01-22 | 无锡赛思汇智科技有限公司 | 基于多维度行为特征的隐式用户验证及隐私保护方法 |
CN103699822A (zh) * | 2013-12-31 | 2014-04-02 | 同济大学 | 基于鼠标行为的电子商务中用户异常行为应用系统及检测方法 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
IL211289A0 (en) * | 2011-02-17 | 2011-04-28 | Univ Ben Gurion | System for verifying user identity via mouse dynamics |
-
2014
- 2014-09-25 CN CN201410499054.7A patent/CN104281795B/zh active Active
- 2014-12-31 WO PCT/CN2014/095900 patent/WO2016045225A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101674184A (zh) * | 2009-10-19 | 2010-03-17 | 北京微通新成网络科技有限公司 | 一种基于用户击键特征的身份识别方法 |
CN103152324A (zh) * | 2013-01-29 | 2013-06-12 | 北京凯华信业科贸有限责任公司 | 基于行为特征的用户认证方法 |
CN103533546A (zh) * | 2013-10-29 | 2014-01-22 | 无锡赛思汇智科技有限公司 | 基于多维度行为特征的隐式用户验证及隐私保护方法 |
CN103699822A (zh) * | 2013-12-31 | 2014-04-02 | 同济大学 | 基于鼠标行为的电子商务中用户异常行为应用系统及检测方法 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106775353A (zh) * | 2016-12-21 | 2017-05-31 | 普华基础软件股份有限公司 | 一种利用鼠标动作解锁桌面操作系统屏幕的方法 |
CN110287664A (zh) * | 2019-07-01 | 2019-09-27 | 贵州大学 | 一种基于多行为特征选择的身份认证方法 |
Also Published As
Publication number | Publication date |
---|---|
CN104281795B (zh) | 2017-10-31 |
CN104281795A (zh) | 2015-01-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016045225A1 (zh) | 基于鼠标行为的密码容错方法 | |
Dasgupta et al. | Advances in user authentication | |
JP6565230B2 (ja) | ユーザ認証方法、システム、及びプログラム | |
Messerman et al. | Continuous and non-intrusive identity verification in real-time environments based on free-text keystroke dynamics | |
US10467394B2 (en) | Pointing device biometrics for continuous user authentication | |
Traore et al. | Combining mouse and keystroke dynamics biometrics for risk-based authentication in web environments | |
Serwadda et al. | When kids' toys breach mobile phone security | |
Li et al. | Unobservable re-authentication for smartphones. | |
US20130263240A1 (en) | Method for authentication and verification of user identity | |
Bours et al. | A login system using mouse dynamics | |
US20210264003A1 (en) | Keyboard and mouse based behavioral biometrics to enhance password-based login authentication using machine learning model | |
Polakis et al. | Faces in the distorting mirror: Revisiting photo-based social authentication | |
Meng et al. | Enhancing click-draw based graphical passwords using multi-touch on mobile phones | |
CN111563746A (zh) | 用户身份认证的方法、装置、电子设备和介质 | |
Meng et al. | The effect of adaptive mechanism on behavioural biometric based mobile phone authentication | |
Buriro et al. | Risk-driven behavioral biometric-based one-shot-cum-continuous user authentication scheme | |
Lone et al. | A novel OTP based tripartite authentication scheme | |
Mondal et al. | A continuous combination of security & forensics for mobile devices | |
Sharma et al. | Behavioral biometrics: past, present and future | |
Ma et al. | A kind of mouse behavior authentication method on dynamic soft keyboard | |
Sahdev et al. | Behavioral biometrics for adaptive authentication in digital banking-guard against flawless privacy | |
Aumi et al. | AirAuth: towards attack-resilient biometric authentication using in-air gestures | |
Lin et al. | Developing cloud-based intelligent touch behavioral authentication on mobile phones | |
Pilankar et al. | Multi-phase mouse dynamics authentication system using behavioural biometrics | |
Gorad et al. | User identity verification using mouse signature |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14902547 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14902547 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 10/10/2017) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14902547 Country of ref document: EP Kind code of ref document: A1 |