WO2019141008A1 - 一种基于网络通讯的身份认证方法及计算机设备 - Google Patents
一种基于网络通讯的身份认证方法及计算机设备 Download PDFInfo
- Publication number
- WO2019141008A1 WO2019141008A1 PCT/CN2018/119236 CN2018119236W WO2019141008A1 WO 2019141008 A1 WO2019141008 A1 WO 2019141008A1 CN 2018119236 W CN2018119236 W CN 2018119236W WO 2019141008 A1 WO2019141008 A1 WO 2019141008A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- network communication
- unit time
- friend
- time
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Definitions
- the present application relates to the field of Internet communications, and in particular, to an identity authentication method and a computer device based on network communication.
- Network communication includes instant messaging tools. These instant messaging tools bring great communication convenience to people. People's lives and work are increasingly inseparable from these tools. Instant messaging tools carry all the social relationships of users, so for instant messaging. The safety requirements of tools are also increasing. If the communication tool is maliciously used by others, it will have very bad consequences.
- the instant messaging tool is installed on a personal computer (PC, Personal Computer).
- PC Personal Computer
- the security of the instant messaging tool depends mainly on the user name and password set by the user. When the user forgets the password, he can use the mobile phone number bound at the time of registration to receive the authentication code to reset the password.
- the instant messaging tool is installed on the mobile phone terminal, and, in order to facilitate the user's use, the instant messaging tool can be directly used without inputting the user name and password, and in addition, the mobile phone receives the authentication obtained by binding the mobile phone number.
- Code security measures have a limited effect. Therefore, once the mobile terminal is obtained by others, others can not only obtain the authentication code, but also directly use the instant messaging tool on the mobile terminal, which brings great security risks to the security of the instant communication tool.
- the embodiment of the present application is intended to provide a network communication-based identity authentication method and a computer device to at least improve the security performance of network communication.
- a method for identity authentication based on network communication comprising: detecting, according to a network communication behavior record of a user, whether a network communication behavior of the user is abnormal; determining network communication of the user In the case of abnormal behavior, the user's network communication authority is controlled.
- the method further includes: controlling the network communication authority of the user and authenticating the user; and in the case of authenticating the user, releasing the The user's network communication authority is controlled.
- the detecting, according to the network communication behavior record of the user detecting whether the current network communication behavior of the user is abnormal, including: detecting whether any friend account that has interacted with the user within a set time before the unit time is also in the Interacting with the user in a unit time; if it is detected that any friend account that has interacted with the user within the set time before the unit time also interacts with the user in the unit time, the user's network communication behavior is determined. Normally; if it is not detected that any friend account that has interacted with the user within the set time before the unit time has also interacted with the user in the unit time, it is determined that the user's network communication behavior is abnormal.
- the detecting whether the network communication behavior of the user is abnormal includes: obtaining a friend account that has interacted with the user in a preset time, and setting is used to represent each of the friend accounts to perform with the user in a unit time.
- the preset value includes the unit time of the set number; the identifier value is calculated according to a preset algorithm, and the network communication behavior of the user is determined to be abnormal based on the calculation result.
- the authenticating the user includes: summing all the identity values corresponding to each friend account within a preset time, and obtaining an active value of each friend account; and the friend whose active value meets the preset threshold
- the account sends an authentication message; after receiving the confirmation that the friend account feedback indicates that the user has no abnormality, it is determined that the verification of the user is passed.
- a computer apparatus comprising a memory, a processor, and a computer program stored on the memory and operable on the processor, the processor executing the program Time realization: According to the user's network communication behavior record, it is detected whether the user's network communication behavior is abnormal; in the case of determining that the user's network communication behavior is abnormal, the user's network communication authority is controlled.
- the network communication authority of the user is controlled and authenticated by the user; and when the user is authenticated, the network communication authority of the user is controlled and controlled.
- the processor when the executing the program, is configured to: detect whether any friend account that has interacted with the user within a set time before the unit time also interacts with the user in the unit time; Any friend account that has interacted with the user within the set time before the unit time also interacts with the user in the unit time, and determines that the user's network communication behavior is normal; if no unit time is detected before the unit time Any friend account that has interacted with the user within the set time also interacts with the user within the unit time, and then determines that the user's network communication behavior is abnormal.
- the processor when the executing the program, is configured to: obtain a friend account that interacts with the user in a preset time, and set to represent each of the friend accounts to perform with the user in a unit time.
- the identifier value of the interaction includes: setting the unit time of the number; calculating the identifier value according to a preset algorithm, and determining, according to the calculation result, whether the network communication behavior of the user is abnormal.
- the method when the processor executes the program, the method performs: summing all the identifier values corresponding to each friend account in a preset time, and obtaining an active value of each friend account; and the active value meets a preset threshold.
- the friend account sends an authentication message; after receiving the confirmation message indicating that the user has no abnormality, the user account is determined to pass the verification.
- a computer readable storage medium having stored thereon a computer program, the computer program being executed by a processor to implement the steps of the method of the first aspect of the embodiments of the present application.
- the network communication-based identity authentication method and the computer device provided by the embodiments of the present application determine, according to the user's network communication behavior record, by comparing the behavior of the user currently using an account and the behavior of using the same account before. Whether the current user is the account owner, and when the current user is not the account owner, the account is controlled, thereby improving the security performance of the network communication, thereby overcoming the security measures for obtaining the authentication code through the mobile phone number. Security risks.
- FIG. 1 is a schematic flowchart of a method for authenticating an identity based on network communication according to an embodiment of the present application
- FIG. 2 is a schematic structural diagram of a computer device according to an embodiment of the present application.
- FIG. 3 is a schematic structural diagram of an identity authentication apparatus based on network communication according to an embodiment of the present application.
- FIG. 1 is a schematic flowchart of a method for authenticating an identity based on network communication according to an embodiment of the present application. Specifically, according to FIG. 1 , an embodiment of the present application provides a network communication-based identity authentication method, which is applied to a server, where the method includes:
- the network communication behavior record of the user needs to be established in advance, and the subsequent network communication behavior record can be used to detect whether the network communication behavior of the user is abnormal.
- each friend account that has interacted with the user in a preset time period is set, and an identifier value used to represent that each friend account interacts with the user in a unit time is set;
- the preset time includes setting The unit time of the number; calculating the identifier value according to a preset algorithm, and determining whether the network communication behavior of the user is abnormal based on the calculation result.
- the interaction with the user may specifically be a communication interaction, such as message transmission with a user, and the like.
- the establishment of the network communication behavior record of the user includes: obtaining, by the server to which the user belongs, an identifier value (value) of each unit time of each friend account within a preset time, and the identifier value is used to represent the corresponding friend. Whether the account has interacted with the user in the corresponding unit time.
- the server memory has a behavior table (Behavior-Table). Each row of the behavior table (Behavior-Table) corresponds to a key value. Each key value is a friend account. For example, each key value is a mobile phone that interacts with the user. The hash of the number. Each key value corresponds to multiple identifier values. Each identification value (value) corresponds to one unit time.
- the value of the identification value is a binary number "0" or "1". “0” indicates that the user has no interaction with the friend account within a certain period of time, and “1” indicates that the user interacts with the friend account within a certain period of time. Therefore, the behavior table (Behavior-Table) is characterized as the user's network communication behavior record. From the above, the behavior table (Behavior-Table) can be expressed as:
- each behavior has the same key value in a unit time within a preset time value (value), each column is an identity value corresponding to each key value in a unit time (value).
- the server to which the user belongs calculates the hash of the destination number, and the corresponding identifier value in the behavior table (Behavior-Table) is passed through the hash value and the unit time. (value) is changed to 1. If the record of the hash of the destination number does not exist, the record of the key value corresponding to the destination number is inserted, and the identification value (value) of the key value at the unit time is modified to be 1.
- Behavior-Table the behavior table
- the server to which the user belongs calculates a hash value of the sender's number, and the corresponding identifier value in the behavior table (Behavior-Table) is passed through the hash value and the unit time. (value) is changed to 1. If the record does not exist, a record of the key value corresponding to the sender number is inserted, and the value of the key value at the current unit time is modified to be 1.
- Behavior-Table behavior table
- the number of identifier values stored in the behavior table may be configured according to the accuracy requirement of the user behavior judgment, that is, the value column and unit in the behavior table (Behavior-Table).
- the time column can be increased or decreased as needed. The more the saved value (value) column, the more sufficient the historical knowledge is, and the more favorable it is to judge whether the user's network communication behavior is abnormal.
- the identifier value is calculated according to a preset algorithm, and based on the calculation result, it is determined whether the network communication behavior of the user is abnormal. That is, based on the behavior table (Behavior-Table), the calculation is performed according to the calculation result, and the network behavior is determined to be abnormal according to the calculation result.
- the detecting, according to the network communication behavior record of the user detecting whether the network communication behavior of the user is abnormal, including: detecting whether any friend account that has interacted with the user within a set time before the unit time is also in the unit. Interacting with the user during the time; if it is detected that any friend account that has interacted with the user within the set time before the unit time also interacts with the user in the unit time, it is determined that the user's network communication behavior is normal. If any friend account that has interacted with the user within the set time before the unit time is not detected to interact with the user in the unit time, it is determined that the user's network communication behavior is abnormal.
- the network communication behavior record is recorded in the behavior table (Behavior-Table), so by querying the behavior table (Behavior-Table), it can be known that each friend account and the user are in the corresponding unit time. Have you ever interacted? Further, according to the query result, the following judgment is made: whether any friend account that has interacted with the user within the set time before the unit time also interacts with the user in the unit time.
- Behavior-Table behavior table
- Case 1 The set time before unit time includes: time 1 and time 2, the unit time is: current time 3; in time 1 time 2 or current time 3, only the communication records of friend 1, friend 2, friend 3 .
- the specific behavior is as shown in Table 1:
- the friend account with the user has friend 1 and friend 2, and friend 3 has not interacted with the user; in current time 3, friend 1, friend 2 and friend 3 are both Interacted with friends. Since in the case 1, the friend 1 and the friend 2 who interact with the user in the time 1 and the time 2 also interact with the user in the current time 3, it can be determined that the network communication behavior is normal.
- Case 2 The set time before the unit time includes: time 1 and time 2, the unit time is: current time 3; in time 1 time 2 or current time 3, only the communication records of friend 1, friend 2, friend 3 are included.
- the specific behavior is as follows in Table 2:
- Case 3 The set time before the unit time includes: time 1 and time 2, the unit time is: current time 3; in time 1 time 2 or current time 3, only the communication records of friend 1, friend 2, friend 3 are included.
- the specific behavior is as shown in Table 3:
- the user may detect whether the network communication behavior of the user is abnormal according to the network communication behavior record of the user, including: detecting the setting before the unit time. Whether any friend account that has interacted with the user within the time period also interacts with the user within the set unit time after the unit time; if it detects any interaction with the user within the set time before the unit time The friend account also interacts with the user within the set unit time after the unit time, and determines that the user's network communication behavior is normal; if no interaction with the user has been detected within the set time before the unit time The friend account interacts with the user within a set unit time after the unit time, and determines that the user's network communication behavior is abnormal.
- the reason why the user and the friend account do not interact within the unit time is not limited.
- S2 Control the network communication authority of the user in the case of determining that the user's network communication behavior is abnormal.
- the server to which the user belongs controls the user's network communication authority, and the user is no longer allowed to send or receive any message.
- the network communication authority of the user is controlled, the network communication authority of the user is controlled and authenticated, and when the user is authenticated, the network communication authority of the user is released and controlled. .
- the authenticating the user includes: summing all the identity values corresponding to each friend account within a preset time, and obtaining an active value of each friend account; and the friend whose active value meets the preset threshold
- the account sends an authentication message; after receiving the confirmation that the friend account feedback indicates that the user has no abnormality, it is determined that the verification of the user is passed.
- sending a prompt message to the server to which the user belongs requires the user to ask for a “front” friend (a friend who has interacted with each other), and only when a certain number of friends feed back the user to the server to which the user belongs, the user is not abnormal, and the friends are active. If the value of the value (AcValue) satisfies a certain size, the user is decompressed and the behavior table (Behavior-Table) is reset.
- the calculation of the active value includes: summing all the identification values corresponding to each friend account within a preset time, and summing each row of the behavior table (Behavior-Table) to obtain the active value of the user friend in a certain time period. (AcValue):
- AcValue represents the meaning of two dimensions, both the number of exchanges and the time of communication. The more the number of exchanges, the closer the unit time is to the larger the active value (AcValue).
- the interaction information of the user with the friend in a period of time it is determined whether the user interaction information in the current period of time is abnormal, thereby determining whether the user account is stolen.
- the user's network communication behavior record by comparing the behavior of the user currently using an account and the behavior of using the same account before, determining whether the current user is the account owner, and determining that the current user is not an account.
- the owner manages the account the security of the network communication is improved, thereby overcoming the security risks caused by the security measures for obtaining the authentication code through the mobile phone number.
- the authentication of the user identity does not depend on any security assumptions or secret information, which improves the security performance.
- FIG. 2 is a schematic structural diagram of a computer device according to an embodiment of the present application.
- an embodiment of the present application provides a computer device, including a memory 110, a processor 120, and a computer program stored on the memory 110 and executable on the processor 120, the processor 120 is implemented when the program is executed: detecting whether the network communication behavior of the user is abnormal according to the network communication behavior record of the user; and controlling the network communication authority of the user when determining that the network communication behavior of the user is abnormal.
- the network communication authority of the user is controlled and authenticated by the user; and when the user is authenticated, the network communication authority of the user is released and controlled.
- the processor 120 is configured to: obtain a friend account that interacts with the user in a preset time, and set to represent each of the friend accounts to perform with the user in a unit time.
- the preset value includes the unit time of the set number; the identifier value is calculated according to a preset algorithm, and the network communication behavior of the user is determined to be abnormal based on the calculation result.
- the processor 120 executes the program, it is implemented to detect whether any friend account that has interacted with the user within a set time before the unit time also interacts with the user in the unit time; It is detected that any friend account that has interacted with the user within the set time before the unit time also interacts with the user in the unit time, and then determines that the user's network communication behavior is normal; if no unit time is detected before the unit time Any friend account that has interacted with the user within the set time also interacts with the user within the unit time, and then determines that the user's network communication behavior is abnormal.
- the executing, by the processor 120, the method summing all the identifier values corresponding to each friend account within a preset time, and obtaining an active value of each friend account;
- the friend account of the threshold sends an authentication message; after receiving the confirmation message that the friend account feedback indicates that the user has no abnormality, it is determined that the verification of the user is passed.
- a communication bus is also included in the computer device.
- the various components in the computer device can be coupled together via a communication bus.
- the communication bus is used to effect connection communication between these components.
- the communication bus includes a power bus, a control bus, and a status signal bus.
- various buses are labeled as communication buses in FIG.
- the memory 110 can be either volatile memory or non-volatile memory, as well as both volatile and non-volatile memory.
- the non-volatile memory may be a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), or an Erasable Programmable Read (EPROM). Only Memory), Electrically Erasable Programmable Read-Only Memory (EEPROM), Ferromagnetic Random Access Memory (FRAM), Flash Memory, Magnetic Surface Memory , CD-ROM, or Compact Disc Read-Only Memory (CD-ROM); the magnetic surface memory can be a disk storage or a tape storage.
- the volatile memory can be a random access memory (RAM) that acts as an external cache.
- RAM Random Access Memory
- SRAM Static Random Access Memory
- SSRAM Synchronous Static Random Access Memory
- SSRAM Dynamic Random Access
- DRAM Dynamic Random Access Memory
- SDRAM Synchronous Dynamic Random Access Memory
- DDRSDRAM Double Data Rate Synchronous Dynamic Random Access Memory
- ESDRAM enhancement Enhanced Synchronous Dynamic Random Access Memory
- SLDRAM Synchronous Dynamic Random Access Memory
- DRRAM Direct Memory Bus Random Access Memory
- Processor 120 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the foregoing method may be completed by an integrated logic circuit of hardware in the processor 120 or an instruction in a form of software.
- the processor 120 described above may be a general purpose processor, a digital signal processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware component, or the like.
- DSP digital signal processor
- the processor 120 can implement or perform the various methods, steps, and logic blocks disclosed in the embodiments of the present invention.
- a general purpose processor can be a microprocessor or any conventional processor or the like.
- the steps of the method disclosed in the embodiment of the present invention may be directly implemented as a hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor.
- the software module can reside in a storage medium located in memory 110, and processor 120 reads the information in memory 110 in conjunction with its hardware to perform the steps of the foregoing method.
- the embodiment of the present application provides a computer readable storage medium, where a computer program is stored thereon, and the computer program is implemented by a processor to implement a network communication-based identity authentication method.
- FIG. 3 is a schematic structural diagram of an identity authentication apparatus based on network communication according to an embodiment of the present application.
- the embodiment of the present application provides a network communication-based identity authentication device, where the device includes: an inspection module configured to detect whether a user's network communication behavior is abnormal according to a user's network communication behavior record; The module is configured to control the network communication authority of the user when the checking module determines that the network communication behavior of the user is abnormal.
- the device further includes: an authentication module configured to control the network communication authority of the user and authenticate the user when the network communication authority of the user is controlled; and the control contact module is configured to In the case that the authentication module passes the user authentication, the network communication authority control of the user is released.
- the checking module includes: an obtaining unit configured to obtain a friend account that interacts with the user within a preset time, and configured to represent each of the friend accounts to be performed with the user in a unit time.
- the identifier value of the interaction includes a unit time for setting the number;
- the determining unit is configured to calculate the identifier value set by the obtaining unit according to a preset algorithm, and determine the network communication of the user based on the calculation result Whether the behavior is abnormal.
- the checking module is configured to: detect whether any friend account that has interacted with the user within a set time before the unit time has also interacted with the user in the unit time; if the unit time is detected Any friend account that has interacted with the user in the previous set time also interacts with the user in the unit time, and determines that the user's network communication behavior is normal; if the set time before the unit time is not detected Any friend account that has interacted with the user also interacts with the user within the unit time, and then determines that the user's network communication behavior is abnormal.
- the authentication module includes: an activity value unit, configured to sum all the identifier values corresponding to each friend account within a preset time, and obtain an active value of each friend account; an authentication message sending unit, configured The authentication message is sent to the friend account whose active value meets the preset threshold.
- the authentication pass unit is configured to determine that the verification of the user is passed after receiving the confirmation message that the friend account feedback indicates that the user has no abnormality.
- the identifier value is 0; when the friend account interacts with the user in the corresponding unit time, the The identity value is 1.
- the checking module checks the network communication behavior of the user according to the network communication behavior record of the user, and when the abnormality is detected, the network communication authority of the user is controlled by the management module.
- the user's network communication behavior record by comparing the user's current use of an account and the behavior of using the same account before, it is determined whether the current user is the account owner, and it is determined that the current user is not the account owner.
- the management of the account is implemented to improve the security performance of the network communication, thereby overcoming the security risks caused by the security measures for obtaining the authentication code through the mobile phone number.
- the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better.
- Implementation Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
- the optical disc includes a number of instructions for causing a terminal (which may be a cell phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Abstract
本申请实施例公开了一种基于网络通讯的身份认证方法及计算机设备,所述方法包括:根据用户的网络通讯行为记录,检测用户的网络通讯行为是否异常;在确定用户的网络通讯行为异常的情况下,对用户的网络通讯权限进行管控;
Description
相关申请的交叉引用
本申请基于申请号为201810058485.8、申请日为2018年1月22日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此以引入方式并入本申请。
本申请涉及互联网通信领域,尤其涉及一种基于网络通讯的身份认证方法及计算机设备。
随着移动互联网爆发式的发展,基于移动互联网的网络通讯已经逐步取代了传统的短信、彩信业务,成为了人们日常生活中必不可少的交流工具。网络通讯包括即时通讯工具,这些即时通讯工具给人们带来极大的通讯便利,人们的生活、工作越来越离不开这些工具,即时通讯工具承载了用户的所有社交关系,因此对于即时通讯工具的安全性要求也越来越高。如果通讯工具被他人恶意使用,将产生十分恶劣的后果。
在传统互联网阶段,即时通讯工具安装在个人计算机(PC,Personal Computer)上,对于即时通讯工具安全性的保护主要依赖于用户自己设置的用户名和密码。当用户忘记密码时,可以使用注册时绑定的手机号码接收认证码以重新设置密码。
但是,在移动互联网应用中,即时通讯工具是安装在手机终端上,而且,为了方便用户使用,即时通讯工具无需输入用户名和密码即可直接使用,此外,使用手机接收绑定手机号码获得的认证码的安全措施作用有限。 所以,一旦手机终端被他人获得,他人不仅可以获得认证码,而且可以直接使用手机终端上的即时通讯工具,这就给即时通信工具的安全性带来了很大的安全隐患。
发明内容
本申请实施例期望提出一种基于网络通讯的身份认证方法及计算机设备,至少提高网络通讯的安全性能。
根据本申请实施例的第一方面,提供了一种基于网络通讯的身份认证方法,所述方法包括:根据用户的网络通讯行为记录,检测用户的网络通讯行为是否异常;在确定用户的网络通讯行为异常的情况下,对用户的网络通讯权限进行管控。
可选的,在所述对用户的网络通讯权限进行管控的情况下,所述方法还包括:对用户的网络通讯权限进行管控并对用户进行认证;在对用户认证通过的情况下,解除对用户的网络通讯权限管控。
可选的,所述根据用户的网络通讯行为记录,检测用户的当前网络通讯行为是否异常,包括:检测在单位时间之前的设定时间内与用户进行过交互的任意好友账号是否也在所述单位时间内与用户进行过交互;若检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为正常;若未检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为异常。
可选的,所述检测用户的网络通讯行为是否异常包括:获得预设时间内每个与用户进行过交互的好友账号,且设置用于表征每个所述好友账号在单位时间内与用户进行过交互的标识值;所述预设时间包括设定个数的单位时间;依据预设算法对所述标识值进行计算,基于计算结果判断用户的网络通讯行为是否异常。
可选的,所述对用户进行认证,包括:对每个好友账号在预设时间内所对应的所有标识值求和,得到每个好友账号的活跃值;向活跃值满足预设阈值的好友账号发送认证消息;当收到所述好友账号反馈表征用户无异常的确认消息之后,确定对用户的验证通过。
根据本申请实施例的第二方面,提供了一种计算机设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述程序时实现:根据用户的网络通讯行为记录,检测用户的网络通讯行为是否异常;在确定用户的网络通讯行为异常的情况下,对用户的网络通讯权限进行管控。
可选的,所述处理器执行所述程序时实现:对用户的网络通讯权限进行管控并对用户进行认证;在对用户认证通过的情况下,解除对用户的网络通讯权限管控。
可选的,所述处理器执行所述程序时实现:检测在单位时间之前的设定时间内与用户进行过交互的任意好友账号是否也在所述单位时间内与用户进行过交互;若检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为正常;若未检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为异常。
可选的,所述处理器执行所述程序时实现:获得预设时间内每个与用户进行过交互的好友账号,且设置用于表征每个所述好友账号在单位时间内与用户进行过交互的标识值;所述预设时间包括设定个数的单位时间;依据预设算法对所述标识值进行计算,基于计算结果判断用户的网络通讯行为是否异常。
可选的,所述处理器执行所述程序时实现:对每个好友账号在预设时 间内所对应的所有标识值求和,得到每个好友账号的活跃值;向活跃值满足预设阈值的好友账号发送认证消息;当收到所述好友账号反馈表征用户无异常的确认消息之后,确定对用户的验证通过。
根据本申请实施例的第三方面,提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现本申请实施例第一方面所述方法的步骤。
本申请实施例所提供的一种基于网络通讯的身份认证方法及计算机设备,根据用户的网络通讯行为记录,通过比对用户当前使用某一账号的行为及在此之前使用同一账号的行为,判断出当前用户是否为账号拥有者,并且在判断出当前用户不是账号拥有者时对账号实现管控,以此提高了网络通讯的安全性能,从而克服了通过手机号码获得认证码的安全措施所带来的安全隐患。
图1为本申请实施例一种基于网络通讯的身份认证方法的流程示意图;
图2为本申请实施例一种计算机设备的结构示意图;
图3为本申请实施例一种基于网络通讯的身份认证装置的结构示意图。
应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。
在后续的描述中,使用用于表示元件的诸如“模块”、“部件”或“单元”的后缀仅为了有利于本申请实施例的说明,其本身没有特定的意义。因此,“模块”、“部件”或“单元”可以混合地使用。
为了便于理解本申请实施例,下面通过几个具体实施例对本申请的实施过程进行详细的阐述。
图1为本申请实施例一种基于网络通讯的身份认证方法的流程示意图。具体的,根据图1所示,本申请实施例提供了一种基于网络通讯的身份认证方法,应用于服务器,所述方法包括:
S1:根据用户的网络通讯行为记录,检测用户的网络通讯行为是否异常;
在本实施例中,需要预先建立用户的网络通讯行为记录,后续才能依据该网络通讯行为记录以检测用户的网络通讯行为是否异常。
可选的,获得预设时间内每个与用户进行过交互的好友账号,设置用于表征每个好友账号在单位时间内与用户进行过交互的标识值;所述预设时间包括设定个数的单位时间;依据预设算法对所述标识值进行计算,基于计算结果判断用户的网络通讯行为是否异常。
本实施例中,与用户进行的交互具体可以是通信交互,例如与用户进行消息传输等等。
具体的,用户的网络通讯行为记录的建立包括:用户所属的服务器获取每个好友账号在预设时间内的每个单位时间的标识值(value),标识值(value)用于表征相应的好友账号在对应的单位时间内是否与用户进行过交互。服务器内存有行为表(Behavior-Table),行为表(Behavior-Table)的每一行对应一个关键(key)值,每个key值为一个好友账号,如:每一个key值为与用户交互的手机号码的哈希值(hash)。每一个key值对应有多个标识值(value)。每一个标识值(value)对应一个单位时间。标识值(value)的取值为二进制数“0”或“1”。“0”表示用户某一段时间内与此好友账号无交互,“1”表示用户某一段时间内与此好友账号有交互。所以,该行为表(Behavior-Table)表征为用户的网络通讯行为记录。由上可知,行为表(Behavior-Table)可表示为:
其中,在该行为表(Behavior-Table)中,每一行为同一个key值在预设时间内的单位时间内的标识值(value),每一列为单位时间内每个key值对应的标识值(value)。
此外,每当用户向目的号码外发送一条消息时,用户所属的服务器,计算目的号码的哈希值(hash),通过这个hash值和单位时间将行为表(Behavior-Table)中对应的标识值(value)修改为1。如果关于该目的号码的哈希值(hash)的记录不存在,则插入该目的号码对应的key值的记录,并且,修改该key值在该单位时间的标识值(value)为1。
每当用户接收到一条消息时,用户所属的服务器,计算发送方号码的哈希值(hash),通过这个哈希值(hash)和单位时间将行为表(Behavior-Table)中对应的标识值(value)修改为1。如果记录不存在,则插入该发送方号码对应的key值的记录,并且,修改该key值在该当前单位时间的标识值(value)为1。
可以根据用户行为判断的精确度要求,配置行为表(Behavior-Table)中保存的标识值(value)列的个数,即该行为表(Behavior-Table)中的标识值(value)列及单位时间列可以根据需要增多或减少。保存的标识值(value)列越多,拥有的历史知识越充分,越有利于判断用户的网络通讯行为是否异常。
通过上述的行为表(Behavior-Table),依据预设算法对所述标识值进行计算,基于计算结果判断用户的网络通讯行为是否异常。即:基于该行为表(Behavior-Table),依据进行计算以得到计算结果,并依据计算结果判断网络行为是否异常。
可选的,所述根据用户的网络通讯行为记录,检测用户的网络通讯行为是否异常,包括:检测在单位时间之前的设定时间内与用户进行过交互的任意好友账号是否也在所述单位时间内与用户进行过交互;若检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为正常;若未检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为异常。
具体的,网络通讯行为记录均记录于上述的行为表(Behavior-Table)中,故可以通过查询上述的行为表(Behavior-Table),即可获知每个好友账号与用户在相应的单位时间内是否进行过交互。进一步依据查询结果进行以下判断:在单位时间之前的设定时间内与用户进行过交互的任意好友账号是否也在所述单位时间内与用户进行过交互。
如:情况1:单位时间之前的设定时间包括:时间1及时间2,单位时间为:当前时间3;在时间1时间2或当前时间3中只有好友1、好友2、好友3的通讯记录。具体如下行为表1所示:
表1
时间1 | 时间2 | 时间3 | |
好友1 | 1 | 1 | 1 |
好友2 | 0 | 1 | 1 |
好友3 | 0 | 0 | 1 |
由此可知,在时间1及时间2内,与用户进行的好友账号有好友1及好友2,而好友3未与用户进行过交互;在当前时间3中,好友1、好友2及好友3均与好友进行过交互。因为在情况1中,在时间1及时间2中与用户进行交互的好友1及好友2也在当前时间3中与用户进行过交互,因此可以确定网络通信行为正常。
情况2:单位时间之前的设定时间包括:时间1及时间2,单位时间为:当前时间3;在时间1时间2或当前时间3中只有好友1、好友2、好友3的通讯记录。具体如下行为表2所示:
表2
时间1 | 时间2 | 时间3 | |
好友1 | 1 | 1 | 1 |
好友2 | 0 | 1 | 0 |
好友3 | 0 | 0 | 1 |
由此可知,在时间1及时间2内,与用户进行的好友账号有好友1及好友2,而好友3未与用户进行过交互;在当前时间3中,好友1及好友3均与好友进行过交互。因为在情况2中,在时间1及时间2中与用户进行交互的好友1及好友2中,好友1也在当前时间3中与用户进行过交互,因此可以确定网络通信行为正常。
情况3:单位时间之前的设定时间包括:时间1及时间2,单位时间为:当前时间3;在时间1时间2或当前时间3中只有好友1、好友2、好友3的通讯记录。具体如下行为表3所示:
表3
时间1 | 时间2 | 时间3 | |
好友1 | 1 | 1 | 0 |
好友2 | 0 | 1 | 0 |
好友3 | 0 | 0 | 1 |
由此可知,在时间1及时间2内,与用户进行的好友账号有好友1及好友2,而好友3未与用户进行过交互;在当前时间3中,只有好友3均与好友进行过交互。因为在情况3中,在时间1及时间2中与用户进行交互 的好友1及好友2均未在当前时间3中与用户进行过交互,因此可以确定网络通信行为异常。
此外,为进一步提高对用户的网络通信行为是否异常的判断精度,可选的,所述根据用户的网络通讯行为记录,检测用户的网络通讯行为是否异常,包括:检测在单位时间之前的设定时间内与用户进行过交互的任意好友账号是否也在所述单位时间之后的设定单位时间内与用户进行过交互;若检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间之后的设定单位时间内与用户进行过交互,则判定用户的网络通信行为正常;若未检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号在所述单位时间之后的设定单位时间内与用户进行过交互,则判定用户的网络通信行为异常。
此外,在本实施例中,并不对造成用户与好友账号在单位时间内未进行交互的原因进行限定。
S2:在确定用户的网络通讯行为异常的情况下,对用户的网络通讯权限进行管控。
即:用户所属的服务器对用户的网络通讯权限进行管控操作,不再允许用户发送或者接收任何消息。
可选的,在所述对用户的网络通讯权限进行管控的情况下,对用户的网络通讯权限进行管控并对用户进行认证;在对用户认证通过的情况下,解除对用户的网络通讯权限管控。
可选的,所述对用户进行认证,包括:对每个好友账号在预设时间内所对应的所有标识值求和,得到每个好友账号的活跃值;向活跃值满足预设阈值的好友账号发送认证消息;当收到所述好友账号反馈表征用户无异常的确认消息之后,确定对用户的验证通过。
具体的,向用户所属的服务器发送提示消息要求用户向“前”好友(进 行过交互的好友)进行求助,只有当超过一定数量的好友向用户所属的服务器反馈用户无异常,且这些好友的活跃值(AcValue)的值满足一定的大小,则对用户进行解除管控操作,并且重置行为表(Behavior-Table)。
活跃值的计算包括:对每个好友账号在预设时间内所对应的所有标识值求和,即将行为表(Behavior-Table)的每一行求和,得到某时间段内的用户好友的活跃值(AcValue):
AcValue的值表示两个维度的含义,既表示交流的次数,又表示交流的时间。交流的次数越多,离单位时间越近则活跃值(AcValue)越大。
综上所述,根据用户一段时间内与好友的交互信息,判断当前一段时间内的用户交互信息是否存在异常,从而判断用户账号是否被窃取。具体的,根据用户的网络通讯行为记录,通过比对用户当前使用某一账号的行为及在此之前使用同一账号的行为,判断出当前用户是否为账号拥有者,并且在判断出当前用户不是账号拥有者时对账号实现管控,以此提高了网络通讯的安全性能,从而克服了通过手机号码获得认证码的安全措施所带来的安全隐患。使得用户身份的认证不依赖于任何安全假设或者秘密信息,提高了安全性能。
图2为本申请实施例提供的一种计算机设备的结构示意图。根据图2所示,本申请实施例提供了一种计算机设备,包括存储器110、处理器120及存储在所述存储器110上并可在所述处理器120上运行的计算机程序,所述处理器120执行所述程序时实现:根据用户的网络通讯行为记录,检测用户的网络通讯行为是否异常;在确定用户的网络通讯行为异常的情况下,对用户的网络通讯权限进行管控。
可选的,所述处理器120执行所述程序时实现:对用户的网络通讯权 限进行管控并对用户进行认证;在对用户认证通过的情况下,解除对用户的网络通讯权限管控。
可选的,所述处理器120执行所述程序时实现:获得预设时间内每个与用户进行过交互的好友账号,且设置用于表征每个所述好友账号在单位时间内与用户进行过交互的标识值;所述预设时间包括设定个数的单位时间;依据预设算法对所述标识值进行计算,基于计算结果判断用户的网络通讯行为是否异常。
可选的,所述处理器120执行所述程序时实现:检测在单位时间之前的设定时间内与用户进行过交互的任意好友账号是否也在所述单位时间内与用户进行过交互;若检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为正常;若未检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为异常。
可选的,所述处理器120执行所述程序时实现:对每个好友账号在预设时间内所对应的所有标识值求和,得到每个好友账号的活跃值;向活跃值满足预设阈值的好友账号发送认证消息;当收到所述好友账号反馈表征用户无异常的确认消息之后,确定对用户的验证通过。
可以理解,计算机设备中还包括通信总线。计算机设备中的各个组件可通过通信总线耦合在一起。可理解,通信总线用于实现这些组件之间的连接通信。通信总线除包括数据总线之外,还包括电源总线、控制总线和状态信号总线。但是为了清楚说明起见,在图2中将各种总线都标为通信总线。
可以理解,存储器110可以是易失性存储器或非易失性存储器,也可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存 储器(ROM,Read Only Memory)、可编程只读存储器(PROM,Programmable Read-Only Memory)、可擦除可编程只读存储器(EPROM,Erasable Programmable Read-Only Memory)、电可擦除可编程只读存储器(EEPROM,Electrically Erasable Programmable Read-Only Memory)、磁性随机存取存储器(FRAM,ferromagnetic random access memory)、快闪存储器(Flash Memory)、磁表面存储器、光盘、或只读光盘(CD-ROM,Compact Disc Read-Only Memory);磁表面存储器可以是磁盘存储器或磁带存储器。易失性存储器可以是随机存取存储器(RAM,Random Access Memory),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用,例如静态随机存取存储器(SRAM,Static Random Access Memory)、同步静态随机存取存储器(SSRAM,Synchronous Static Random Access Memory)、动态随机存取存储器(DRAM,Dynamic Random Access Memory)、同步动态随机存取存储器(SDRAM,Synchronous Dynamic Random Access Memory)、双倍数据速率同步动态随机存取存储器(DDRSDRAM,Double Data Rate Synchronous Dynamic Random Access Memory)、增强型同步动态随机存取存储器(ESDRAM,Enhanced Synchronous Dynamic Random Access Memory)、同步连接动态随机存取存储器(SLDRAM,SyncLink Dynamic Random Access Memory)、直接内存总线随机存取存储器(DRRAM,Direct Rambus Random Access Memory)。本发明实施例描述的存储器110旨在包括但不限于这些和任意其它适合类型的存储器。
上述本发明实施例揭示的方法可以应用于处理器120中,或者由处理器120实现。处理器120可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器120中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器120可以是通用处理器、数字信号处理器(DSP,Digital Signal Processor),或者其他可编程逻辑器 件、分立门或者晶体管逻辑器件、分立硬件组件等。处理器120可以实现或者执行本发明实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合本发明实施例所公开的方法的步骤,可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于存储介质中,该存储介质位于存储器110,处理器120读取存储器110中的信息,结合其硬件完成前述方法的步骤。
本申请实施例提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现上述的一种基于网络通讯的身份认证方法。
由于在上述实施例中已经对基于网络通讯的身份认证方法进行了详细说明,所以在本实施例中不对该方法的实施过程进行重复阐述。
图3为本申请实施例提供的一种基于网络通讯的身份认证装置的结构示意图。根据图3所示,本申请实施例提供了一种基于网络通讯的身份认证装置,所述装置包括:检查模块,配置为根据用户的网络通讯行为记录,检测用户的网络通讯行为是否异常;管控模块,配置为在所述检查模块确定用户的网络通讯行为异常的情况下,对用户的网络通讯权限进行管控。
可选的,所述装置还包括:认证模块,配置为在所述对用户的网络通讯权限进行管控的情况下,对用户的网络通讯权限进行管控并对用户进行认证;管控接触模块,配置为在所述认证模块对用户认证通过的情况下,解除对用户的网络通讯权限管控。
可选的,所述检查模块包括:获得单元,配置为获得预设时间内每个与用户进行过交互的好友账号,且设置用于表征每个所述好友账号在单位时间内与用户进行过交互的标识值;所述预设时间包括设定个数的单位时间;判断单元,配置为依据预设算法对所述获得单元设置的所述标识值进 行计算,基于计算结果判断用户的网络通讯行为是否异常。
可选的,所述检查模块配置为:检测在单位时间之前的设定时间内与用户进行过交互的任意好友账号是否也在所述单位时间内与用户进行过交互;若检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为正常;若未检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为异常。
可选的,所述认证模块包括:活跃值单元,配置为对每个好友账号在预设时间内所对应的所有标识值求和,得到每个好友账号的活跃值;认证消息发送单元,配置为向活跃值满足预设阈值的好友账号发送认证消息;认证通过单元,配置为当收到所述好友账号反馈表征用户无异常的确认消息之后,确定对用户的验证通过。
可选的,当所述好友账号在对应的单位时间内未与用户进行过交互时,所述标识值为0;当所述好友账号在对应的单位时间内与用户进行过交互时,所述标识值为1。
在本实施例中,通过检查模块依据用户的网络通讯行为记录对用户的网络通讯行为进行检查,在检查出异常时,通过管控模块对用户的网络通讯权限进行管控。实现了根据用户的网络通讯行为记录,通过比对用户当前使用某一账号的行为及在此之前使用同一账号的行为,判断出当前用户是否为账号拥有者,并且在判断出当前用户不是账号拥有者时对账号实现管控,以此提高了网络通讯的安全性能,从而克服了通过手机号码获得认证码的安全措施所带来的安全隐患。
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物 品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。
上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本发明各个实施例所述的方法。
上面结合附图对本发明的实施例进行了描述,但是本发明并不局限于上述的具体实施方式,上述的具体实施方式仅仅是示意性的,而不是限制性的,本领域的普通技术人员在本发明的启示下,在不脱离本发明宗旨和权利要求所保护的范围情况下,还可做出很多形式,这些均属于本发明的保护之内。
Claims (11)
- 一种基于网络通讯的身份认证方法,所述方法包括:根据用户的网络通讯行为记录,检测用户的网络通讯行为是否异常;在确定用户的网络通讯行为异常的情况下,对用户的网络通讯权限进行管控。
- 根据权利要求1所述的方法,其中,在所述对用户的网络通讯权限进行管控的情况下,所述方法还包括:对用户的网络通讯权限进行管控并对用户进行认证;在对用户认证通过的情况下,解除对用户的网络通讯权限管控。
- 根据权利要求1所述的方法,其中,所述根据用户的网络通讯行为记录,检测用户的当前网络通讯行为是否异常,包括:检测在单位时间之前的设定时间内与用户进行过交互的任意好友账号是否也在所述单位时间内与用户进行过交互;若检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为正常;若未检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为异常。
- 根据权利要求1所述的方法,其中,所述检测用户的网络通讯行为是否异常包括:获得预设时间内每个与用户进行过交互的好友账号,且设置用于表征每个所述好友账号在单位时间内与用户进行过交互的标识值;所述预设时间包括设定个数的单位时间;依据预设算法对所述标识值进行计算,基于计算结果判断用户的网络通讯行为是否异常。
- 根据权利要求2所述的方法,其中,所述对用户进行认证,包括:对每个好友账号在预设时间内所对应的所有标识值求和,得到每个好友账号的活跃值;向活跃值满足预设阈值的好友账号发送认证消息;当收到所述好友账号反馈表征用户无异常的确认消息之后,确定对用户的验证通过。
- 一种计算机设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述程序时实现:根据用户的网络通讯行为记录,检测用户的网络通讯行为是否异常;在确定用户的网络通讯行为异常的情况下,对用户的网络通讯权限进行管控。
- 根据权利要求6所述的计算机设备,其中,所述处理器执行所述程序时实现:对用户的网络通讯权限进行管控并对用户进行认证;在对用户认证通过的情况下,解除对用户的网络通讯权限管控。
- 根据权利要求6所述的计算机设备,其中,所述处理器执行所述程序时实现:检测在单位时间之前的设定时间内与用户进行过交互的任意好友账号是否也在所述单位时间内与用户进行过交互;若检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为正常;若未检测到在单位时间之前的设定时间内与用户进行过交互的任意好友账号也在所述单位时间内与用户进行过交互,则判定用户的网络通信行为异常。
- 根据权利要求6所述的计算机设备,其中,所述处理器执行所述程序时实现:获得预设时间内每个与用户进行过交互的好友账号,且设置用于表征每个所述好友账号在单位时间内与用户进行过交互的标识值;所述预设时间包括设定个数的单位时间;依据预设算法对所述标识值进行计算, 基于计算结果判断用户的网络通讯行为是否异常。
- 根据权利要求7所述的计算机设备,其中,所述处理器执行所述程序时实现:对每个好友账号在预设时间内所对应的所有标识值求和,得到每个好友账号的活跃值;向活跃值满足预设阈值的好友账号发送认证消息;当收到所述好友账号反馈表征用户无异常的确认消息之后,确定对用户的验证通过。
- 一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现权利要求1至5任一项所述方法的步骤。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810058485.8 | 2018-01-22 | ||
CN201810058485.8A CN110071896B (zh) | 2018-01-22 | 2018-01-22 | 一种基于网络通讯的身份认证方法及计算机设备 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019141008A1 true WO2019141008A1 (zh) | 2019-07-25 |
Family
ID=67301951
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2018/119236 WO2019141008A1 (zh) | 2018-01-22 | 2018-12-04 | 一种基于网络通讯的身份认证方法及计算机设备 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110071896B (zh) |
WO (1) | WO2019141008A1 (zh) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110708306A (zh) * | 2019-09-29 | 2020-01-17 | 贝壳技术有限公司 | 一种数据处理方法、装置和存储介质 |
CN111970102A (zh) * | 2020-08-31 | 2020-11-20 | Oppo广东移动通信有限公司 | 数据处理方法、装置、电子设备及存储介质 |
CN112714093A (zh) * | 2019-10-25 | 2021-04-27 | 深信服科技股份有限公司 | 一种账号异常检测方法、装置、系统及存储介质 |
CN113032128A (zh) * | 2021-04-20 | 2021-06-25 | 北京微纳星空科技有限公司 | 一种多任务的控制方法、装置、电子设备及存储介质 |
CN113986987A (zh) * | 2021-10-09 | 2022-01-28 | 上海掌门科技有限公司 | 一种用于识别异常用户的方法与设备 |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111669405A (zh) * | 2020-06-28 | 2020-09-15 | 盐城工学院 | 一种基于网络通讯的身份认证方法及计算机设备 |
CN114301610B (zh) * | 2020-09-21 | 2022-11-08 | 华为技术有限公司 | 失陷计算机的识别方法和失陷计算机的识别设备 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070236330A1 (en) * | 2006-04-06 | 2007-10-11 | Sungzoon Cho | System and method for performing user authentication based on user behavior patterns |
CN103077356A (zh) * | 2013-01-11 | 2013-05-01 | 中国地质大学(武汉) | 一种基于用户行为模式的移动终端隐私保护和追踪方法 |
CN106561026A (zh) * | 2016-07-29 | 2017-04-12 | 北京安天电子设备有限公司 | 一种基于用户账号操作行为诊断入侵的方法及系统 |
CN106789292A (zh) * | 2016-12-29 | 2017-05-31 | 东方网力科技股份有限公司 | 一种异常行为监控方法和装置 |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120185692A1 (en) * | 2011-01-18 | 2012-07-19 | Christopher Luis Hamlin | Secure cloud computing system |
US9185095B1 (en) * | 2012-03-20 | 2015-11-10 | United Services Automobile Association (Usaa) | Behavioral profiling method and system to authenticate a user |
CN104065786B (zh) * | 2013-03-22 | 2017-02-08 | 腾讯科技(深圳)有限公司 | 标注联系人常用号码的方法及移动终端 |
CN105306657B (zh) * | 2014-06-20 | 2019-07-26 | 中兴通讯股份有限公司 | 身份识别方法、装置及通讯终端 |
CN105049421A (zh) * | 2015-06-24 | 2015-11-11 | 百度在线网络技术(北京)有限公司 | 基于用户使用行为特征的认证方法、服务器、终端及系统 |
CN107040494B (zh) * | 2015-07-29 | 2020-04-03 | 深圳市腾讯计算机系统有限公司 | 用户账号异常防范方法和系统 |
CN106709369A (zh) * | 2016-12-26 | 2017-05-24 | 宇龙计算机通信科技(深圳)有限公司 | 终端异常时的数据处理方法和数据处理装置 |
CN106790129A (zh) * | 2016-12-27 | 2017-05-31 | 中国银联股份有限公司 | 一种身份认证的方法及装置 |
-
2018
- 2018-01-22 CN CN201810058485.8A patent/CN110071896B/zh active Active
- 2018-12-04 WO PCT/CN2018/119236 patent/WO2019141008A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070236330A1 (en) * | 2006-04-06 | 2007-10-11 | Sungzoon Cho | System and method for performing user authentication based on user behavior patterns |
CN103077356A (zh) * | 2013-01-11 | 2013-05-01 | 中国地质大学(武汉) | 一种基于用户行为模式的移动终端隐私保护和追踪方法 |
CN106561026A (zh) * | 2016-07-29 | 2017-04-12 | 北京安天电子设备有限公司 | 一种基于用户账号操作行为诊断入侵的方法及系统 |
CN106789292A (zh) * | 2016-12-29 | 2017-05-31 | 东方网力科技股份有限公司 | 一种异常行为监控方法和装置 |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110708306A (zh) * | 2019-09-29 | 2020-01-17 | 贝壳技术有限公司 | 一种数据处理方法、装置和存储介质 |
CN110708306B (zh) * | 2019-09-29 | 2022-07-12 | 贝壳找房(北京)科技有限公司 | 一种数据处理方法、装置和存储介质 |
CN112714093A (zh) * | 2019-10-25 | 2021-04-27 | 深信服科技股份有限公司 | 一种账号异常检测方法、装置、系统及存储介质 |
CN112714093B (zh) * | 2019-10-25 | 2023-05-12 | 深信服科技股份有限公司 | 一种账号异常检测方法、装置、系统及存储介质 |
CN111970102A (zh) * | 2020-08-31 | 2020-11-20 | Oppo广东移动通信有限公司 | 数据处理方法、装置、电子设备及存储介质 |
CN111970102B (zh) * | 2020-08-31 | 2023-06-23 | Oppo广东移动通信有限公司 | 数据处理方法、装置、电子设备及存储介质 |
CN113032128A (zh) * | 2021-04-20 | 2021-06-25 | 北京微纳星空科技有限公司 | 一种多任务的控制方法、装置、电子设备及存储介质 |
CN113032128B (zh) * | 2021-04-20 | 2024-05-17 | 北京微纳星空科技有限公司 | 一种多任务的控制方法、装置、电子设备及存储介质 |
CN113986987A (zh) * | 2021-10-09 | 2022-01-28 | 上海掌门科技有限公司 | 一种用于识别异常用户的方法与设备 |
Also Published As
Publication number | Publication date |
---|---|
CN110071896A (zh) | 2019-07-30 |
CN110071896B (zh) | 2021-11-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019141008A1 (zh) | 一种基于网络通讯的身份认证方法及计算机设备 | |
US11558381B2 (en) | Out-of-band authentication based on secure channel to trusted execution environment on client device | |
US10614199B2 (en) | Online account access control by mobile device | |
US10127377B2 (en) | Mobile credential revocation | |
EP3905078A1 (en) | Identity verification method and system therefor | |
US20200028699A1 (en) | Digital certificate management | |
US9729537B2 (en) | System and method for identity management for mobile devices | |
US9912486B1 (en) | Countersigned certificates | |
US8601602B1 (en) | Enhanced multi-factor authentication | |
US10032168B2 (en) | Secure validation of financial transactions | |
US9888037B1 (en) | Cipher suite negotiation | |
US20150047003A1 (en) | Verification authority and method therefor | |
CN114600143A (zh) | 使用硬件安全密钥的加密资产托管系统的风险缓解 | |
KR20220002892A (ko) | 원격 보안 잠금해제 | |
CN111612456A (zh) | 过期数字证书管控方法、系统、装置及存储介质 | |
CA2848839A1 (en) | Methods and devices for detecting unauthorized access to credentials of a credential store | |
CN107230080B (zh) | 一种业务处理方法、装置和智能终端 | |
JP2010541437A (ja) | 固有のユーザ指向の認証を検証することによるコンテンツ配信 | |
CN115917545A (zh) | 隐私强制执行器 | |
KR102296110B1 (ko) | 인증서 관리 방법 | |
KR102198153B1 (ko) | 인증서 관리 방법 | |
WO2021082023A1 (zh) | 强制变更密码方法 | |
TW202127289A (zh) | 跨平台授權存取資源方法及授權存取系統 | |
KR20180041481A (ko) | 전자 신분증을 이용한 식별 및 인증 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18901046 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20.11.2020) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18901046 Country of ref document: EP Kind code of ref document: A1 |