WO2020024414A1 - User authentication method and device based on slider verification code - Google Patents

User authentication method and device based on slider verification code Download PDF

Info

Publication number
WO2020024414A1
WO2020024414A1 PCT/CN2018/107909 CN2018107909W WO2020024414A1 WO 2020024414 A1 WO2020024414 A1 WO 2020024414A1 CN 2018107909 W CN2018107909 W CN 2018107909W WO 2020024414 A1 WO2020024414 A1 WO 2020024414A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
slider
user behavior
data
verification code
Prior art date
Application number
PCT/CN2018/107909
Other languages
French (fr)
Chinese (zh)
Inventor
杨冬艳
王智浩
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020024414A1 publication Critical patent/WO2020024414A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • the present application relates to the field of electronic technology, and in particular, to a user authentication method and device based on a slider verification code.
  • the slider verification code is another security verification code that is different from the image verification code.
  • the slider verification code is also one of the behavioral verification codes.
  • the method of generating the slider verification code is generally to generate a long picture in the user interface of the client.
  • the long picture is composed of multiple small pictures.
  • a slider component is added above the picture frame of the long picture, and the slider component is a slider.
  • Verification code where the initial position of the slider verification code on the picture frame is random.
  • the small pictures in the long picture move one by one with the movement of the slider verification code, so that a complete picture is always presented in front of the user.
  • the user drags the slider verification code until the reference picture is displayed in the picture box, and places the slider verification code at the specified position to submit the verification.
  • the verification operation of the slider verification code is only to simply drag the slider verification code and complete the image stitching of the slider verification code to complete the verification of the slider verification code.
  • There is a simple operation in the verification process of the slider verification code. Easy to use and other characteristics, these characteristics are easy to be imitated by the machine. It is easy to simulate human user behavior through a computer, and the machine user behavior existing in the verification process of the slider verification code is difficult to be identified, which makes the slider verification code low in security and poor in applicability.
  • the embodiments of the present application provide a user authentication method and device based on a slider verification code, which can improve the security of the verification of the slider verification code, can effectively prevent the network attack of the verification of the slider verification code, improve network security, and ensure the slider
  • the verification of the verification code for the requested target service is more secure and applicable.
  • an embodiment of the present application provides a user authentication method based on a slider verification code.
  • the method includes:
  • the user behavior category verified by the slider verification code corresponding to the first page operation data and the first slider operation data is determined.
  • the verified sample data is obtained through training.
  • the above sample data includes at least first user behavior sample data corresponding to the first category of users and second user behavior sample data corresponding to the second category of users, and any user behavior sample data includes page operations. Data and / or slider operation data;
  • an embodiment of the present application provides a user authentication device based on a slider verification code.
  • the device includes:
  • a data acquisition unit configured to acquire first page operation data of a target business
  • An output unit configured to output a target slider verification code to a user interface that starts the target service according to the first page operation data obtained by the data obtaining unit;
  • the data obtaining unit is further configured to obtain, from the user interface, first slider operation data for performing user authentication for starting the target service based on the target slider verification code output by the output unit;
  • the user behavior recognition unit is configured to identify a user verified by the slider verification code corresponding to the first slider operation data obtained by the data acquisition unit based on the user behavior recognition model verified by the slider verification code.
  • Behavior category the user behavior recognition model is trained from sample data verified by the slider verification code, and the sample data includes at least first user behavior sample data corresponding to the first category of users and second user behavior sample corresponding to the second category of users.
  • Data any user behavior sample data includes page operation data and / or slider operation data;
  • the authentication response unit is configured to complete user authentication of the target service and start the target service according to the user behavior category identified by the user behavior identification unit, or disconnect the user authentication of the target service according to the user behavior category.
  • an embodiment of the present application provides a terminal device.
  • the terminal device includes a processor and a memory, and the processor and the memory are connected to each other.
  • the memory is configured to store a computer program that supports the terminal device to execute the method provided in the first aspect and / or any possible implementation manner of the first aspect.
  • the computer program includes program instructions, and the processor is configured to call the foregoing.
  • a program instruction executes the first aspect and / or the method provided in any possible implementation manner of the first aspect.
  • an embodiment of the present application provides a computer-readable storage medium.
  • the computer-readable storage medium stores a computer program, where the computer program includes program instructions, and when the program instructions are executed by a processor, the processor executes the instructions.
  • the security of the verification of the slider verification code can be improved, the network attack of the verification of the slider verification code can be effectively prevented, the network security can be improved, and the target service requested by the verification of the verification of the slider verification code can be guaranteed. Safety and applicability.
  • FIG. 1 is a schematic flowchart of a user authentication method based on a slider verification code according to an embodiment of the present application
  • FIG. 2 is a schematic flowchart of a method for constructing a user behavior recognition model according to an embodiment of the present application
  • FIG. 3 is another schematic flowchart of a user authentication method based on a slider verification code according to an embodiment of the present application
  • FIG. 4 is a schematic structural diagram of a user authentication device based on a slider verification code according to an embodiment of the present application
  • FIG. 5 is a schematic structural diagram of a terminal device according to an embodiment of the present application.
  • Slider verification code is another security verification code different from image verification code.
  • the security verification of the slider verification code is similar to the sliding unlock of a mobile phone. It is a verification method that can be performed by dragging the slider to a specified position with a mouse or a finger according to a prompt.
  • the slider verification code is also one of the behavioral verification codes.
  • the current method of generating the slider verification code is generally to generate a long picture on the user interface of the client or the web page of the browser, and the long picture is composed of multiple small pictures. Add a slider component above the picture frame of the long picture, where the initial position of the slider on the picture frame is random.
  • the slider is used as a verification code, so it is also called a slider verification code, which will not be described in detail below.
  • the small pictures in the long picture move one by one, so that a complete picture is always presented to the user.
  • the user drags the slider verification code until the benchmark picture is displayed in the picture box and submits the verification.
  • the above reference picture is the small picture to which the slider verification code belongs, that is, the picture content of the slider verification code portion is missing from the small picture before the verification of the slider verification code is completed.
  • the slider code verification can be completed. At this time, it can be determined that the verification of the slider verification code is correct.
  • the closer the slider verification code is to the correct position the clearer the picture is, which is more convenient for users to use and judge.
  • the verification operation of the slider verification code is only to simply drag the slider verification code and complete the image stitching of the slider verification code to complete the verification of the slider verification code.
  • the verification process of the slider verification code has a simple operation. Convenience and other characteristics, these characteristics can be easily imitated by the machine.
  • the human user behavior can be easily simulated by a computer, and the machine user behavior existing in the verification process of the slider verification code is difficult to be identified, which makes the slider verification code less secure.
  • the method provided in the embodiment of the present application can build a user behavior recognition model of the slider verification code based on the fuzzy cluster analysis algorithm and the sample data obtained from various data acquisition paths.
  • the user behavior recognition model can be used to identify multiple types of users, such as human users and machine users, or ordinary users and star users (such as VIP users), or other types of users.
  • the embodiments of the present application will be described by taking human users and machine users as examples.
  • the corresponding user behavior recognition model may also be a human-machine user behavior recognition model, which is not limited herein.
  • the slider verification code-based user authentication method (for convenience of description, the method provided in the embodiment of the present application may be abbreviated) can recognize the human user behavior and machine user behavior in the slider verification code verification process through a human-machine user behavior recognition model, thereby It can avoid the verification of the slider verification code of the user behavior of the machine, improve the security of the user authentication based on the verification of the slider verification code, and ensure the user data security of the target business.
  • the method provided in the embodiment of the present application may adopt a verification code display-user behavior data collection-user behavior analysis process, based on the human-machine user behavior recognition model, perform user behavior analysis on the user behavior data collected in real time to identify human user behavior Or the behavior of the machine user, and then the verification of the slider verification code can be completed when the human user behavior is identified, and the verification of the slider verification code can be blocked when the machine user behavior is identified, which can effectively prevent network attack behavior and improve network security To ensure the security of the business requested by the verification of the slider verification code.
  • the method provided in the embodiment of the present application may be applicable to user authentication of any service. For the convenience of description, the target service is taken as an example for description, and details are not described below. The method and device provided in the embodiments of the present application will be described below with reference to FIGS. 1 to 5.
  • FIG. 1 is a schematic flowchart of a user authentication method based on a slider verification code according to an embodiment of the present application.
  • the method provided in the embodiment of the present application may include data processing stages such as construction of a user behavior recognition model verified by a slider verification code, user authentication based on a user behavior recognition model, and response to user authentication based on a slider verification code.
  • the data processing stages provided by the embodiments of the present application will be described below with reference to steps S1, S2, and S3.
  • the user behavior data used for the training of the user behavior recognition model may be integrated to classify users in two categories (for example, human users or machine users).
  • the classification of the two categories of users) problem is to train the user behavior recognition model for the learning task, so that the user behavior recognition model has the ability to judge human users or machine users on the user behavior data collected in real time.
  • the above user behavior data may include, but is not limited to, page operation data of a user on a browser's business operation page or a client's business operation page, slider operation data of a user's authentication based on a slider verification code, and user operation browsing. Information such as browser or client.
  • more types of user behavior data can be determined according to actual application scenarios, and there is no limitation here.
  • the user behavior recognition model cannot clearly know in advance which user behaviors are human user behaviors, which user behaviors are machine user behaviors, and do not know what are the characteristics of human users and machine users. Clear differences, so this information needs to be trained by unsupervised fuzzy clustering analysis algorithms, combined with distance calculation of user high-dimensional data features to determine the difference between human user behavior and machine user behavior.
  • the user behavior verified by the slider captcha is divided into two categories of clear human user behavior and machine user behavior.
  • the difference between user behaviors of the two types of users can be comprehensively analyzed in combination with user authentication requirements based on slider verification code verification for specific services, so as to separate machine user behavior from human user behavior.
  • FIG. 2 is a schematic flowchart of a method for constructing a user behavior recognition model according to an embodiment of the present application.
  • the implementation manner adopted for the construction of the above-mentioned user behavior recognition model may include the implementation manner provided by each step in the following steps S11 to S13.
  • the above sample data for user behavior recognition model training may include sample data for at least two types of users of user behavior recognition model training for slider verification code verification.
  • the above sample data includes at least first user behavior sample data corresponding to the first category of users (for example, human users) and second user behavior sample data corresponding to the second category of users (for example, machine users), and includes the first user Any user behavior sample data including the behavior sample data and the second user behavior sample data includes page operation data and / or slider operation data.
  • the sample data of the at least two types of users may be obtained from a user group database of the target service.
  • the above sample data includes page operation data when at least two types of users included in the user group of the target service start the target service, and / or slider operation data of user authentication.
  • the sample data of the at least two types of users may be obtained from a user group database of other services based on big data analysis.
  • the other services mentioned above are one or more services which are the same type of services as the target service and whose user authentication method is slider verification code verification.
  • the above sample data includes page operation data of at least two types of users included in the user group of other services when each category user starts other services, and / or slider operation data of user authentication.
  • the sample data used for user behavior recognition model training can be obtained from multiple data acquisition paths, and the source of the sample data can cover the verification of slider verification codes corresponding to various services, improving the sample data. The validity of the data and the reliability of the sample data are stronger, which can further improve the accuracy of the user behavior judgment of the user behavior recognition model obtained based on the training of the sample data.
  • the data types included in any of the first page operation data and / or sample data in the page operation data include: user operation position on the page, user operation time on the page, and One or more of the user operation trajectories.
  • the user operation position on the above page may be the position where the user's finger or mouse clicks on the page, or the position where the user presses on the page, etc., which can be determined according to the actual application scenario, and is not limited here.
  • the user operation instruction generated by the above-mentioned click operation or pressing operation may be a user operation instruction for triggering a service management page for starting a target service (for convenience of description, it may be simply referred to as starting a target service), which is not limited herein.
  • the user operation instruction on the above page may be a duration corresponding to a user's finger or mouse clicking or pressing on the page, for example, the duration from a mouse click or pressing a certain position on the page to releasing the mouse.
  • the user operation trajectory on the above page is the trajectory of a user's finger or mouse clicking or pressing on the page multiple times, or the trajectory of a finger or mouse sliding on the page, etc., which can be specifically based on the user required to start the target service in the actual application scenario
  • the operation form is determined, and there is no limitation here.
  • the types of data included in any of the first slider operation data and / or sample data in the slider operation data include: a user operation position on a slider verification code, a One or more of a user operation duration and a sliding parameter of a slider verification code.
  • the sliding parameters include one or more of a sliding trajectory, a slider speed, a sliding duration, a sliding range, an aspect ratio of sliding, and an acceleration of sliding.
  • the user operation position of the slider verification code may include a click position, a pressing position, or a drag position on the slider verification code when the user clicks, presses, or drags the slider verification code.
  • the user operation duration of the above-mentioned slider verification code may include the corresponding duration of operations such as clicking, pressing, or dragging the sliding verification code, and the sliding duration of the slider verification code during the sliding process of dragging the slider verification code, and so on.
  • the sliding trajectory of the slider verification code can be determined by the point coordinates collected during the sliding of the slider verification code, including but not limited to the starting point coordinates, end point coordinates, and one or more intermediate point coordinates during the sliding of the slider verification code. .
  • the sliding speed and sliding acceleration of the slider verification code can be determined by data such as the sliding distance and the sliding duration of the slider verification code.
  • the sliding range of the above-mentioned slider verification code and the ratio of the horizontal and vertical coordinates of the sliding can be determined by data such as point coordinates collected during the sliding process of the slider verification code, and can be specifically determined according to the actual application scenario, which is not limited here.
  • the data types and / or data content collected and screened during the training phase of the user behavior recognition model may be collected with the data processing phases such as the test phase and the use phase of the user behavior recognition model provided in the following steps.
  • the filtered data type and / or data content are kept the same data type and / or data content (the data item type is the same but the values are different), so that the user behavior recognition model can be better used to learn and output the input user behavior data
  • the corresponding user behavior category can increase the discrimination accuracy of the user behavior recognition model, and the applicability is stronger.
  • the page operation data and slider operation data involved in the foregoing data processing stages may be described by using user behavior data as an example.
  • the sample data may further include identification information (such as an IP address, etc.) of a terminal device used by the user, a display screen resolution of the terminal device used by the user, and a target business account of the user.
  • Identification information such as an IP address, etc.
  • Information such as user account ID, etc.
  • other user identification information are not limited here.
  • one or more of the above-mentioned user identification information may also be used as the unique identification information for user authentication, and the sliding of the slider verification code in unit time during the user authentication process may be derived therefrom.
  • User operation data such as frequency, user authentication frequency of the user in unit time, and so on.
  • the above-mentioned user operation data can also be used as part of the sample data for user behavior recognition model training, thereby increasing the diversity of data types included in the sample data and enhancing the coverage of the sample data, which can enhance the The scope of application of the user behavior recognition model trained based on sample data is more flexible and more applicable.
  • the above sample data for user behavior recognition model training may be used as input of the user behavior recognition model, and the sample data is learned through the user behavior recognition model to obtain identification of any page operation data and / Or the ability of the slider to manipulate the user behavior category corresponding to the data.
  • user behavior data (including page operation data and //) of at least two types of users included in the above sample data can be obtained through the above-mentioned user behavior recognition model based on the training unsupervised fuzzy cluster analysis algorithm. Or slider operation data) and / or user operation data for learning, so that the user behavior recognition model has the ability to acquire and identify user behavior data corresponding to any category of users and / or user behavior categories corresponding to user operation data.
  • the user ’s behavior data corresponding to the human user ’s operation position on the page and on the slider verification code, or dragging the slider verification code to perform sliding data of the slider are relatively random: including but not limited to sliders
  • the degree of dispersion of the horizontal and vertical coordinates of the verification code sliding is also relatively large, and the data such as sliding speed and acceleration are relatively scattered.
  • the identification information of the terminal device used by the user, the display resolution of the terminal device used by the user, and the target business account information When the user identification information becomes more discrete and diversified, the distribution status of the data usually appears as irregular.
  • the user identification information of the machine user is relatively fixed, the data corresponding to the operation position on the page and the slider is relatively small, and the verification code is dragged on the slider
  • the sliding data corresponding to operations such as sliding are relatively fixed, and the sliding speed and acceleration of the slider verification code are relatively constant, and so on.
  • machine learning fuzzy cluster analysis algorithms can be used to aggregate human user behaviors and machine user behaviors. Class analysis, and training the user behavior recognition model based on the above sample data, so that a user behavior recognition model capable of identifying the slider verification code verification behavior of a human user and the slider verification code verification behavior of a machine user can be trained.
  • cluster analysis refers to the process of grouping a collection of physical or abstract objects into similar classes composed of similar objects, and dissimilar objects composed of different classes. In other words, the goal of cluster analysis is to collect data on a similar basis To classify.
  • Clustering is a process of classifying data into different classes or clusters, so objects in the same cluster have great similarity, but objects in different clusters have great dissimilarity.
  • a user behavior recognition model is trained based on a training unsupervised fuzzy clustering analysis algorithm, and training can be performed without adding category tags to the sample data to identify any page operation data and / or slider operation data.
  • the user behavior recognition model corresponding to the capability of the user behavior category is simple to operate and more applicable.
  • the model parameters of the user behavior recognition model obtained by training are saved, and at the same time, based on the user behavior recognition during the test process,
  • the model can perform real-time determination of user behavior on user behavior test data such as page operation data, slider operation data, and user operation data generated by the user at a single time, and quickly, accurately, and in real time return the determination results of human-machine user behavior.
  • the model parameters of the user behavior recognition model are modified, so that the user behavior recognition model has a more accurate human-machine user
  • the ability to judge behaviors can further improve the accuracy of judging user behavior categories of human users or machine users based on user behavior recognition models.
  • the user behavior recognition model obtained through training can determine the user behavior data and / or user operation data collected in real time to determine whether the user corresponding to the user behavior data and / or user operation data collected in real time is a human user or a machine user .
  • the page operation data of the target service started in real time can be collected based on the user behavior recognition model.
  • the description can use the first page operation data as an example to describe, and the slider operation data of the user authentication that starts the target service (for the convenience of description, the first slider operation data can be described as an example) to determine the user behavior category.
  • the user authentication of the target service may be completed and the target service may be started according to the user behavior category determined based on the user behavior recognition model, or the user authentication of the target service may be disconnected according to the user behavior category.
  • FIG. 3 is another schematic flowchart of a user authentication method based on a slider verification code according to an embodiment of the present application. The method provided in the embodiment of the present application may be specifically described in combination with steps S21 to S24.
  • S21 Obtain the first page operation data for starting the target service, and output the target slider verification code to the user interface for starting the target service according to the first page operation data.
  • the above browsing may be collected.
  • the page operation data ie, the first page operation data
  • the page operation data on the business operation page of the server or the business operation page of the client, and trigger the verification process of starting the slider verification code according to the first page operation data.
  • operations for starting a target service may include operations such as starting a service for registering an application account and / or a service for logging in an application account.
  • the above-mentioned service for registering an application account or the service for logging in an application account may be described as an example of a target service. I will not repeat them below.
  • the above-mentioned first page operation data may include one or more of a user operation position on the page, a user operation time on the page, and a user operation track on the page. For details, refer to each of steps S11 to S13 above. The implementation provided by the steps is not repeated here.
  • a user when a user needs to log in to an application account of an application or register an application account of an application, he can click the icon of the browser or the icon of the client through a mouse or a finger, etc., so that the business operation page of the browser or the customer can be opened.
  • Business operations page Enter the existing application account information on the business operation page, or fill in the application account information to be registered, or slide the screen of the terminal device for identity recognition, etc., and then click the verification code on the slider on the business operation page to verify Window, triggering the terminal device to enter the verification process of the slider verification code.
  • the terminal device can collect and input the existing application.
  • Page operation data generated by operations such as account information, filling in application account information to be registered, or sliding the screen of a terminal device. You can manipulate the data for the first page.
  • the above-mentioned collected first page operation data includes, but is not limited to, the user operation position on the page triggered by operations such as entering existing application account information, filling in application account information to be registered, or sliding the screen of a terminal device, etc.
  • One or more of a user operation duration on the page and a user operation track on the page may be specifically determined according to an actual application scenario, and there is no limitation here.
  • the terminal collects and obtains the first page operation data, and when the slider verification code verification process is entered according to the first page operation data, the target slider verification code may be output to the user interface that starts the target service.
  • the target slider verification code may be used for user authentication for starting a target service, and the user interface for starting the target service may include a service operation page of the browser or a service operation page of the client, which is not limited herein. It can be understood that when the user opens the business operation page of the browser or the business operation page of the client and completes the corresponding operation on the above business operation page, the user operation interface displayed on the terminal device at this time may be the business operation page. Therefore, the user interface for starting the target service at this time may also be a user operation interface of the terminal device, including but not limited to the touch screen of the terminal device, which may be specifically determined according to an actual application scenario, and is not limited herein.
  • the target slider verification code when the terminal enters the verification process of the slider verification code, can be output to the user interface that starts the target service, such as the touch screen of the terminal device, and the terminal device can be monitored. User operation instructions on the touch screen.
  • the slider operation data corresponding to the target slider verification code can be triggered, that is, The first slider operates the data.
  • the terminal device can collect the slider operation data (that is, the first Slider operation data), and further, user behavior data including the first page operation data and the first slider operation data may be input into the trained user behavior recognition model.
  • the first slider operation data includes, but is not limited to, one or more of a user operation position on the slider verification code, a user operation duration of the slider verification code, and a sliding parameter of the slider verification code.
  • the sliding parameters include one or more of a sliding trajectory, a slider speed, a sliding duration, a sliding range, an aspect ratio of sliding, and an acceleration of sliding.
  • the data type and / or data content included in the first slider operation data refer to the data type included in any slider operation data in the sample data in the implementation methods provided in the steps S11 to S13 above. And / or data content, which will not be repeated here.
  • the user behavior category in the target slider verification code verification process may be determined before the user may be collected.
  • Drag the target slider verification code to perform user authentication such as the identification information of the terminal device (such as the IP address), the display resolution of the terminal device used by the user, and the user's target business account information (such as the user account ID) Wait for user identification information, which is not limited here.
  • the user identification information in the foregoing user identification information may also be used.
  • One or more items are used as the unique identification information for user authentication, and user operation data such as the sliding frequency of the target slider verification code in unit time and the user authentication frequency in unit time during user authentication are derived
  • user operation data such as the sliding frequency of the target slider verification code in unit time and the user authentication frequency in unit time during user authentication are derived
  • the convenient description can be described by using the first user operation data as an example).
  • the above-mentioned user operation data can also be used as part of the input data of the user behavior category determination during the verification process of the target slider verification code based on the user behavior recognition model training, thereby improving the verification performance based on the target slider verification code.
  • the accuracy of the user behavior category determination based on the user behavior recognition model is more applicable.
  • a user behavior category verified by the slider verification code corresponding to the first page operation data and the first slider operation data is determined.
  • a user behavior category verified by a target slider verification code corresponding to the input data including the first user behavior data is determined.
  • the input data may further include the first user operation data derived based on the first user behavior data, which may be specifically determined according to an actual application scenario, and is not limited herein.
  • the terminal device may use the first user behavior data and / or the first user operation data as input data of a user behavior recognition model, learn the input data based on the user behavior recognition model, and output the first user behavior data and / Or the user behavior corresponding to the first user operation data is a human user behavior or a user behavior category determination result of a machine user behavior, so that whether to respond to the verification of the slider verification code can be determined according to the determination result.
  • the terminal device may determine to complete user authentication of the target service and enter a service processing interface of the target service. For example, the terminal device can output a prompt on the business operation page of the browser or the business operation page of the client to indicate that the verification of the target slider verification code is correct, and enter the business processing interface of the target service for the user to perform the business processing operation of the target service, etc. , Which can be determined according to the actual application scenario, and is not limited here.
  • the terminal device may close the user authentication interface of the target service to disconnect the user authentication of the target service, and Report the user information of the machine user to the network administrator corresponding to the target service.
  • the terminal device can output a user authentication prompt that the target slider verification code verification fails on the business operation page of the browser or the business operation page of the client, and exit the user authentication process of the target service.
  • step S3 for more implementation manners of performing target service response based on the user behavior category determined by the user behavior recognition model, refer to the specific implementation manner provided in step S3 below, which is not limited herein.
  • the above-mentioned user behavior recognition model determines that the collected first user behavior data and / or the user behavior corresponding to the first user operation data are human user behaviors, it may be Verify and complete the verification of the slider verification code.
  • the user may be allowed to enter the subsequent process of the application account registration corresponding to the target service, or allow the user to enter the subsequent process of the application account registration corresponding to the target service.
  • it can be determined according to specific operations after user authentication of the target service, and there is no limitation here.
  • the terminal device may output a security prompt question on the business operation page of the browser or the business operation page of the client when the verification of the target slider verification code is correct and the user behavior category is a machine user.
  • the user answers the question according to the security prompt to perform a user authentication process other than user authentication based on the target slider verification code. Further user authentication based on the security prompt question can further avoid the simulated authentication of the machine user and improve the security of the target business. More sexual.
  • the user behavior identification module determines that the collected first user behavior data and / or the user behavior corresponding to the first user operation data is a machine user behavior, and the authentication of the security prompt question is incorrect, the user may be blocked
  • the terminal device may send a prompt signal or an alarm or an early warning email to the network administrator to report the above user information to the network administrator and prompt the network administrator to perform manual detection of the user behavior category that starts the target service to improve the target service.
  • Network security may be used to perform manual detection of the user behavior category that starts the target service to improve the target service.
  • the user data database of the target service or the sample data obtained based on big data analysis is used as sample data for training the user behavior recognition model for slider verification code verification, and a user behavior recognition model is constructed by using a fuzzy cluster analysis algorithm.
  • a user behavior recognition model based on slider verification code verification, which can determine the user behavior category on the page operation data and / or slider operation data collected by the user authentication based on the target slider verification code verification, and then based on the user behavior The user behavior category identified by the recognition model responds to the user authentication of the target service.
  • the target service can be started; otherwise, the user authentication of the target service is disconnected, the operation is simple, the security of the slider verification code verification can be improved, and the slider verification code verification can be effectively prevented Network attacks to improve network security.
  • a network administrator such as a service administrator or a network engineer who reports the user information based on the machine user to the target service can further ensure the verification of the slider verification code.
  • the requested target service is more secure and applicable.
  • FIG. 4 is a schematic structural diagram of a user authentication device based on a slider verification code according to an embodiment of the present application.
  • the user authentication device provided in the embodiment of the present application includes:
  • the data obtaining unit 41 is configured to obtain first page operation data of a target service.
  • the output unit 42 is configured to output a target slider verification code to a user interface that starts the target service according to the first page operation data obtained by the data obtaining unit 41.
  • the data obtaining unit 41 is further configured to obtain, from the user interface, first slider operation data for performing user authentication for starting the target service based on the target slider verification code output by the output unit 42.
  • the user behavior recognition unit 43 is configured to determine the slider verification code verification corresponding to the first page operation data and the first slider operation data obtained by the data obtaining unit 41 based on a user behavior recognition model verified by the slider verification code.
  • User behavior category the above-mentioned user behavior recognition model is trained from sample data verified by the slider verification code, and the sample data includes at least the first user behavior sample data corresponding to the first category of users and the second user corresponding to the second category of users.
  • Behavior sample data Any user behavior sample data includes page operation data and / or slider operation data.
  • the authentication response unit 44 is configured to complete user authentication of the target service and start the target service according to the user behavior category identified by the user behavior identifying unit, or disconnect the user authentication of the target service according to the user behavior category.
  • the foregoing data obtaining unit 41 is further configured to:
  • Sample data of at least two types of users is obtained, and the sample data is used for training a user behavior recognition model for slider verification code verification.
  • the sample data includes at least the first user behavior sample data and the second user behavior sample data.
  • the user behavior recognition unit 43 is configured to:
  • the sample data obtained by the data obtaining unit 41 is used as an input of a user behavior recognition model verified by a slider verification code, and the sample data is learned through the user behavior recognition model to obtain any page operation data and / or slide The ability to block user action categories corresponding to data.
  • the foregoing user behavior recognition unit 43 is configured to:
  • the page operation data and / or slider operation corresponding to each category of users in at least two categories of users included in the sample data obtained by the data acquisition unit 41 described above The data is learned to obtain the ability to identify the page behavior data and / or slider operation data corresponding to any category of user behavior category.
  • the foregoing data obtaining unit 41 is configured to:
  • the sample data includes page operation data when each category of users in at least two types of users included in the user group starts the target service, and / or slider operation data of user authentication.
  • the foregoing data obtaining unit 41 is configured to:
  • sample data of at least two types of users are obtained from the user group database of other services.
  • the other services are one or more of the same type of services as the target service and the user authentication method is slider verification code verification. business;
  • the above sample data includes page operation data when at least two types of users included in the user group of the other services and each category of users start the other services, and / or slider operation data of user authentication.
  • the first category of users includes human users, and the second category of users includes machine users;
  • the authentication response unit 44 is configured to:
  • the user behavior recognition unit When the slider verification code is verified correctly and the user behavior recognition unit recognizes that the user behavior category is a human user, complete user authentication of the target service and enter a service processing interface of the target service;
  • the user behavior recognition unit When the slider verification code is verified correctly and the user behavior recognition unit recognizes that the user behavior category is a machine user, closing the user authentication interface of the target service to disconnect the user authentication of the target service, and The user information is reported to the network administrator corresponding to the target service.
  • the types of data included in the first page operation data and / or any of the page operation data in the sample data include: user operation position on the page, user operation time on the page, and One or more of the user's operation trajectories.
  • the data types included in the first slider operation data and / or any of the slider operation data in the sample data include: a user operation position on a slider verification code, and a slider verification code.
  • the above-mentioned slider verification code-based user authentication device may implement the implementation manners provided by the steps in FIG. 1 to FIG. 3 described above through each of its built-in function modules.
  • the user authentication device may be a terminal device described in the foregoing embodiments, and is not limited herein.
  • the data obtaining unit 41 may be configured to obtain data such as page operation data, slider operation data, and sample data in the foregoing steps.
  • the output unit 42 may be used to implement the implementation methods such as the output of the slider verification code and the output of the user authentication result based on the slider verification code.
  • the above-mentioned user behavior recognition unit 43 may be configured to perform an implementation manner such as determining a user behavior category based on a user behavior recognition model in the foregoing steps. For details, refer to the implementation manners provided in the foregoing steps, and details are not described herein again.
  • the above-mentioned authentication response unit 44 may be configured to execute a related implementation manner of performing a user authentication response based on a determination result output by a user behavior recognition model in the foregoing embodiments. For details, refer to the implementation manners provided in the foregoing steps, and details are not described herein.
  • the user authentication device may use the user group database of the target service or the sample data obtained based on big data analysis as the sample data trained by the user behavior recognition model for slider verification code verification, and then use fuzzy clustering. Analyze algorithms to build a user behavior recognition model.
  • User behavior recognition model based on slider verification code verification, which can determine the user behavior category on the page operation data and / or slider operation data collected by the user authentication based on the target slider verification code verification, and then based on the user behavior
  • the user behavior category identified by the recognition model responds to the user authentication of the target service.
  • the target service can be started; otherwise, the user authentication of the target service is disconnected, the operation is simple, the security of the slider verification code verification can be improved, and the slider verification code verification can be effectively prevented. Network attacks to improve network security.
  • a network administrator such as a service administrator or a network engineer who reports the user information based on the machine user to the target service can further ensure the verification of the slider verification code.
  • the requested target service is more secure and applicable.
  • FIG. 5 is a schematic structural diagram of a terminal device according to an embodiment of the present application.
  • the terminal device in this embodiment may include one or more processors 501 and a memory 502.
  • the processor 501 and the memory 502 are connected via a bus 503.
  • the memory 502 is configured to store a computer program.
  • the computer program includes program instructions.
  • the processor 501 is configured to execute the program instructions stored in the memory 502, and perform the following operations:
  • the user behavior category verified by the slider verification code corresponding to the first page operation data and the first slider operation data is determined, and the user behavior recognition model is determined by the slider verification code.
  • the verified sample data is obtained through training.
  • the above sample data includes at least first user behavior sample data corresponding to the first category of users and second user behavior sample data corresponding to the second category of users, and any user behavior sample data includes page operations. Data and / or slider operation data;
  • the foregoing processor 501 is further configured to:
  • sample data of at least two types of users where the sample data is used for user behavior recognition model training for slider verification code verification, and the sample data includes at least the first user behavior sample data and the second user behavior sample data;
  • the above sample data is used as an input of a user behavior recognition model verified by a slider verification code, and the sample data is learned through the user behavior recognition model to obtain and identify a user corresponding to any page operation data and / or slider operation data. Capabilities of behavior categories.
  • the foregoing processor 501 is configured to:
  • the page operation data and / or slider operation data corresponding to each category of users in at least two categories of users included in the sample data are learned to obtain Ability to identify user behavior categories corresponding to page operation data and / or slider operation data corresponding to any category of users.
  • the foregoing processor 501 is configured to:
  • the sample data includes page operation data when each category of users in at least two types of users included in the user group starts the target service, and / or slider operation data of user authentication.
  • the foregoing processor 501 is configured to:
  • sample data of at least two types of users are obtained from the user group database of other services.
  • the other services are one or more of the same type of services as the target service and the user authentication method is slider verification code verification. business;
  • the above sample data includes page operation data when at least two types of users included in the user group of the other services and each category of users start the other services, and / or slider operation data of user authentication.
  • the first category of users includes human users
  • the second category of users includes machine users
  • the processor 501 is configured to:
  • the types of data included in the first page operation data and / or any of the page operation data in the sample data include: user operation position on the page, user operation time on the page, and One or more of the user's operation trajectories;
  • the data types included in the first slider operation data and / or any of the slider operation data in the sample data include: a user operation position on a slider verification code, and a slider verification code.
  • the processor 501 may be a central processing unit (CPU), and the processor may also be another general-purpose processor, a digital signal processor (DSP), or a special-purpose integration.
  • Circuit application specific integrated circuit, ASIC
  • ready-made programmable gate array field-programmable gate array, FPGA
  • a general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory 502 may include a read-only memory and a random access memory, and provide instructions and data to the processor 501. A part of the memory 502 may further include a non-volatile random access memory. For example, the memory 502 may also store information of a device type.
  • the terminal device can implement the implementation manners provided by the steps in FIG. 1 to FIG. 3 through the built-in functional modules.
  • the terminal device can implement the implementation manners provided by the steps in FIG. 1 to FIG. 3 through the built-in functional modules.
  • the terminal device may use the user group database of the target service or the sample data obtained based on the big data analysis as the sample data trained by the user behavior recognition model used for the verification of the slider verification code, and perform fuzzy cluster analysis.
  • the algorithm builds a user behavior recognition model.
  • User behavior recognition model based on slider verification code verification, which can determine the user behavior category on the page operation data and / or slider operation data collected by the user authentication based on the target slider verification code verification, and then based on the user behavior
  • the user behavior category identified by the recognition model responds to the user authentication of the target service.
  • the target service can be started; otherwise, the user authentication of the target service is disconnected, the operation is simple, the security of the slider verification code verification can be improved, and the slider verification code verification can be effectively prevented. Network attacks to improve network security.
  • a network administrator such as a service administrator or a network engineer who reports the user information based on the machine user to the target service can further ensure the verification of the slider verification code.
  • the requested target service is more secure and applicable.
  • An embodiment of the present application further provides a computer-readable storage medium.
  • the computer-readable storage medium stores a computer program.
  • the computer program includes program instructions. When the program instructions are executed by a processor, each step in FIG. 1 to FIG. 3 is implemented.
  • the computer-readable storage medium may be a user authentication device based on a slider verification code provided in any of the foregoing embodiments or an internal storage unit of the terminal device, such as a hard disk or a memory of an electronic device.
  • the computer-readable storage medium may also be an external storage device of the electronic device, such as a plug-in hard disk, a smart media card (SMC), a secure digital (SD) card, Flash card, etc.
  • the computer-readable storage medium may include both an internal storage unit and an external storage device of the electronic device.
  • the computer-readable storage medium is used to store the computer program and other programs and data required by the electronic device.
  • the computer-readable storage medium can also be used to temporarily store data that has been or will be output.

Abstract

Disclosed is a user authentication method and device based on a slider verification code. The method comprises: obtaining first page operation data starting a target service, and outputting a target slider verification code to a user interface starting the target service according to the first page operation data; obtaining, from the user interface, first slider operation data for user authentication based on the target slider verification code; on the basis of a user behavior recognition model verified by the slider verification code, determining a user behavior category verified by the slider verification code corresponding to the first page operation data and the first slider operation data, the user behavior recognition model being obtained by training sample data verified by the slider verification code; and completing the user authentication of the target service according to the user behavior category and starting the target service, or disconnecting the user authentication of the target service.

Description

基于滑块验证码的用户认证方法及装置User authentication method and device based on slider verification code
本申请要求于2018年8月3日提交中国专利局、申请号为201810882217.8、申请名称为“基于滑块验证码的用户认证方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed on August 3, 2018 with the Chinese Patent Office, application number 201810882217.8, and application name "User Authentication Method and Device Based on Slider Verification Code", the entire contents of which are incorporated by reference. In this application.
技术领域Technical field
本申请涉及电子技术领域,尤其涉及一种基于滑块验证码的用户认证方法及装置。The present application relates to the field of electronic technology, and in particular, to a user authentication method and device based on a slider verification code.
背景技术Background technique
滑块验证码是区别于图像验证码之外的另一种安全性验证码,滑块验证码也是行为式验证码之一。滑块验证码的生成方式一般是在客户端的用户界面生成一个长图片,该长图片由多个小图片组成,在该长图片的图片框上方添加滑块组件,该滑块组件即为滑块验证码,其中,滑块验证码在图片框上的初始位置是随机的。在用户拖动滑块验证码的过程中,长图片中的小图片随着滑块验证码的移动而逐张移动,使得呈现在用户面前总是一幅完整的图片。用户拖动滑块验证码,直到图片框中显示基准图片时将滑块验证码放置到指定位置上提交验证。The slider verification code is another security verification code that is different from the image verification code. The slider verification code is also one of the behavioral verification codes. The method of generating the slider verification code is generally to generate a long picture in the user interface of the client. The long picture is composed of multiple small pictures. A slider component is added above the picture frame of the long picture, and the slider component is a slider. Verification code, where the initial position of the slider verification code on the picture frame is random. During the dragging of the slider verification code by the user, the small pictures in the long picture move one by one with the movement of the slider verification code, so that a complete picture is always presented in front of the user. The user drags the slider verification code until the reference picture is displayed in the picture box, and places the slider verification code at the specified position to submit the verification.
然而,目前滑块验证码的验证操作仅是简单地拖动滑块验证码并完成滑块验证码的图像拼接即可完成滑块验证码的验证,滑块验证码的验证过程存在着操作简单,使用方便等特点,这些特点很容易被机器模仿。通过计算机很容易模拟出人类用户行为,滑块验证码的验证过程中存在的机器用户行为难以被识别,使得滑块验证码的安全性低,适用性差。However, at present, the verification operation of the slider verification code is only to simply drag the slider verification code and complete the image stitching of the slider verification code to complete the verification of the slider verification code. There is a simple operation in the verification process of the slider verification code. , Easy to use and other characteristics, these characteristics are easy to be imitated by the machine. It is easy to simulate human user behavior through a computer, and the machine user behavior existing in the verification process of the slider verification code is difficult to be identified, which makes the slider verification code low in security and poor in applicability.
发明内容Summary of the invention
本申请实施例提供一种基于滑块验证码的用户认证方法及装置,可提高滑块验证码验证的安全性,可有效防止滑块验证码验证的网络攻击,提高网络安全性,保证滑块验证码的验证所请求的目标业务的安全性,适用性更高。The embodiments of the present application provide a user authentication method and device based on a slider verification code, which can improve the security of the verification of the slider verification code, can effectively prevent the network attack of the verification of the slider verification code, improve network security, and ensure the slider The verification of the verification code for the requested target service is more secure and applicable.
第一方面,本申请实施例提供了一种基于滑块验证码的用户认证方法,该方法包括:In a first aspect, an embodiment of the present application provides a user authentication method based on a slider verification code. The method includes:
获取启动目标业务的第一页面操作数据,根据上述第一页面操作数据输出目标滑块验证码至启动上述目标业务的用户界面;Obtaining the first page operation data for starting the target service, and outputting the target slider verification code to the user interface for starting the target service according to the first page operation data;
从上述用户界面上获取基于上述目标滑块验证码进行启动上述目标业务的用户认证的第一滑块操作数据;Obtaining, from the user interface, first slider operation data for performing user authentication for starting the target service based on the target slider verification code;
基于滑块验证码验证的用户行为识别模型,确定出上述第一页面操作数据和上述第一滑块操作数据对应的滑块验证码验证的用户行为类别,上述用户行为识别模型由滑块验证码验证的样本数据训练得到,上述样本数据中至少包括第一类别用户对应的第一用户行为样本数据和第二类别用户对应的第二用户行为样本数据,任一用户行为样本数据中均包括页面操作数据和/或滑块操作数据;Based on the user behavior recognition model verified by the slider verification code, the user behavior category verified by the slider verification code corresponding to the first page operation data and the first slider operation data is determined. The verified sample data is obtained through training. The above sample data includes at least first user behavior sample data corresponding to the first category of users and second user behavior sample data corresponding to the second category of users, and any user behavior sample data includes page operations. Data and / or slider operation data;
根据上述用户行为类别完成上述目标业务的用户认证并启动上述目标业务,或者根据上述用户行为类别断开上述目标业务的用户认证。Complete user authentication of the target service and start the target service according to the user behavior category, or disconnect user authentication of the target service according to the user behavior category.
第二方面,本申请实施例提供了一种基于滑块验证码的用户认证装置,该装置包括:In a second aspect, an embodiment of the present application provides a user authentication device based on a slider verification code. The device includes:
数据获取单元,用于获取启动目标业务的第一页面操作数据;A data acquisition unit, configured to acquire first page operation data of a target business;
输出单元,用于根据上述数据获取单元获取的上述第一页面操作数据输出目标滑块验证码至启动上述目标业务的用户界面;An output unit, configured to output a target slider verification code to a user interface that starts the target service according to the first page operation data obtained by the data obtaining unit;
上述数据获取单元,还用于从上述用户界面上获取基于上述输出单元输出的上述目标滑块验证码进行启动上述目标业务的用户认证的第一滑块操作数据;The data obtaining unit is further configured to obtain, from the user interface, first slider operation data for performing user authentication for starting the target service based on the target slider verification code output by the output unit;
用户行为识别单元,用于基于滑块验证码验证的用户行为识别模型,确定出上述数据获取单元获取的上述第一页面操作数据和上述第一滑块操作数据对应的滑块验证码验证的用户行为类别,上述用户行为识别模型由滑块验证码验证的样本数据训练得到,上述样本数据中至少包括第一类别用户对应的第一用户行为样本数据和第二类别用户对应的第二用户行为样本数据,任一用户行为样本数据中均包括页面操作数据和/或滑块操作数据;The user behavior recognition unit is configured to identify a user verified by the slider verification code corresponding to the first slider operation data obtained by the data acquisition unit based on the user behavior recognition model verified by the slider verification code. Behavior category, the user behavior recognition model is trained from sample data verified by the slider verification code, and the sample data includes at least first user behavior sample data corresponding to the first category of users and second user behavior sample corresponding to the second category of users. Data, any user behavior sample data includes page operation data and / or slider operation data;
认证响应单元,用于根据上述用户行为识别单元识别的上述用户行为类别完成上述目标业务的用户认证并启动上述目标业务,或者根据上述用户行为类别断开上述目标业务的用户认证。The authentication response unit is configured to complete user authentication of the target service and start the target service according to the user behavior category identified by the user behavior identification unit, or disconnect the user authentication of the target service according to the user behavior category.
第三方面,本申请实施例提供了一种终端设备,该终端设备包括处理器和存储器,该处理器和存储器相互连接。该存储器用于存储支持该终端设备执行上述第一方面和/或第一方面任一种可能的实现方式提供的方法的计算机程序,该计算机程序包括程序指令,该处理器被配置用于调用上述程序指令,执行上述第一方面和/或第一方面任一种可能的实施方式所提供的方法。In a third aspect, an embodiment of the present application provides a terminal device. The terminal device includes a processor and a memory, and the processor and the memory are connected to each other. The memory is configured to store a computer program that supports the terminal device to execute the method provided in the first aspect and / or any possible implementation manner of the first aspect. The computer program includes program instructions, and the processor is configured to call the foregoing. A program instruction executes the first aspect and / or the method provided in any possible implementation manner of the first aspect.
第四方面,本申请实施例提供了一种计算机可读存储介质,该计算机可读存储介质存储有计算机程序,该计算机程序包括程序指令,该程序指令当被处理器执行时使该处理器执行上述第一方面和/或第一方面任一种可能的实施方式所提供的方法。According to a fourth aspect, an embodiment of the present application provides a computer-readable storage medium. The computer-readable storage medium stores a computer program, where the computer program includes program instructions, and when the program instructions are executed by a processor, the processor executes the instructions. The first aspect and / or the method provided by any possible implementation manner of the first aspect.
采用本申请实施例,可提高滑块验证码验证的安全性,可有效防止滑块验证码验证的网络攻击,提高网络的安全性,进而可保证滑块验证码的验证所请求的目标业务的安全性,适用性更高。By adopting the embodiment of the present application, the security of the verification of the slider verification code can be improved, the network attack of the verification of the slider verification code can be effectively prevented, the network security can be improved, and the target service requested by the verification of the verification of the slider verification code can be guaranteed. Safety and applicability.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
为了更清楚地说明本申请实施例技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍。In order to explain the technical solution of the embodiment of the present application more clearly, the drawings used in the description of the embodiment will be briefly introduced below.
图1是本申请实施例提供的基于滑块验证码的用户认证方法的一流程示意图;1 is a schematic flowchart of a user authentication method based on a slider verification code according to an embodiment of the present application;
图2是本申请实施例提供的用户行为识别模型的构建方法的流程示意图;2 is a schematic flowchart of a method for constructing a user behavior recognition model according to an embodiment of the present application;
图3是本申请实施例提供的基于滑块验证码的用户认证方法的另一流程示意图;FIG. 3 is another schematic flowchart of a user authentication method based on a slider verification code according to an embodiment of the present application; FIG.
图4是本申请实施例提供的基于滑块验证码的用户认证装置的结构示意图;4 is a schematic structural diagram of a user authentication device based on a slider verification code according to an embodiment of the present application;
图5是本申请实施例提供的终端设备的结构示意图。FIG. 5 is a schematic structural diagram of a terminal device according to an embodiment of the present application.
具体实施方式detailed description
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请 中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In the following, the technical solutions in the embodiments of the present application will be clearly and completely described with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
滑块验证码是区别于图像验证码之外的另一种安全性验证码。滑块验证码的安全性验证类似于手机的滑动解锁,是一种可根据提示用鼠标或者手指将滑块拖动到指定的位置完成验证的一种验证方式。滑块验证码也是行为式验证码之一。目前滑块验证码的生成方式一般是在客户端的用户界面或者浏览器的网页页面上生成一个长图片,该长图片由多个小图片组成。在该长图片的图片框上方添加滑块组件,其中,滑块在图片框上的初始位置是随机的。这里滑块作为验证码,因此也称滑块验证码,下面不再赘述。在用户利用鼠标或者手指拖动滑块的过程中,长图片中的小图片逐张移动,使得呈现在用户面前的总是一幅完整的图片。在滑块验证码的验证过程中,用户拖动滑块验证码,直到图片框中显示基准图片时提交验证。其中,上述基准图片为滑块验证码所属小图片,即在完成滑块验证码验证之前该小图片缺失了滑块验证码部分的图片内容,当滑块验证码正确填充到该缺失部分时即可完成滑块码验证,此时可确定滑块验证码的验证正确。在用户拖动滑块验证码的过程中,滑块验证码越靠近正确位置,图片越清晰,这更方便用户使用和判断。目前滑块验证码的验证操作仅是简单地拖动滑块验证码并完成滑块验证码的图像拼接即可完成滑块验证码的验证,滑块验证码的验证过程存在着操作简单,使用方便等特点,这些特点很容易被机器模仿。通过计算机很容易模拟出人类用户行为,滑块验证码的验证过程中存在的机器用户行为难以被识别,使得滑块验证码的安全性低。Slider verification code is another security verification code different from image verification code. The security verification of the slider verification code is similar to the sliding unlock of a mobile phone. It is a verification method that can be performed by dragging the slider to a specified position with a mouse or a finger according to a prompt. The slider verification code is also one of the behavioral verification codes. The current method of generating the slider verification code is generally to generate a long picture on the user interface of the client or the web page of the browser, and the long picture is composed of multiple small pictures. Add a slider component above the picture frame of the long picture, where the initial position of the slider on the picture frame is random. Here the slider is used as a verification code, so it is also called a slider verification code, which will not be described in detail below. When the user drags the slider with the mouse or finger, the small pictures in the long picture move one by one, so that a complete picture is always presented to the user. During the verification process of the slider verification code, the user drags the slider verification code until the benchmark picture is displayed in the picture box and submits the verification. The above reference picture is the small picture to which the slider verification code belongs, that is, the picture content of the slider verification code portion is missing from the small picture before the verification of the slider verification code is completed. The slider code verification can be completed. At this time, it can be determined that the verification of the slider verification code is correct. During the process of dragging the slider verification code, the closer the slider verification code is to the correct position, the clearer the picture is, which is more convenient for users to use and judge. At present, the verification operation of the slider verification code is only to simply drag the slider verification code and complete the image stitching of the slider verification code to complete the verification of the slider verification code. The verification process of the slider verification code has a simple operation. Convenience and other characteristics, these characteristics can be easily imitated by the machine. The human user behavior can be easily simulated by a computer, and the machine user behavior existing in the verification process of the slider verification code is difficult to be identified, which makes the slider verification code less secure.
为了提高滑块验证码的验证安全性,本申请实施例提供的方法可基于模糊聚类分析算法,结合从多种数据获取路径获取得到的样本数据构建滑块验证码的用户行为识别模型。这里,用户行为识别模型可用于识别多种类别的用户,例如人类用户和机器用户,或者普通用户和星级用户(例如VIP用户),或者其他多种类别的用户等,在此不做限制。为方便描述,本申请实施例将以人类用户和机器用户为例进行说明,对应的上述用户行为识别模型也可为人机用户行为识别模型,在此不做限制。基于滑块验证码的用户认证方法(为方便描述可简称本申请实施例提供的方法)可通过人机用户行为识别模型来识别滑块验证码验证过程中的人类用户行为和机器用户行为,从而可在规避机器用户行为的滑块验证码验证,提高基于滑块验证码验证的用户认证的安全性,保证目标业务的用户数据安全性。In order to improve the verification security of the slider verification code, the method provided in the embodiment of the present application can build a user behavior recognition model of the slider verification code based on the fuzzy cluster analysis algorithm and the sample data obtained from various data acquisition paths. Here, the user behavior recognition model can be used to identify multiple types of users, such as human users and machine users, or ordinary users and star users (such as VIP users), or other types of users. For the convenience of description, the embodiments of the present application will be described by taking human users and machine users as examples. The corresponding user behavior recognition model may also be a human-machine user behavior recognition model, which is not limited herein. The slider verification code-based user authentication method (for convenience of description, the method provided in the embodiment of the present application may be abbreviated) can recognize the human user behavior and machine user behavior in the slider verification code verification process through a human-machine user behavior recognition model, thereby It can avoid the verification of the slider verification code of the user behavior of the machine, improve the security of the user authentication based on the verification of the slider verification code, and ensure the user data security of the target business.
本申请实施例提供的方法可采用验证码展示-用户行为数据采集-用户行为分析的流程,基于人机用户行为识别模型,对实时采集到的用户行为数据进行用户行为分析,识别出人类用户行为或者机器用户行为,进而可在识别得到人类用户行为时完成滑块验证码的验证,在识别得到机器用户行为时阻断滑块验证码的验证,可有效地防止网络攻击行为,提高网络安全性,保障滑块验证码的验证所请求的业务安全性。本申请实施例提供的方法可适用于任一业务的用户认证,为方便描述下面将以目标业务为例进行说明,以下不再赘述。下面将结合图1至图5对本申请实施例提供的方法及装置进行说明。The method provided in the embodiment of the present application may adopt a verification code display-user behavior data collection-user behavior analysis process, based on the human-machine user behavior recognition model, perform user behavior analysis on the user behavior data collected in real time to identify human user behavior Or the behavior of the machine user, and then the verification of the slider verification code can be completed when the human user behavior is identified, and the verification of the slider verification code can be blocked when the machine user behavior is identified, which can effectively prevent network attack behavior and improve network security To ensure the security of the business requested by the verification of the slider verification code. The method provided in the embodiment of the present application may be applicable to user authentication of any service. For the convenience of description, the target service is taken as an example for description, and details are not described below. The method and device provided in the embodiments of the present application will be described below with reference to FIGS. 1 to 5.
请参见图1,图1是本申请实施例提供的基于滑块验证码的用户认证方法的一流程示意图。本申请实施例提供的方法可包括滑块验证码验证的用户行为识别模型的构建、基于用户行为识别模型的用户认证以及基于滑块验证码的用户认证的响应等数据处理阶段。下面将结合步骤S1、S2和S3对本申请实施例提供的各数据处理阶段进行说明。Please refer to FIG. 1, which is a schematic flowchart of a user authentication method based on a slider verification code according to an embodiment of the present application. The method provided in the embodiment of the present application may include data processing stages such as construction of a user behavior recognition model verified by a slider verification code, user authentication based on a user behavior recognition model, and response to user authentication based on a slider verification code. The data processing stages provided by the embodiments of the present application will be described below with reference to steps S1, S2, and S3.
S1、滑块验证码验证的用户行为识别模型的构建。S1. Construction of a user behavior recognition model for slider verification code verification.
在一些可行的实施方式中,在滑块验证码验证的用户行为识别模型的训练阶段,可整合用于用户行为识别模型训练的用户行为数据,以对用户的二分类(例如人类用户或者机器用户的两种类别用户的分类)问题为学习任务对用户行为识别模型进行训练,使得用户行为识别模型具备对实时采集到的用户行为数据进行人类用户或者机器用户的判定的能力。其中,上述用户行为数据可包括但不限于用户在浏览器的业务操作页面或者客户端的业务操作页面上的页面操作数据、用户基于滑块验证码进行用户认证的滑块操作数据以及用户操作的浏览器或者客户端的标识信息等等。具体可根据实际应用场景确定更多类型的用户行为数据,在此不做限制。然而,在识别人类用户行为或者机器用户行为之前,用户行为识别模型无法事先明确知道哪些用户行为是人类用户行为,哪些用户行为是机器用户行为,也不知道人类用户和机器用户的特征上有什么明确的差别,因此这些信息都需要通过训练无监督的模糊聚类分析算法,结合用户高维数据特征的距离计算来判断人类用户行为和机器用户行为之间的差异。通过分析人类用户行为和机器用户行为的差异来将滑块验证码验证的用户行为分为明确的人类用户行为和机器用户行为的两个类别。进一步的,还可结合具体业务基于滑块验证码验证的用户认证需求来综合分析两种类别用户的用户行为之间的差异,从而实现机器用户行为和人类用户行为的分离。In some feasible implementation manners, during the training phase of the user behavior recognition model verified by the slider verification code, the user behavior data used for the training of the user behavior recognition model may be integrated to classify users in two categories (for example, human users or machine users). The classification of the two categories of users) problem is to train the user behavior recognition model for the learning task, so that the user behavior recognition model has the ability to judge human users or machine users on the user behavior data collected in real time. The above user behavior data may include, but is not limited to, page operation data of a user on a browser's business operation page or a client's business operation page, slider operation data of a user's authentication based on a slider verification code, and user operation browsing. Information such as browser or client. Specifically, more types of user behavior data can be determined according to actual application scenarios, and there is no limitation here. However, before identifying human user behavior or machine user behavior, the user behavior recognition model cannot clearly know in advance which user behaviors are human user behaviors, which user behaviors are machine user behaviors, and do not know what are the characteristics of human users and machine users. Clear differences, so this information needs to be trained by unsupervised fuzzy clustering analysis algorithms, combined with distance calculation of user high-dimensional data features to determine the difference between human user behavior and machine user behavior. By analyzing the differences between human user behavior and machine user behavior, the user behavior verified by the slider captcha is divided into two categories of clear human user behavior and machine user behavior. Further, the difference between user behaviors of the two types of users can be comprehensively analyzed in combination with user authentication requirements based on slider verification code verification for specific services, so as to separate machine user behavior from human user behavior.
在一些可行的实施方式中,请一并参见图2,图2是本申请实施例提供的用户行为识别模型的构建方法的流程示意图。上述用户行为识别模型的构建所采用的实现方式可包括如下步骤S11至S13中各个步骤所提供的实现方式。In some feasible implementation manners, please refer to FIG. 2 together. FIG. 2 is a schematic flowchart of a method for constructing a user behavior recognition model according to an embodiment of the present application. The implementation manner adopted for the construction of the above-mentioned user behavior recognition model may include the implementation manner provided by each step in the following steps S11 to S13.
S11、用于用户行为识别模型训练的样本数据采集。S11. Sample data collection for user behavior recognition model training.
在一些可行的实施方式中,上述用于用户行为识别模型训练的样本数据可包括用于滑块验证码验证的用户行为识别模型训练的至少两种类型用户的样本数据。其中,上述样本数据中至少包括第一类别用户(例如人类用户)对应的第一用户行为样本数据和第二类别用户(例如机器用户)对应的第二用户行为样本数据,且包括上述第一用户行为样本数据和所述第二用户行为样本数据在内的任一用户行为样本数据中均包括页面操作数据和/或滑块操作数据。In some feasible implementation manners, the above sample data for user behavior recognition model training may include sample data for at least two types of users of user behavior recognition model training for slider verification code verification. The above sample data includes at least first user behavior sample data corresponding to the first category of users (for example, human users) and second user behavior sample data corresponding to the second category of users (for example, machine users), and includes the first user Any user behavior sample data including the behavior sample data and the second user behavior sample data includes page operation data and / or slider operation data.
可选的,上述至少两种类别用户的样本数据可从目标业务的用户群数据库中获取。其中,上述样本数据中包括上述目标业务的用户群包括的至少两种类别用户中各类别用户启动目标业务时的页面操作数据,和/或用户认证的滑块操作数据。Optionally, the sample data of the at least two types of users may be obtained from a user group database of the target service. The above sample data includes page operation data when at least two types of users included in the user group of the target service start the target service, and / or slider operation data of user authentication.
可选的,上述至少两种类别用户的样本数据可基于大数据分析从其他业务的用户群数据库中获取。其中,上述其他业务为与目标业务为相同类型业务且用户认证方式为滑块验证码验证的一个或者多个业务。其中,上述样本数据中包括其他业务的用户群包括的至少两种类别用户中各类别用户启动其他业务时的页面操作数据,和/或用户认证的滑块操作数据。在本申请实施例中,用于用户行为识别模型训练的样本数据可从多种数据获取路径获取得到,样本数据的来源可覆盖到多种业务对应的滑块验证码验证,提高了样本数据的数据有效性,样本数据的可靠性更强,进而可提高基于样本数据训练得到的用户行为识别模型的用户行为判断准确率。Optionally, the sample data of the at least two types of users may be obtained from a user group database of other services based on big data analysis. The other services mentioned above are one or more services which are the same type of services as the target service and whose user authentication method is slider verification code verification. The above sample data includes page operation data of at least two types of users included in the user group of other services when each category user starts other services, and / or slider operation data of user authentication. In the embodiment of the present application, the sample data used for user behavior recognition model training can be obtained from multiple data acquisition paths, and the source of the sample data can cover the verification of slider verification codes corresponding to various services, improving the sample data. The validity of the data and the reliability of the sample data are stronger, which can further improve the accuracy of the user behavior judgment of the user behavior recognition model obtained based on the training of the sample data.
在一些可行的实施方式中,上述第一页面操作数据和/或样本数据中任一页面操作数据 中所包含的数据类型包括:页面上的用户操作位置、页面上的用户操作时长以及页面上的用户操作轨迹中的一种或者多种。其中,上述页面上的用户操作位置可为用户的手指或者鼠标在页面上点击的位置,或者在页面上按压的位置等,具体可根据实际应用场景确定,在此不做限制。其中,上述点击操作或者按压操作所触发产生的用户操作指令可为用于触发启动目标业务的业务办理页面(为方便描述可简称为启动目标业务)的用户操作指令,在此不做限制。上述页面上的用户操作指令可为用户手指或者鼠标在页面上点击或者按压等操作对应的持续时长,例如从鼠标点击或者按压页面上的某一个位置到鼠标松开这个过程的时长等。上述页面上的用户操作轨迹为用户手指或者鼠标在页面上多次点击或者按压的轨迹,或者手指或者鼠标在页面上滑动的轨迹等,具体可根据实际应用场景中目标业务的启动所需的用户操作形式确定,在此不做限制。In some feasible implementation manners, the data types included in any of the first page operation data and / or sample data in the page operation data include: user operation position on the page, user operation time on the page, and One or more of the user operation trajectories. The user operation position on the above page may be the position where the user's finger or mouse clicks on the page, or the position where the user presses on the page, etc., which can be determined according to the actual application scenario, and is not limited here. Wherein, the user operation instruction generated by the above-mentioned click operation or pressing operation may be a user operation instruction for triggering a service management page for starting a target service (for convenience of description, it may be simply referred to as starting a target service), which is not limited herein. The user operation instruction on the above page may be a duration corresponding to a user's finger or mouse clicking or pressing on the page, for example, the duration from a mouse click or pressing a certain position on the page to releasing the mouse. The user operation trajectory on the above page is the trajectory of a user's finger or mouse clicking or pressing on the page multiple times, or the trajectory of a finger or mouse sliding on the page, etc., which can be specifically based on the user required to start the target service in the actual application scenario The operation form is determined, and there is no limitation here.
在一些可行的实施方式中,上述第一滑块操作数据和/或样本数据中任一滑块操作数据中所包含的数据类型包括:滑块验证码上的用户操作位置、滑块验证码的用户操作时长、滑块验证码的滑动参数中的一种或者多种。其中,上述滑动参数包括滑动轨迹、滑块速度、滑动时长、滑动范围、滑动的横纵坐标比,以及滑动的加速度中一种或者多种。可选的,上述滑块验证码的用户操作位置可包括用户点击、按压或者拖动滑块验证码时在滑块验证码上的点击位置、按压位置或者拖动位置。上述滑块验证码的用户操作时长可包括点击、按压或者拖动滑动验证码等操作对应的时长,以及拖动滑块验证码进行滑动的过程中滑块验证码的滑动时长,等等针对滑块验证码进行操作的总时长。上述滑块验证码的滑动轨迹可由滑块验证码滑动过程中所采集的点坐标确定,包括但不限于滑块验证码滑动的起点坐标、终点坐标以及滑动过程中的一个或者多个中间点坐标。上述滑块验证码的滑动速度、滑动的加速度等可由滑块验证码的滑动距离以及滑动时长等数据确定。上述滑块验证码的滑动范围以及滑动的横纵坐标比可由滑块验证码滑动过程中采集的点坐标等数据确定,具体可根据实际应用场景确定,在此不做限制。In some feasible implementation manners, the types of data included in any of the first slider operation data and / or sample data in the slider operation data include: a user operation position on a slider verification code, a One or more of a user operation duration and a sliding parameter of a slider verification code. The sliding parameters include one or more of a sliding trajectory, a slider speed, a sliding duration, a sliding range, an aspect ratio of sliding, and an acceleration of sliding. Optionally, the user operation position of the slider verification code may include a click position, a pressing position, or a drag position on the slider verification code when the user clicks, presses, or drags the slider verification code. The user operation duration of the above-mentioned slider verification code may include the corresponding duration of operations such as clicking, pressing, or dragging the sliding verification code, and the sliding duration of the slider verification code during the sliding process of dragging the slider verification code, and so on. The total length of time that the block verification code operates. The sliding trajectory of the slider verification code can be determined by the point coordinates collected during the sliding of the slider verification code, including but not limited to the starting point coordinates, end point coordinates, and one or more intermediate point coordinates during the sliding of the slider verification code. . The sliding speed and sliding acceleration of the slider verification code can be determined by data such as the sliding distance and the sliding duration of the slider verification code. The sliding range of the above-mentioned slider verification code and the ratio of the horizontal and vertical coordinates of the sliding can be determined by data such as point coordinates collected during the sliding process of the slider verification code, and can be specifically determined according to the actual application scenario, which is not limited here.
可选的,在用户行为识别模型的训练阶段所采集以及筛选的数据类型和/或数据内容,可与下面步骤所提供的用户行为识别模型的测试阶段以及使用阶段等数据处理阶段中,所采集以及筛选的数据类型和/或数据内容均保持数据类型和/或数据内容(数据项目类型相同但数值不同)相同,从而可更好地利用用户行为识别模型对输入的用户行为数据进行学习并输出相应的用户行为类别,可增加用户行为识别模型的判别准确率,适用性更强。为方便描述,上述各个数据处理阶段中所涉及的页面操作数据和滑块操作数据可以用户行为数据为例进行说明。Optionally, the data types and / or data content collected and screened during the training phase of the user behavior recognition model may be collected with the data processing phases such as the test phase and the use phase of the user behavior recognition model provided in the following steps. And the filtered data type and / or data content are kept the same data type and / or data content (the data item type is the same but the values are different), so that the user behavior recognition model can be better used to learn and output the input user behavior data The corresponding user behavior category can increase the discrimination accuracy of the user behavior recognition model, and the applicability is stronger. For the convenience of description, the page operation data and slider operation data involved in the foregoing data processing stages may be described by using user behavior data as an example.
可选的,在一些可行的实施方式中,在上述样本数据还可包括用户所使用终端设备的标识信息(例如IP地址等),用户所使用终端设备的显示屏分辨率以及用户的目标业务账号信息(例如用户账号ID等)等等用户标识信息,在此不做限制。进一步的,基于上述用户行为数据,还可以以上述用户标识信息中的一项或者多项作为用户认证的唯一识别信息,并以此衍生出用户认证过程中滑块验证码在单位时间内的滑动频次、用户在单位时间内的用户认证频率等用户操作数据。进一步的,可将上述用户操作数据也作为用于用户行为识别模型训练的样本数据中的一部分,进而可提高样本数据中所包括的数据类型的多样性,增强样本数据的覆盖范围,从而可增强基于样本数据训练得到的用户行为识别模型的适用 范围,操作更灵活,适用性更强。Optionally, in some feasible implementation manners, the sample data may further include identification information (such as an IP address, etc.) of a terminal device used by the user, a display screen resolution of the terminal device used by the user, and a target business account of the user. Information (such as user account ID, etc.) and other user identification information are not limited here. Further, based on the above-mentioned user behavior data, one or more of the above-mentioned user identification information may also be used as the unique identification information for user authentication, and the sliding of the slider verification code in unit time during the user authentication process may be derived therefrom. User operation data such as frequency, user authentication frequency of the user in unit time, and so on. Further, the above-mentioned user operation data can also be used as part of the sample data for user behavior recognition model training, thereby increasing the diversity of data types included in the sample data and enhancing the coverage of the sample data, which can enhance the The scope of application of the user behavior recognition model trained based on sample data is more flexible and more applicable.
S12、基于上述样本数据构建用户行为识别模型。S12. Construct a user behavior recognition model based on the sample data.
在一些可行的实施方式中,可将上述用于用户行为识别模型训练的样本数据作为用户行为识别模型的输入,通过用户行为识别模型对上述样本数据进行学习,以获取识别任一页面操作数据和/或滑块操作数据对应的用户行为类别的能力。可选的,可通过上述用户行为识别模型,基于训练无监督的模糊聚类分析算法对上述样本数据中包括的至少两种类别用户中各类别用户对应的用户行为数据(包括页面操作数据和/或滑块操作数据)和/或用户操作数据进行学习,使得用户行为识别模型具备获取识别任一类别用户对应的用户行为数据和/或用户操作数据对应的用户行为类别的能力。In some feasible implementation manners, the above sample data for user behavior recognition model training may be used as input of the user behavior recognition model, and the sample data is learned through the user behavior recognition model to obtain identification of any page operation data and / Or the ability of the slider to manipulate the user behavior category corresponding to the data. Optionally, user behavior data (including page operation data and //) of at least two types of users included in the above sample data can be obtained through the above-mentioned user behavior recognition model based on the training unsupervised fuzzy cluster analysis algorithm. Or slider operation data) and / or user operation data for learning, so that the user behavior recognition model has the ability to acquire and identify user behavior data corresponding to any category of users and / or user behavior categories corresponding to user operation data.
通常情况下,人类用户对应的用户行为数据中用户在页面上以及滑块验证码上的操作位置,或者拖动滑块验证码进行滑块的滑动数据等相对比较随机:包括但不限于滑块验证码滑动的横纵坐标的离散程度也比较大,滑动速度和加速度等数据相对比较分散,用户所使用终端设备的标识信息、用户所使用终端设备的显示屏分辨率以及用户的目标业务账号信息等用户标识信息会比较离散且多样化,数据的分布状态通常会呈现为无规律状态。然而,相对于人类用户对应的用户行为数据以及用户操作数据,机器用户的用户标识信息相对比较固定,页面上以及滑块上的操作位置对应的数据相对较少,且在拖动滑块验证码进行滑动等操作对应的滑动数据等相对比较固定,滑块验证码的滑动速度和加速度也相对比较恒定,等等。In general, the user ’s behavior data corresponding to the human user ’s operation position on the page and on the slider verification code, or dragging the slider verification code to perform sliding data of the slider are relatively random: including but not limited to sliders The degree of dispersion of the horizontal and vertical coordinates of the verification code sliding is also relatively large, and the data such as sliding speed and acceleration are relatively scattered. The identification information of the terminal device used by the user, the display resolution of the terminal device used by the user, and the target business account information When the user identification information becomes more discrete and diversified, the distribution status of the data usually appears as irregular. However, compared to the user behavior data and user operation data corresponding to the human user, the user identification information of the machine user is relatively fixed, the data corresponding to the operation position on the page and the slider is relatively small, and the verification code is dragged on the slider The sliding data corresponding to operations such as sliding are relatively fixed, and the sliding speed and acceleration of the slider verification code are relatively constant, and so on.
在一些可行的实施方式中,基于上述人类用户和机器用户的用户行为数据以及用户操作数据上的特征差异,可以利用机器学习的模糊聚类分析算法将人类用户的行为和机器用户的行为进行聚类分析,并基于上述样本数据对用户行为识别模型进行训练,从而可训练得到能够识别出人类用户的滑块验证码验证行为和机器用户的滑块验证码验证行为的用户行为识别模型。这里,聚类分析指将物理或抽象对象的集合分组为由类似的对象组成同一类,不类似的对象组成不同类的分析过程,换句话说聚类分析的目标就是在相似的基础上收集数据来分类。聚类与分类的不同在于,聚类所要求划分的类是未知的,分类所要求划分的类是已知的且需要添加相关标签以标记类别的。聚类是将数据分类到不同的类或者簇这样的一个过程,所以同一个簇中的对象有很大的相似性,而不同簇间的对象有很大的相异性。在本申请实施例中,基于训练无监督的模糊聚类分析算法对用户行为识别模型进行训练,无需为样本数据添加类别标签即可训练得到具备识别任一页面操作数据和/或滑块操作数据对应的用户行为类别的能力的用户行为识别模型,操作简单,适用性更强。In some feasible implementations, based on the above-mentioned user behavior data of human users and machine users, and feature differences in user operation data, machine learning fuzzy cluster analysis algorithms can be used to aggregate human user behaviors and machine user behaviors. Class analysis, and training the user behavior recognition model based on the above sample data, so that a user behavior recognition model capable of identifying the slider verification code verification behavior of a human user and the slider verification code verification behavior of a machine user can be trained. Here, cluster analysis refers to the process of grouping a collection of physical or abstract objects into similar classes composed of similar objects, and dissimilar objects composed of different classes. In other words, the goal of cluster analysis is to collect data on a similar basis To classify. The difference between clustering and classification is that the classes required to be classified by the cluster are unknown, the classes required to be classified by the classification are known and related labels need to be added to mark the categories. Clustering is a process of classifying data into different classes or clusters, so objects in the same cluster have great similarity, but objects in different clusters have great dissimilarity. In the embodiment of the present application, a user behavior recognition model is trained based on a training unsupervised fuzzy clustering analysis algorithm, and training can be performed without adding category tags to the sample data to identify any page operation data and / or slider operation data. The user behavior recognition model corresponding to the capability of the user behavior category is simple to operate and more applicable.
S13、基于用户行为识别模型进行人类用户行为与机器用户行为判定的测试。S13. Perform a test of human user behavior and machine user behavior determination based on a user behavior recognition model.
在一些可行的实施方式中,在构建用户行为识别模型对人类用户行为和机器用户行为进行识别的基础上,保存训练得到的用户行为识别模型的模型参数,同时针对测试过程中,基于用户行为识别模型可对用户单次产生的页面操作数据、滑块操作数据以及用户操作数据等用户行为测试数据进行用户行为的实时判定,快速、准确、实时的返回人机用户行为的判定结果。基于上述用户行为识别模型输出的人类用户或者机器用户的用户行为判定结果与实际测试过程中用户行为的类别对用户行为识别模型的模型参数进行修正,使得用户行为识别模型具备更加精准的人机用户行为判定能力,进而可提高基于用户行为识别模型 进行人类用户或者机器用户的用户行为类别的判断准确率。In some feasible implementation manners, on the basis of constructing a user behavior recognition model to recognize human user behavior and machine user behavior, the model parameters of the user behavior recognition model obtained by training are saved, and at the same time, based on the user behavior recognition during the test process, The model can perform real-time determination of user behavior on user behavior test data such as page operation data, slider operation data, and user operation data generated by the user at a single time, and quickly, accurately, and in real time return the determination results of human-machine user behavior. Based on the user behavior judgment results of the human user or machine user output by the above user behavior recognition model and the categories of user behavior in the actual test process, the model parameters of the user behavior recognition model are modified, so that the user behavior recognition model has a more accurate human-machine user The ability to judge behaviors can further improve the accuracy of judging user behavior categories of human users or machine users based on user behavior recognition models.
通过上述步骤S11至S13可完成用户行为识别模型的训练和优化,从而可得到具备识别人类用户行为和机器用户行为的能力的用户行为识别模型。通过训练得到的用户行为识别模型可对实时采集到的用户行为数据和/或用户操作数据进行判定,以确定实时采集到的用户行为数据和/或用户操作数据对应的用户为人类用户或者机器用户。Through the above steps S11 to S13, training and optimization of the user behavior recognition model can be completed, so that a user behavior recognition model having the ability to recognize human user behavior and machine user behavior can be obtained. The user behavior recognition model obtained through training can determine the user behavior data and / or user operation data collected in real time to determine whether the user corresponding to the user behavior data and / or user operation data collected in real time is a human user or a machine user .
S2、基于用户行为识别模型的用户认证。S2. User authentication based on a user behavior recognition model.
在一些可行的实施方式中,基于上述步骤步S11至S13可完成用户行为识别模型的训练和优化之后,则可基于上述用户行为识别模型对实时采集到的启动目标业务的页面操作数据(为方便描述可以第一页面操作数据为例进行说明)以及启动目标业务的用户认证的滑块操作数据(为方便描述可以第一滑块操作数据为例进行说明)等数据进行用户行为类别的判定,进而可根据基于用户行为识别模型判定的用户行为类别完成目标业务的用户认证并启动目标业务,或者根据用户行为类别断开目标业务的用户认证。请一并参见图3,图3是本申请实施例提供的基于滑块验证码的用户认证方法的另一流程示意图。本申请实施例提供的方法可将结合步骤S21至S24进行具体说明。In some feasible implementation manners, after the training and optimization of the user behavior recognition model can be completed based on the above steps S11 to S13, the page operation data of the target service started in real time (for convenience) can be collected based on the user behavior recognition model. The description can use the first page operation data as an example to describe, and the slider operation data of the user authentication that starts the target service (for the convenience of description, the first slider operation data can be described as an example) to determine the user behavior category. The user authentication of the target service may be completed and the target service may be started according to the user behavior category determined based on the user behavior recognition model, or the user authentication of the target service may be disconnected according to the user behavior category. Please refer to FIG. 3 together. FIG. 3 is another schematic flowchart of a user authentication method based on a slider verification code according to an embodiment of the present application. The method provided in the embodiment of the present application may be specifically described in combination with steps S21 to S24.
S21、获取启动目标业务的第一页面操作数据,根据第一页面操作数据输出目标滑块验证码至启动目标业务的用户界面。S21: Obtain the first page operation data for starting the target service, and output the target slider verification code to the user interface for starting the target service according to the first page operation data.
在一些可行的实施方式中,在用户行为识别模型的使用阶段,在用户需要在目标业务对应的浏览器的业务操作页面或者客户端的业务操作页面上完成启动目标业务的操作时,可采集上述浏览器的业务操作页面或者客户端的业务操作页面上的页面操作数据(即第一页面操作数据),并根据上述第一页面操作数据触发启动滑块验证码的验证流程。为方便描述,启动目标业务的操作可包括启动注册应用账号的业务和/或登录应用账号的业务等操作,其中,上述注册应用账号的业务或者登陆应用账号的业务可以目标业务为例进行说明,下面不再赘述。可选的,上述第一页面操作数据可包括页面上的用户操作位置、页面上的用户操作时长以及页面上的用户操作轨迹中的一种或者多种,具体可参见上述步骤S11至S13中各个步骤所提供的实现方式,在此不再赘述。In some feasible implementation manners, in the use phase of the user behavior recognition model, when the user needs to complete the operation of starting the target service on the business operation page of the browser corresponding to the target service or the business operation page of the client, the above browsing may be collected. The page operation data (ie, the first page operation data) on the business operation page of the server or the business operation page of the client, and trigger the verification process of starting the slider verification code according to the first page operation data. For the convenience of description, operations for starting a target service may include operations such as starting a service for registering an application account and / or a service for logging in an application account. Among them, the above-mentioned service for registering an application account or the service for logging in an application account may be described as an example of a target service. I will not repeat them below. Optionally, the above-mentioned first page operation data may include one or more of a user operation position on the page, a user operation time on the page, and a user operation track on the page. For details, refer to each of steps S11 to S13 above. The implementation provided by the steps is not repeated here.
例如,当用户需要登陆某一个应用的应用账号或者注册某一个应用的应用账号时,可通过鼠标或者手指等途径点击浏览器的图标或者客户端的图标,从而可打开浏览器的业务操作页面或者客户端的业务操作页面。在上述业务操作页面上输入已有的应用账号信息,或者填写待注册的应用账号信息,或者滑动终端设备的屏幕以进行身份识别等操作,进而可点击业务操作页面上的滑块验证码的验证窗口,触发终端设备进入滑块验证码的验证流程。其中,当用户在业务操作页面上输入已有的应用账号信息,或者填写待注册的应用账号信息,或者滑动终端设备的屏幕以进行身份识别等操作时,终端设备可采集得到输入已有的应用账号信息、填写待注册的应用账号信息或者滑动终端设备的屏幕等操作所触发产生的页面操作数据。即可为第一页面操作数据。其中,上述采集到的第一页面操作数据包括但不限于输入已有的应用账号信息、填写待注册的应用账号信息或者滑动终端设备的屏幕等操作所触发产生的在页面上的用户操作位置、页面上的用户操作时长以及页面上的用户操作轨迹中的一种或者多种,具体可根据实际应用场景确定,在此不做限制。For example, when a user needs to log in to an application account of an application or register an application account of an application, he can click the icon of the browser or the icon of the client through a mouse or a finger, etc., so that the business operation page of the browser or the customer can be opened. Business operations page. Enter the existing application account information on the business operation page, or fill in the application account information to be registered, or slide the screen of the terminal device for identity recognition, etc., and then click the verification code on the slider on the business operation page to verify Window, triggering the terminal device to enter the verification process of the slider verification code. Wherein, when a user enters existing application account information on a business operation page, or fills in application account information to be registered, or slides the screen of a terminal device for identity recognition, the terminal device can collect and input the existing application. Page operation data generated by operations such as account information, filling in application account information to be registered, or sliding the screen of a terminal device. You can manipulate the data for the first page. The above-mentioned collected first page operation data includes, but is not limited to, the user operation position on the page triggered by operations such as entering existing application account information, filling in application account information to be registered, or sliding the screen of a terminal device, etc. One or more of a user operation duration on the page and a user operation track on the page may be specifically determined according to an actual application scenario, and there is no limitation here.
在一些可行的实施方式中,终端采集得到上述第一页面操作数据,根据上述第一页面 操作数据进入滑块验证码的验证流程时,可输出目标滑块验证码至启动目标业务的用户界面上。其中上述目标滑块验证码可用于启动目标业务的用户认证,上述启动目标业务的用户界面可包括上述浏览器的业务操作页面或者客户端的业务操作页面,在此不做限制。可以理解,当用户打开了浏览器的业务操作页面或者客户端的业务操作页面,并在上述业务操作页面上完成相应的操作时,终端设备此时的用户操作界面显示的可为该业务操作页面,因此,此时启动目标业务的用户界面也可为终端设备的用户操作界面,包括但不限于终端设备的触控屏,具体可根据实际应用场景确定,在此不做限制。In some feasible implementation manners, the terminal collects and obtains the first page operation data, and when the slider verification code verification process is entered according to the first page operation data, the target slider verification code may be output to the user interface that starts the target service. . The target slider verification code may be used for user authentication for starting a target service, and the user interface for starting the target service may include a service operation page of the browser or a service operation page of the client, which is not limited herein. It can be understood that when the user opens the business operation page of the browser or the business operation page of the client and completes the corresponding operation on the above business operation page, the user operation interface displayed on the terminal device at this time may be the business operation page. Therefore, the user interface for starting the target service at this time may also be a user operation interface of the terminal device, including but not limited to the touch screen of the terminal device, which may be specifically determined according to an actual application scenario, and is not limited herein.
在一些可行的实施方式中,当终端进入滑块验证码的验证流程时,可输出目标滑块验证码至启动目标业务的用户界面,例如终端设备的触控屏等,进而可监控终端设备的触控屏上的用户操作指令。当用户基于终端设备的触控屏上显示的目标滑块验证码,通过鼠标或者手指拖动目标滑块验证码进行验证时,则可触发产生目标滑块验证码对应的滑块操作数据,即第一滑块操作数据。In some feasible implementation manners, when the terminal enters the verification process of the slider verification code, the target slider verification code can be output to the user interface that starts the target service, such as the touch screen of the terminal device, and the terminal device can be monitored. User operation instructions on the touch screen. When the user uses the target slider verification code displayed on the touch screen of the terminal device to perform verification by dragging the target slider verification code with the mouse or finger, the slider operation data corresponding to the target slider verification code can be triggered, that is, The first slider operates the data.
S22、从上述用户界面上获取基于上述目标滑块验证码进行启动上述目标业务的用户认证的第一滑块操作数据。S22. Obtain, from the user interface, first slider operation data for performing user authentication for starting the target service based on the target slider verification code.
在一些可行的实施方式中,终端设备在启动目标业务的用户界面上展示目标滑块验证码之后,可实时采集用户拖动上述目标滑块验证码所触发产生的滑块操作数据(即第一滑块操作数据),进而可将包含上述第一页面操作数据和上述第一滑块操作数据在内的用户行为数据输入到上述训练得到的用户行为识别模型中。其中,上述第一滑块操作数据包括但不限于滑块验证码上的用户操作位置、滑块验证码的用户操作时长、滑块验证码的滑动参数中的一种或者多种,其中,上述滑动参数包括滑动轨迹、滑块速度、滑动时长、滑动范围、滑动的横纵坐标比,以及滑动的加速度中一种或者多种。其中,上述第一滑块操作数据中所包括的数据类型和/或数据内容可参见上述步骤S11至S13中各个步骤所提供的实现方式中样本数据中任一滑块操作数据所包括的数据类型和/或数据内容,在此不再赘述。In some feasible implementation manners, after the terminal device displays the target slider verification code on the user interface for starting the target service, the terminal device can collect the slider operation data (that is, the first Slider operation data), and further, user behavior data including the first page operation data and the first slider operation data may be input into the trained user behavior recognition model. The first slider operation data includes, but is not limited to, one or more of a user operation position on the slider verification code, a user operation duration of the slider verification code, and a sliding parameter of the slider verification code. The sliding parameters include one or more of a sliding trajectory, a slider speed, a sliding duration, a sliding range, an aspect ratio of sliding, and an acceleration of sliding. For the data type and / or data content included in the first slider operation data, refer to the data type included in any slider operation data in the sample data in the implementation methods provided in the steps S11 to S13 above. And / or data content, which will not be repeated here.
可选的,基于上述用户行为识别模型判定实时采集到的第一页面操作数据和/或第一滑块操作数据对目标滑块验证码验证过程中的用户行为类别进行判断之前,还可采集用户拖动目标滑块验证码进行用户认证时所所使用终端设备的标识信息(例如IP地址等),用户所使用终端设备的显示屏分辨率以及用户的目标业务账号信息(例如用户账号ID等)等等用户标识信息,在此不做限制。进一步的,基于上述第一页面操作数据和/或第一滑块操作数据在内的用户行为数据(为方便描述可以第一用户行为数据为例进行说明),还可以以上述用户标识信息中的一项或者多项作为用户认证的唯一识别信息,并以此衍生出用户认证过程中目标滑块验证码在单位时间内的滑动频次、用户在单位时间内的用户认证频率等用户操作数据(为方便描述可以第一用户操作数据为例进行说明)。进一步的,可将上述用户操作数据也作为基于用户行为识别模型训练进行目标滑块验证码验证过程中的用户行为类别判定的输入数据中的一部分,进而可提高基于目标滑块验证码的验证进行启动目标业务的用户认证的过程中,基于用户行为识别模型进行用户行为类别判定的准确率,适用性更强。Optionally, before determining the first page operation data and / or the first slider operation data collected in real time based on the above-mentioned user behavior recognition model, the user behavior category in the target slider verification code verification process may be determined before the user may be collected. Drag the target slider verification code to perform user authentication, such as the identification information of the terminal device (such as the IP address), the display resolution of the terminal device used by the user, and the user's target business account information (such as the user account ID) Wait for user identification information, which is not limited here. Further, based on the user behavior data including the first page operation data and / or the first slider operation data (for the convenience of description, the first user behavior data may be used as an example for description), the user identification information in the foregoing user identification information may also be used. One or more items are used as the unique identification information for user authentication, and user operation data such as the sliding frequency of the target slider verification code in unit time and the user authentication frequency in unit time during user authentication are derived The convenient description can be described by using the first user operation data as an example). Further, the above-mentioned user operation data can also be used as part of the input data of the user behavior category determination during the verification process of the target slider verification code based on the user behavior recognition model training, thereby improving the verification performance based on the target slider verification code. In the process of starting the user authentication of the target service, the accuracy of the user behavior category determination based on the user behavior recognition model is more applicable.
S23、基于滑块验证码验证的用户行为识别模型,确定出上述第一页面操作数据和上述第一滑块操作数据对应的滑块验证码验证的用户行为类别。S23. Based on the user behavior recognition model verified by the slider verification code, a user behavior category verified by the slider verification code corresponding to the first page operation data and the first slider operation data is determined.
在一些可行的实施方式中,基于上述用户行为识别模型,确定出包括上述第一用户行为数据在内的输入数据所对应的目标滑块验证码验证的用户行为类别。可选的,上述输入数据还可包括基于上述第一用户行为数据衍生的上述第一用户操作数据,具体可根据实际应用场景确定,在此不做限制。终端设备可将上述第一用户行为数据和/或上述第一用户操作数据作为用户行为识别模型的输入数据,基于上述用户行为识别模型对输入的数据进行学习,并输出上述第一用户行为数据和/或上述第一用户操作数据对应的用户行为是人类用户行为,还是机器用户行为的用户行为类别判定结果,从而可根据判定结果确定是否响应滑块验证码的验证。In some feasible implementation manners, based on the user behavior recognition model, a user behavior category verified by a target slider verification code corresponding to the input data including the first user behavior data is determined. Optionally, the input data may further include the first user operation data derived based on the first user behavior data, which may be specifically determined according to an actual application scenario, and is not limited herein. The terminal device may use the first user behavior data and / or the first user operation data as input data of a user behavior recognition model, learn the input data based on the user behavior recognition model, and output the first user behavior data and / Or the user behavior corresponding to the first user operation data is a human user behavior or a user behavior category determination result of a machine user behavior, so that whether to respond to the verification of the slider verification code can be determined according to the determination result.
S24、根据上述用户行为类别完成上述目标业务的用户认证并启动上述目标业务,或者根据上述用户行为类别断开上述目标业务的用户认证。S24. Complete user authentication of the target service according to the user behavior category and start the target service, or disconnect user authentication of the target service according to the user behavior category.
在一些可行的实施方式中,当上述目标滑块验证码的验证正确且上述用户行为类别为人类用户时,终端设备可确定完成上述目标业务的用户认证并且进入上述目标业务的业务办理界面。例如,终端设备可在浏览器的业务操作页面或者客户端的业务操作页面上输出提示目标滑块验证码的验证正确,并进入目标业务的业务办理界面,以供用户进行目标业务的业务办理操作等,具体可根据实际应用场景确定,在此不做限制。In some feasible implementation manners, when the verification of the target slider verification code is correct and the user behavior category is a human user, the terminal device may determine to complete user authentication of the target service and enter a service processing interface of the target service. For example, the terminal device can output a prompt on the business operation page of the browser or the business operation page of the client to indicate that the verification of the target slider verification code is correct, and enter the business processing interface of the target service for the user to perform the business processing operation of the target service, etc. , Which can be determined according to the actual application scenario, and is not limited here.
在一些可行的实施方式中,当上述目标滑块验证码的验证正确且上述用户行为类别为机器用户时,终端设备可关闭上述目标业务的用户认证界面以断开上述目标业务的用户认证,并将上述机器用户的用户信息上报上述目标业务对应的网络管理员。例如,当终端设备可在浏览器的业务操作页面或者客户端的业务操作页面上输出提示目标滑块验证码验证的用户认证失败并退出目标业务的用户认证进程。可选的,基于用户行为识别模型判定的用户行为类别进行目标业务响应的更多实现方式可参见如下步骤S3所提供的具体实施方式,在此不做限制。In some feasible implementation manners, when the verification of the target slider verification code is correct and the user behavior category is a machine user, the terminal device may close the user authentication interface of the target service to disconnect the user authentication of the target service, and Report the user information of the machine user to the network administrator corresponding to the target service. For example, when the terminal device can output a user authentication prompt that the target slider verification code verification fails on the business operation page of the browser or the business operation page of the client, and exit the user authentication process of the target service. Optionally, for more implementation manners of performing target service response based on the user behavior category determined by the user behavior recognition model, refer to the specific implementation manner provided in step S3 below, which is not limited herein.
S3、基于滑块验证码的用户认证的响应等数据处理阶段。S3. Data processing stages such as a response to user authentication based on the slider verification code.
在一些可行的实施方式中,若上述用户行为识别模型判定采集到的第一用户行为数据和/或第一用户操作数据对应的用户行为为人类用户行为,则可响应该目标滑块验证码的验证并完成滑块验证码的验证,此时可允许用户进入目标业务对应的应用账号注册的后续流程,或者允许用户进入目标业务对应的应用账号登录的后续流程等。具体可根据目标业务的用户认证之后的具体操作确定,在此不做限制。In some feasible implementation manners, if the above-mentioned user behavior recognition model determines that the collected first user behavior data and / or the user behavior corresponding to the first user operation data are human user behaviors, it may be Verify and complete the verification of the slider verification code. At this time, the user may be allowed to enter the subsequent process of the application account registration corresponding to the target service, or allow the user to enter the subsequent process of the application account registration corresponding to the target service. Specifically, it can be determined according to specific operations after user authentication of the target service, and there is no limitation here.
在一些可行的实施方式中,终端设备可在目标滑块验证码的验证正确且上述用户行为类别为机器用户时,在浏览器的业务操作页面或者客户端的业务操作页面上输出安全提示问题,提示用户按照安全提示问题进行答题以进行基于目标滑块验证码进行用户认证之外的用户认证流程,基于安全提示问题的进一步用户认证可进一步规避机器用户的模拟认证,提高目标业务的安全性,适用性更强。可选的,若上述用户行为识别模块判定采集到的第一用户行为数据和/或第一用户操作数据对应的用户行为为机器用户行为,且安全提示问题的认证不正确,则可阻断用户注册和/或登录应用账号的流程,或者将基于目标滑块验证码进行用户认证的用户信息上报目标业务的业务管理员或者网络工程师等网络管理员。例如,终端设备可向网络管理员发出提示信号或者警报或者预警邮件等,以将上述用户信息上报给网络管理员并提示网络管理员进行启动目标业务的用户行为类别的人工侦测,提高目标 业务的网络安全性。In some feasible implementation manners, the terminal device may output a security prompt question on the business operation page of the browser or the business operation page of the client when the verification of the target slider verification code is correct and the user behavior category is a machine user. The user answers the question according to the security prompt to perform a user authentication process other than user authentication based on the target slider verification code. Further user authentication based on the security prompt question can further avoid the simulated authentication of the machine user and improve the security of the target business. More sexual. Optionally, if the user behavior identification module determines that the collected first user behavior data and / or the user behavior corresponding to the first user operation data is a machine user behavior, and the authentication of the security prompt question is incorrect, the user may be blocked The process of registering and / or logging in to an application account, or reporting user information for user authentication based on the target slider verification code to a network administrator such as a service administrator or network engineer of the target service. For example, the terminal device may send a prompt signal or an alarm or an early warning email to the network administrator to report the above user information to the network administrator and prompt the network administrator to perform manual detection of the user behavior category that starts the target service to improve the target service. Network security.
本申请实施例通过目标业务的用户群数据库或者基于大数据分析获取得到的样本数据作为用于滑块验证码验证的用户行为识别模型训练的样本数据,通过模糊聚类分析算法构建用户行为识别模型。基于滑块验证码验证的用户行为识别模型,可对基于目标滑块验证码验证的用户认证所采集到的页面操作数据和/或滑块操作数据进行用户行为类别的判定,进而可基于用户行为识别模型识别得到的用户行为类别响应目标业务的用户认证。若基于用户行为类别确定完成目标业务的用户认证则可启动目标业务,否则断开目标业务的用户认证,操作简单,可提高滑块验证码验证的安全性,可有效防止滑块验证码验证的网络攻击,提高网络的安全性。可选的,基于用户行为识别模型检测得到机器用户的用户行为时,还可将基于机器用户的用户信息上报目标业务的业务管理员或者网络工程师等网络管理员进而可保证滑块验证码的验证所请求的目标业务的安全性,适用性更高。In the embodiment of the present application, the user data database of the target service or the sample data obtained based on big data analysis is used as sample data for training the user behavior recognition model for slider verification code verification, and a user behavior recognition model is constructed by using a fuzzy cluster analysis algorithm. . User behavior recognition model based on slider verification code verification, which can determine the user behavior category on the page operation data and / or slider operation data collected by the user authentication based on the target slider verification code verification, and then based on the user behavior The user behavior category identified by the recognition model responds to the user authentication of the target service. If the user authentication of the target service is completed based on the user behavior category, the target service can be started; otherwise, the user authentication of the target service is disconnected, the operation is simple, the security of the slider verification code verification can be improved, and the slider verification code verification can be effectively prevented Network attacks to improve network security. Optionally, when the user behavior of the machine user is detected based on the user behavior recognition model, a network administrator such as a service administrator or a network engineer who reports the user information based on the machine user to the target service can further ensure the verification of the slider verification code. The requested target service is more secure and applicable.
参见图4,图4是本申请实施例提供的基于滑块验证码的用户认证装置的结构示意图。本申请实施例提供的用户认证装置包括:Referring to FIG. 4, FIG. 4 is a schematic structural diagram of a user authentication device based on a slider verification code according to an embodiment of the present application. The user authentication device provided in the embodiment of the present application includes:
数据获取单元41,用于获取启动目标业务的第一页面操作数据。The data obtaining unit 41 is configured to obtain first page operation data of a target service.
输出单元42,用于根据上述数据获取单元41获取的上述第一页面操作数据输出目标滑块验证码至启动上述目标业务的用户界面。The output unit 42 is configured to output a target slider verification code to a user interface that starts the target service according to the first page operation data obtained by the data obtaining unit 41.
上述数据获取单元41,还用于从上述用户界面上获取基于上述输出单元42输出的上述目标滑块验证码进行启动上述目标业务的用户认证的第一滑块操作数据。The data obtaining unit 41 is further configured to obtain, from the user interface, first slider operation data for performing user authentication for starting the target service based on the target slider verification code output by the output unit 42.
用户行为识别单元43,用于基于滑块验证码验证的用户行为识别模型,确定出上述数据获取单元41获取的上述第一页面操作数据和上述第一滑块操作数据对应的滑块验证码验证的用户行为类别,上述用户行为识别模型由滑块验证码验证的样本数据训练得到,上述样本数据中至少包括第一类别用户对应的第一用户行为样本数据和第二类别用户对应的第二用户行为样本数据,任一用户行为样本数据中均包括页面操作数据和/或滑块操作数据。The user behavior recognition unit 43 is configured to determine the slider verification code verification corresponding to the first page operation data and the first slider operation data obtained by the data obtaining unit 41 based on a user behavior recognition model verified by the slider verification code. User behavior category, the above-mentioned user behavior recognition model is trained from sample data verified by the slider verification code, and the sample data includes at least the first user behavior sample data corresponding to the first category of users and the second user corresponding to the second category of users. Behavior sample data. Any user behavior sample data includes page operation data and / or slider operation data.
认证响应单元44,用于根据上述用户行为识别单元识别的上述用户行为类别完成上述目标业务的用户认证并启动上述目标业务,或者根据上述用户行为类别断开上述目标业务的用户认证。The authentication response unit 44 is configured to complete user authentication of the target service and start the target service according to the user behavior category identified by the user behavior identifying unit, or disconnect the user authentication of the target service according to the user behavior category.
在一些可行的实施方式中,上述数据获取单元41还用于:In some feasible implementation manners, the foregoing data obtaining unit 41 is further configured to:
获取至少两种类别用户的样本数据,上述样本数据用于滑块验证码验证的用户行为识别模型训练,上述样本数据中至少包括上述第一用户行为样本数据和上述第二用户行为样本数据。Sample data of at least two types of users is obtained, and the sample data is used for training a user behavior recognition model for slider verification code verification. The sample data includes at least the first user behavior sample data and the second user behavior sample data.
上述用户行为识别单元43,用于:The user behavior recognition unit 43 is configured to:
将上述数据获取单元41获取的样本数据作为滑块验证码验证的用户行为识别模型的输入,通过所述用户行为识别模型对所述样本数据进行学习以获取识别任一页面操作数据和/或滑块操作数据对应的用户行为类别的能力。The sample data obtained by the data obtaining unit 41 is used as an input of a user behavior recognition model verified by a slider verification code, and the sample data is learned through the user behavior recognition model to obtain any page operation data and / or slide The ability to block user action categories corresponding to data.
在一些可行的实施方式中,上述用户行为识别单元43用于:In some feasible implementation manners, the foregoing user behavior recognition unit 43 is configured to:
通过上述用户行为识别模型,基于训练无监督的模糊聚类分析算法对上述数据获取单元41获取的样本数据中包括的至少两种类别用户中各类别用户对应的页面操作数据和/或滑块操作数据进行学习,以获取识别任一类别用户对应的页面操作数据和/或滑块操作数据 对应的用户行为类别的能力。Based on the above-mentioned user behavior recognition model, based on the training unsupervised fuzzy clustering analysis algorithm, the page operation data and / or slider operation corresponding to each category of users in at least two categories of users included in the sample data obtained by the data acquisition unit 41 described above The data is learned to obtain the ability to identify the page behavior data and / or slider operation data corresponding to any category of user behavior category.
在一些可行的实施方式中,上述数据获取单元41用于:In some feasible implementation manners, the foregoing data obtaining unit 41 is configured to:
从上述目标业务的用户群数据库中获取至少两种类别用户的样本数据;Obtaining sample data of at least two types of users from the user group database of the target service;
其中,上述样本数据中包括上述用户群包括的至少两种类别用户中各类别用户启动上述目标业务时的页面操作数据,和/或用户认证的滑块操作数据。The sample data includes page operation data when each category of users in at least two types of users included in the user group starts the target service, and / or slider operation data of user authentication.
在一些可行的实施方式中,上述数据获取单元41用于:In some feasible implementation manners, the foregoing data obtaining unit 41 is configured to:
基于大数据分析从其他业务的用户群数据库中获取至少两种类别用户的样本数据,上述其他业务为与所述目标业务为相同类型业务且用户认证方式为滑块验证码验证的一个或者多个业务;Based on big data analysis, sample data of at least two types of users are obtained from the user group database of other services. The other services are one or more of the same type of services as the target service and the user authentication method is slider verification code verification. business;
其中,上述样本数据中包括上述其他业务的用户群包括的至少两种类别用户中各类别用户启动上述其他业务时的页面操作数据,和/或用户认证的滑块操作数据。The above sample data includes page operation data when at least two types of users included in the user group of the other services and each category of users start the other services, and / or slider operation data of user authentication.
在一些可行的实施方式中,上述第一类别用户包括人类用户,上述第二类别用户包括机器用户;上述认证响应单元44用于:In some feasible implementation manners, the first category of users includes human users, and the second category of users includes machine users; the authentication response unit 44 is configured to:
当上述滑块验证码验证正确且上述用户行为识别单元识别得上述用户行为类别为人类用户时,完成上述目标业务的用户认证并且进入所述目标业务的业务办理界面;When the slider verification code is verified correctly and the user behavior recognition unit recognizes that the user behavior category is a human user, complete user authentication of the target service and enter a service processing interface of the target service;
当上述滑块验证码验证正确且上述用户行为识别单元识别得上述用户行为类别为机器用户时,关闭上述目标业务的用户认证界面以断开所述目标业务的用户认证,并将上述机器用户的用户信息上报上述目标业务对应的网络管理员。When the slider verification code is verified correctly and the user behavior recognition unit recognizes that the user behavior category is a machine user, closing the user authentication interface of the target service to disconnect the user authentication of the target service, and The user information is reported to the network administrator corresponding to the target service.
在一些可行的实施方式中,上述第一页面操作数据和/或上述样本数据中任一页面操作数据中所包含的数据类型包括:页面上的用户操作位置、页面上的用户操作时长以及页面上的用户操作轨迹中的一种或者多种。In some feasible implementation manners, the types of data included in the first page operation data and / or any of the page operation data in the sample data include: user operation position on the page, user operation time on the page, and One or more of the user's operation trajectories.
在一些可行的实施方式中,上述第一滑块操作数据和/或上述样本数据中任一滑块操作数据中所包含的数据类型包括:滑块验证码上的用户操作位置、滑块验证码的用户操作时长、滑块验证码的滑动参数中的一种或者多种,其中,所述滑动参数包括滑动轨迹、滑块速度、滑动时长、滑动范围、滑动的横纵坐标比,以及滑动的加速度中一种或者多种。In some feasible implementation manners, the data types included in the first slider operation data and / or any of the slider operation data in the sample data include: a user operation position on a slider verification code, and a slider verification code. One or more of the user operation duration and the sliding parameter of the slider verification code, wherein the sliding parameters include a sliding trajectory, a slider speed, a sliding duration, a sliding range, an aspect ratio of the sliding, and a sliding One or more of the accelerations.
在一些可行的实施方式中,上述基于滑块验证码的用户认证装置可通过其内置的各个功能模块执行如上述图1至图3中各个步骤所提供的实现方式。可选的,上述用户认证装置可为上述各个实施例中所描述的终端设备,在此不做限制。例如,上述数据获取单元41可用于执行上述各个步骤中页面操作数据、滑块操作数据以及样本数据等数据的获取,具体可参见上述各个步骤所提供的实现方式,在此不再赘述。上述输出单元42可用于执行上述各个步骤中滑块验证码的输出以及基于滑块验证码的用户认证结果的输出等实现方式,具体可参见上述各个步骤所提供的实现方式,在此不再赘述。上述用户行为识别单元43可用于执行上述各个步骤中基于用户行为识别模型的用户行为类别的判定等实现方式,具体可参见上述各个步骤所提供的实现方式,在此不再赘述。上述认证响应单元44可用于执行上述各个实施例中基于用户行为识别模型输出的判定结果进行用户认证响应的相关实现方式,具体可参见上述各个步骤所提供的实现方式,在此不再赘述。In some feasible implementation manners, the above-mentioned slider verification code-based user authentication device may implement the implementation manners provided by the steps in FIG. 1 to FIG. 3 described above through each of its built-in function modules. Optionally, the user authentication device may be a terminal device described in the foregoing embodiments, and is not limited herein. For example, the data obtaining unit 41 may be configured to obtain data such as page operation data, slider operation data, and sample data in the foregoing steps. For details, refer to the implementation manners provided in the foregoing steps, and details are not described herein again. The output unit 42 may be used to implement the implementation methods such as the output of the slider verification code and the output of the user authentication result based on the slider verification code. For details, refer to the implementation methods provided in the foregoing steps, and details are not described herein again. . The above-mentioned user behavior recognition unit 43 may be configured to perform an implementation manner such as determining a user behavior category based on a user behavior recognition model in the foregoing steps. For details, refer to the implementation manners provided in the foregoing steps, and details are not described herein again. The above-mentioned authentication response unit 44 may be configured to execute a related implementation manner of performing a user authentication response based on a determination result output by a user behavior recognition model in the foregoing embodiments. For details, refer to the implementation manners provided in the foregoing steps, and details are not described herein.
在本申请实施例中,用户认证装置可通过目标业务的用户群数据库或者基于大数据分析获取得到的样本数据作为用于滑块验证码验证的用户行为识别模型训练的样本数据,通 过模糊聚类分析算法构建用户行为识别模型。基于滑块验证码验证的用户行为识别模型,可对基于目标滑块验证码验证的用户认证所采集到的页面操作数据和/或滑块操作数据进行用户行为类别的判定,进而可基于用户行为识别模型识别得到的用户行为类别响应目标业务的用户认证。若基于用户行为类别确定完成目标业务的用户认证则可启动目标业务,否则断开目标业务的用户认证,操作简单,可提高滑块验证码验证的安全性,可有效防止滑块验证码验证的网络攻击,提高网络的安全性。可选的,基于用户行为识别模型检测得到机器用户的用户行为时,还可将基于机器用户的用户信息上报目标业务的业务管理员或者网络工程师等网络管理员进而可保证滑块验证码的验证所请求的目标业务的安全性,适用性更高。In the embodiment of the present application, the user authentication device may use the user group database of the target service or the sample data obtained based on big data analysis as the sample data trained by the user behavior recognition model for slider verification code verification, and then use fuzzy clustering. Analyze algorithms to build a user behavior recognition model. User behavior recognition model based on slider verification code verification, which can determine the user behavior category on the page operation data and / or slider operation data collected by the user authentication based on the target slider verification code verification, and then based on the user behavior The user behavior category identified by the recognition model responds to the user authentication of the target service. If the user authentication of the target service is completed based on the user behavior category, the target service can be started; otherwise, the user authentication of the target service is disconnected, the operation is simple, the security of the slider verification code verification can be improved, and the slider verification code verification can be effectively prevented. Network attacks to improve network security. Optionally, when the user behavior of the machine user is detected based on the user behavior recognition model, a network administrator such as a service administrator or a network engineer who reports the user information based on the machine user to the target service can further ensure the verification of the slider verification code. The requested target service is more secure and applicable.
参见图5,图5是本申请实施例提供的终端设备的结构示意图。如图5所示,本实施例中的终端设备可以包括:一个或多个处理器501和存储器502。上述处理器501和存储器502通过总线503连接。存储器502用于存储计算机程序,该计算机程序包括程序指令,处理器501用于执行存储器502存储的程序指令,执行如下操作:Referring to FIG. 5, FIG. 5 is a schematic structural diagram of a terminal device according to an embodiment of the present application. As shown in FIG. 5, the terminal device in this embodiment may include one or more processors 501 and a memory 502. The processor 501 and the memory 502 are connected via a bus 503. The memory 502 is configured to store a computer program. The computer program includes program instructions. The processor 501 is configured to execute the program instructions stored in the memory 502, and perform the following operations:
获取启动目标业务的第一页面操作数据,根据上述第一页面操作数据输出目标滑块验证码至启动上述目标业务的用户界面;Obtaining the first page operation data for starting the target service, and outputting the target slider verification code to the user interface for starting the target service according to the first page operation data;
从上述用户界面上获取基于上述目标滑块验证码进行启动上述目标业务的用户认证的第一滑块操作数据;Obtaining, from the user interface, first slider operation data for performing user authentication for starting the target service based on the target slider verification code;
基于滑块验证码验证的用户行为识别模型,确定出上述第一页面操作数据和上述第一滑块操作数据对应的滑块验证码验证的用户行为类别,上述用户行为识别模型由滑块验证码验证的样本数据训练得到,上述样本数据中至少包括第一类别用户对应的第一用户行为样本数据和第二类别用户对应的第二用户行为样本数据,任一用户行为样本数据中均包括页面操作数据和/或滑块操作数据;Based on the user behavior recognition model verified by the slider verification code, the user behavior category verified by the slider verification code corresponding to the first page operation data and the first slider operation data is determined, and the user behavior recognition model is determined by the slider verification code. The verified sample data is obtained through training. The above sample data includes at least first user behavior sample data corresponding to the first category of users and second user behavior sample data corresponding to the second category of users, and any user behavior sample data includes page operations. Data and / or slider operation data;
根据上述用户行为类别完成上述目标业务的用户认证并启动上述目标业务,或者根据上述用户行为类别断开上述目标业务的用户认证。Complete user authentication of the target service and start the target service according to the user behavior category, or disconnect user authentication of the target service according to the user behavior category.
在一些可行的实施方式中,上述处理器501还用于:In some feasible implementation manners, the foregoing processor 501 is further configured to:
获取至少两种类别用户的样本数据,上述样本数据用于滑块验证码验证的用户行为识别模型训练,上述样本数据中至少包括上述第一用户行为样本数据和上述第二用户行为样本数据;Obtaining sample data of at least two types of users, where the sample data is used for user behavior recognition model training for slider verification code verification, and the sample data includes at least the first user behavior sample data and the second user behavior sample data;
将上述样本数据作为滑块验证码验证的用户行为识别模型的输入,通过所述用户行为识别模型对所述样本数据进行学习以获取识别任一页面操作数据和/或滑块操作数据对应的用户行为类别的能力。The above sample data is used as an input of a user behavior recognition model verified by a slider verification code, and the sample data is learned through the user behavior recognition model to obtain and identify a user corresponding to any page operation data and / or slider operation data. Capabilities of behavior categories.
在一些可行的实施方式中,上述处理器501用于:In some feasible implementation manners, the foregoing processor 501 is configured to:
通过上述用户行为识别模型,基于训练无监督的模糊聚类分析算法对上述样本数据中包括的至少两种类别用户中各类别用户对应的页面操作数据和/或滑块操作数据进行学习,以获取识别任一类别用户对应的页面操作数据和/或滑块操作数据对应的用户行为类别的能力。Through the above-mentioned user behavior recognition model, based on the training unsupervised fuzzy clustering analysis algorithm, the page operation data and / or slider operation data corresponding to each category of users in at least two categories of users included in the sample data are learned to obtain Ability to identify user behavior categories corresponding to page operation data and / or slider operation data corresponding to any category of users.
在一些可行的实施方式中,上述处理器501用于:In some feasible implementation manners, the foregoing processor 501 is configured to:
从上述目标业务的用户群数据库中获取至少两种类别用户的样本数据;Obtaining sample data of at least two types of users from the user group database of the target service;
其中,上述样本数据中包括上述用户群包括的至少两种类别用户中各类别用户启动上述目标业务时的页面操作数据,和/或用户认证的滑块操作数据。The sample data includes page operation data when each category of users in at least two types of users included in the user group starts the target service, and / or slider operation data of user authentication.
在一些可行的实施方式中,上述处理器501用于:In some feasible implementation manners, the foregoing processor 501 is configured to:
基于大数据分析从其他业务的用户群数据库中获取至少两种类别用户的样本数据,上述其他业务为与所述目标业务为相同类型业务且用户认证方式为滑块验证码验证的一个或者多个业务;Based on big data analysis, sample data of at least two types of users are obtained from the user group database of other services. The other services are one or more of the same type of services as the target service and the user authentication method is slider verification code verification. business;
其中,上述样本数据中包括上述其他业务的用户群包括的至少两种类别用户中各类别用户启动上述其他业务时的页面操作数据,和/或用户认证的滑块操作数据。The above sample data includes page operation data when at least two types of users included in the user group of the other services and each category of users start the other services, and / or slider operation data of user authentication.
在一些可行的实施方式中,上述第一类别用户包括人类用户,上述第二类别用户包括机器用户;上述处理器501用于:In some feasible implementation manners, the first category of users includes human users, the second category of users includes machine users, and the processor 501 is configured to:
当上述目标滑块验证码的验证正确且上述用户行为类别为人类用户时,完成上述目标业务的用户认证并且进入所述目标业务的业务办理界面;When the verification of the target slider verification code is correct and the user behavior category is a human user, complete user authentication of the target service and enter a service processing interface of the target service;
当上述目标滑块验证码的验证正确且上述用户行为类别为机器用户时,关闭上述目标业务的用户认证界面以断开所述目标业务的用户认证,并将上述机器用户的用户信息上报上述目标业务对应的网络管理员。When the verification of the target slider verification code is correct and the user behavior category is a machine user, close the user authentication interface of the target service to disconnect the user authentication of the target service, and report the user information of the machine user to the target Network administrator for business.
在一些可行的实施方式中,上述第一页面操作数据和/或上述样本数据中任一页面操作数据中所包含的数据类型包括:页面上的用户操作位置、页面上的用户操作时长以及页面上的用户操作轨迹中的一种或者多种;In some feasible implementation manners, the types of data included in the first page operation data and / or any of the page operation data in the sample data include: user operation position on the page, user operation time on the page, and One or more of the user's operation trajectories;
在一些可行的实施方式中,上述第一滑块操作数据和/或上述样本数据中任一滑块操作数据中所包含的数据类型包括:滑块验证码上的用户操作位置、滑块验证码的用户操作时长、滑块验证码的滑动参数中的一种或者多种,其中,所述滑动参数包括滑动轨迹、滑块速度、滑动时长、滑动范围、滑动的横纵坐标比,以及滑动的加速度中一种或者多种。In some feasible implementation manners, the data types included in the first slider operation data and / or any of the slider operation data in the sample data include: a user operation position on a slider verification code, and a slider verification code. One or more of the user operation duration and the sliding parameter of the slider verification code, wherein the sliding parameters include a sliding trajectory, a slider speed, a sliding duration, a sliding range, an aspect ratio of the sliding, and a sliding One or more of the accelerations.
在一些可行的实施方式中,上述处理器501可以是中央处理单元(central processing unit,CPU),该处理器还可以是其他通用处理器、数字信号处理器(digital signal processor,DSP)、专用集成电路(application specific integrated circuit,ASIC)、现成可编程门阵列(field-programmable gate array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。In some feasible implementation manners, the processor 501 may be a central processing unit (CPU), and the processor may also be another general-purpose processor, a digital signal processor (DSP), or a special-purpose integration. Circuit (application specific integrated circuit, ASIC), ready-made programmable gate array (field-programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
该存储器502可以包括只读存储器和随机存取存储器,并向处理器501提供指令和数据。存储器502的一部分还可以包括非易失性随机存取存储器。例如,存储器502还可以存储设备类型的信息。The memory 502 may include a read-only memory and a random access memory, and provide instructions and data to the processor 501. A part of the memory 502 may further include a non-volatile random access memory. For example, the memory 502 may also store information of a device type.
具体实现中,上述终端设备可通过其内置的各个功能模块执行如上述图1至图3中各个步骤所提供的实现方式,具体可参见上述各个步骤所提供的实现方式,在此不再赘述。In specific implementation, the terminal device can implement the implementation manners provided by the steps in FIG. 1 to FIG. 3 through the built-in functional modules. For details, refer to the implementation manners provided in the foregoing steps, and details are not described herein again.
在本申请实施例中,终端设备可通过目标业务的用户群数据库或者基于大数据分析获取得到的样本数据作为用于滑块验证码验证的用户行为识别模型训练的样本数据,通过模糊聚类分析算法构建用户行为识别模型。基于滑块验证码验证的用户行为识别模型,可对基于目标滑块验证码验证的用户认证所采集到的页面操作数据和/或滑块操作数据进行用户行为类别的判定,进而可基于用户行为识别模型识别得到的用户行为类别响应目标业务 的用户认证。若基于用户行为类别确定完成目标业务的用户认证则可启动目标业务,否则断开目标业务的用户认证,操作简单,可提高滑块验证码验证的安全性,可有效防止滑块验证码验证的网络攻击,提高网络的安全性。可选的,基于用户行为识别模型检测得到机器用户的用户行为时,还可将基于机器用户的用户信息上报目标业务的业务管理员或者网络工程师等网络管理员进而可保证滑块验证码的验证所请求的目标业务的安全性,适用性更高。In the embodiment of the present application, the terminal device may use the user group database of the target service or the sample data obtained based on the big data analysis as the sample data trained by the user behavior recognition model used for the verification of the slider verification code, and perform fuzzy cluster analysis. The algorithm builds a user behavior recognition model. User behavior recognition model based on slider verification code verification, which can determine the user behavior category on the page operation data and / or slider operation data collected by the user authentication based on the target slider verification code verification, and then based on the user behavior The user behavior category identified by the recognition model responds to the user authentication of the target service. If the user authentication of the target service is completed based on the user behavior category, the target service can be started; otherwise, the user authentication of the target service is disconnected, the operation is simple, the security of the slider verification code verification can be improved, and the slider verification code verification can be effectively prevented. Network attacks to improve network security. Optionally, when the user behavior of the machine user is detected based on the user behavior recognition model, a network administrator such as a service administrator or a network engineer who reports the user information based on the machine user to the target service can further ensure the verification of the slider verification code. The requested target service is more secure and applicable.
本申请实施例还提供一种计算机可读存储介质,该计算机可读存储介质存储有计算机程序,该计算机程序包括程序指令,该程序指令被处理器执行时实现图1至图3中各个步骤所提供的基于滑块验证码的用户认证方法,具体可参见上述各个步骤所提供的实现方式,在此不再赘述。An embodiment of the present application further provides a computer-readable storage medium. The computer-readable storage medium stores a computer program. The computer program includes program instructions. When the program instructions are executed by a processor, each step in FIG. 1 to FIG. 3 is implemented. For the user authentication method based on the slider verification code, for details, refer to the implementation manners provided in the foregoing steps, and details are not described herein again.
上述计算机可读存储介质可以是前述任一实施例提供的基于滑块验证码的用户认证装置或者上述终端设备的内部存储单元,例如电子设备的硬盘或内存。该计算机可读存储介质也可以是该电子设备的外部存储设备,例如该电子设备上配备的插接式硬盘,智能存储卡(smart media card,SMC),安全数字(secure digital,SD)卡,闪存卡(flash card)等。进一步地,该计算机可读存储介质还可以既包括该电子设备的内部存储单元也包括外部存储设备。该计算机可读存储介质用于存储该计算机程序以及该电子设备所需的其他程序和数据。该计算机可读存储介质还可以用于暂时地存储已经输出或者将要输出的数据。The computer-readable storage medium may be a user authentication device based on a slider verification code provided in any of the foregoing embodiments or an internal storage unit of the terminal device, such as a hard disk or a memory of an electronic device. The computer-readable storage medium may also be an external storage device of the electronic device, such as a plug-in hard disk, a smart media card (SMC), a secure digital (SD) card, Flash card, etc. Further, the computer-readable storage medium may include both an internal storage unit and an external storage device of the electronic device. The computer-readable storage medium is used to store the computer program and other programs and data required by the electronic device. The computer-readable storage medium can also be used to temporarily store data that has been or will be output.
本申请的权利要求书和说明书及附图中的术语“第一”、“第二”、“第三”、“第四”等是用于区别不同对象,而不是用于描述特定顺序。此外,术语“包括”和“具有”以及它们任何变形,意图在于覆盖不排他的包含。在本文中提及“实施例”意味着,结合实施例描述的特定特征、结构或特性可以包含在本申请的至少一个实施例中。在本申请说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。本申请实施例提供的方法及相关装置是参照本申请实施例提供的方法流程图和/或结构示意图来描述的,具体可由计算机程序指令实现方法流程图和/或结构示意图的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。The terms "first", "second", "third", "fourth", etc. in the claims and the description of the present application and the drawings are used to distinguish different objects, rather than describing a specific order. Furthermore, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusion. Reference to "an embodiment" herein means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the present application. The term "and / or" used in this specification and the appended claims refers to and includes any combination of one or more of the associated listed items and all possible combinations. The method and related devices provided in the embodiments of the present application are described with reference to the method flowchart and / or the structural schematic diagram provided in the embodiments of the present application, and each process of the method flowchart and / or the structural schematic diagram can be implemented by computer program instructions and / or Or a combination of blocks and processes and / or blocks in the flowcharts and / or block diagrams.

Claims (20)

  1. 一种基于滑块验证码的用户认证方法,其特征在于,所述方法包括:A user authentication method based on a slider verification code, wherein the method includes:
    获取启动目标业务的第一页面操作数据,根据所述第一页面操作数据输出目标滑块验证码至启动所述目标业务的用户界面;Acquiring first page operation data for starting a target service, and outputting a target slider verification code to a user interface for starting the target service according to the first page operation data;
    从所述用户界面上获取基于所述目标滑块验证码进行启动所述目标业务的用户认证的第一滑块操作数据;Obtaining, from the user interface, first slider operation data for user authentication to start the target service based on the target slider verification code;
    基于滑块验证码验证的用户行为识别模型,确定出所述第一页面操作数据和所述第一滑块操作数据对应的滑块验证码验证的用户行为类别,所述用户行为识别模型由滑块验证码验证的样本数据训练得到,所述样本数据中至少包括第一类别用户对应的第一用户行为样本数据和第二类别用户对应的第二用户行为样本数据,任一用户行为样本数据中均包括页面操作数据和/或滑块操作数据;Based on the user behavior recognition model verified by the slider verification code, a user behavior category verified by the slider verification code corresponding to the first page operation data and the first slider operation data is determined. The sample data verified by the block verification code is obtained through training. The sample data includes at least first user behavior sample data corresponding to the first category of users and second user behavior sample data corresponding to the second category of users. Both include page operation data and / or slider operation data;
    根据所述用户行为类别完成所述目标业务的用户认证并启动所述目标业务,或者根据所述用户行为类别断开所述目标业务的用户认证。Complete user authentication of the target service according to the user behavior category and start the target service, or disconnect user authentication of the target service according to the user behavior category.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, further comprising:
    获取至少两种类别用户的样本数据,所述样本数据用于滑块验证码验证的用户行为识别模型训练,所述样本数据中至少包括所述第一用户行为样本数据和所述第二用户行为样本数据;Obtain sample data of at least two types of users, the sample data is used for training of a user behavior recognition model verified by a slider verification code, and the sample data includes at least the first user behavior sample data and the second user behavior sample;
    将所述样本数据作为滑块验证码验证的用户行为识别模型的输入,通过所述用户行为识别模型对所述样本数据进行学习以获取识别任一页面操作数据和/或滑块操作数据对应的用户行为类别的能力。And using the sample data as an input of a user behavior recognition model verified by a slider verification code, and learning the sample data through the user behavior recognition model to obtain identification corresponding to any page operation data and / or slider operation data. The ability of user behavior categories.
  3. 根据权利要求2所述的方法,其特征在于,所述通过所述用户行为识别模型对所述样本数据进行学习包括:The method according to claim 2, wherein the learning the sample data by the user behavior recognition model comprises:
    通过所述用户行为识别模型,基于训练无监督的模糊聚类分析算法对所述样本数据中包括的至少两种类别用户中各类别用户对应的页面操作数据和/或滑块操作数据进行学习,以获取识别任一页面操作数据和/或滑块操作数据对应的用户行为类别的能力。Learning the page operation data and / or slider operation data corresponding to each category of users in at least two categories of users included in the sample data through the user behavior recognition model based on the training unsupervised fuzzy cluster analysis algorithm, To obtain the ability to identify user behavior categories corresponding to any page operation data and / or slider operation data.
  4. 根据权利要求2或3所述的方法,其特征在于,所述获取至少两种类别用户的样本数据包括:The method according to claim 2 or 3, wherein the acquiring sample data of at least two types of users comprises:
    从所述目标业务的用户群数据库中获取至少两种类别用户的样本数据;Obtaining sample data of at least two types of users from a user group database of the target service;
    其中,所述样本数据中包括所述用户群数据库包括的至少两种类别用户中各类别用户启动所述目标业务时的页面操作数据,和/或用户认证的滑块操作数据。Wherein, the sample data includes page operation data when at least two types of users included in the user group database when each category user starts the target service, and / or slider operation data for user authentication.
  5. 根据权利要求2或3所述的方法,其特征在于,所述获取至少两种类别用户的样本数据包括:The method according to claim 2 or 3, wherein the acquiring sample data of at least two types of users comprises:
    基于大数据分析从其他业务的用户群数据库中获取至少两种类别用户的样本数据,所述其他业务为与所述目标业务为相同类型业务且用户认证方式为滑块验证码验证的一个或者多个业务;Based on big data analysis, sample data of at least two types of users are obtained from a user group database of other services, the other services being one or more of the same type of services as the target service, and the user authentication method is slider verification code verification Business
    其中,所述样本数据中包括所述其他业务的用户群数据库包括的至少两种类别用户中各类别用户启动所述其他业务时的页面操作数据,和/或用户认证的滑块操作数据。Wherein, the sample data includes at least two types of users included in the user group database of the other services, page operation data when each category user starts the other service, and / or slider operation data for user authentication.
  6. 根据权利要求1-5中任一项所述的方法,其特征在于,所述第一类别用户包括人类 用户,所述第二类别用户包括机器用户;The method according to any one of claims 1-5, wherein the first category of users includes human users, and the second category of users includes machine users;
    所述根据所述用户行为类别完成所述目标业务的用户认证并启动所述目标业务,或者根据所述用户行为类别断开所述目标业务的用户认证包括:The user authentication for completing the target service according to the user behavior category and starting the target service, or disconnecting the user authentication for the target service according to the user behavior category includes:
    当所述目标滑块验证码的验证正确且所述用户行为类别为人类用户时,完成所述目标业务的用户认证并且进入所述目标业务的业务办理界面;When the verification of the target slider verification code is correct and the user behavior category is a human user, complete user authentication of the target service and enter a service management interface of the target service;
    当所述目标滑块验证码的验证正确且所述用户行为类别为机器用户时,关闭所述目标业务的用户认证界面以断开所述目标业务的用户认证,并将所述机器用户的用户信息上报所述目标业务对应的网络管理员。When the verification of the target slider verification code is correct and the user behavior category is a machine user, closing the user authentication interface of the target service to disconnect the user authentication of the target service, and the user of the machine user The information is reported to the network administrator corresponding to the target service.
  7. 根据权利要求1-6中任一项所述的方法,其特征在于,所述第一页面操作数据和/或所述样本数据中任一页面操作数据中所包含的数据类型包括:页面上的用户操作位置、页面上的用户操作时长以及页面上的用户操作轨迹中的一种或者多种;The method according to any one of claims 1-6, wherein a data type included in the first page operation data and / or any page operation data in the sample data includes: One or more of a user operation position, a user operation time on the page, and a user operation track on the page;
    所述第一滑块操作数据和/或所述样本数据中任一滑块操作数据中所包含的数据类型包括:滑块验证码上的用户操作位置、滑块验证码的用户操作时长、滑块验证码的滑动参数中的一种或者多种,其中,所述滑动参数包括滑动轨迹、滑块速度、滑动时长、滑动范围、滑动的横纵坐标比,以及滑动的加速度中一种或者多种。The types of data included in the first slider operation data and / or any of the slider operation data in the sample data include: a user operation position on a slider verification code, a user operation duration of the slider verification code, One or more of the sliding parameters of the block verification code, wherein the sliding parameters include one or more of a sliding trajectory, a slider speed, a sliding duration, a sliding range, an aspect ratio of sliding, and an acceleration of sliding Species.
  8. 一种基于滑块验证码的用户认证装置,其特征在于,所述装置包括:A user authentication device based on a slider verification code, wherein the device includes:
    数据获取单元,用于获取启动目标业务的第一页面操作数据;A data acquisition unit, configured to acquire first page operation data of a target business;
    输出单元,用于根据所述数据获取单元获取的所述第一页面操作数据输出目标滑块验证码至启动所述目标业务的用户界面;An output unit, configured to output a target slider verification code to a user interface that starts the target service according to the first page operation data obtained by the data obtaining unit;
    所述数据获取单元,还用于从所述用户界面上获取基于所述输出单元输出的所述目标滑块验证码进行启动所述目标业务的用户认证的第一滑块操作数据;The data obtaining unit is further configured to obtain, from the user interface, first slider operation data for performing user authentication for starting the target service based on the target slider verification code output by the output unit;
    用户行为识别单元,用于基于滑块验证码验证的用户行为识别模型,确定出所述数据获取单元获取的所述第一页面操作数据和所述第一滑块操作数据对应的滑块验证码验证的用户行为类别,所述用户行为识别模型由滑块验证码验证的样本数据训练得到,所述样本数据中至少包括第一类别用户对应的第一用户行为样本数据和第二类别用户对应的第二用户行为样本数据,任一用户行为样本数据中均包括页面操作数据和/或滑块操作数据;A user behavior recognition unit configured to determine a user behavior recognition model based on a slider verification code to determine the first page operation data and the slider verification code corresponding to the first slider operation data obtained by the data acquisition unit. Verified user behavior category, the user behavior recognition model is trained from sample data verified by a slider verification code, the sample data includes at least first user behavior sample data corresponding to the first category of users and second user category corresponding Second user behavior sample data, and any user behavior sample data includes page operation data and / or slider operation data;
    认证响应单元,用于根据所述用户行为识别单元识别的所述用户行为类别完成所述目标业务的用户认证并启动所述目标业务,或者根据所述用户行为类别断开所述目标业务的用户认证。An authentication response unit, configured to complete user authentication of the target service and start the target service according to the user behavior category identified by the user behavior identification unit, or disconnect a user of the target service according to the user behavior category Certified.
  9. 根据权利要求8所述的装置,其特征在于,所述数据获取单元还用于:The apparatus according to claim 8, wherein the data acquisition unit is further configured to:
    获取至少两种类别用户的样本数据,所述样本数据用于滑块验证码验证的用户行为识别模型训练,所述样本数据中至少包括所述第一用户行为样本数据和所述第二用户行为样本数据;Obtain sample data of at least two types of users, the sample data is used for training of a user behavior recognition model verified by a slider verification code, and the sample data includes at least the first user behavior sample data and the second user behavior sample;
    所述用户行为识别单元,用于:The user behavior recognition unit is configured to:
    将所述数据获取单元获取的样本数据作为滑块验证码验证的用户行为识别模型的输入,通过所述用户行为识别模型对所述样本数据进行学习以获取识别任一页面操作数据和/或滑块操作数据对应的用户行为类别的能力。Using the sample data obtained by the data acquisition unit as an input of a user behavior recognition model verified by a slider verification code, and learning the sample data through the user behavior recognition model to obtain identification of any page operation data and / or slides The ability to block user action categories corresponding to data.
  10. 根据权利要求9所述的装置,其特征在于,所述用户行为识别单元用于:The device according to claim 9, wherein the user behavior recognition unit is configured to:
    通过所述用户行为识别模型,基于训练无监督的模糊聚类分析算法对所述数据获取单元获取的样本数据中包括的至少两种类别用户中各类别用户对应的页面操作数据和/或滑块操作数据进行学习,以获取识别任一类别用户对应的页面操作数据和/或滑块操作数据对应的用户行为类别的能力。Based on the user behavior recognition model, based on the training unsupervised fuzzy cluster analysis algorithm, the page operation data and / or slider corresponding to each category of users in at least two categories of users included in the sample data obtained by the data acquisition unit The operation data is learned to obtain the ability to identify the page operation data and / or the slider operation data corresponding to the user behavior category corresponding to any category of users.
  11. 根据权利要求9或10所述的装置,其特征在于,所述数据获取单元用于:The device according to claim 9 or 10, wherein the data acquisition unit is configured to:
    从所述目标业务的用户群数据库中获取至少两种类别用户的样本数据;Obtaining sample data of at least two types of users from a user group database of the target service;
    其中,所述样本数据中包括所述用户群数据库包括的至少两种类别用户中各类别用户启动所述目标业务时的页面操作数据,和/或用户认证的滑块操作数据。Wherein, the sample data includes page operation data when at least two types of users included in the user group database when each category user starts the target service, and / or slider operation data for user authentication.
  12. 根据权利要求9或10所述的装置,其特征在于,所述数据获取单元用于:The device according to claim 9 or 10, wherein the data acquisition unit is configured to:
    基于大数据分析从其他业务的用户群数据库中获取至少两种类别用户的样本数据,所述其他业务为与所述目标业务为相同类型业务且用户认证方式为滑块验证码验证的一个或者多个业务;Based on big data analysis, sample data of at least two types of users are obtained from a user group database of other services, the other services being one or more of the same type of services as the target service, and the user authentication method is slider verification code verification Business
    其中,所述样本数据中包括所述其他业务的用户群数据库包括的至少两种类别用户中各类别用户启动所述其他业务时的页面操作数据,和/或用户认证的滑块操作数据。Wherein, the sample data includes at least two types of users included in the user group database of the other services, page operation data when each category user starts the other service, and / or slider operation data for user authentication.
  13. 根据权利要求8-12任一项所述的装置,其特征在于,所述第一类别用户包括人类用户,所述第二类别用户包括机器用户;The device according to any one of claims 8-12, wherein the first category of users includes human users, and the second category of users includes machine users;
    所述认证响应单元用于:The authentication response unit is configured to:
    当所述滑块验证码验证正确且所述用户行为识别单元识别得所述用户行为类别为人类用户时,完成所述目标业务的用户认证并且进入所述目标业务的业务办理界面;When the slider verification code is correct and the user behavior recognition unit recognizes that the user behavior category is a human user, completing user authentication of the target service and entering a service processing interface of the target service;
    当所述滑块验证码验证正确且所述用户行为识别单元识别得所述用户行为类别为机器用户时,关闭所述目标业务的用户认证界面以断开所述目标业务的用户认证,并将所述机器用户的用户信息上报所述目标业务对应的网络管理员。When the slider verification code is verified correctly and the user behavior recognition unit recognizes that the user behavior category is a machine user, closing the user authentication interface of the target service to disconnect the user authentication of the target service, and The user information of the machine user is reported to a network administrator corresponding to the target service.
  14. 一种终端设备,其特征在于,包括处理器和存储器,所述处理器和存储器相互连接,其中,所述存储器用于存储计算机程序,所述计算机程序包括程序指令,所述处理器被配置用于调用所述程序指令执行如下操作:A terminal device includes a processor and a memory, and the processor and the memory are connected to each other. The memory is used to store a computer program, the computer program includes program instructions, and the processor is configured to Invoking the program instructions performs the following operations:
    获取启动目标业务的第一页面操作数据,根据所述第一页面操作数据输出目标滑块验证码至启动所述目标业务的用户界面;Acquiring first page operation data for starting a target service, and outputting a target slider verification code to a user interface for starting the target service according to the first page operation data;
    从所述用户界面上获取基于所述目标滑块验证码进行启动所述目标业务的用户认证的第一滑块操作数据;Obtaining, from the user interface, first slider operation data for user authentication to start the target service based on the target slider verification code;
    基于滑块验证码验证的用户行为识别模型,确定出所述第一页面操作数据和所述第一滑块操作数据对应的滑块验证码验证的用户行为类别,所述用户行为识别模型由滑块验证码验证的样本数据训练得到,所述样本数据中至少包括第一类别用户对应的第一用户行为样本数据和第二类别用户对应的第二用户行为样本数据,任一用户行为样本数据中均包括页面操作数据和/或滑块操作数据;Based on the user behavior recognition model verified by the slider verification code, a user behavior category verified by the slider verification code corresponding to the first page operation data and the first slider operation data is determined. The sample data verified by the block verification code is obtained through training. The sample data includes at least first user behavior sample data corresponding to the first category of users and second user behavior sample data corresponding to the second category of users. Both include page operation data and / or slider operation data;
    根据所述用户行为类别完成所述目标业务的用户认证并启动所述目标业务,或者根据所述用户行为类别断开所述目标业务的用户认证。Complete user authentication of the target service according to the user behavior category and start the target service, or disconnect user authentication of the target service according to the user behavior category.
  15. 根据权利要求14所述的终端设备,其特征在于,所述处理器还用于:The terminal device according to claim 14, wherein the processor is further configured to:
    获取至少两种类别用户的样本数据,所述样本数据用于滑块验证码验证的用户行为识 别模型训练,所述样本数据中至少包括所述第一用户行为样本数据和所述第二用户行为样本数据;Obtain sample data of at least two types of users, the sample data is used for training of a user behavior recognition model verified by a slider verification code, and the sample data includes at least the first user behavior sample data and the second user behavior sample;
    将所述样本数据作为滑块验证码验证的用户行为识别模型的输入,通过所述用户行为识别模型对所述样本数据进行学习以获取识别任一页面操作数据和/或滑块操作数据对应的用户行为类别的能力。And using the sample data as an input of a user behavior recognition model verified by a slider verification code, and learning the sample data through the user behavior recognition model to obtain identification corresponding to any page operation data and / or slider operation data. The ability of user behavior categories.
  16. 根据权利要求15所述的终端设备,其特征在于,所述处理器用于:The terminal device according to claim 15, wherein the processor is configured to:
    通过所述用户行为识别模型,基于训练无监督的模糊聚类分析算法对所述样本数据中包括的至少两种类别用户中各类别用户对应的页面操作数据和/或滑块操作数据进行学习,以获取识别任一页面操作数据和/或滑块操作数据对应的用户行为类别的能力。Learning the page operation data and / or slider operation data corresponding to each category of users in at least two categories of users included in the sample data through the user behavior recognition model based on the training unsupervised fuzzy cluster analysis algorithm, To obtain the ability to identify user behavior categories corresponding to any page operation data and / or slider operation data.
  17. 根据权利要求15或16所述的终端设备,其特征在于,所述处理器用于:The terminal device according to claim 15 or 16, wherein the processor is configured to:
    从所述目标业务的用户群数据库中获取至少两种类别用户的样本数据;Obtaining sample data of at least two types of users from a user group database of the target service;
    其中,所述样本数据中包括所述用户群数据库包括的至少两种类别用户中各类别用户启动所述目标业务时的页面操作数据,和/或用户认证的滑块操作数据。Wherein, the sample data includes page operation data when at least two types of users included in the user group database when each category user starts the target service, and / or slider operation data for user authentication.
  18. 根据权利要求15或16所述的终端设备,其特征在于,所述处理器用于:The terminal device according to claim 15 or 16, wherein the processor is configured to:
    基于大数据分析从其他业务的用户群数据库中获取至少两种类别用户的样本数据,所述其他业务为与所述目标业务为相同类型业务且用户认证方式为滑块验证码验证的一个或者多个业务;Based on big data analysis, sample data of at least two types of users are obtained from a user group database of other services, the other services being one or more of the same type of services as the target service, and the user authentication method is slider verification code verification Business
    其中,所述样本数据中包括所述其他业务的用户群数据库包括的至少两种类别用户中各类别用户启动所述其他业务时的页面操作数据,和/或用户认证的滑块操作数据。Wherein, the sample data includes at least two types of users included in the user group database of the other service, page operation data when each category user starts the other service, and / or slider operation data for user authentication.
  19. 根据权利要求14-18任一项所述的终端设备,其特征在于,所述第一类别用户包括人类用户,所述第二类别用户包括机器用户;The terminal device according to any one of claims 14 to 18, wherein the first category of users includes human users, and the second category of users includes machine users;
    所述处理器用于:The processor is configured to:
    当所述目标滑块验证码的验证正确且所述用户行为类别为人类用户时,完成所述目标业务的用户认证并且进入所述目标业务的业务办理界面;When the verification of the target slider verification code is correct and the user behavior category is a human user, complete user authentication of the target service and enter a service management interface of the target service;
    当所述目标滑块验证码的验证正确且所述用户行为类别为机器用户时,关闭所述目标业务的用户认证界面以断开所述目标业务的用户认证,并将所述机器用户的用户信息上报所述目标业务对应的网络管理员。When the verification of the target slider verification code is correct and the user behavior category is a machine user, closing the user authentication interface of the target service to disconnect the user authentication of the target service, and the user of the machine user The information is reported to the network administrator corresponding to the target service.
  20. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行如权利要求1-7任一项所述的方法。A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program, the computer program includes program instructions, and when the program instructions are executed by a processor, the processor executes The method according to any one of 1-7 is required.
PCT/CN2018/107909 2018-08-03 2018-09-27 User authentication method and device based on slider verification code WO2020024414A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810882217.8A CN109271762B (en) 2018-08-03 2018-08-03 User authentication method and device based on slider verification code
CN201810882217.8 2018-08-03

Publications (1)

Publication Number Publication Date
WO2020024414A1 true WO2020024414A1 (en) 2020-02-06

Family

ID=65153088

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/107909 WO2020024414A1 (en) 2018-08-03 2018-09-27 User authentication method and device based on slider verification code

Country Status (2)

Country Link
CN (1) CN109271762B (en)
WO (1) WO2020024414A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109977651A (en) * 2019-03-14 2019-07-05 广州多益网络股份有限公司 Man-machine recognition methods, device and electronic equipment based on sliding trace
CN111695105B (en) * 2020-05-29 2022-08-09 北京字节跳动网络技术有限公司 Verification method and device and electronic equipment
CN111695107B (en) * 2020-05-29 2022-07-26 北京字节跳动网络技术有限公司 Verification method and device and electronic equipment
CN111428231B (en) * 2020-06-12 2020-09-08 完美世界(北京)软件科技发展有限公司 Safety processing method, device and equipment based on user behaviors
CN111783063A (en) * 2020-06-12 2020-10-16 完美世界(北京)软件科技发展有限公司 Operation verification method and device
CN112199658B (en) * 2020-10-16 2024-04-09 咪咕文化科技有限公司 Verification method and system of verification code, client device and server device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107846412A (en) * 2017-11-28 2018-03-27 五八有限公司 Identifying code request processing method, device and identifying code processing system
CN107911366A (en) * 2017-11-17 2018-04-13 天脉聚源(北京)科技有限公司 Auth method and device
CN108011868A (en) * 2017-11-09 2018-05-08 武汉极意网络科技有限公司 One kind slides verification method and mobile terminal
CN108229130A (en) * 2018-01-30 2018-06-29 中国银联股份有限公司 A kind of verification method and device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108243154B (en) * 2016-12-26 2019-12-13 腾讯科技(北京)有限公司 verification code data processing method and device
CN107153786A (en) * 2017-05-26 2017-09-12 北京奇点数聚科技有限公司 A kind of man-machine recognition methods, system and terminal device, readable storage medium storing program for executing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108011868A (en) * 2017-11-09 2018-05-08 武汉极意网络科技有限公司 One kind slides verification method and mobile terminal
CN107911366A (en) * 2017-11-17 2018-04-13 天脉聚源(北京)科技有限公司 Auth method and device
CN107846412A (en) * 2017-11-28 2018-03-27 五八有限公司 Identifying code request processing method, device and identifying code processing system
CN108229130A (en) * 2018-01-30 2018-06-29 中国银联股份有限公司 A kind of verification method and device

Also Published As

Publication number Publication date
CN109271762B (en) 2023-04-07
CN109271762A (en) 2019-01-25

Similar Documents

Publication Publication Date Title
WO2020024412A1 (en) User behavior recognition method and apparatus based on sliding block verification code verification
CN109241711B (en) User behavior identification method and device based on prediction model
WO2020024414A1 (en) User authentication method and device based on slider verification code
JP6847187B2 (en) Image-based CAPTCHA challenge
US10467394B2 (en) Pointing device biometrics for continuous user authentication
TWI689942B (en) Man-machine recognition method and device, and method and device for collecting behavior characteristic data
CN108334758B (en) Method, device and equipment for detecting user unauthorized behavior
US10063579B1 (en) Embedding the capability to track user interactions with an application and analyzing user behavior to detect and prevent fraud
WO2015025694A1 (en) Scoring device and method for scoring security threat
CN102710770A (en) Identification method for network access equipment and implementation system for identification method
CN109977651A (en) Man-machine recognition methods, device and electronic equipment based on sliding trace
CN109547426A (en) Service response method and server
CN110298662B (en) Automatic detection method and device for transaction repeated submission
CN107040535A (en) Mobile solution channel logs in monitoring method, device, system and storage medium
Deutschmann et al. Behavioral biometrics for DARPA's active authentication program
CN111209601A (en) Man-machine recognition system for anti-fraud
CN110309473A (en) Merge the anti-brush ticket method and device of identity and voting behavior monitoring
US20180329795A1 (en) User interaction logic classification
WO2016171923A1 (en) Method and system for identifying a human or machine
US11665185B2 (en) Method and apparatus to detect scripted network traffic
US20210209067A1 (en) Network activity identification and characterization based on characteristic active directory (ad) event segments
CN110533297B (en) Method and device for identifying abnormal equipment
CN114090931A (en) Information interception method, equipment, storage medium and device
CN112488143A (en) Network asset localization identification method, device, equipment and storage medium
CN115001802B (en) Account abnormal login detection method based on shared screen and related equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18928598

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11/05/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18928598

Country of ref document: EP

Kind code of ref document: A1