WO2021077825A1 - Security authentication method and related apparatus - Google Patents

Security authentication method and related apparatus Download PDF

Info

Publication number
WO2021077825A1
WO2021077825A1 PCT/CN2020/103594 CN2020103594W WO2021077825A1 WO 2021077825 A1 WO2021077825 A1 WO 2021077825A1 CN 2020103594 W CN2020103594 W CN 2020103594W WO 2021077825 A1 WO2021077825 A1 WO 2021077825A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal device
user behavior
anomaly detection
cloud server
user
Prior art date
Application number
PCT/CN2020/103594
Other languages
French (fr)
Chinese (zh)
Inventor
刘磊
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021077825A1 publication Critical patent/WO2021077825A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • This document relates to the field of security technology, in particular to a security authentication method and related devices.
  • the purpose of the embodiments of this specification is to provide a safety authentication method and related devices, which can realize safety authentication more reliably and conveniently.
  • a security authentication method including: a terminal device collects a user behavior characteristic sequence; the terminal device sends the user behavior characteristic sequence to a cloud server; the cloud server responds to the user behavior based on an anomaly detection model Feature sequence for anomaly detection, wherein the anomaly detection model is trained based on the user’s historical user behavior feature sequence in at least one terminal device; the cloud server sends the anomaly detection result of the anomaly detection model to the Terminal equipment; The terminal equipment executes a safety authentication process that matches the abnormality detection result.
  • a security authentication method which includes: a terminal device collects a user behavior characteristic sequence; the terminal device sends the user behavior characteristic sequence to a cloud server, so that the cloud server performs a check on the user based on an anomaly detection model.
  • the behavior feature sequence performs abnormality detection, and the abnormality detection result of the abnormality detection model is sent to the terminal device, wherein the abnormality detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device ;
  • the terminal device executes a safety authentication process that matches the abnormality detection result.
  • a security authentication method including: a cloud server obtains a user behavior characteristic sequence collected by a terminal device; the cloud server performs anomaly detection on the user behavior characteristic sequence based on an anomaly detection model, wherein the abnormality The detection model is trained based on the user’s historical user behavior feature sequence in at least one terminal device; the cloud server sends the abnormality detection result to the terminal device, so that the terminal device executes matching with the abnormality detection result Safety certification process.
  • a security authentication device including:
  • Sequence collection module based on terminal equipment to collect user behavior characteristic sequences
  • a first sending module which sends the user behavior characteristic sequence to a cloud server based on the terminal device
  • An anomaly detection module which performs anomaly detection on the user behavior feature sequence based on the cloud server based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device;
  • a second sending module which sends the abnormality detection result of the abnormality detection model to the terminal device based on the cloud server;
  • the security authentication module executes a security authentication process matching the abnormal detection result based on the terminal device.
  • a terminal device including:
  • Collection module collect user behavior characteristic sequence
  • the sending module sends the user behavior characteristic sequence to the cloud server, so that the cloud server performs anomaly detection on the user behavior characteristic sequence based on the anomaly detection model, and sends the abnormality detection result of the anomaly detection model to the A terminal device, wherein the anomaly detection model is obtained by training based on the historical user behavior feature sequence of the user in at least one terminal device;
  • the execution module executes the safety authentication process matching the abnormal detection result.
  • a cloud server including:
  • the acquiring module acquires the user behavior characteristic sequence collected by the terminal device
  • An anomaly detection module which performs anomaly detection on the user behavior feature sequence based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device;
  • the sending module sends the abnormality detection result to the terminal device, so that the terminal device executes a safety authentication process matching the abnormality detection result.
  • an electronic device including: a memory, a processor, and a computer program stored on the memory and running on the processor, the computer program being executed by the processor: collection based on terminal equipment User behavior feature sequence; based on the terminal device, the user behavior feature sequence is sent to a cloud server; based on the cloud server, anomaly detection is performed on the user behavior feature sequence based on an anomaly detection model, wherein the anomaly detection model is Based on the user’s historical user behavior feature sequence training in at least one terminal device; based on the cloud server sending the abnormality detection result of the abnormality detection model to the terminal device; based on the terminal device execution and the abnormality detection result Matching safety certification process.
  • a computer-readable storage medium is provided, and a computer program is stored on the computer-readable storage medium.
  • the computer program is executed by a processor, the following steps are implemented: collecting a user behavior characteristic sequence based on a terminal device; The terminal device sends the user behavior characteristic sequence to a cloud server; and performs anomaly detection on the user behavior characteristic sequence based on the cloud server based on an anomaly detection model, wherein the anomaly detection model is based on the user's presence in at least one terminal
  • the device is obtained by training the historical user behavior feature sequence; based on the cloud server, the abnormality detection result of the abnormality detection model is sent to the terminal device; based on the terminal device, the security authentication process matching the abnormality detection result is executed.
  • the terminal device collects the user behavior characteristic sequence during the use of the user, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server trains the anomaly detection model.
  • the cloud server performs anomaly detection on the current user behavior feature sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the matching with the abnormality detection result Safety certification process. Since the entire scheme uses a dynamic security authentication method, the authentication information changes over time, and even if it is leaked, the risk generated is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • FIG. 1 is a schematic diagram of the first flow chart of the security authentication method provided by the embodiment of this specification.
  • FIG. 2 is a schematic diagram of the second flow of the security authentication method provided by the embodiment of this specification.
  • FIG. 3 is a schematic diagram of the third process of the security authentication method provided by the embodiment of this specification.
  • FIG. 4 is a schematic diagram of the fourth flow of the security authentication method provided by the embodiment of this specification.
  • FIG. 5 is a schematic diagram of the fifth flow of the security authentication method provided by the embodiment of this specification.
  • FIG. 6 is a schematic diagram of the structure of the security authentication device provided by the embodiment of this specification.
  • FIG. 7 is a schematic diagram of the structure of a terminal device provided by an embodiment of this specification.
  • FIG. 8 is a schematic diagram of the structure of the cloud server provided by the embodiment of this specification.
  • FIG. 9 is a schematic diagram of the structure of an electronic device provided by an embodiment of this specification.
  • current terminal devices mainly adopt static security authentication methods, such as fingerprint authentication, facial authentication, and password authentication.
  • static authentication information needs to be transmitted in computer memory and the network, so there is a risk of being intercepted by Trojan horse programs or monitoring devices.
  • this method also requires the user to cooperate with the operation. For example, fingerprint authentication requires the user to press the finger on the sensor, which is not convenient enough for the user, which affects the user experience.
  • the embodiments of this specification aim to provide a safer authentication method that is more user-friendly and more reliable.
  • Fig. 1 is a flowchart of a safety authentication method according to an embodiment of this specification. The method shown in Figure 1 can be executed by the following corresponding devices, including:
  • Step S102 The terminal device collects the user behavior characteristic sequence.
  • the terminal device can include, but is not limited to, common user personal devices such as PCs, mobile phones, PADs, smart bracelets, and smart glasses.
  • this type of terminal equipment generally has the function of collecting user behavior characteristic sequences.
  • the user behavior characteristic sequence can reflect the habit characteristics of the user using the terminal device.
  • the user behavior feature sequence may include, but is not limited to:
  • the user's dynamic motion trajectory sequence for example, the user's usual walking pace, stride length, etc., are recognized by the gravity sensor, gyroscope sensor, etc. of the terminal device.
  • the user's dynamic touch sequence such as the frequency and granularity of the user's touch on the screen of the terminal device, is recognized by the pressure sensor built into the terminal screen.
  • the user's dynamic application interaction sequence for example, the user's usage habits and preferences for the application, can be obtained from the system log of the terminal device.
  • Step S104 The terminal device sends the user behavior characteristic sequence to the cloud server.
  • the terminal device can send the user behavior characteristic sequence to the cloud server based on any network standard (4G, 5G and other mobile networks), which is not specifically limited in the embodiment of this specification.
  • the user can also specify a target terminal device responsible for interacting with the cloud server.
  • the terminal device may send the collected user behavior characteristic sequence to the target terminal device, and the target terminal device further forwards it to the cloud server.
  • Step S106 The cloud server performs anomaly detection on the user behavior feature sequence based on the anomaly detection model, and the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device.
  • the terminal device sends an auxiliary authentication request to the cloud server during the resource processing process of the user.
  • the cloud server obtains the user behavior characteristic sequence within a predetermined period of time when the auxiliary authentication request is received, and inputs the user behavior characteristic sequence to the anomaly detection model.
  • the predetermined time period described here should be close to the time when the cloud server receives the auxiliary authentication request. That is to say, after the cloud server receives the auxiliary authentication request, it will determine the appearance from the acquired user behavior characteristic sequence. User behavior characteristic sequence.
  • the predetermined time period may be the time after the cloud server receives the auxiliary authentication request, or it may be the time before the cloud server receives the auxiliary authentication request, which is not specifically limited in the embodiment of this specification.
  • the length of the predetermined time period can be flexibly set.
  • the time length of the predetermined time period is set according to the frequency with which user behavior characteristics are obtained from the terminal device.
  • the cloud server obtains the user behavior characteristic sequence from the terminal device every 24 hours
  • the time length corresponding to the predetermined time period may be 24 hours. That is, when receiving the auxiliary authentication request initiated by the target terminal device, the cloud server determines the user behavior characteristic acquired in the last day as the current user behavior characteristic.
  • the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device (the user can associate at least one terminal device to collect the user behavior feature sequence), and can compare the current user behavior feature sequence with the historical user behavior feature sequence , To determine whether an abnormality occurs. It should be noted that the implementation of the anomaly detection model is not unique, as long as it has a classification function, it can be applied to the solutions of the embodiments of this specification.
  • step S108 the cloud server sends the abnormality detection result to the terminal device.
  • the cloud server can directly send the abnormality detection result to the terminal device.
  • the cloud server may send the abnormality detection result to the target terminal device designated by the user, and the target terminal device further forwards the abnormality detection result to the aforementioned terminal device.
  • step S110 the terminal device executes a safety authentication process matching the abnormality detection result.
  • the terminal device determines that the safety authentication is passed. If the abnormality detection result indicates abnormality, the terminal device determines that the safety authentication has not passed.
  • the terminal device initiates in-depth identity authentication to the user, such as biometric authentication, password authentication, USBKey authentication, etc. If the user of the terminal device fails the identity authentication, it is determined that the security authentication has not passed, otherwise it is determined Safety certification passed.
  • the terminal device collects the user behavior characteristic sequence during the use of the user, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server detects the abnormality model Conduct training.
  • the cloud server performs anomaly detection on the current user behavior feature sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the matching with the abnormality detection result Safety certification process. Since the entire scheme uses a dynamic security authentication method, the authentication information changes over time, and even if it is leaked, the risk generated is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • the method of the embodiment of this specification aims to dynamically collect user behavior characteristic sequences through one or more terminal devices associated with the user, and based on the high-speed transmission capability of the network, analyze the user dynamic behavior in real time, and use artificial intelligence method to model and characterize User behavior attributes. If abnormal user behavior is found (inconsistent with the historically constructed user behavior attributes), a preset in-depth authentication process is initiated during the security authentication process.
  • the main process of the safety authentication method includes:
  • the terminal device periodically collects the user behavior characteristic sequence during the user's use according to the preset data synchronization rules, and sends the user behavior characteristic sequence to the cloud server.
  • the message sent by the terminal device of the user behavior characteristic sequence not only carries the user behavior characteristic sequence, but also includes the collection time corresponding to the user behavior characteristic sequence, so as to conveniently indicate that the cloud server can collect based on the user behavior characteristic sequence.
  • Time to determine the appearance user behavior feature sequence, that is, the user behavior feature sequence within the preset time period described above.
  • the cloud server After receiving the user behavior feature sequence, the cloud server adds the user behavior feature sequence as training data to the training data set, and when the training condition is triggered, trains the anomaly detection model based on the training data in the training data set.
  • the training condition trigger may include but is not limited to at least one of the following:
  • the cloud server may periodically use the training data in the training data set to train the anomaly detection model.
  • the training data set reaches a preset threshold relative to the incremental training data of the last training anomaly detection model. That is, when the cloud server accumulates a certain amount of new training data in the training data set, it uses the training data in the training data set to train the anomaly detection model.
  • the cloud server can iteratively update the abnormal model in real time to dynamically portray user behavior attributes, which is also the basis for realizing dynamic authentication.
  • the cloud server can use the user behavior feature sequence as the input of the anomaly detection model, and the user identification of the user as the output of the anomaly detection model to train the anomaly detection model.
  • the current user behavior feature sequence collected by the terminal device can be input into the anomaly detection model. If the anomaly detection model does not output the user identification used in the original training process, it means that there is an abnormality; otherwise, it means that there is no abnormality.
  • the cloud server may simultaneously use the user behavior feature sequence and the corresponding user identification as the input of the anomaly detection model, and use the specified anomaly detection result as the output of the anomaly detection model to train the anomaly detection model.
  • the current user behavior feature sequence collected by the terminal device and the corresponding user identification can be input into the anomaly detection model. If the anomaly detection model does not output the specified anomaly detection result used in the original training process, it means that there is an abnormality; otherwise, it means that there is no abnormality.
  • the above is the process of dynamic training of the anomaly detection model by the cloud server through the user behavior feature sequence uploaded by the terminal device.
  • the terminal device needs to initiate security verification for the user, it can send an auxiliary authentication request to the cloud server.
  • the cloud server After receiving the auxiliary authentication request, the cloud server determines the predetermined time period associated with the auxiliary authentication request time, and inputs the user behavior characteristic sequence obtained from the terminal device and belonging to the predetermined time period into the anomaly detection model, so that the anomaly detection model Perform anomaly detection on current user behavior characteristics.
  • the cloud server feeds back the anomaly detection result of the anomaly detection model to the terminal device.
  • the abnormality detection result indicates abnormality, it means that the current user behavior of the terminal device does not match the historical user behavior attributes portrayed by the model, and may not be a legitimate user. At this time, the terminal device can determine that the security authentication has failed, or further initiate in-depth identity authentication. If the abnormality detection result indicates that there is no abnormality, the terminal device determines that the safety authentication is passed.
  • the terminal device will perform security verification on the user when the user performs screen unlocking.
  • the corresponding method flow includes:
  • the terminal device collects the strength distribution characteristics of the user's handheld terminal device (that is, the user behavior characteristic sequence described above), and sends the strength distribution characteristics to the cloud server.
  • the cloud server uses historically acquired strength distribution characteristics of the user's handheld terminal device as training data to train the anomaly detection model so that the anomaly detection model portrays the habitual attributes of the user's handheld terminal device.
  • the terminal device collects the strength distribution characteristics of the handheld terminal device during the user's current unlocking process, and sends the strength distribution characteristics of the handheld terminal device during the user's current unlocking process to the cloud server through an auxiliary authentication request.
  • the cloud server inputs the strength distribution characteristics of the handheld terminal device during the user's current unlocking process carried in the auxiliary authentication request to the anomaly detection model to perform anomaly detection on the strength distribution characteristics of the handheld terminal device during the user's current unlocking process.
  • the cloud server feeds back the abnormality detection result to the terminal device, and the terminal device initiates an appropriate security authentication process based on the abnormality detection result. For example, when the abnormality detection result indicates an abnormality, the terminal device initiates in-depth identity authentication, such as gesture unlock authentication, fingerprint unlock authentication, password unlock authentication, and so on. If the abnormality detection result indicates that there is no abnormality, the terminal device sends a judgment that the security authentication is passed and directly unlocks the screen.
  • in-depth identity authentication such as gesture unlock authentication, fingerprint unlock authentication, password unlock authentication, and so on.
  • the cloud server determines that the legitimate user does not need to perform any specific operations, and can quickly unlock the terminal device, thereby obtaining a better user experience.
  • the cloud server determines an illegal user, it is necessary to unlock the screen of the terminal device based on conventional unlock authentication. This process does not need to introduce additional user operations and will not affect the user experience.
  • the payment application controls the terminal device to initiate security verification.
  • the corresponding method flow includes:
  • the terminal device periodically collects the user behavior characteristic sequence in the resource processing process when the user uses the payment application, and sends the user behavior characteristic sequence to the cloud server.
  • the user behavior characteristic sequence may include, but is not limited to, characteristics such as the intensity distribution of the keyboard stroke, the mouse click behavior, and the mouse click law.
  • the user behavior feature sequence can include, but is not limited to: the intensity distribution of the user’s fingertip interaction with the mobile device, the click behavior pattern and other characteristics, and can also further include: mobile device sensors (gravity sensors, angular velocity Sensors, temperature sensors) some basic features collected.
  • the cloud server uses the user behavior feature sequence in the resource processing process as training data to train the anomaly detection model when the user uses the payment application obtained in the history, so that the anomaly detection model describes the user's habit of using the payment application for resource processing .
  • the payment application controls the terminal device and initiates an auxiliary authentication request to its cloud server.
  • the cloud server After receiving the auxiliary authentication request, the cloud server determines the predetermined time period associated with the auxiliary authentication request time, and uses the user behavior characteristic sequence belonging to the predetermined time period as the current user behavior characteristic sequence. After that, the cloud server inputs the current user behavior feature sequence into the anomaly detection model to perform anomaly detection on the user.
  • the cloud server feeds back the abnormality detection result to the terminal device. If the abnormality detection result indicates an abnormality, the payment application initiates the deep identity authentication configured by the terminal device, such as fingerprint authentication and password authentication. If the abnormality detection result indicates that there is no abnormality, the payment application determines that the security authentication is passed and the user is allowed to perform resource processing operations.
  • Fig. 4 is a schematic flowchart of the security verification method on the terminal device side of the embodiment of this specification, including:
  • Step S402 the terminal device collects the user behavior characteristic sequence.
  • step S404 the terminal device sends the user behavior characteristic sequence to the cloud server, so that the cloud server performs anomaly detection on the user behavior characteristic sequence based on the anomaly detection model, and sends the anomaly detection result of the anomaly detection model to the terminal device.
  • the anomaly detection model is based on Obtained by the user's historical user behavior feature sequence training in at least one terminal device.
  • step S406 the terminal device executes a safety authentication process matching the abnormality detection result.
  • the terminal device collects the user behavior characteristic sequence during the user's use, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server trains the anomaly detection model.
  • the terminal device requests the cloud server to perform anomaly detection on the current user behavior characteristic sequence based on the anomaly detection model, and feeds back the anomaly detection result to the terminal device, and the terminal device performs security matching the anomaly detection result Certification process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • FIG. 5 is a schematic flow diagram of the security verification method on the cloud server side of the embodiment of this specification, including:
  • Step S502 The cloud server obtains the user behavior characteristic sequence collected by the terminal device.
  • Step S504 The cloud server performs anomaly detection on the user behavior feature sequence based on the anomaly detection model.
  • the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device.
  • step S506 the cloud server sends the abnormality detection result to the terminal device, so that the terminal device executes a security authentication process matching the abnormality detection result.
  • the cloud server uses the user behavior feature sequence collected by the terminal device during the use of the user to train the anomaly detection model, so that the anomaly detection model characterizes the user's user behavior attributes.
  • the cloud server performs abnormality detection on the current user behavior characteristic sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the security authentication that matches the abnormality detection result Process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • Fig. 6 is a safety authentication device 600 according to an embodiment of the present specification, including:
  • the sequence collection module 610 collects user behavior characteristic sequences based on the terminal device.
  • the first sending module 620 sends the user behavior characteristic sequence to the cloud server based on the terminal device.
  • An anomaly detection module 630 performs anomaly detection on the user behavior feature sequence based on the cloud server based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device .
  • the second sending module 640 sends the abnormality detection result of the abnormality detection model to the terminal device based on the cloud server.
  • the safety authentication module 650 executes a safety authentication process matching the abnormal detection result based on the terminal device.
  • the terminal device collects the user behavior characteristic sequence during the use of the user, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server detects the abnormality model Conduct training.
  • the cloud server performs anomaly detection on the current user behavior feature sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the matching with the abnormality detection result Safety certification process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • the sequence collection module 610 when executed, it specifically collects the user behavior characteristic sequence of the user in the resource processing process, wherein the resource processing process requires security authentication.
  • the safety authentication device in the embodiment of this specification further includes:
  • the auxiliary authentication request module sends an auxiliary authentication request to the cloud server during the resource processing process of the user.
  • the cloud server obtains the user behavior characteristic sequence within a predetermined time period at the moment when the auxiliary authentication request is received according to the auxiliary authentication request, and inputs the user behavior characteristic sequence within the predetermined time period into the anomaly detection model to perform abnormal detection.
  • the terminal device is installed with a payment application
  • the cloud server is a cloud server of the payment application
  • the auxiliary authentication request is that the payment application controls the terminal device when the user uses the payment application for payment processing Initiated.
  • the terminal device determines that the security authentication is passed, otherwise, identity authentication is initiated to the user of the terminal device. If the identity authentication of the terminal device includes at least one of the following:
  • the identity authentication includes at least one of the following: the biometric authentication, password authentication, and USBKey authentication.
  • the user behavior characteristic sequence includes at least one of the following: a user dynamic motion trajectory sequence, a user dynamic positioning trajectory sequence, a user dynamic touch sequence, and a user dynamic application interaction sequence.
  • the security authentication device of the embodiment of the present specification can be used as the execution subject of the security authentication method shown in FIG. 1 above, and therefore can realize the functions implemented by the security authentication method in FIG. 1. Since the principle is the same, this article will not repeat them.
  • FIG. 7 is a schematic structural diagram of a terminal device 700 according to an embodiment of the present specification, including:
  • the collection module 710 collects the user behavior characteristic sequence.
  • the sending module 720 sends the user behavior feature sequence to the cloud server, so that the cloud server performs anomaly detection on the user behavior feature sequence based on the anomaly detection model, and sends the abnormality detection result of the anomaly detection model to the cloud server.
  • the terminal device wherein the anomaly detection model is obtained by training based on the user's historical user behavior characteristic sequence in at least one terminal device;
  • the execution module 730 executes a safety authentication process matching the abnormal detection result.
  • the terminal device of the embodiment of the present specification can collect the user behavior characteristic sequence during the use of the user, and upload the user behavior characteristic sequence to the cloud server, and the cloud server trains the anomaly detection model.
  • security authentication is required, the terminal device requests the cloud server to perform anomaly detection on the current user behavior characteristic sequence based on the anomaly detection model, and feeds back the anomaly detection result to the terminal device, and the terminal device performs security matching the anomaly detection result Certification process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • the terminal device of the embodiment of the present specification can be used as the execution subject of the security authentication method shown in FIG. 4, and therefore can realize the functions implemented by the security authentication method in FIG. 4. Since the principle is the same, this article will not repeat them.
  • FIG. 8 is a schematic structural diagram of a cloud server 800 according to an embodiment of the present specification, including:
  • the obtaining module 810 obtains the user behavior characteristic sequence collected by the terminal device.
  • the anomaly detection module 820 performs anomaly detection on the user behavior feature sequence based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device.
  • the sending module 830 sends the abnormality detection result to the terminal device, so that the terminal device executes a safety authentication process matching the abnormality detection result.
  • the cloud server in the embodiment of the present specification uses the user behavior characteristic sequence collected by the terminal device during the use of the user to train the anomaly detection model, so that the anomaly detection model characterizes the user's user behavior attributes.
  • the cloud server performs abnormality detection on the current user behavior characteristic sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the security authentication that matches the abnormality detection result Process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • the cloud reset in the embodiment of this specification can be used as the execution subject of the security authentication method shown in FIG. 5, and therefore can realize the functions implemented by the security authentication method in FIG. 5. Since the principle is the same, this article will not repeat them.
  • Fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present specification.
  • the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory.
  • the memory may include memory, such as high-speed random access memory (Random-Access Memory, RAM), or may also include non-volatile memory (non-volatile memory), such as at least one disk storage.
  • RAM random access memory
  • non-volatile memory such as at least one disk storage.
  • the electronic device may also include hardware required by other services.
  • the processor, network interface, and memory can be connected to each other through an internal bus.
  • the internal bus can be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnection standard) bus, or an EISA (Extended) bus. Industry Standard Architecture, extended industry standard structure) bus, etc.
  • the bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of presentation, only one bidirectional arrow is used in FIG. 9, but it does not mean that there is only one bus or one type of bus.
  • the program may include program code, and the program code includes computer operation instructions.
  • the memory may include memory and non-volatile memory, and provide instructions and data to the processor.
  • the processor reads the corresponding computer program from the non-volatile memory to the memory and then runs it to form the above-mentioned security authentication device on a logical level.
  • the processor executes the program stored in the memory, and is specifically used to perform the following operations:
  • the anomaly detection result of the anomaly detection model is sent to the terminal device.
  • the terminal device collects the user behavior characteristic sequence during the use of the user, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server performs the abnormal detection model training.
  • the cloud server performs anomaly detection on the current user behavior feature sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the matching with the abnormality detection result Safety certification process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • the foregoing security authentication method disclosed in the embodiment shown in FIG. 1 of this specification may be applied to a processor or implemented by the processor.
  • the processor may be an integrated circuit chip with signal processing capabilities.
  • each step of the above method can be completed by an integrated logic circuit of hardware in the processor or instructions in the form of software.
  • the above-mentioned processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (Network Processor, NP), etc.; it may also be a digital signal processor (DSP), a dedicated integrated Circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components.
  • DSP digital signal processor
  • ASIC Application Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of this specification can be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a mature storage medium in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers.
  • the storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.
  • the electronic equipment in this specification does not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution body of the following processing flow is not limited to each logic unit. It can also be a hardware or logic device.
  • the embodiment of this specification also proposes a computer-readable storage medium that stores one or more programs, and the one or more programs include instructions.
  • the portable electronic device can execute the method of the embodiment shown in FIG. 1, and is specifically used to execute the following method:
  • the anomaly detection result of the anomaly detection model is sent to the terminal device.
  • this specification can be provided as a method, a system or a computer program product. Therefore, this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this specification can take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.

Abstract

A security authentication method and a related apparatus. The security authentication method comprises: a terminal device collecting a user behavior feature sequence (S102); the terminal device sending the user behavior feature sequence to a cloud server (S104); the cloud server performing anomaly detection on the user behavior feature sequence on the basis of an anomaly detection model, wherein the anomaly detection model is obtained through training based on a historical user behavior feature sequence of a user in at least one terminal device (S106); the cloud server sending an anomaly detection result of the anomaly detection model to the terminal device (S108); and the terminal device executing a security authentication process matching the anomaly detection result (S110).

Description

一种安全认证方法及相关装置Safety authentication method and related device 技术领域Technical field
本文件涉及安全技术领域,尤其涉及一种安全认证方法及相关装置。This document relates to the field of security technology, in particular to a security authentication method and related devices.
背景技术Background technique
目前的终端设备主要采用静态的安全认证方式,例如指纹认证、面部认证、密码认证等。这种方式下,静态的认证信息需要存储至计算机内存,并通过网络传输,因此存在被木马程序或监听设备截获的风险。此外,这种方式还要求用户配合操作,比如密码认证需要用户输入密码信息,对于用户来讲,不够便捷,影响了使用体验。Current terminal devices mainly adopt static security authentication methods, such as fingerprint authentication, facial authentication, and password authentication. In this way, static authentication information needs to be stored in the computer's memory and transmitted over the network, so there is a risk of being intercepted by Trojan horse programs or monitoring devices. In addition, this method also requires the user to cooperate with the operation. For example, password authentication requires the user to input password information, which is not convenient enough for the user, which affects the user experience.
有鉴于此,当期亟需一种对用户更加友好且更可靠的安全认证方式。In view of this, there is an urgent need for a more user-friendly and reliable security authentication method.
发明内容Summary of the invention
本说明书实施例目的是提供一种安全认证方法及相关装置,能够更可靠、更便捷地实现安全认证。The purpose of the embodiments of this specification is to provide a safety authentication method and related devices, which can realize safety authentication more reliably and conveniently.
为了实现上述目的,本说明书实施例是这样实现的:In order to achieve the above objectives, the embodiments of this specification are implemented as follows:
第一方面,提供一种安全认证方法,包括:终端设备采集用户行为特征序列;所述终端设备将所述用户行为特征序列发送至云服务器;所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;所述云服务器将所述异常检测模型的异常检测结果发送至所述终端设备;所述终端设备执行与所述异常检测结果匹配的安全认证流程。In a first aspect, a security authentication method is provided, including: a terminal device collects a user behavior characteristic sequence; the terminal device sends the user behavior characteristic sequence to a cloud server; the cloud server responds to the user behavior based on an anomaly detection model Feature sequence for anomaly detection, wherein the anomaly detection model is trained based on the user’s historical user behavior feature sequence in at least one terminal device; the cloud server sends the anomaly detection result of the anomaly detection model to the Terminal equipment; The terminal equipment executes a safety authentication process that matches the abnormality detection result.
第二方面,提供一种安全认证方法,包括:终端设备采集用户行为特征序列;所述终端设备将所述用户行为特征序列发送至云服务器,使得所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,并将所述异常检测模型的异常检测结果发送至所述终端设备,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;所述终端设备执行与所述异常检测结果匹配的安全认证流程。In a second aspect, a security authentication method is provided, which includes: a terminal device collects a user behavior characteristic sequence; the terminal device sends the user behavior characteristic sequence to a cloud server, so that the cloud server performs a check on the user based on an anomaly detection model. The behavior feature sequence performs abnormality detection, and the abnormality detection result of the abnormality detection model is sent to the terminal device, wherein the abnormality detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device ; The terminal device executes a safety authentication process that matches the abnormality detection result.
第三方面,提供一种安全认证方法,包括:云服务器获取终端设备采集到的用户行 为特征序列;所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;所述云服务器将所述异常检测结果发送至终端设备,使得所述终端设备执行与所述异常检测结果匹配的安全认证流程。In a third aspect, a security authentication method is provided, including: a cloud server obtains a user behavior characteristic sequence collected by a terminal device; the cloud server performs anomaly detection on the user behavior characteristic sequence based on an anomaly detection model, wherein the abnormality The detection model is trained based on the user’s historical user behavior feature sequence in at least one terminal device; the cloud server sends the abnormality detection result to the terminal device, so that the terminal device executes matching with the abnormality detection result Safety certification process.
第四方面,提供一种安全认证装置,包括:In a fourth aspect, a security authentication device is provided, including:
序列采集模块,基于终端设备采集用户行为特征序列;Sequence collection module, based on terminal equipment to collect user behavior characteristic sequences;
第一发送模块,基于所述终端设备将所述用户行为特征序列发送至云服务器;A first sending module, which sends the user behavior characteristic sequence to a cloud server based on the terminal device;
异常检测模块,基于所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;An anomaly detection module, which performs anomaly detection on the user behavior feature sequence based on the cloud server based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device;
第二发送模块,基于云服务器将所述异常检测模型的异常检测结果发送至所述终端设备;A second sending module, which sends the abnormality detection result of the abnormality detection model to the terminal device based on the cloud server;
安全认证模块,基于所述终端设备执行与所述异常检测结果匹配的安全认证流程。The security authentication module executes a security authentication process matching the abnormal detection result based on the terminal device.
第五方面,提供一种终端设备,包括:In a fifth aspect, a terminal device is provided, including:
采集模块,采集用户行为特征序列;Collection module, collect user behavior characteristic sequence;
发送模块,将所述用户行为特征序列发送至云服务器,使得所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,并将所述异常检测模型的异常检测结果发送至所述终端设备,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;The sending module sends the user behavior characteristic sequence to the cloud server, so that the cloud server performs anomaly detection on the user behavior characteristic sequence based on the anomaly detection model, and sends the abnormality detection result of the anomaly detection model to the A terminal device, wherein the anomaly detection model is obtained by training based on the historical user behavior feature sequence of the user in at least one terminal device;
执行模块,执行与所述异常检测结果匹配的安全认证流程。The execution module executes the safety authentication process matching the abnormal detection result.
第六方面,提供一种云服务器,包括:In a sixth aspect, a cloud server is provided, including:
获取模块,获取终端设备采集到的用户行为特征序列;The acquiring module acquires the user behavior characteristic sequence collected by the terminal device;
异常检测模块,基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;An anomaly detection module, which performs anomaly detection on the user behavior feature sequence based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device;
发送模块,将所述异常检测结果发送至终端设备,使得所述终端设备执行与所述异常检测结果匹配的安全认证流程。The sending module sends the abnormality detection result to the terminal device, so that the terminal device executes a safety authentication process matching the abnormality detection result.
第七方面,提供一种电子设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行:基于终端设备采集用户行为特征序列;基于所述终端设备将所述用户行为特征序列发送至云服务器;基于所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;基于云服务器将所述异常检测模型的异常检测结果发送至所述终端设备;基于所述终端设备执行与所述异常检测结果匹配的安全认证流程。In a seventh aspect, there is provided an electronic device including: a memory, a processor, and a computer program stored on the memory and running on the processor, the computer program being executed by the processor: collection based on terminal equipment User behavior feature sequence; based on the terminal device, the user behavior feature sequence is sent to a cloud server; based on the cloud server, anomaly detection is performed on the user behavior feature sequence based on an anomaly detection model, wherein the anomaly detection model is Based on the user’s historical user behavior feature sequence training in at least one terminal device; based on the cloud server sending the abnormality detection result of the abnormality detection model to the terminal device; based on the terminal device execution and the abnormality detection result Matching safety certification process.
第八方面,提供一种算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如下步骤:基于终端设备采集用户行为特征序列;基于所述终端设备将所述用户行为特征序列发送至云服务器;基于所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;基于云服务器将所述异常检测模型的异常检测结果发送至所述终端设备;基于所述终端设备执行与所述异常检测结果匹配的安全认证流程。In an eighth aspect, a computer-readable storage medium is provided, and a computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, the following steps are implemented: collecting a user behavior characteristic sequence based on a terminal device; The terminal device sends the user behavior characteristic sequence to a cloud server; and performs anomaly detection on the user behavior characteristic sequence based on the cloud server based on an anomaly detection model, wherein the anomaly detection model is based on the user's presence in at least one terminal The device is obtained by training the historical user behavior feature sequence; based on the cloud server, the abnormality detection result of the abnormality detection model is sent to the terminal device; based on the terminal device, the security authentication process matching the abnormality detection result is executed.
基于本说明书实施例的方案,终端设备采集用户使用过程中的用户行为特征序列,并将用户行为特征序列上传云服务器,由云服务器对异常检测模型进行训练。在终端设备需要对用户进行安全认证时,云服务器基于异常检测模型,对现状的用户行为特征序列进行异常检测,并将异常检测结果反馈给终端设备,由终端设备执行与异常检测结果相匹配的安全认证流程。由于整个方案采用的是动态的安全认证方式,因此认证信息是随时间变化的,即便被泄露,所产生的风险较低。此外,异常检测可以在用户无感知下进行,不会影响用户对终端设备的使用体验。Based on the solution of the embodiment of this specification, the terminal device collects the user behavior characteristic sequence during the use of the user, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server trains the anomaly detection model. When the terminal device needs to authenticate the user safely, the cloud server performs anomaly detection on the current user behavior feature sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the matching with the abnormality detection result Safety certification process. Since the entire scheme uses a dynamic security authentication method, the authentication information changes over time, and even if it is leaked, the risk generated is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
附图说明Description of the drawings
为了更清楚地说明本说明书实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书实施例中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly describe the technical solutions in the embodiments of this specification or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some of the embodiments described in the embodiments of this specification. For those of ordinary skill in the art, other drawings can be obtained from these drawings without creative labor.
图1为本说明书实施例提供的安全认证方法的第一种流程示意图。FIG. 1 is a schematic diagram of the first flow chart of the security authentication method provided by the embodiment of this specification.
图2为本说明书实施例提供的安全认证方法的第二种流程示意图。FIG. 2 is a schematic diagram of the second flow of the security authentication method provided by the embodiment of this specification.
图3为本说明书实施例提供的安全认证方法的第三种流程示意图。FIG. 3 is a schematic diagram of the third process of the security authentication method provided by the embodiment of this specification.
图4为本说明书实施例提供的安全认证方法的第四种流程示意图。FIG. 4 is a schematic diagram of the fourth flow of the security authentication method provided by the embodiment of this specification.
图5为本说明书实施例提供的安全认证方法的第五种流程示意图。FIG. 5 is a schematic diagram of the fifth flow of the security authentication method provided by the embodiment of this specification.
图6为本说明书实施例提供的安全认证装置的结构程示意图。FIG. 6 is a schematic diagram of the structure of the security authentication device provided by the embodiment of this specification.
图7为本说明书实施例提供的终端设备的结构程示意图。FIG. 7 is a schematic diagram of the structure of a terminal device provided by an embodiment of this specification.
图8为本说明书实施例提供的云服务器的结构程示意图。FIG. 8 is a schematic diagram of the structure of the cloud server provided by the embodiment of this specification.
图9为本说明书实施例提供的电子设备的结构程示意图。FIG. 9 is a schematic diagram of the structure of an electronic device provided by an embodiment of this specification.
具体实施方式Detailed ways
为了使本技术领域的人员更好地理解本说明书中的技术方案,下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书保护的范围。In order to enable those skilled in the art to better understand the technical solutions in this specification, the following will clearly and completely describe the technical solutions in the embodiments of this specification in conjunction with the drawings in the embodiments of this specification. Obviously, the described The embodiments are only a part of the embodiments in this specification, rather than all the embodiments. Based on the embodiments in this specification, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this specification.
如前所述,目前的终端设备主要采用静态的安全认证方式,例如指纹认证、面部认证、密码认证等。这种方式下,静态的认证信息需要在计算机内存和网络中传输,因此存在被木马程序或监听设备截获的风险。此外,这种方式还要求用户配合操作,比如指纹认证需要用户把手指按在传感器上,对于用户来讲,不够便捷,影响了使用体验。As mentioned earlier, current terminal devices mainly adopt static security authentication methods, such as fingerprint authentication, facial authentication, and password authentication. In this way, static authentication information needs to be transmitted in computer memory and the network, so there is a risk of being intercepted by Trojan horse programs or monitoring devices. In addition, this method also requires the user to cooperate with the operation. For example, fingerprint authentication requires the user to press the finger on the sensor, which is not convenient enough for the user, which affects the user experience.
针对上述问题,本说明书实施例旨在提供一种对用户更加友好且更可靠的安全认证方式。In view of the above-mentioned problems, the embodiments of this specification aim to provide a safer authentication method that is more user-friendly and more reliable.
图1是本说明书实施例的安全认证方法的流程图。图1所示的方法可以由下文相对应的装置执行,包括:Fig. 1 is a flowchart of a safety authentication method according to an embodiment of this specification. The method shown in Figure 1 can be executed by the following corresponding devices, including:
步骤S102,终端设备采集用户行为特征序列。Step S102: The terminal device collects the user behavior characteristic sequence.
其中,终端设备可以但不限于包括:PC、手机、PAD、智能手环、智能眼镜等常见的用户个人设备。显然,这类终端设备普遍具有采集用户行为特征序列的功能。Among them, the terminal device can include, but is not limited to, common user personal devices such as PCs, mobile phones, PADs, smart bracelets, and smart glasses. Obviously, this type of terminal equipment generally has the function of collecting user behavior characteristic sequences.
用户行为特征序列可以反映用户使用终端设备的习惯特征。作为示例性介绍,用户行为特征序列可以但不限于包括:The user behavior characteristic sequence can reflect the habit characteristics of the user using the terminal device. As an exemplary introduction, the user behavior feature sequence may include, but is not limited to:
用户动态运动轨迹序列,例如,用户平时走路的步频、步幅等,由终端设备的重力传感器、陀螺仪传感器等识别得到。The user's dynamic motion trajectory sequence, for example, the user's usual walking pace, stride length, etc., are recognized by the gravity sensor, gyroscope sensor, etc. of the terminal device.
用户动态触控序列,例如,用户触控终端设备的屏幕的频率、粒度等,由终端屏幕内置的压力传感器识别得到。The user's dynamic touch sequence, such as the frequency and granularity of the user's touch on the screen of the terminal device, is recognized by the pressure sensor built into the terminal screen.
用户动态应用交互序列,例如,用户针对应用程序的使用习惯、使用喜好等,由终端设备的系统日志中获取得到。The user's dynamic application interaction sequence, for example, the user's usage habits and preferences for the application, can be obtained from the system log of the terminal device.
步骤S104,终端设备将用户行为特征序列发送至云服务器。Step S104: The terminal device sends the user behavior characteristic sequence to the cloud server.
其中,终端设备可以基于任意网络制式(4G、5G等移动网络),将用户行为特征序列发送至云服务器,本明书实施例对此不作具体限定。Among them, the terminal device can send the user behavior characteristic sequence to the cloud server based on any network standard (4G, 5G and other mobile networks), which is not specifically limited in the embodiment of this specification.
此外,用户还可以指定出一个负责与云服务器进行交互的目标终端设备。本步骤中,终端设备可以将采集到的用户行为特征序列发送至目标终端设备,由目标终端设备进一步转发至云服务器。In addition, the user can also specify a target terminal device responsible for interacting with the cloud server. In this step, the terminal device may send the collected user behavior characteristic sequence to the target terminal device, and the target terminal device further forwards it to the cloud server.
步骤S106,云服务器基于异常检测模型对用户行为特征序列进行异常检测,异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的。Step S106: The cloud server performs anomaly detection on the user behavior feature sequence based on the anomaly detection model, and the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device.
具体地,终端设备在用户进行资源处理过程中,向云服务器发送辅助认证请求。云服务器根据辅助认证请求,获取在接收到辅助认证请求的时刻的预定时间段内的用户行为特征序列,并将用户行为特征序列输入至异常检测模型。Specifically, the terminal device sends an auxiliary authentication request to the cloud server during the resource processing process of the user. According to the auxiliary authentication request, the cloud server obtains the user behavior characteristic sequence within a predetermined period of time when the auxiliary authentication request is received, and inputs the user behavior characteristic sequence to the anomaly detection model.
应理解,这里所述的预定时间段应与云服务器接收辅助认证请求的时间相近,也就是说,云服务器在接收到辅助认证请求后,会从已获取的用户行为特征序列中确定出现状的用户行为特征序列。当然,预定时间段可以是云服务器在接收到辅助认证请求后的时间,也可以是云服务器在接收到辅助认证请求前的时间,本说明书实施例不作具体限定。It should be understood that the predetermined time period described here should be close to the time when the cloud server receives the auxiliary authentication request. That is to say, after the cloud server receives the auxiliary authentication request, it will determine the appearance from the acquired user behavior characteristic sequence. User behavior characteristic sequence. Of course, the predetermined time period may be the time after the cloud server receives the auxiliary authentication request, or it may be the time before the cloud server receives the auxiliary authentication request, which is not specifically limited in the embodiment of this specification.
此外,预定时间段的时间长度可以灵活设置。比如,根据从终端设备获取用户行为特征的频率来设置预定时间段的时间长度。作为示例性介绍,假设云服务器每24小时从终端设备获取一次用户行为特征序列,则预定时间段对应的时间长度可以是24小时。即,云服务器在接收到目标终端设备发起的辅助认证请求时,将最近一天获取到的用户行为特征确定为现状用户行为特征。In addition, the length of the predetermined time period can be flexibly set. For example, the time length of the predetermined time period is set according to the frequency with which user behavior characteristics are obtained from the terminal device. As an exemplary introduction, assuming that the cloud server obtains the user behavior characteristic sequence from the terminal device every 24 hours, the time length corresponding to the predetermined time period may be 24 hours. That is, when receiving the auxiliary authentication request initiated by the target terminal device, the cloud server determines the user behavior characteristic acquired in the last day as the current user behavior characteristic.
异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到 的(用户可以关联至少一个终端设备负责采集用户行为特征序列),能够对比现状用户行为特征序列和历史用户行为特征序列,以判断是否发生异常。需要说明的是,异常检测模型的实现方式并不唯一,只要具有分类功能,都可以适用于本说明书实施例的方案。The anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device (the user can associate at least one terminal device to collect the user behavior feature sequence), and can compare the current user behavior feature sequence with the historical user behavior feature sequence , To determine whether an abnormality occurs. It should be noted that the implementation of the anomaly detection model is not unique, as long as it has a classification function, it can be applied to the solutions of the embodiments of this specification.
步骤S108,云服务器将异常检测结果发送至终端设备。In step S108, the cloud server sends the abnormality detection result to the terminal device.
本步骤中,云服务器可以将异常检测结果直接发送至终端设备。或者,云服务器可以将异常检测结果发送给用户所指定的目标终端设备,再由目标终端设备进一步将异常检测结果转发至上述终端设备。In this step, the cloud server can directly send the abnormality detection result to the terminal device. Alternatively, the cloud server may send the abnormality detection result to the target terminal device designated by the user, and the target terminal device further forwards the abnormality detection result to the aforementioned terminal device.
步骤S110,终端设备执行与异常检测结果匹配的安全认证流程。In step S110, the terminal device executes a safety authentication process matching the abnormality detection result.
具体地,如果异常检测结果指示未异常,则终端设备判定安全认证通过。如果异常检测结果指示异常,则终端设备判定安全认证未通过。Specifically, if the abnormality detection result indicates that there is no abnormality, the terminal device determines that the safety authentication is passed. If the abnormality detection result indicates abnormality, the terminal device determines that the safety authentication has not passed.
或者,如果异常检测结果指示异常,则终端设备向用户发起深度的身份认证,比如生物认证、密码认证、USBKey认证等,若终端设备的用户未通过身份认证,则判定安全认证未通过,否则判定安全认证通过。Or, if the abnormality detection result indicates abnormality, the terminal device initiates in-depth identity authentication to the user, such as biometric authentication, password authentication, USBKey authentication, etc. If the user of the terminal device fails the identity authentication, it is determined that the security authentication has not passed, otherwise it is determined Safety certification passed.
通过图1所示的安全认证方法可以知道:基于本说明书实施例的方案,终端设备采集用户使用过程中的用户行为特征序列,并将用户行为特征序列上传云服务器,由云服务器对异常检测模型进行训练。在终端设备需要对用户进行安全认证时,云服务器基于异常检测模型,对现状的用户行为特征序列进行异常检测,并将异常检测结果反馈给终端设备,由终端设备执行与异常检测结果相匹配的安全认证流程。由于整个方案采用的是动态的安全认证方式,因此认证信息是随时间变化的,即便被泄露,所产生的风险较低。此外,异常检测可以在用户无感知下进行,不会影响用户对终端设备的使用体验。It can be known from the security authentication method shown in Figure 1 that based on the solution of the embodiment of this specification, the terminal device collects the user behavior characteristic sequence during the use of the user, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server detects the abnormality model Conduct training. When the terminal device needs to authenticate the user safely, the cloud server performs anomaly detection on the current user behavior feature sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the matching with the abnormality detection result Safety certification process. Since the entire scheme uses a dynamic security authentication method, the authentication information changes over time, and even if it is leaked, the risk generated is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
下面对本说明书实施例的安全认证方法进行详细介绍。The safety authentication method of the embodiment of this specification will be introduced in detail below.
本说明书实施例的方法旨在通过与用户相关联的一个或多个终端设备,来动态采集用户行为特征序列,并基于网络高速的传输能力,实时分析用户动态行为,通过人工智能方法建模刻画用户行为属性。如果发现用户行为异常(与历史构建的用户行为属性不相符),在安全认证的过程中启动预先设置的深度认证流程。The method of the embodiment of this specification aims to dynamically collect user behavior characteristic sequences through one or more terminal devices associated with the user, and based on the high-speed transmission capability of the network, analyze the user dynamic behavior in real time, and use artificial intelligence method to model and characterize User behavior attributes. If abnormal user behavior is found (inconsistent with the historically constructed user behavior attributes), a preset in-depth authentication process is initiated during the security authentication process.
其中,安全认证方法的主要流程包括:Among them, the main process of the safety authentication method includes:
终端设备按照预设的数据同步规则,周期性采集用户使用过程中的用户行为特征序列,并将用户行为特征序列发送给云服务器。The terminal device periodically collects the user behavior characteristic sequence during the user's use according to the preset data synchronization rules, and sends the user behavior characteristic sequence to the cloud server.
可选地,终端设备发送用户行为特征序列的消息中除了携带有用户行为特征序列外,还包含用户行为特征序列所对应的采集时间,从而方便指示云服务器能够基于用户行为特征序列所对应的采集时间,来确定出现状用户行为特征序列,即上文所述的属于预设时间段内的用户行为特征序列。Optionally, the message sent by the terminal device of the user behavior characteristic sequence not only carries the user behavior characteristic sequence, but also includes the collection time corresponding to the user behavior characteristic sequence, so as to conveniently indicate that the cloud server can collect based on the user behavior characteristic sequence. Time, to determine the appearance user behavior feature sequence, that is, the user behavior feature sequence within the preset time period described above.
云服务器在接收到用户行为特征序列后,将用户行为特征序列作为训练数据添加至训练数据集中,并在训练条件触发时,基于训练数据集中的训练数据对异常检测模型进行训练。After receiving the user behavior feature sequence, the cloud server adds the user behavior feature sequence as training data to the training data set, and when the training condition is triggered, trains the anomaly detection model based on the training data in the training data set.
其中,训练条件触发可以但不限于包括以下至少一者:Wherein, the training condition trigger may include but is not limited to at least one of the following:
到达预设的异常检测模型的训练周期。即,云服务器可以周期性使用训练数据集中的训练数据对异常检测模型进行训练。Reach the preset training cycle of anomaly detection model. That is, the cloud server may periodically use the training data in the training data set to train the anomaly detection model.
训练数据集相对上一次训练异常检测模型的增量训练数据达到预设阈值。即,云服务器在训练数据集积累一定数量的新的训练数据时,使用训练数据集中的训练数据对异常检测模型进行训练。The training data set reaches a preset threshold relative to the incremental training data of the last training anomaly detection model. That is, when the cloud server accumulates a certain amount of new training data in the training data set, it uses the training data in the training data set to train the anomaly detection model.
显然,基于上述训练条件,云服务器可以实时对异常模型进行迭代更新,以动态刻画用户行为属性,这也是实现动态认证的基础。Obviously, based on the above training conditions, the cloud server can iteratively update the abnormal model in real time to dynamically portray user behavior attributes, which is also the basis for realizing dynamic authentication.
在具体的训练过程中,云服务器可以将用户行为特征序列作为异常检测模型的输入,将用户的用户标识作为异常检测模型的输出,以对异常检测模型进行训练。训练完成后的实际应用中,可以将终端设备采集到的现状用户行为特征序列输入至异常检测模型。如果异常检测模型未输出原先训练过程中所使用的用户标识,则表示出现异常;否则,表示未出现异常。In the specific training process, the cloud server can use the user behavior feature sequence as the input of the anomaly detection model, and the user identification of the user as the output of the anomaly detection model to train the anomaly detection model. In the actual application after the training is completed, the current user behavior feature sequence collected by the terminal device can be input into the anomaly detection model. If the anomaly detection model does not output the user identification used in the original training process, it means that there is an abnormality; otherwise, it means that there is no abnormality.
或者,云服务器可以将用户行为特征序列和对应的用户标识同时作为异常检测模型的输入,将指定的异常检测结果作为异常检测模型的输出,以对异常检测模型进行训练。训练完成后的实际应用中,可以将终端设备采集到的现状用户行为特征序列和对应的用户标识输入至异常检测模型。如果异常检测模型未输出原先训练过程中所使用的指定的异常检测结果,则表示出现异常;否则,表示未出现异常。Alternatively, the cloud server may simultaneously use the user behavior feature sequence and the corresponding user identification as the input of the anomaly detection model, and use the specified anomaly detection result as the output of the anomaly detection model to train the anomaly detection model. In the actual application after the training is completed, the current user behavior feature sequence collected by the terminal device and the corresponding user identification can be input into the anomaly detection model. If the anomaly detection model does not output the specified anomaly detection result used in the original training process, it means that there is an abnormality; otherwise, it means that there is no abnormality.
以上是云服务器通过终端设备上传的用户行为特征序列,对异常检测模型进行动态训练的过程。同时,终端设备如果需要对用户发起安全验证,则可以向云服务器发送辅助认证请求。The above is the process of dynamic training of the anomaly detection model by the cloud server through the user behavior feature sequence uploaded by the terminal device. At the same time, if the terminal device needs to initiate security verification for the user, it can send an auxiliary authentication request to the cloud server.
云服务器在接收到辅助认证请求后,确定与辅助认证请求时间关联的预定时间段, 并将从终端设备获取到的属于预定时间段的用户行为特征序列输入至异常检测模型,从而使异常检测模型对现状用户行为特征进行异常检测。After receiving the auxiliary authentication request, the cloud server determines the predetermined time period associated with the auxiliary authentication request time, and inputs the user behavior characteristic sequence obtained from the terminal device and belonging to the predetermined time period into the anomaly detection model, so that the anomaly detection model Perform anomaly detection on current user behavior characteristics.
之后,云服务器将异常检测模型的异常检测结果反馈给终端设备。After that, the cloud server feeds back the anomaly detection result of the anomaly detection model to the terminal device.
如果异常检测结果指示异常,则表示终端设备的当前用户行为与模型刻画的历史用户行为属性不符合,可能不是合法用户,此时终端设备可以判定安全认证失败,或者,进一步发起深度的身份认证。若果异常检测结果指示未异常,则终端设备判断安全认证通过。If the abnormality detection result indicates abnormality, it means that the current user behavior of the terminal device does not match the historical user behavior attributes portrayed by the model, and may not be a legitimate user. At this time, the terminal device can determine that the security authentication has failed, or further initiate in-depth identity authentication. If the abnormality detection result indicates that there is no abnormality, the terminal device determines that the safety authentication is passed.
下面结合不同的应用场景,对本说明书实施例的方法进行示例性介绍。In the following, in combination with different application scenarios, the method of the embodiment of this specification will be exemplarily introduced.
应用场景一Application scenario one
在应用场景一中,终端设备会在用户执行屏幕解锁时,对用户进行安全验证。如图2所示,对应的方法流程包括:In application scenario 1, the terminal device will perform security verification on the user when the user performs screen unlocking. As shown in Figure 2, the corresponding method flow includes:
终端设备基于多维度的传感器,采集用户手持终端设备的力度分布特征(即上文所述的用户行为特征序列),并将力度分布特征发送至云服务器。Based on multi-dimensional sensors, the terminal device collects the strength distribution characteristics of the user's handheld terminal device (that is, the user behavior characteristic sequence described above), and sends the strength distribution characteristics to the cloud server.
云服务器将历史获取到的用户手持终端设备的力度分布特征作为训练数据,以对异常检测模型进行训练,使异常检测模型刻画出用户手持终端设备的习惯属性。The cloud server uses historically acquired strength distribution characteristics of the user's handheld terminal device as training data to train the anomaly detection model so that the anomaly detection model portrays the habitual attributes of the user's handheld terminal device.
用户在对终端设备进行解锁时,终端设备采集用户当前解锁过程中手持终端设备的力度分布特征,并将用户当前解锁过程中手持终端设备的力度分布特征通过辅助认证请求发送给云服务器。When the user unlocks the terminal device, the terminal device collects the strength distribution characteristics of the handheld terminal device during the user's current unlocking process, and sends the strength distribution characteristics of the handheld terminal device during the user's current unlocking process to the cloud server through an auxiliary authentication request.
云服务器将辅助认证请求中携带的用户当前解锁过程中手持终端设备的力度分布特征输入至异常检测模型,以对用户当前解锁过程中手持终端设备的力度分布特征进行异常检测。The cloud server inputs the strength distribution characteristics of the handheld terminal device during the user's current unlocking process carried in the auxiliary authentication request to the anomaly detection model to perform anomaly detection on the strength distribution characteristics of the handheld terminal device during the user's current unlocking process.
之后,云服务器将异常检测结果反馈至终端设备,终端设备基于异常检测结果,来发起合适的安全认证流程。比如,在异常检测结果指示异常时,终端设备发起深度的身份认证,如手势解锁认证、指纹解锁认证、密码解锁认证等。如果异常检测结果指示未异常,则终端设备发判定安全认证通过,直接解锁屏幕。After that, the cloud server feeds back the abnormality detection result to the terminal device, and the terminal device initiates an appropriate security authentication process based on the abnormality detection result. For example, when the abnormality detection result indicates an abnormality, the terminal device initiates in-depth identity authentication, such as gesture unlock authentication, fingerprint unlock authentication, password unlock authentication, and so on. If the abnormality detection result indicates that there is no abnormality, the terminal device sends a judgment that the security authentication is passed and directly unlocks the screen.
在本应用场景一中,云服务器判定合法用户不需要执行任何特定操作,就可以对终端设备进行快速解锁,获得了较好的使用体验。对于云服务器判定不合法用户,则需要基于常规的解锁认证,来对终端设备的屏幕进行解锁,这个过程也无需引入额外的用户 操作,不会影响使用体验。In this application scenario 1, the cloud server determines that the legitimate user does not need to perform any specific operations, and can quickly unlock the terminal device, thereby obtaining a better user experience. For the cloud server to determine an illegal user, it is necessary to unlock the screen of the terminal device based on conventional unlock authentication. This process does not need to introduce additional user operations and will not affect the user experience.
应用场景二Application scenario two
在应用场景二中,终端设备安全有支付应用。终端设备的用户在使用支付应用进行资源处理时(如转账、支出等),支付应用控制终端设备发起安全验证。如图3所示,对应的方法流程包括:In the second application scenario, there are payment applications for the terminal device security. When the user of the terminal device uses the payment application for resource processing (such as transfer, expenditure, etc.), the payment application controls the terminal device to initiate security verification. As shown in Figure 3, the corresponding method flow includes:
终端设备按照预设的数据同步规则,周期性采集用户在使用支付应用时,进行资源处理过程中的用户行为特征序列,并将用户行为特征序列发送至云服务器。其中,如果终端设备为PC,则用户行为特征序列可以但不限于包括:键盘敲击的力度分布、鼠标点击行为和鼠标点击规律等特征。如果终端设备为移动设备,则用户行为特征序列可以但不限于包括:用户与移动设备指尖交互的力度分布、点击行为模式规律等特征,同时还可以进一步包括:移动设备传感器(重力传感器,角速度传感器,温度传感器)采集到的一些基础特征。According to preset data synchronization rules, the terminal device periodically collects the user behavior characteristic sequence in the resource processing process when the user uses the payment application, and sends the user behavior characteristic sequence to the cloud server. Among them, if the terminal device is a PC, the user behavior characteristic sequence may include, but is not limited to, characteristics such as the intensity distribution of the keyboard stroke, the mouse click behavior, and the mouse click law. If the terminal device is a mobile device, the user behavior feature sequence can include, but is not limited to: the intensity distribution of the user’s fingertip interaction with the mobile device, the click behavior pattern and other characteristics, and can also further include: mobile device sensors (gravity sensors, angular velocity Sensors, temperature sensors) some basic features collected.
云服务器将历史获取到的用户使用支付应用时,进行资源处理过程中的用户行为特征序列作为训练数据,以对异常检测模型进行训练,使异常检测模型刻画出用户使用支付应用进行资源处理的习惯。The cloud server uses the user behavior feature sequence in the resource processing process as training data to train the anomaly detection model when the user uses the payment application obtained in the history, so that the anomaly detection model describes the user's habit of using the payment application for resource processing .
用户在使用终端设备的支付应用进行资源处理时,支付应用控制终端设备,向其云服务器发起辅助认证请求。When the user uses the payment application of the terminal device for resource processing, the payment application controls the terminal device and initiates an auxiliary authentication request to its cloud server.
云服务器在接收到辅助认证请求后,确定与辅助认证请求时间相关联的预定时间段,并将属于预定时间段的用户行为特征序列作为现状用户行为特征序列。之后,云服务器将现状用户行为特征序列输入至异常检测模型,以对用户进行异常检测。After receiving the auxiliary authentication request, the cloud server determines the predetermined time period associated with the auxiliary authentication request time, and uses the user behavior characteristic sequence belonging to the predetermined time period as the current user behavior characteristic sequence. After that, the cloud server inputs the current user behavior feature sequence into the anomaly detection model to perform anomaly detection on the user.
云服务器将异常检测结果反馈至终端设备,如果异常检测结果指示异常,则支付应用发起终端设备所配置的深度身份认证,如指纹认证、密码认证等。如果异常检测结果指示未异常,则支付应用判定安全认证通过,允许用户进行资源处理操作。The cloud server feeds back the abnormality detection result to the terminal device. If the abnormality detection result indicates an abnormality, the payment application initiates the deep identity authentication configured by the terminal device, such as fingerprint authentication and password authentication. If the abnormality detection result indicates that there is no abnormality, the payment application determines that the security authentication is passed and the user is allowed to perform resource processing operations.
以上是对本说明书实施例的方法的介绍。应理解,在不脱离本文上述原理基础之上,还可以进行适当的变化,这些变化也应视为本说明书实施例的保护范围。The above is an introduction to the method of the embodiment of this specification. It should be understood that appropriate changes can be made without departing from the foregoing principles herein, and these changes should also be regarded as the protection scope of the embodiments of this specification.
图4是本说明书实施例的安全验证方法在终端设备侧的流程示意图,包括:Fig. 4 is a schematic flowchart of the security verification method on the terminal device side of the embodiment of this specification, including:
步骤S402,终端设备采集用户行为特征序列。Step S402, the terminal device collects the user behavior characteristic sequence.
步骤S404,终端设备将用户行为特征序列发送至云服务器,使得云服务器基于异常 检测模型对用户行为特征序列进行异常检测,并将异常检测模型的异常检测结果发送至终端设备,异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的。In step S404, the terminal device sends the user behavior characteristic sequence to the cloud server, so that the cloud server performs anomaly detection on the user behavior characteristic sequence based on the anomaly detection model, and sends the anomaly detection result of the anomaly detection model to the terminal device. The anomaly detection model is based on Obtained by the user's historical user behavior feature sequence training in at least one terminal device.
步骤S406,终端设备执行与异常检测结果匹配的安全认证流程。In step S406, the terminal device executes a safety authentication process matching the abnormality detection result.
基于图4所示的安全认证方法,终端设备采集用户使用过程中的用户行为特征序列,并将用户行为特征序列上传云服务器,由云服务器对异常检测模型进行训练。在需要进行安全认证时,终端设备请求云服务器基于异常检测模型,对现状的用户行为特征序列进行异常检测,并将异常检测结果反馈给终端设备,由终端设备执行与异常检测结果相匹配的安全认证流程。由于整个方案采用的是动态的安全认证方式,因此认证信息被泄露后带来的风险较低。此外,异常检测可以在用户无感知下进行,不会影响用户对终端设备的使用体验。Based on the security authentication method shown in Figure 4, the terminal device collects the user behavior characteristic sequence during the user's use, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server trains the anomaly detection model. When security authentication is required, the terminal device requests the cloud server to perform anomaly detection on the current user behavior characteristic sequence based on the anomaly detection model, and feeds back the anomaly detection result to the terminal device, and the terminal device performs security matching the anomaly detection result Certification process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
图5是本说明书实施例的安全验证方法在云服务器侧的流程示意图,包括:Figure 5 is a schematic flow diagram of the security verification method on the cloud server side of the embodiment of this specification, including:
步骤S502,云服务器获取终端设备采集到的用户行为特征序列。Step S502: The cloud server obtains the user behavior characteristic sequence collected by the terminal device.
步骤S504,云服务器基于异常检测模型对用户行为特征序列进行异常检测,异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的。Step S504: The cloud server performs anomaly detection on the user behavior feature sequence based on the anomaly detection model. The anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device.
步骤S506,云服务器将异常检测结果发送至终端设备,使得终端设备执行与异常检测结果匹配的安全认证流程。In step S506, the cloud server sends the abnormality detection result to the terminal device, so that the terminal device executes a security authentication process matching the abnormality detection result.
基于图5所示的安全认证方法,云服务器利用终端设备采集到的用户使用过程中的用户行为特征序列训练异常检测模型,使异常检测模型刻画用户的用户行为属性。在终端设备需要进行安全认证时,云服务器基于异常检测模型,对现状的用户行为特征序列进行异常检测,并将异常检测结果反馈给终端设备,由终端设备执行与异常检测结果相匹配的安全认证流程。由于整个方案采用的是动态的安全认证方式,因此认证信息被泄露后带来的风险较低。此外,异常检测可以在用户无感知下进行,不会影响用户对终端设备的使用体验。Based on the security authentication method shown in FIG. 5, the cloud server uses the user behavior feature sequence collected by the terminal device during the use of the user to train the anomaly detection model, so that the anomaly detection model characterizes the user's user behavior attributes. When the terminal device needs to perform security authentication, the cloud server performs abnormality detection on the current user behavior characteristic sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the security authentication that matches the abnormality detection result Process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
图6是本说明书实施例的安全认证装置600,包括:Fig. 6 is a safety authentication device 600 according to an embodiment of the present specification, including:
序列采集模块610,基于终端设备采集用户行为特征序列。The sequence collection module 610 collects user behavior characteristic sequences based on the terminal device.
第一发送模块620,基于所述终端设备将所述用户行为特征序列发送至云服务器。The first sending module 620 sends the user behavior characteristic sequence to the cloud server based on the terminal device.
异常检测模块630,基于所述云服务器基于异常检测模型对所述用户行为特征序 列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的。An anomaly detection module 630 performs anomaly detection on the user behavior feature sequence based on the cloud server based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device .
第二发送模块640,基于云服务器将所述异常检测模型的异常检测结果发送至所述终端设备。The second sending module 640 sends the abnormality detection result of the abnormality detection model to the terminal device based on the cloud server.
安全认证模块650,基于所述终端设备执行与所述异常检测结果匹配的安全认证流程。The safety authentication module 650 executes a safety authentication process matching the abnormal detection result based on the terminal device.
通过图6所示的安全认证装置可以知道:基于本说明书实施例的方案,终端设备采集用户使用过程中的用户行为特征序列,并将用户行为特征序列上传云服务器,由云服务器对异常检测模型进行训练。在终端设备需要对用户进行安全认证时,云服务器基于异常检测模型,对现状的用户行为特征序列进行异常检测,并将异常检测结果反馈给终端设备,由终端设备执行与异常检测结果相匹配的安全认证流程。由于整个方案采用的是动态的安全认证方式,因此认证信息被泄露后带来的风险较低。此外,异常检测可以在用户无感知下进行,不会影响用户对终端设备的使用体验。It can be known from the security authentication device shown in FIG. 6 that based on the solution of the embodiment of this specification, the terminal device collects the user behavior characteristic sequence during the use of the user, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server detects the abnormality model Conduct training. When the terminal device needs to authenticate the user safely, the cloud server performs anomaly detection on the current user behavior feature sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the matching with the abnormality detection result Safety certification process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
可选地,序列采集模块610在执行时,具体采集用户在进行资源处理过程中的用户行为特征序列,其中,所述资源处理过程需要进行安全认证。Optionally, when the sequence collection module 610 is executed, it specifically collects the user behavior characteristic sequence of the user in the resource processing process, wherein the resource processing process requires security authentication.
可选地,本说明书实施例的安全认证装置还包括:Optionally, the safety authentication device in the embodiment of this specification further includes:
辅助认证请求模块,在用户进行资源处理过程中向所述云服务器发送辅助认证请求。其中,云服务器根据辅助认证请求,获取在接收到辅助认证请求的时刻的预定时间段内的用户行为特征序列,并将所述预定时间段内的用户行为特征序列输入至异常检测模型,以进行异常检测。The auxiliary authentication request module sends an auxiliary authentication request to the cloud server during the resource processing process of the user. Wherein, the cloud server obtains the user behavior characteristic sequence within a predetermined time period at the moment when the auxiliary authentication request is received according to the auxiliary authentication request, and inputs the user behavior characteristic sequence within the predetermined time period into the anomaly detection model to perform abnormal detection.
可选地,终端设备安装有支付应用,所述云服务器为所述支付应用的云服务器,所述辅助认证请求是用户使用所述支付应用进行支付处理时由所述支付应用控制所述终端设备发起的。Optionally, the terminal device is installed with a payment application, the cloud server is a cloud server of the payment application, and the auxiliary authentication request is that the payment application controls the terminal device when the user uses the payment application for payment processing Initiated.
可选地,安全认证模块650在具体执行时,若所述异常检测结果指示未异常,则所述终端设备判定安全认证通过,否则向所述终端设备的用户发起身份认证。若所述终端设备所述身份认证包括以下至少一者:Optionally, when the security authentication module 650 is specifically executed, if the abnormality detection result indicates that there is no abnormality, the terminal device determines that the security authentication is passed, otherwise, identity authentication is initiated to the user of the terminal device. If the identity authentication of the terminal device includes at least one of the following:
可选地,所述身份认证包括以下至少一者:所述生物认证、密码认证、USBKey认证。Optionally, the identity authentication includes at least one of the following: the biometric authentication, password authentication, and USBKey authentication.
可选地,所述用户行为特征序列包括以下至少一者:用户动态运动轨迹序列、用户动态定位轨迹序列、用户动态触控序列和用户动态应用交互序列。Optionally, the user behavior characteristic sequence includes at least one of the following: a user dynamic motion trajectory sequence, a user dynamic positioning trajectory sequence, a user dynamic touch sequence, and a user dynamic application interaction sequence.
显然,本说明书实施例的安全认证装置可以作为上述图1所示的安全认证方法的执行主体,因此能够实现安全认证方法在图1所实现的功能。由于原理相同,本文不再赘述。Obviously, the security authentication device of the embodiment of the present specification can be used as the execution subject of the security authentication method shown in FIG. 1 above, and therefore can realize the functions implemented by the security authentication method in FIG. 1. Since the principle is the same, this article will not repeat them.
图7是本说明书实施例的终端设备700的结构示意图,包括:FIG. 7 is a schematic structural diagram of a terminal device 700 according to an embodiment of the present specification, including:
采集模块710,采集用户行为特征序列。The collection module 710 collects the user behavior characteristic sequence.
发送模块720,将所述用户行为特征序列发送至云服务器,使得所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,并将所述异常检测模型的异常检测结果发送至所述终端设备,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;The sending module 720 sends the user behavior feature sequence to the cloud server, so that the cloud server performs anomaly detection on the user behavior feature sequence based on the anomaly detection model, and sends the abnormality detection result of the anomaly detection model to the cloud server. The terminal device, wherein the anomaly detection model is obtained by training based on the user's historical user behavior characteristic sequence in at least one terminal device;
执行模块730,执行与所述异常检测结果匹配的安全认证流程。The execution module 730 executes a safety authentication process matching the abnormal detection result.
本说明书实施例的终端设备可以采集用户使用过程中的用户行为特征序列,并将用户行为特征序列上传云服务器,由云服务器对异常检测模型进行训练。在需要进行安全认证时,终端设备请求云服务器基于异常检测模型,对现状的用户行为特征序列进行异常检测,并将异常检测结果反馈给终端设备,由终端设备执行与异常检测结果相匹配的安全认证流程。由于整个方案采用的是动态的安全认证方式,因此认证信息被泄露后带来的风险较低。此外,异常检测可以在用户无感知下进行,不会影响用户对终端设备的使用体验。The terminal device of the embodiment of the present specification can collect the user behavior characteristic sequence during the use of the user, and upload the user behavior characteristic sequence to the cloud server, and the cloud server trains the anomaly detection model. When security authentication is required, the terminal device requests the cloud server to perform anomaly detection on the current user behavior characteristic sequence based on the anomaly detection model, and feeds back the anomaly detection result to the terminal device, and the terminal device performs security matching the anomaly detection result Certification process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
显然,本说明书实施例的终端设备可以作为上述图4所示的安全认证方法的执行主体,因此能够实现安全认证方法在图4所实现的功能。由于原理相同,本文不再赘述。Obviously, the terminal device of the embodiment of the present specification can be used as the execution subject of the security authentication method shown in FIG. 4, and therefore can realize the functions implemented by the security authentication method in FIG. 4. Since the principle is the same, this article will not repeat them.
图8是本说明书实施例的云服务器800的结构示意图,包括:FIG. 8 is a schematic structural diagram of a cloud server 800 according to an embodiment of the present specification, including:
获取模块810,获取终端设备采集到的用户行为特征序列。The obtaining module 810 obtains the user behavior characteristic sequence collected by the terminal device.
异常检测模块820,基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的。The anomaly detection module 820 performs anomaly detection on the user behavior feature sequence based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device.
发送模块830,将所述异常检测结果发送至终端设备,使得所述终端设备执行与 所述异常检测结果匹配的安全认证流程。The sending module 830 sends the abnormality detection result to the terminal device, so that the terminal device executes a safety authentication process matching the abnormality detection result.
本说明书实施例的云服务器利用终端设备采集到的用户使用过程中的用户行为特征序列训练异常检测模型,使异常检测模型刻画用户的用户行为属性。在终端设备需要进行安全认证时,云服务器基于异常检测模型,对现状的用户行为特征序列进行异常检测,并将异常检测结果反馈给终端设备,由终端设备执行与异常检测结果相匹配的安全认证流程。由于整个方案采用的是动态的安全认证方式,因此认证信息被泄露后带来的风险较低。此外,异常检测可以在用户无感知下进行,不会影响用户对终端设备的使用体验。The cloud server in the embodiment of the present specification uses the user behavior characteristic sequence collected by the terminal device during the use of the user to train the anomaly detection model, so that the anomaly detection model characterizes the user's user behavior attributes. When the terminal device needs to perform security authentication, the cloud server performs abnormality detection on the current user behavior characteristic sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the security authentication that matches the abnormality detection result Process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
显然,本说明书实施例的云复位可以作为上述图5所示的安全认证方法的执行主体,因此能够实现安全认证方法在图5所实现的功能。由于原理相同,本文不再赘述。Obviously, the cloud reset in the embodiment of this specification can be used as the execution subject of the security authentication method shown in FIG. 5, and therefore can realize the functions implemented by the security authentication method in FIG. 5. Since the principle is the same, this article will not repeat them.
图9是本说明书的一个实施例电子设备的结构示意图。请参考图9,在硬件层面,该电子设备包括处理器,可选地还包括内部总线、网络接口、存储器。其中,存储器可能包含内存,例如高速随机存取存储器(Random-Access Memory,RAM),也可能还包括非易失性存储器(non-volatile memory),例如至少1个磁盘存储器等。当然,该电子设备还可能包括其他业务所需要的硬件。Fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present specification. Please refer to FIG. 9. At the hardware level, the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory. Among them, the memory may include memory, such as high-speed random access memory (Random-Access Memory, RAM), or may also include non-volatile memory (non-volatile memory), such as at least one disk storage. Of course, the electronic device may also include hardware required by other services.
处理器、网络接口和存储器可以通过内部总线相互连接,该内部总线可以是ISA(Industry Standard Architecture,工业标准体系结构)总线、PCI(Peripheral Component Interconnect,外设部件互连标准)总线或EISA(Extended Industry Standard Architecture,扩展工业标准结构)总线等。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,图9中仅用一个双向箭头表示,但并不表示仅有一根总线或一种类型的总线。The processor, network interface, and memory can be connected to each other through an internal bus. The internal bus can be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnection standard) bus, or an EISA (Extended) bus. Industry Standard Architecture, extended industry standard structure) bus, etc. The bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of presentation, only one bidirectional arrow is used in FIG. 9, but it does not mean that there is only one bus or one type of bus.
存储器,用于存放程序。具体地,程序可以包括程序代码,所述程序代码包括计算机操作指令。存储器可以包括内存和非易失性存储器,并向处理器提供指令和数据。Memory, used to store programs. Specifically, the program may include program code, and the program code includes computer operation instructions. The memory may include memory and non-volatile memory, and provide instructions and data to the processor.
处理器从非易失性存储器中读取对应的计算机程序到内存中然后运行,在逻辑层面上形成上述安全认证装置。处理器,执行存储器所存放的程序,并具体用于执行以下操作:The processor reads the corresponding computer program from the non-volatile memory to the memory and then runs it to form the above-mentioned security authentication device on a logical level. The processor executes the program stored in the memory, and is specifically used to perform the following operations:
基于终端设备采集用户行为特征序列。Collect user behavior characteristic sequences based on terminal equipment.
基于所述终端设备将所述用户行为特征序列发送至云服务器。Sending the user behavior characteristic sequence to a cloud server based on the terminal device.
基于所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训 练得到的。Perform anomaly detection on the user behavior feature sequence based on the cloud server based on an anomaly detection model, where the anomaly detection model is obtained by training based on the user's historical user behavior feature sequence in at least one terminal device.
基于云服务器将所述异常检测模型的异常检测结果发送至所述终端设备。Based on the cloud server, the anomaly detection result of the anomaly detection model is sent to the terminal device.
基于所述终端设备执行与所述异常检测结果匹配的安全认证流程。Based on the terminal device, a security authentication process that matches the abnormality detection result is executed.
通过图9所示的电子设备可以知道:基于本说明书实施例的方案,终端设备采集用户使用过程中的用户行为特征序列,并将用户行为特征序列上传云服务器,由云服务器对异常检测模型进行训练。在终端设备需要对用户进行安全认证时,云服务器基于异常检测模型,对现状的用户行为特征序列进行异常检测,并将异常检测结果反馈给终端设备,由终端设备执行与异常检测结果相匹配的安全认证流程。由于整个方案采用的是动态的安全认证方式,因此认证信息被泄露后带来的风险较低。此外,异常检测可以在用户无感知下进行,不会影响用户对终端设备的使用体验。It can be known from the electronic device shown in FIG. 9 that based on the solution of the embodiment of this specification, the terminal device collects the user behavior characteristic sequence during the use of the user, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server performs the abnormal detection model training. When the terminal device needs to authenticate the user safely, the cloud server performs anomaly detection on the current user behavior feature sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the matching with the abnormality detection result Safety certification process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
上述如本说明书图1所示实施例揭示的安全认证方法可以应用于处理器中,或者由处理器实现。处理器可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器可以是通用处理器,包括中央处理器(Central Processing Unit,CPU)、网络处理器(Network Processor,NP)等;还可以是数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本说明书实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本说明书实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器,处理器读取存储器中的信息,结合其硬件完成上述方法的步骤。The foregoing security authentication method disclosed in the embodiment shown in FIG. 1 of this specification may be applied to a processor or implemented by the processor. The processor may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method can be completed by an integrated logic circuit of hardware in the processor or instructions in the form of software. The above-mentioned processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (Network Processor, NP), etc.; it may also be a digital signal processor (DSP), a dedicated integrated Circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components. The methods, steps, and logical block diagrams disclosed in the embodiments of this specification can be implemented or executed. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like. The steps of the method disclosed in the embodiments of this specification can be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor. The software module can be located in a mature storage medium in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers. The storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.
应理解,本说明书实施例的电子设备可以实现上述安全认证装置在图1所示的实施例的功能,本文不再赘述。It should be understood that the electronic device of the embodiment of the present specification can realize the functions of the embodiment of the security authentication apparatus shown in FIG. 1, and details are not described herein again.
当然,除了软件实现方式之外,本说明书的电子设备并不排除其他实现方式,比如逻辑器件抑或软硬件结合的方式等等,也就是说以下处理流程的执行主体并不限定于各个逻辑单元,也可以是硬件或逻辑器件。Of course, in addition to the software implementation, the electronic equipment in this specification does not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution body of the following processing flow is not limited to each logic unit. It can also be a hardware or logic device.
此外,本说明书实施例还提出了一种计算机可读存储介质,该计算机可读存储介质存储一个或多个程序,该一个或多个程序包括指令。In addition, the embodiment of this specification also proposes a computer-readable storage medium that stores one or more programs, and the one or more programs include instructions.
可选地,该指令当被包括多个应用程序的便携式电子设备执行时,能够使该便携式电子设备执行图1所示实施例的方法,并具体用于执行以下方法:Optionally, when the instruction is executed by a portable electronic device including multiple application programs, the portable electronic device can execute the method of the embodiment shown in FIG. 1, and is specifically used to execute the following method:
基于终端设备采集用户行为特征序列。Collect user behavior characteristic sequences based on terminal equipment.
基于所述终端设备将所述用户行为特征序列发送至云服务器。Sending the user behavior characteristic sequence to a cloud server based on the terminal device.
基于所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的。Perform anomaly detection on the user behavior feature sequence based on the cloud server based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device.
基于云服务器将所述异常检测模型的异常检测结果发送至所述终端设备。Based on the cloud server, the anomaly detection result of the anomaly detection model is sent to the terminal device.
基于所述终端设备执行与所述异常检测结果匹配的安全认证流程。Based on the terminal device, a security authentication process that matches the abnormality detection result is executed.
应理解,上述指令当被包括多个应用程序的便携式电子设备执行时,能够使上文所述的安全认证装置实现图1所示实施例的功能。由于原理相同,本文不再赘述。It should be understood that, when the foregoing instructions are executed by a portable electronic device that includes multiple application programs, they can enable the security authentication apparatus described above to implement the functions of the embodiment shown in FIG. 1. Since the principle is the same, this article will not repeat them.
本领域技术人员应明白,本说明书的实施例可提供为方法、系统或计算机程序产品。因此,本说明书可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of this specification can be provided as a method, a system or a computer program product. Therefore, this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this specification can take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims may be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
以上仅为本说明书的实施例而已,并不用于限制本说明书。对于本领域技术人员来说,本说明书可以有各种更改和变化。凡在本说明书的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本说明书的权利要求范围之内。此外,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本文件的保护范围。The above are only examples of this specification, and are not intended to limit this specification. For those skilled in the art, this specification can have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this specification shall be included in the scope of the claims of this specification. In addition, all other embodiments obtained by a person of ordinary skill in the art without creative work shall fall within the protection scope of this document.

Claims (14)

  1. 一种安全认证方法,包括:A security authentication method, including:
    终端设备采集用户行为特征序列;Terminal equipment collects user behavior characteristic sequence;
    所述终端设备将所述用户行为特征序列发送至云服务器;Sending, by the terminal device, the user behavior characteristic sequence to a cloud server;
    所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;The cloud server performs anomaly detection on the user behavior feature sequence based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device;
    所述云服务器将所述异常检测模型的异常检测结果发送至所述终端设备;Sending, by the cloud server, an abnormality detection result of the abnormality detection model to the terminal device;
    所述终端设备执行与所述异常检测结果匹配的安全认证流程。The terminal device executes a safety authentication process that matches the abnormality detection result.
  2. 根据权利要求1所述的方法,还包括:The method according to claim 1, further comprising:
    所述终端设备在准备进行安全验证时,向所述云服务器发起辅助认证请求;When the terminal device is preparing to perform security verification, initiate an auxiliary authentication request to the cloud server;
    所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,包括:The cloud server performs anomaly detection on the user behavior feature sequence based on an anomaly detection model, including:
    所述云服务器获取在所述辅助认证请求接收时刻的预定时间段内的用户行为特征序列;Acquiring, by the cloud server, the user behavior characteristic sequence within a predetermined time period at the moment when the auxiliary authentication request is received;
    所述云服务器将所述预定时间段内的用户行为特征序列输入至异常检测模型,以对所述预定时间段内的用户行为特征序列进行异常检测。The cloud server inputs the user behavior feature sequence within the predetermined time period into the anomaly detection model to perform abnormality detection on the user behavior feature sequence within the predetermined time period.
  3. 根据权利要求1所述的方法,还包括:The method according to claim 1, further comprising:
    所述终端设备安装有支付应用,所述辅助认证请求是用户使用所述支付应用进行资源处理时,由所述支付应用控制所述终端设备发起的。The terminal device is installed with a payment application, and the auxiliary authentication request is initiated by the payment application controlling the terminal device when the user uses the payment application for resource processing.
  4. 根据权利要求3所述的方法,According to the method of claim 3,
    终端设备采集用户行为特征序列,包括:The terminal equipment collects user behavior characteristic sequences, including:
    终端设备采集用户在进行资源处理过程中的用户行为特征序列。The terminal device collects the user behavior characteristic sequence of the user in the process of resource processing.
  5. 根据权利要求1所述的方法,According to the method of claim 1,
    所述终端设备执行与所述异常检测结果匹配的安全认证流程,包括:The terminal device executing the safety authentication process matching the abnormal detection result includes:
    若所述异常检测结果指示未异常,则所述终端设备判定安全认证通过,否则向用户发起身份认证;If the abnormality detection result indicates that there is no abnormality, the terminal device determines that the security authentication is passed, otherwise, it initiates identity authentication to the user;
    若用户通过所述身份认证,则所述终端设备判定安全认证通过,否则判定安全认证失败。If the user passes the identity authentication, the terminal device determines that the security authentication is passed; otherwise, it determines that the security authentication fails.
  6. 根据权利要求5所述的方法,所述身份认证包括以下至少一者:生物认证、密码认证、USBKey认证。The method according to claim 5, the identity authentication includes at least one of the following: biometric authentication, password authentication, and USBKey authentication.
  7. 根据权利要求1-6中任一项所述的方法,所述用户行为特征序列包括以下至少 一者:用户运动轨迹特征序列、用户定位轨迹特征序列、用户触控特征序列和用户应用交互特征序列。The method according to any one of claims 1 to 6, wherein the user behavior characteristic sequence includes at least one of the following: a user motion trajectory characteristic sequence, a user positioning trajectory characteristic sequence, a user touch characteristic sequence, and a user application interaction characteristic sequence .
  8. 一种安全认证方法,包括:A security authentication method, including:
    终端设备采集用户行为特征序列;Terminal equipment collects user behavior characteristic sequence;
    所述终端设备将所述用户行为特征序列发送至云服务器,使得所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,并将所述异常检测模型的异常检测结果发送至所述终端设备,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;The terminal device sends the user behavior feature sequence to a cloud server, so that the cloud server performs anomaly detection on the user behavior feature sequence based on the anomaly detection model, and sends the abnormality detection result of the anomaly detection model to the cloud server. The terminal device, wherein the anomaly detection model is obtained by training based on the user's historical user behavior characteristic sequence in at least one terminal device;
    所述终端设备执行与所述异常检测结果匹配的安全认证流程。The terminal device executes a safety authentication process that matches the abnormality detection result.
  9. 一种安全认证方法,包括:A security authentication method, including:
    云服务器获取终端设备采集到的用户行为特征序列;The cloud server obtains the user behavior characteristic sequence collected by the terminal device;
    所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;The cloud server performs anomaly detection on the user behavior feature sequence based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device;
    所述云服务器将所述异常检测结果发送至终端设备,使得所述终端设备执行与所述异常检测结果匹配的安全认证流程。The cloud server sends the abnormality detection result to a terminal device, so that the terminal device executes a security authentication process matching the abnormality detection result.
  10. 一种安全认证装置,包括:A safety authentication device includes:
    序列采集模块,基于终端设备采集用户行为特征序列;Sequence collection module, based on terminal equipment to collect user behavior characteristic sequences;
    第一发送模块,基于所述终端设备将所述用户行为特征序列发送至云服务器;A first sending module, which sends the user behavior characteristic sequence to a cloud server based on the terminal device;
    异常检测模块,基于所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;An anomaly detection module, which performs anomaly detection on the user behavior feature sequence based on the cloud server based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device;
    第二发送模块,基于云服务器将所述异常检测模型的异常检测结果发送至所述终端设备;A second sending module, which sends the abnormality detection result of the abnormality detection model to the terminal device based on the cloud server;
    安全认证模块,基于所述终端设备执行与所述异常检测结果匹配的安全认证流程。The security authentication module executes a security authentication process matching the abnormal detection result based on the terminal device.
  11. 一种终端设备,包括:A terminal device, including:
    采集模块,采集用户行为特征序列;Collection module, collect user behavior characteristic sequence;
    发送模块,将所述用户行为特征序列发送至云服务器,使得所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,并将所述异常检测模型的异常检测结果发送至所述终端设备,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;The sending module sends the user behavior characteristic sequence to the cloud server, so that the cloud server performs anomaly detection on the user behavior characteristic sequence based on the anomaly detection model, and sends the abnormality detection result of the anomaly detection model to the A terminal device, wherein the anomaly detection model is obtained by training based on the historical user behavior feature sequence of the user in at least one terminal device;
    执行模块,执行与所述异常检测结果匹配的安全认证流程。The execution module executes the safety authentication process matching the abnormal detection result.
  12. 一种云服务器,包括A cloud server including
    获取模块,获取终端设备采集到的用户行为特征序列;The acquiring module acquires the user behavior characteristic sequence collected by the terminal device;
    异常检测模块,基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;An anomaly detection module, which performs anomaly detection on the user behavior feature sequence based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device;
    发送模块,将所述异常检测结果发送至终端设备,使得所述终端设备执行与所述异常检测结果匹配的安全认证流程。The sending module sends the abnormality detection result to the terminal device, so that the terminal device executes a safety authentication process matching the abnormality detection result.
  13. 一种电子设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行:An electronic device includes: a memory, a processor, and a computer program stored on the memory and capable of running on the processor, the computer program being executed by the processor:
    基于终端设备采集用户行为特征序列;Collect user behavior characteristic sequences based on terminal equipment;
    基于所述终端设备将所述用户行为特征序列发送至云服务器;Sending the user behavior characteristic sequence to a cloud server based on the terminal device;
    基于所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;Performing anomaly detection on the user behavior feature sequence based on the cloud server based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device;
    基于云服务器将所述异常检测模型的异常检测结果发送至所述终端设备;Sending the abnormality detection result of the abnormality detection model to the terminal device based on the cloud server;
    基于所述终端设备执行与所述异常检测结果匹配的安全认证流程。Based on the terminal device, a security authentication process that matches the abnormality detection result is executed.
  14. 一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如下步骤:A computer-readable storage medium having a computer program stored on the computer-readable storage medium, and when the computer program is executed by a processor, the following steps are implemented:
    基于终端设备采集用户行为特征序列;Collect user behavior characteristic sequences based on terminal equipment;
    基于所述终端设备将所述用户行为特征序列发送至云服务器;Sending the user behavior characteristic sequence to a cloud server based on the terminal device;
    基于所述云服务器基于异常检测模型对所述用户行为特征序列进行异常检测,其中,所述异常检测模型是基于用户在至少一个终端设备中的历史用户行为特征序列训练得到的;Performing anomaly detection on the user behavior feature sequence based on the cloud server based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device;
    基于云服务器将所述异常检测模型的异常检测结果发送至所述终端设备;Sending the abnormality detection result of the abnormality detection model to the terminal device based on the cloud server;
    基于所述终端设备执行与所述异常检测结果匹配的安全认证流程。Based on the terminal device, a security authentication process that matches the abnormality detection result is executed.
PCT/CN2020/103594 2019-10-25 2020-07-22 Security authentication method and related apparatus WO2021077825A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911023050.0A CN110795708A (en) 2019-10-25 2019-10-25 Security authentication method and related device
CN201911023050.0 2019-10-25

Publications (1)

Publication Number Publication Date
WO2021077825A1 true WO2021077825A1 (en) 2021-04-29

Family

ID=69441248

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/103594 WO2021077825A1 (en) 2019-10-25 2020-07-22 Security authentication method and related apparatus

Country Status (3)

Country Link
CN (1) CN110795708A (en)
TW (1) TW202117567A (en)
WO (1) WO2021077825A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110730459B (en) * 2019-10-25 2021-05-28 支付宝(杭州)信息技术有限公司 Method and related device for initiating near field communication authentication
CN110795708A (en) * 2019-10-25 2020-02-14 支付宝(杭州)信息技术有限公司 Security authentication method and related device
CN114119025B (en) * 2022-01-24 2022-05-17 深圳尚米网络技术有限公司 Safe payment method
CN114567678A (en) * 2022-02-28 2022-05-31 天翼安全科技有限公司 Resource calling method and device of cloud security service and electronic equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104318138A (en) * 2014-09-30 2015-01-28 杭州同盾科技有限公司 Method and device for verifying identity of user
US20150143494A1 (en) * 2013-10-18 2015-05-21 National Taiwan University Of Science And Technology Continuous identity authentication method for computer users
CN105049421A (en) * 2015-06-24 2015-11-11 百度在线网络技术(北京)有限公司 Authentication method based on use behavior characteristic of user, server, terminal, and system
CN107679383A (en) * 2017-09-30 2018-02-09 北京梆梆安全科技有限公司 A kind of auth method and device based on geographical position and contact pressure area
CN107871279A (en) * 2017-09-30 2018-04-03 上海壹账通金融科技有限公司 User ID authentication method and application server
CN109242475A (en) * 2018-09-07 2019-01-18 广东小天才科技有限公司 A kind of method of payment, payment mechanism and terminal device
CN110795708A (en) * 2019-10-25 2020-02-14 支付宝(杭州)信息技术有限公司 Security authentication method and related device

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9111076B2 (en) * 2013-11-20 2015-08-18 Lg Electronics Inc. Mobile terminal and control method thereof
CN105678125B (en) * 2014-11-20 2019-02-19 阿里巴巴集团控股有限公司 A kind of user authen method, device
CN108205616A (en) * 2016-12-16 2018-06-26 北京小米移动软件有限公司 Identity information method of calibration and device
CN107818251B (en) * 2017-09-27 2021-03-23 维沃移动通信有限公司 Face recognition method and mobile terminal
CN109741049A (en) * 2019-01-10 2019-05-10 广东小天才科技有限公司 A kind of quick payment method, device and equipment
CN110329271B (en) * 2019-06-18 2021-01-26 北京航空航天大学杭州创新研究院 Multi-sensor vehicle driving detection system and method based on machine learning
CN110244894A (en) * 2019-06-19 2019-09-17 清华大学 A kind of control method of screen locking, device, handheld terminal and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150143494A1 (en) * 2013-10-18 2015-05-21 National Taiwan University Of Science And Technology Continuous identity authentication method for computer users
CN104318138A (en) * 2014-09-30 2015-01-28 杭州同盾科技有限公司 Method and device for verifying identity of user
CN105049421A (en) * 2015-06-24 2015-11-11 百度在线网络技术(北京)有限公司 Authentication method based on use behavior characteristic of user, server, terminal, and system
CN107679383A (en) * 2017-09-30 2018-02-09 北京梆梆安全科技有限公司 A kind of auth method and device based on geographical position and contact pressure area
CN107871279A (en) * 2017-09-30 2018-04-03 上海壹账通金融科技有限公司 User ID authentication method and application server
CN109242475A (en) * 2018-09-07 2019-01-18 广东小天才科技有限公司 A kind of method of payment, payment mechanism and terminal device
CN110795708A (en) * 2019-10-25 2020-02-14 支付宝(杭州)信息技术有限公司 Security authentication method and related device

Also Published As

Publication number Publication date
CN110795708A (en) 2020-02-14
TW202117567A (en) 2021-05-01

Similar Documents

Publication Publication Date Title
WO2021077825A1 (en) Security authentication method and related apparatus
US10404754B2 (en) Query system and method to determine authentication capabilities
US10009327B2 (en) Technologies for secure storage and use of biometric authentication information
KR102216877B1 (en) Authentication method and apparatus based on biometric information in a electronic device
WO2021077828A1 (en) Near field communication authentication initiating method and related apparatus
US8752146B1 (en) Providing authentication codes which include token codes and biometric factors
TWI681350B (en) Method and device for code scanning payment on mobile equipment
US8925058B1 (en) Authentication involving authentication operations which cross reference authentication factors
US9762573B2 (en) Biometric framework allowing independent application control
CN105227316A (en) Based on mobile Internet account login system and the method for facial image authentication
CN110263507B (en) Passive security of applications
US9686274B2 (en) Informed implicit enrollment and identification
WO2021082543A1 (en) Security authentication method and apparatus, security authentication model training method and apparatus, and electronic device
EP3038317B1 (en) User authentication for resource transfer based on mapping of physiological characteristics
CN105635104B (en) Providing access to restricted resources via a persistent authenticated device network
WO2021120975A1 (en) Monitoring method and apparatus
WO2017016032A1 (en) Fingerprint verification method, fingerprint verification device and terminal
CN110909327A (en) Abnormity detection model updating method and device and electronic equipment
US20220261466A1 (en) User authentication based on behavioral biometrics
TW201800978A (en) Electronic device with fingerprint identification function and fingerprint identification method
CN105373715A (en) Wearable device based data access method and apparatus
CN109241728B (en) Method and device for acquiring password information, computer equipment and storage medium
CN103902865A (en) Information processing method and electronic device
CN106529624B (en) Method and device for authenticating biological characteristics
WO2021120066A1 (en) Mobile storage device, storage system, and storage method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20879451

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20879451

Country of ref document: EP

Kind code of ref document: A1