WO2021077825A1 - Procédé d'authentification de sécurité et appareil associé - Google Patents

Procédé d'authentification de sécurité et appareil associé Download PDF

Info

Publication number
WO2021077825A1
WO2021077825A1 PCT/CN2020/103594 CN2020103594W WO2021077825A1 WO 2021077825 A1 WO2021077825 A1 WO 2021077825A1 CN 2020103594 W CN2020103594 W CN 2020103594W WO 2021077825 A1 WO2021077825 A1 WO 2021077825A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal device
user behavior
anomaly detection
cloud server
user
Prior art date
Application number
PCT/CN2020/103594
Other languages
English (en)
Chinese (zh)
Inventor
刘磊
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021077825A1 publication Critical patent/WO2021077825A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • This document relates to the field of security technology, in particular to a security authentication method and related devices.
  • the purpose of the embodiments of this specification is to provide a safety authentication method and related devices, which can realize safety authentication more reliably and conveniently.
  • a security authentication method including: a terminal device collects a user behavior characteristic sequence; the terminal device sends the user behavior characteristic sequence to a cloud server; the cloud server responds to the user behavior based on an anomaly detection model Feature sequence for anomaly detection, wherein the anomaly detection model is trained based on the user’s historical user behavior feature sequence in at least one terminal device; the cloud server sends the anomaly detection result of the anomaly detection model to the Terminal equipment; The terminal equipment executes a safety authentication process that matches the abnormality detection result.
  • a security authentication method which includes: a terminal device collects a user behavior characteristic sequence; the terminal device sends the user behavior characteristic sequence to a cloud server, so that the cloud server performs a check on the user based on an anomaly detection model.
  • the behavior feature sequence performs abnormality detection, and the abnormality detection result of the abnormality detection model is sent to the terminal device, wherein the abnormality detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device ;
  • the terminal device executes a safety authentication process that matches the abnormality detection result.
  • a security authentication method including: a cloud server obtains a user behavior characteristic sequence collected by a terminal device; the cloud server performs anomaly detection on the user behavior characteristic sequence based on an anomaly detection model, wherein the abnormality The detection model is trained based on the user’s historical user behavior feature sequence in at least one terminal device; the cloud server sends the abnormality detection result to the terminal device, so that the terminal device executes matching with the abnormality detection result Safety certification process.
  • a security authentication device including:
  • Sequence collection module based on terminal equipment to collect user behavior characteristic sequences
  • a first sending module which sends the user behavior characteristic sequence to a cloud server based on the terminal device
  • An anomaly detection module which performs anomaly detection on the user behavior feature sequence based on the cloud server based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device;
  • a second sending module which sends the abnormality detection result of the abnormality detection model to the terminal device based on the cloud server;
  • the security authentication module executes a security authentication process matching the abnormal detection result based on the terminal device.
  • a terminal device including:
  • Collection module collect user behavior characteristic sequence
  • the sending module sends the user behavior characteristic sequence to the cloud server, so that the cloud server performs anomaly detection on the user behavior characteristic sequence based on the anomaly detection model, and sends the abnormality detection result of the anomaly detection model to the A terminal device, wherein the anomaly detection model is obtained by training based on the historical user behavior feature sequence of the user in at least one terminal device;
  • the execution module executes the safety authentication process matching the abnormal detection result.
  • a cloud server including:
  • the acquiring module acquires the user behavior characteristic sequence collected by the terminal device
  • An anomaly detection module which performs anomaly detection on the user behavior feature sequence based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device;
  • the sending module sends the abnormality detection result to the terminal device, so that the terminal device executes a safety authentication process matching the abnormality detection result.
  • an electronic device including: a memory, a processor, and a computer program stored on the memory and running on the processor, the computer program being executed by the processor: collection based on terminal equipment User behavior feature sequence; based on the terminal device, the user behavior feature sequence is sent to a cloud server; based on the cloud server, anomaly detection is performed on the user behavior feature sequence based on an anomaly detection model, wherein the anomaly detection model is Based on the user’s historical user behavior feature sequence training in at least one terminal device; based on the cloud server sending the abnormality detection result of the abnormality detection model to the terminal device; based on the terminal device execution and the abnormality detection result Matching safety certification process.
  • a computer-readable storage medium is provided, and a computer program is stored on the computer-readable storage medium.
  • the computer program is executed by a processor, the following steps are implemented: collecting a user behavior characteristic sequence based on a terminal device; The terminal device sends the user behavior characteristic sequence to a cloud server; and performs anomaly detection on the user behavior characteristic sequence based on the cloud server based on an anomaly detection model, wherein the anomaly detection model is based on the user's presence in at least one terminal
  • the device is obtained by training the historical user behavior feature sequence; based on the cloud server, the abnormality detection result of the abnormality detection model is sent to the terminal device; based on the terminal device, the security authentication process matching the abnormality detection result is executed.
  • the terminal device collects the user behavior characteristic sequence during the use of the user, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server trains the anomaly detection model.
  • the cloud server performs anomaly detection on the current user behavior feature sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the matching with the abnormality detection result Safety certification process. Since the entire scheme uses a dynamic security authentication method, the authentication information changes over time, and even if it is leaked, the risk generated is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • FIG. 1 is a schematic diagram of the first flow chart of the security authentication method provided by the embodiment of this specification.
  • FIG. 2 is a schematic diagram of the second flow of the security authentication method provided by the embodiment of this specification.
  • FIG. 3 is a schematic diagram of the third process of the security authentication method provided by the embodiment of this specification.
  • FIG. 4 is a schematic diagram of the fourth flow of the security authentication method provided by the embodiment of this specification.
  • FIG. 5 is a schematic diagram of the fifth flow of the security authentication method provided by the embodiment of this specification.
  • FIG. 6 is a schematic diagram of the structure of the security authentication device provided by the embodiment of this specification.
  • FIG. 7 is a schematic diagram of the structure of a terminal device provided by an embodiment of this specification.
  • FIG. 8 is a schematic diagram of the structure of the cloud server provided by the embodiment of this specification.
  • FIG. 9 is a schematic diagram of the structure of an electronic device provided by an embodiment of this specification.
  • current terminal devices mainly adopt static security authentication methods, such as fingerprint authentication, facial authentication, and password authentication.
  • static authentication information needs to be transmitted in computer memory and the network, so there is a risk of being intercepted by Trojan horse programs or monitoring devices.
  • this method also requires the user to cooperate with the operation. For example, fingerprint authentication requires the user to press the finger on the sensor, which is not convenient enough for the user, which affects the user experience.
  • the embodiments of this specification aim to provide a safer authentication method that is more user-friendly and more reliable.
  • Fig. 1 is a flowchart of a safety authentication method according to an embodiment of this specification. The method shown in Figure 1 can be executed by the following corresponding devices, including:
  • Step S102 The terminal device collects the user behavior characteristic sequence.
  • the terminal device can include, but is not limited to, common user personal devices such as PCs, mobile phones, PADs, smart bracelets, and smart glasses.
  • this type of terminal equipment generally has the function of collecting user behavior characteristic sequences.
  • the user behavior characteristic sequence can reflect the habit characteristics of the user using the terminal device.
  • the user behavior feature sequence may include, but is not limited to:
  • the user's dynamic motion trajectory sequence for example, the user's usual walking pace, stride length, etc., are recognized by the gravity sensor, gyroscope sensor, etc. of the terminal device.
  • the user's dynamic touch sequence such as the frequency and granularity of the user's touch on the screen of the terminal device, is recognized by the pressure sensor built into the terminal screen.
  • the user's dynamic application interaction sequence for example, the user's usage habits and preferences for the application, can be obtained from the system log of the terminal device.
  • Step S104 The terminal device sends the user behavior characteristic sequence to the cloud server.
  • the terminal device can send the user behavior characteristic sequence to the cloud server based on any network standard (4G, 5G and other mobile networks), which is not specifically limited in the embodiment of this specification.
  • the user can also specify a target terminal device responsible for interacting with the cloud server.
  • the terminal device may send the collected user behavior characteristic sequence to the target terminal device, and the target terminal device further forwards it to the cloud server.
  • Step S106 The cloud server performs anomaly detection on the user behavior feature sequence based on the anomaly detection model, and the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device.
  • the terminal device sends an auxiliary authentication request to the cloud server during the resource processing process of the user.
  • the cloud server obtains the user behavior characteristic sequence within a predetermined period of time when the auxiliary authentication request is received, and inputs the user behavior characteristic sequence to the anomaly detection model.
  • the predetermined time period described here should be close to the time when the cloud server receives the auxiliary authentication request. That is to say, after the cloud server receives the auxiliary authentication request, it will determine the appearance from the acquired user behavior characteristic sequence. User behavior characteristic sequence.
  • the predetermined time period may be the time after the cloud server receives the auxiliary authentication request, or it may be the time before the cloud server receives the auxiliary authentication request, which is not specifically limited in the embodiment of this specification.
  • the length of the predetermined time period can be flexibly set.
  • the time length of the predetermined time period is set according to the frequency with which user behavior characteristics are obtained from the terminal device.
  • the cloud server obtains the user behavior characteristic sequence from the terminal device every 24 hours
  • the time length corresponding to the predetermined time period may be 24 hours. That is, when receiving the auxiliary authentication request initiated by the target terminal device, the cloud server determines the user behavior characteristic acquired in the last day as the current user behavior characteristic.
  • the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device (the user can associate at least one terminal device to collect the user behavior feature sequence), and can compare the current user behavior feature sequence with the historical user behavior feature sequence , To determine whether an abnormality occurs. It should be noted that the implementation of the anomaly detection model is not unique, as long as it has a classification function, it can be applied to the solutions of the embodiments of this specification.
  • step S108 the cloud server sends the abnormality detection result to the terminal device.
  • the cloud server can directly send the abnormality detection result to the terminal device.
  • the cloud server may send the abnormality detection result to the target terminal device designated by the user, and the target terminal device further forwards the abnormality detection result to the aforementioned terminal device.
  • step S110 the terminal device executes a safety authentication process matching the abnormality detection result.
  • the terminal device determines that the safety authentication is passed. If the abnormality detection result indicates abnormality, the terminal device determines that the safety authentication has not passed.
  • the terminal device initiates in-depth identity authentication to the user, such as biometric authentication, password authentication, USBKey authentication, etc. If the user of the terminal device fails the identity authentication, it is determined that the security authentication has not passed, otherwise it is determined Safety certification passed.
  • the terminal device collects the user behavior characteristic sequence during the use of the user, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server detects the abnormality model Conduct training.
  • the cloud server performs anomaly detection on the current user behavior feature sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the matching with the abnormality detection result Safety certification process. Since the entire scheme uses a dynamic security authentication method, the authentication information changes over time, and even if it is leaked, the risk generated is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • the method of the embodiment of this specification aims to dynamically collect user behavior characteristic sequences through one or more terminal devices associated with the user, and based on the high-speed transmission capability of the network, analyze the user dynamic behavior in real time, and use artificial intelligence method to model and characterize User behavior attributes. If abnormal user behavior is found (inconsistent with the historically constructed user behavior attributes), a preset in-depth authentication process is initiated during the security authentication process.
  • the main process of the safety authentication method includes:
  • the terminal device periodically collects the user behavior characteristic sequence during the user's use according to the preset data synchronization rules, and sends the user behavior characteristic sequence to the cloud server.
  • the message sent by the terminal device of the user behavior characteristic sequence not only carries the user behavior characteristic sequence, but also includes the collection time corresponding to the user behavior characteristic sequence, so as to conveniently indicate that the cloud server can collect based on the user behavior characteristic sequence.
  • Time to determine the appearance user behavior feature sequence, that is, the user behavior feature sequence within the preset time period described above.
  • the cloud server After receiving the user behavior feature sequence, the cloud server adds the user behavior feature sequence as training data to the training data set, and when the training condition is triggered, trains the anomaly detection model based on the training data in the training data set.
  • the training condition trigger may include but is not limited to at least one of the following:
  • the cloud server may periodically use the training data in the training data set to train the anomaly detection model.
  • the training data set reaches a preset threshold relative to the incremental training data of the last training anomaly detection model. That is, when the cloud server accumulates a certain amount of new training data in the training data set, it uses the training data in the training data set to train the anomaly detection model.
  • the cloud server can iteratively update the abnormal model in real time to dynamically portray user behavior attributes, which is also the basis for realizing dynamic authentication.
  • the cloud server can use the user behavior feature sequence as the input of the anomaly detection model, and the user identification of the user as the output of the anomaly detection model to train the anomaly detection model.
  • the current user behavior feature sequence collected by the terminal device can be input into the anomaly detection model. If the anomaly detection model does not output the user identification used in the original training process, it means that there is an abnormality; otherwise, it means that there is no abnormality.
  • the cloud server may simultaneously use the user behavior feature sequence and the corresponding user identification as the input of the anomaly detection model, and use the specified anomaly detection result as the output of the anomaly detection model to train the anomaly detection model.
  • the current user behavior feature sequence collected by the terminal device and the corresponding user identification can be input into the anomaly detection model. If the anomaly detection model does not output the specified anomaly detection result used in the original training process, it means that there is an abnormality; otherwise, it means that there is no abnormality.
  • the above is the process of dynamic training of the anomaly detection model by the cloud server through the user behavior feature sequence uploaded by the terminal device.
  • the terminal device needs to initiate security verification for the user, it can send an auxiliary authentication request to the cloud server.
  • the cloud server After receiving the auxiliary authentication request, the cloud server determines the predetermined time period associated with the auxiliary authentication request time, and inputs the user behavior characteristic sequence obtained from the terminal device and belonging to the predetermined time period into the anomaly detection model, so that the anomaly detection model Perform anomaly detection on current user behavior characteristics.
  • the cloud server feeds back the anomaly detection result of the anomaly detection model to the terminal device.
  • the abnormality detection result indicates abnormality, it means that the current user behavior of the terminal device does not match the historical user behavior attributes portrayed by the model, and may not be a legitimate user. At this time, the terminal device can determine that the security authentication has failed, or further initiate in-depth identity authentication. If the abnormality detection result indicates that there is no abnormality, the terminal device determines that the safety authentication is passed.
  • the terminal device will perform security verification on the user when the user performs screen unlocking.
  • the corresponding method flow includes:
  • the terminal device collects the strength distribution characteristics of the user's handheld terminal device (that is, the user behavior characteristic sequence described above), and sends the strength distribution characteristics to the cloud server.
  • the cloud server uses historically acquired strength distribution characteristics of the user's handheld terminal device as training data to train the anomaly detection model so that the anomaly detection model portrays the habitual attributes of the user's handheld terminal device.
  • the terminal device collects the strength distribution characteristics of the handheld terminal device during the user's current unlocking process, and sends the strength distribution characteristics of the handheld terminal device during the user's current unlocking process to the cloud server through an auxiliary authentication request.
  • the cloud server inputs the strength distribution characteristics of the handheld terminal device during the user's current unlocking process carried in the auxiliary authentication request to the anomaly detection model to perform anomaly detection on the strength distribution characteristics of the handheld terminal device during the user's current unlocking process.
  • the cloud server feeds back the abnormality detection result to the terminal device, and the terminal device initiates an appropriate security authentication process based on the abnormality detection result. For example, when the abnormality detection result indicates an abnormality, the terminal device initiates in-depth identity authentication, such as gesture unlock authentication, fingerprint unlock authentication, password unlock authentication, and so on. If the abnormality detection result indicates that there is no abnormality, the terminal device sends a judgment that the security authentication is passed and directly unlocks the screen.
  • in-depth identity authentication such as gesture unlock authentication, fingerprint unlock authentication, password unlock authentication, and so on.
  • the cloud server determines that the legitimate user does not need to perform any specific operations, and can quickly unlock the terminal device, thereby obtaining a better user experience.
  • the cloud server determines an illegal user, it is necessary to unlock the screen of the terminal device based on conventional unlock authentication. This process does not need to introduce additional user operations and will not affect the user experience.
  • the payment application controls the terminal device to initiate security verification.
  • the corresponding method flow includes:
  • the terminal device periodically collects the user behavior characteristic sequence in the resource processing process when the user uses the payment application, and sends the user behavior characteristic sequence to the cloud server.
  • the user behavior characteristic sequence may include, but is not limited to, characteristics such as the intensity distribution of the keyboard stroke, the mouse click behavior, and the mouse click law.
  • the user behavior feature sequence can include, but is not limited to: the intensity distribution of the user’s fingertip interaction with the mobile device, the click behavior pattern and other characteristics, and can also further include: mobile device sensors (gravity sensors, angular velocity Sensors, temperature sensors) some basic features collected.
  • the cloud server uses the user behavior feature sequence in the resource processing process as training data to train the anomaly detection model when the user uses the payment application obtained in the history, so that the anomaly detection model describes the user's habit of using the payment application for resource processing .
  • the payment application controls the terminal device and initiates an auxiliary authentication request to its cloud server.
  • the cloud server After receiving the auxiliary authentication request, the cloud server determines the predetermined time period associated with the auxiliary authentication request time, and uses the user behavior characteristic sequence belonging to the predetermined time period as the current user behavior characteristic sequence. After that, the cloud server inputs the current user behavior feature sequence into the anomaly detection model to perform anomaly detection on the user.
  • the cloud server feeds back the abnormality detection result to the terminal device. If the abnormality detection result indicates an abnormality, the payment application initiates the deep identity authentication configured by the terminal device, such as fingerprint authentication and password authentication. If the abnormality detection result indicates that there is no abnormality, the payment application determines that the security authentication is passed and the user is allowed to perform resource processing operations.
  • Fig. 4 is a schematic flowchart of the security verification method on the terminal device side of the embodiment of this specification, including:
  • Step S402 the terminal device collects the user behavior characteristic sequence.
  • step S404 the terminal device sends the user behavior characteristic sequence to the cloud server, so that the cloud server performs anomaly detection on the user behavior characteristic sequence based on the anomaly detection model, and sends the anomaly detection result of the anomaly detection model to the terminal device.
  • the anomaly detection model is based on Obtained by the user's historical user behavior feature sequence training in at least one terminal device.
  • step S406 the terminal device executes a safety authentication process matching the abnormality detection result.
  • the terminal device collects the user behavior characteristic sequence during the user's use, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server trains the anomaly detection model.
  • the terminal device requests the cloud server to perform anomaly detection on the current user behavior characteristic sequence based on the anomaly detection model, and feeds back the anomaly detection result to the terminal device, and the terminal device performs security matching the anomaly detection result Certification process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • FIG. 5 is a schematic flow diagram of the security verification method on the cloud server side of the embodiment of this specification, including:
  • Step S502 The cloud server obtains the user behavior characteristic sequence collected by the terminal device.
  • Step S504 The cloud server performs anomaly detection on the user behavior feature sequence based on the anomaly detection model.
  • the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device.
  • step S506 the cloud server sends the abnormality detection result to the terminal device, so that the terminal device executes a security authentication process matching the abnormality detection result.
  • the cloud server uses the user behavior feature sequence collected by the terminal device during the use of the user to train the anomaly detection model, so that the anomaly detection model characterizes the user's user behavior attributes.
  • the cloud server performs abnormality detection on the current user behavior characteristic sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the security authentication that matches the abnormality detection result Process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • Fig. 6 is a safety authentication device 600 according to an embodiment of the present specification, including:
  • the sequence collection module 610 collects user behavior characteristic sequences based on the terminal device.
  • the first sending module 620 sends the user behavior characteristic sequence to the cloud server based on the terminal device.
  • An anomaly detection module 630 performs anomaly detection on the user behavior feature sequence based on the cloud server based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device .
  • the second sending module 640 sends the abnormality detection result of the abnormality detection model to the terminal device based on the cloud server.
  • the safety authentication module 650 executes a safety authentication process matching the abnormal detection result based on the terminal device.
  • the terminal device collects the user behavior characteristic sequence during the use of the user, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server detects the abnormality model Conduct training.
  • the cloud server performs anomaly detection on the current user behavior feature sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the matching with the abnormality detection result Safety certification process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • the sequence collection module 610 when executed, it specifically collects the user behavior characteristic sequence of the user in the resource processing process, wherein the resource processing process requires security authentication.
  • the safety authentication device in the embodiment of this specification further includes:
  • the auxiliary authentication request module sends an auxiliary authentication request to the cloud server during the resource processing process of the user.
  • the cloud server obtains the user behavior characteristic sequence within a predetermined time period at the moment when the auxiliary authentication request is received according to the auxiliary authentication request, and inputs the user behavior characteristic sequence within the predetermined time period into the anomaly detection model to perform abnormal detection.
  • the terminal device is installed with a payment application
  • the cloud server is a cloud server of the payment application
  • the auxiliary authentication request is that the payment application controls the terminal device when the user uses the payment application for payment processing Initiated.
  • the terminal device determines that the security authentication is passed, otherwise, identity authentication is initiated to the user of the terminal device. If the identity authentication of the terminal device includes at least one of the following:
  • the identity authentication includes at least one of the following: the biometric authentication, password authentication, and USBKey authentication.
  • the user behavior characteristic sequence includes at least one of the following: a user dynamic motion trajectory sequence, a user dynamic positioning trajectory sequence, a user dynamic touch sequence, and a user dynamic application interaction sequence.
  • the security authentication device of the embodiment of the present specification can be used as the execution subject of the security authentication method shown in FIG. 1 above, and therefore can realize the functions implemented by the security authentication method in FIG. 1. Since the principle is the same, this article will not repeat them.
  • FIG. 7 is a schematic structural diagram of a terminal device 700 according to an embodiment of the present specification, including:
  • the collection module 710 collects the user behavior characteristic sequence.
  • the sending module 720 sends the user behavior feature sequence to the cloud server, so that the cloud server performs anomaly detection on the user behavior feature sequence based on the anomaly detection model, and sends the abnormality detection result of the anomaly detection model to the cloud server.
  • the terminal device wherein the anomaly detection model is obtained by training based on the user's historical user behavior characteristic sequence in at least one terminal device;
  • the execution module 730 executes a safety authentication process matching the abnormal detection result.
  • the terminal device of the embodiment of the present specification can collect the user behavior characteristic sequence during the use of the user, and upload the user behavior characteristic sequence to the cloud server, and the cloud server trains the anomaly detection model.
  • security authentication is required, the terminal device requests the cloud server to perform anomaly detection on the current user behavior characteristic sequence based on the anomaly detection model, and feeds back the anomaly detection result to the terminal device, and the terminal device performs security matching the anomaly detection result Certification process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • the terminal device of the embodiment of the present specification can be used as the execution subject of the security authentication method shown in FIG. 4, and therefore can realize the functions implemented by the security authentication method in FIG. 4. Since the principle is the same, this article will not repeat them.
  • FIG. 8 is a schematic structural diagram of a cloud server 800 according to an embodiment of the present specification, including:
  • the obtaining module 810 obtains the user behavior characteristic sequence collected by the terminal device.
  • the anomaly detection module 820 performs anomaly detection on the user behavior feature sequence based on an anomaly detection model, where the anomaly detection model is trained based on the user's historical user behavior feature sequence in at least one terminal device.
  • the sending module 830 sends the abnormality detection result to the terminal device, so that the terminal device executes a safety authentication process matching the abnormality detection result.
  • the cloud server in the embodiment of the present specification uses the user behavior characteristic sequence collected by the terminal device during the use of the user to train the anomaly detection model, so that the anomaly detection model characterizes the user's user behavior attributes.
  • the cloud server performs abnormality detection on the current user behavior characteristic sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the security authentication that matches the abnormality detection result Process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • the cloud reset in the embodiment of this specification can be used as the execution subject of the security authentication method shown in FIG. 5, and therefore can realize the functions implemented by the security authentication method in FIG. 5. Since the principle is the same, this article will not repeat them.
  • Fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present specification.
  • the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory.
  • the memory may include memory, such as high-speed random access memory (Random-Access Memory, RAM), or may also include non-volatile memory (non-volatile memory), such as at least one disk storage.
  • RAM random access memory
  • non-volatile memory such as at least one disk storage.
  • the electronic device may also include hardware required by other services.
  • the processor, network interface, and memory can be connected to each other through an internal bus.
  • the internal bus can be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnection standard) bus, or an EISA (Extended) bus. Industry Standard Architecture, extended industry standard structure) bus, etc.
  • the bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of presentation, only one bidirectional arrow is used in FIG. 9, but it does not mean that there is only one bus or one type of bus.
  • the program may include program code, and the program code includes computer operation instructions.
  • the memory may include memory and non-volatile memory, and provide instructions and data to the processor.
  • the processor reads the corresponding computer program from the non-volatile memory to the memory and then runs it to form the above-mentioned security authentication device on a logical level.
  • the processor executes the program stored in the memory, and is specifically used to perform the following operations:
  • the anomaly detection result of the anomaly detection model is sent to the terminal device.
  • the terminal device collects the user behavior characteristic sequence during the use of the user, and uploads the user behavior characteristic sequence to the cloud server, and the cloud server performs the abnormal detection model training.
  • the cloud server performs anomaly detection on the current user behavior feature sequence based on the abnormality detection model, and feeds back the abnormality detection result to the terminal device, and the terminal device performs the matching with the abnormality detection result Safety certification process. Since the entire scheme uses a dynamic security authentication method, the risk of leakage of authentication information is low. In addition, anomaly detection can be performed without the user's perception, and will not affect the user's experience of using the terminal device.
  • the foregoing security authentication method disclosed in the embodiment shown in FIG. 1 of this specification may be applied to a processor or implemented by the processor.
  • the processor may be an integrated circuit chip with signal processing capabilities.
  • each step of the above method can be completed by an integrated logic circuit of hardware in the processor or instructions in the form of software.
  • the above-mentioned processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (Network Processor, NP), etc.; it may also be a digital signal processor (DSP), a dedicated integrated Circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components.
  • DSP digital signal processor
  • ASIC Application Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of this specification can be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a mature storage medium in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers.
  • the storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.
  • the electronic equipment in this specification does not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution body of the following processing flow is not limited to each logic unit. It can also be a hardware or logic device.
  • the embodiment of this specification also proposes a computer-readable storage medium that stores one or more programs, and the one or more programs include instructions.
  • the portable electronic device can execute the method of the embodiment shown in FIG. 1, and is specifically used to execute the following method:
  • the anomaly detection result of the anomaly detection model is sent to the terminal device.
  • this specification can be provided as a method, a system or a computer program product. Therefore, this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this specification can take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un procédé d'authentification de sécurité et un appareil associé. Dans le procédé d'authentification de sécurité selon l'invention : un dispositif terminal collecte une séquence de caractéristiques de comportement d'utilisateur (S102) ; le dispositif terminal envoie ladite séquence de caractéristiques à un serveur en nuage (S104) ; le serveur en nuage effectue une détection d'anomalie sur la séquence de caractéristiques de comportement d'utilisateur selon un modèle de détection d'anomalie, ledit modèle étant obtenu par apprentissage, en fonction d'une séquence historique de caractéristiques de comportement d'un utilisateur dans au moins un dispositif terminal (S106) ; le serveur en nuage envoie au dispositif terminal un résultat de détection d'anomalie du modèle de détection d'anomalie (S108) ; et le dispositif terminal exécute un processus d'authentification de sécurité correspondant au résultat de détection d'anomalie (S110).
PCT/CN2020/103594 2019-10-25 2020-07-22 Procédé d'authentification de sécurité et appareil associé WO2021077825A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911023050.0A CN110795708A (zh) 2019-10-25 2019-10-25 一种安全认证方法及相关装置
CN201911023050.0 2019-10-25

Publications (1)

Publication Number Publication Date
WO2021077825A1 true WO2021077825A1 (fr) 2021-04-29

Family

ID=69441248

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/103594 WO2021077825A1 (fr) 2019-10-25 2020-07-22 Procédé d'authentification de sécurité et appareil associé

Country Status (3)

Country Link
CN (1) CN110795708A (fr)
TW (1) TW202117567A (fr)
WO (1) WO2021077825A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110730459B (zh) * 2019-10-25 2021-05-28 支付宝(杭州)信息技术有限公司 一种近场通信认证的发起方法及相关装置
CN110795708A (zh) * 2019-10-25 2020-02-14 支付宝(杭州)信息技术有限公司 一种安全认证方法及相关装置
CN114119025B (zh) * 2022-01-24 2022-05-17 深圳尚米网络技术有限公司 一种安全支付方法
CN114567678B (zh) * 2022-02-28 2024-06-14 天翼安全科技有限公司 一种云安全服务的资源调用方法、装置及电子设备

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104318138A (zh) * 2014-09-30 2015-01-28 杭州同盾科技有限公司 一种验证用户身份的方法和装置
US20150143494A1 (en) * 2013-10-18 2015-05-21 National Taiwan University Of Science And Technology Continuous identity authentication method for computer users
CN105049421A (zh) * 2015-06-24 2015-11-11 百度在线网络技术(北京)有限公司 基于用户使用行为特征的认证方法、服务器、终端及系统
CN107679383A (zh) * 2017-09-30 2018-02-09 北京梆梆安全科技有限公司 一种基于地理位置和触压面积的身份验证方法及装置
CN107871279A (zh) * 2017-09-30 2018-04-03 上海壹账通金融科技有限公司 用户身份验证方法及应用服务器
CN109242475A (zh) * 2018-09-07 2019-01-18 广东小天才科技有限公司 一种支付方法、支付装置及终端设备
CN110795708A (zh) * 2019-10-25 2020-02-14 支付宝(杭州)信息技术有限公司 一种安全认证方法及相关装置

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9111076B2 (en) * 2013-11-20 2015-08-18 Lg Electronics Inc. Mobile terminal and control method thereof
CN105678125B (zh) * 2014-11-20 2019-02-19 阿里巴巴集团控股有限公司 一种用户认证方法、装置
CN108205616A (zh) * 2016-12-16 2018-06-26 北京小米移动软件有限公司 身份信息校验方法及装置
CN107818251B (zh) * 2017-09-27 2021-03-23 维沃移动通信有限公司 一种人脸识别方法及移动终端
CN109741049A (zh) * 2019-01-10 2019-05-10 广东小天才科技有限公司 一种快捷支付方法、装置及设备
CN110329271B (zh) * 2019-06-18 2021-01-26 北京航空航天大学杭州创新研究院 一种基于机器学习的多传感器车辆行驶检测系统及方法
CN110244894A (zh) * 2019-06-19 2019-09-17 清华大学 一种屏幕锁定的控制方法、装置、手持终端以及存储介质

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150143494A1 (en) * 2013-10-18 2015-05-21 National Taiwan University Of Science And Technology Continuous identity authentication method for computer users
CN104318138A (zh) * 2014-09-30 2015-01-28 杭州同盾科技有限公司 一种验证用户身份的方法和装置
CN105049421A (zh) * 2015-06-24 2015-11-11 百度在线网络技术(北京)有限公司 基于用户使用行为特征的认证方法、服务器、终端及系统
CN107679383A (zh) * 2017-09-30 2018-02-09 北京梆梆安全科技有限公司 一种基于地理位置和触压面积的身份验证方法及装置
CN107871279A (zh) * 2017-09-30 2018-04-03 上海壹账通金融科技有限公司 用户身份验证方法及应用服务器
CN109242475A (zh) * 2018-09-07 2019-01-18 广东小天才科技有限公司 一种支付方法、支付装置及终端设备
CN110795708A (zh) * 2019-10-25 2020-02-14 支付宝(杭州)信息技术有限公司 一种安全认证方法及相关装置

Also Published As

Publication number Publication date
TW202117567A (zh) 2021-05-01
CN110795708A (zh) 2020-02-14

Similar Documents

Publication Publication Date Title
WO2021077825A1 (fr) Procédé d'authentification de sécurité et appareil associé
WO2021077828A1 (fr) Procédé d'initiation d'authentification de communication en champ proche et appareil associé
US10404754B2 (en) Query system and method to determine authentication capabilities
US10009327B2 (en) Technologies for secure storage and use of biometric authentication information
TWI681350B (zh) 用於在行動設備上進行掃碼支付的方法及裝置
KR102216877B1 (ko) 전자장치에서 생체 정보를 이용한 인증 방법 및 장치
US8752146B1 (en) Providing authentication codes which include token codes and biometric factors
CN110263507B (zh) 应用程序的被动安全
CN106716297A (zh) 一种指纹识别的方法、装置及触摸屏终端
US9686274B2 (en) Informed implicit enrollment and identification
WO2021082543A1 (fr) Procédé et appareil d'authentification de sécurité, procédé et appareil d'entraînement de modèle d'authentification de sécurité, et dispositif électronique
WO2021120975A1 (fr) Procédé et appareil de surveillance
EP3038317B1 (fr) Procédé et dispositif de transfert de ressources
CN105635104B (zh) 经由持久经认证设备网络提供对受限资源的访问
KR102124445B1 (ko) 애플리케이션의 로그인 패스워드를 입력하기 위한 방법, 디바이스 및 단말기
WO2017016032A1 (fr) Procédé de vérification d'empreintes digitales, dispositif de vérification d'empreintes digitales et terminal
CN110909327A (zh) 一种异常检测模型更新方法、装置及电子设备
US20220261466A1 (en) User authentication based on behavioral biometrics
TW201800978A (zh) 具有指紋識別功能的電子裝置及指紋識別方法
CN105373715A (zh) 一种基于可穿戴设备的数据访问方法及装置
CN109241728B (zh) 密码信息的获取方法、装置、计算机设备及存储介质
CN109710692B (zh) 一种区块链网络中用户信息处理方法、装置及存储介质
JP6790839B2 (ja) セキュアエレメント、uimカード、認証方法、及び認証プログラム
CN114692127B (zh) 解锁方法、可穿戴设备及存储介质
CN103902865A (zh) 一种信息处理的方法及电子设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20879451

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20879451

Country of ref document: EP

Kind code of ref document: A1