CN113779521A - Identity authentication method and device, storage medium and electronic equipment - Google Patents
Identity authentication method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN113779521A CN113779521A CN202111058121.8A CN202111058121A CN113779521A CN 113779521 A CN113779521 A CN 113779521A CN 202111058121 A CN202111058121 A CN 202111058121A CN 113779521 A CN113779521 A CN 113779521A
- Authority
- CN
- China
- Prior art keywords
- user
- users
- credit granting
- score
- scores
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 230000004044 response Effects 0.000 claims description 11
- 230000003247 decreasing effect Effects 0.000 claims description 9
- 238000013475 authorization Methods 0.000 claims description 7
- 230000007423 decrease Effects 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000006399 behavior Effects 0.000 description 4
- 230000002159 abnormal effect Effects 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000003064 k means clustering Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
One or more embodiments of the present invention provide an identity authentication method, an identity authentication device, a storage medium, and an electronic device, where the identity authentication method includes: responding to a login request of a first user, and acquiring a credit granting score of the first user, wherein the credit granting score is related to the historical login condition of the first user; determining whether the first user is allowed to log in or not according to the credit granting score of the first user; according to the login condition of the first user at this time, the credit granting score of the first user is improved or reduced.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an identity authentication method and apparatus, a storage medium, and an electronic device.
Background
Identity authentication is an important means for ensuring the security of computer systems. Currently, identity authentication is usually handled for identity security of a single user. There are some authentication methods that can only control the current rights of the user. And the identity authentication is only carried out when the user logs in, so that the authentication state of the current user cannot be changed if the user falsifies the access in other ways after logging in, and the system is in danger.
Disclosure of Invention
In view of this, one or more embodiments of the present invention provide an identity authentication method, an identity authentication device, a storage medium, and an electronic device, which can effectively improve the security of a system.
One or more embodiments of the present invention provide an identity authentication method, including: responding to a login request of a first user, and acquiring a credit granting score of the first user, wherein the credit granting score is related to the historical login condition of the first user; determining whether the first user is allowed to log in or not according to the credit granting score of the first user; and increasing or decreasing the credit granting score of the first user according to the current login condition of the first user.
Optionally, after determining whether to allow the first user to log in according to the score of the first user, the method further includes: and according to the login condition of the first user at this time, increasing or decreasing the credit granting scores of other users associated with the first user, wherein the other users associated with the first user are users belonging to the same group as the first user.
Optionally, before responding to a login request of a first user and acquiring a credit granting score of the first user, the method further includes: acquiring characteristic data of a user, wherein the characteristic data at least comprises one of the following data: a user name, a group to which the user belongs, a user category and a credit rating of the user; and grouping the users according to the characteristic data.
Optionally, after the first user logs in, the method further includes: acquiring a safety index of a system; and if the safety index indicates that the system is in an unsafe state, reducing the credit granting scores of the first user and other users related to the first user.
Optionally, before responding to a login request of a first user and acquiring a credit granting score of the first user, the method further includes: and dividing the users into single-point credit granting users and common users according to the credit granting scores of the users, wherein the single-point credit granting users have the authority of improving the credit granting scores of the common users in the group.
Optionally, after the first user logs in, the method further includes: acquiring a safety index of a system; if the safety index indicates that the system is in an unsafe state, the ordinary user is prohibited from logging in; acquiring a request of the single-point trust user for improving the authorization scores of other second users in the group; increasing the credit granting score of the second user according to the request; and determining whether the second user is allowed to log in or not according to the credit granting score of the second user.
One or more embodiments of the present invention further provide an identity authentication apparatus, including: the system comprises a first obtaining module, a second obtaining module and a third obtaining module, wherein the first obtaining module is configured to respond to a login request of a first user and obtain credit granting scores of the first user, and the credit granting scores are determined by historical login conditions of the first user; the determining module is configured to determine whether to allow the first user to log in according to the credit granting score of the first user; and the first scoring module is configured to increase or decrease the credit granting score of the first user according to the current login condition of the first user.
Optionally, the apparatus further comprises: and the second scoring module is configured to increase or decrease credit granting scores of other users associated with the first user according to the current login condition of the first user after determining whether to allow the first user to log in according to the score of the first user, wherein the other users associated with the first user are users belonging to the same group as the first user.
Optionally, the apparatus further comprises: the second obtaining module is configured to obtain feature data of a user before obtaining the credit granting score of a first user in response to a login request of the first user, wherein the feature data at least comprises one of the following data: a user name, a group to which the user belongs, a user category and a credit rating of the user; a grouping module configured to group users according to the characteristic data.
Optionally, the apparatus further comprises: the third acquisition module is configured to acquire a security index of a system after the first user logs in; a third scoring module configured to reduce the credit granting score for the first user and other users associated with the first user if the security indicator indicates that the system is in an unsafe state.
Optionally, the apparatus further comprises: the dividing module is configured to divide the users into single-point credit granting users and common users according to the credit granting scores of the users before the credit granting scores of the first users are acquired in response to login requests of the first users, wherein the single-point credit granting users have the authority of improving the credit granting scores of the common users in the single-point credit granting users.
Optionally, the apparatus further comprises: the fourth acquisition module is configured to acquire the security index of the system after the first user logs in; a forbidding module configured to forbid the ordinary user from logging in if the security index indicates that the system is in an unsafe state; the fifth obtaining module is configured to obtain a request for improving the authorization score of other second users in the group of the single-point trust user; the fourth scoring module is configured to improve the credit granting score of the second user according to the request; and the determining module is configured to determine whether to allow the second user to log in according to the credit granting score of the second user.
One or more embodiments of the present invention also provide an electronic device including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; the power supply circuit is used for supplying power to each circuit or device of the electronic equipment; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing any one of the identity authentication methods.
One or more embodiments of the present invention also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform any one of the above-described identity authentication methods.
According to the identity authentication method, the identity authentication device, the storage medium and the electronic equipment, which are disclosed by one or more embodiments of the invention, the credit granting score of the first user is obtained in response to the login request of the first user, whether the first user is allowed to login is determined according to the credit granting score of the first user, and the credit granting score of the first user is increased or decreased according to the current login condition of the first user, so that the identity authentication of the user can be carried out according to the historical login condition of the user, and the safety of a computer system can be effectively ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow diagram illustrating a method of identity authentication in accordance with one or more embodiments of the present invention;
FIG. 2 is a flow diagram illustrating a method of identity authentication in accordance with one or more embodiments of the present invention;
fig. 3 is a schematic structural diagram illustrating an identity authentication apparatus according to one or more embodiments of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to one or more embodiments of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart illustrating an identity authentication method according to one or more embodiments of the present invention, as shown in fig. 1, the method including:
step 101: responding to a login request of a first user, and acquiring a credit granting score of the first user, wherein the credit granting score is related to the historical login condition of the first user;
optionally, the login request of the first user may include identity information of the first user, for example, a user name and a login password of the first user. In the step 101, it may be checked whether the user name and the login password of the first user are correct, and then the credit granting score of the first user is obtained on the basis that the user name and the login password of the first user are both correct. Whether the credit granting score of the first user meets a preset credit granting score threshold value is checked to be followed, so that the first user is allowed to log in under the condition that the user name and the password of the first user are correct and the credit granting score of the first user also meets the preset credit granting score threshold value
In one or more embodiments of the present invention, a set of uniform scoring mechanism may be used to perform credit granting scoring on each user according to the condition of the user logging in the system, so as to obtain credit granting scoring corresponding to each user, for example, if the user a successfully logs in the system, the credit granting scoring of the user a is improved, and for example, if the user B has a problem in the process of logging in the system, such as a login failure or an abnormal login, the credit granting scoring of the user B is reduced. And a uniform scoring mechanism is adopted to score the user, so that the manual intervention in the identity authentication process can be reduced, and the authentication process is simplified. And the credit rating of the user can be used as the basis of subsequent identity authentication.
Step 102: determining whether the first user is allowed to log in or not according to the credit granting score of the first user;
in one or more embodiments of the present invention, a system on which a user logs in may refer to, for example, a computer system, and based on this, for computers with different risk levels, when performing identity authentication on a user to be logged in, the authentication may be performed based on different authentication criteria. For example, computers are classified by risk level into high risk computers (e.g., secret computers), medium risk computers (e.g., secret computers), and low risk computers (e.g., open computers), with each different risk level computer corresponding to a different credit rating threshold. The credit granting scoring threshold corresponding to the high risk computer is the highest, the credit granting scoring threshold corresponding to the medium risk computer is the next highest, and the credit granting scoring threshold corresponding to the low risk computer is the lowest. In step 102, if the credit granting score of the first user is not lower than the credit granting score threshold corresponding to the risk level of the computer to be logged in, the first user is allowed to log in, otherwise, the first user is not allowed to log in.
Step 103: and increasing or decreasing the credit granting score of the first user according to the current login condition of the first user.
In one or more embodiments of the present invention, if the first user successfully logs in this time, the credit granting score of the first user may be increased, for example, a preset score may be added on the basis of the original credit granting score of the first user. If the first user fails to log in this time or logs in abnormally, the credit granting score of the first user can be reduced, for example, the preset score can be reduced on the basis of the original credit granting score of the first user.
The identity authentication method in one or more embodiments of the present invention obtains the credit granting score of the first user in response to the login request of the first user, determines whether to allow the first user to log in according to the credit granting score of the first user, and increases or decreases the credit granting score of the first user according to the current login condition of the first user, so that the identity authentication can be performed on the user according to the historical login condition of the user, and the security of the computer system can be effectively ensured.
In one or more embodiments of the present invention, after the user logs in the system, the authentication information of the user is also processed in real time, so as to implement full-period coverage on the security of the user, and based on this, after determining whether to allow the first user to log in according to the score of the first user, the identity authentication method may further include:
and according to the login condition of the first user at this time, increasing or decreasing the credit granting scores of other users associated with the first user, wherein the other users associated with the first user are users belonging to the same group as the first user. The login condition of the first user includes, but is not limited to, successful login, failed login, and abnormal login. When the first user successfully logs in at this time, a preset score value can be increased on the basis of the original credit granting scores of the first user and other users related to the first user; when the first user fails to log in or logs in abnormally, a preset score value can be subtracted on the basis of the original credit granting scores of the first user and other users related to the first user, and if dangerous logging-in exists in the system, logging-in can be limited for users with the credit granting scores lower than a threshold value. Based on the method, each user under the system can be guaranteed to score according to the login condition of the user or the members in the group to which the user belongs.
In one or more embodiments of the present invention, before obtaining the credit rating of the first user in response to a login request of the first user, the identity authentication method may further include:
acquiring characteristic data of a user, wherein the characteristic data at least comprises one of the following data:
a user name, a group to which the user belongs, a user category and a credit rating of the user;
the feature data of the user may be feature data of all users of the system. The user name is used for identifying the identity of the user; the group to which the user belongs may be, for example, a group designated when the user is created, and the group may be different from or the same as a group divided according to the user feature data, and the categories of the user may include, for example: users to which the data corresponds (users having rights to use certain data), users of the service (users having rights to use certain services), users to which the middleware corresponds (users having rights to use certain middleware), and users of the administrator identity.
And grouping the users according to the characteristic data.
Optionally, the users may be grouped according to the feature data of each user by using a clustering algorithm, for example, a K-Means clustering algorithm or other known clustering algorithms may be used, which is not specifically limited in the embodiment of the present invention.
In one or more embodiments of the present invention, after the first user logs in, the identity authentication method may further include: acquiring a safety index of a system; and if the safety index indicates that the system is in an unsafe state, reducing the credit granting scores of the first user and other users related to the first user. The obtaining of the security index of the system may include, for example: and if the user has dangerous operation behaviors or the login equipment is in a dangerous state, determining that the system is in an unsafe state. Dangerous operation behaviors may include, for example, abnormal behaviors, threatening behaviors, misoperation behaviors, and the like of the user. The step of reducing the credit granting score of the first user and the other users associated with the first user may be subtracting a preset score from existing authorization scores of the first user and the other users associated with the first user, respectively.
In one or more embodiments of the present invention, before obtaining the credit rating of the first user in response to a login request of the first user, the identity authentication method may further include: and dividing the users into single-point credit granting users and common users according to the credit granting scores of the users, wherein the single-point credit granting users have the authority of improving the credit granting scores of the common users in the group. As described above, the system scores each user according to a uniform scoring system, such that each user has a corresponding credit rating. When dividing users, each user in each group may be divided into a single-point trust user and a common user by taking the group as a unit. For example, for a plurality of users in a group, a user whose credit rating is much higher (for example, the credit rating is higher than a certain preset value than other users) than other users may be classified as a single-point credit user, and the other users may be classified as ordinary users. Or, all users of the system can be directly divided into single-point credit granting users and common users, users with credit granting scores far higher than other users and credit granting scores higher than a preset standard score value in the users of the system are divided into single-point credit granting users, and the other users are divided into common users. Based on the division of the single-point credit granting user and the common user, when the system is in an unsafe state, the common user can be granted credit by the single-point credit granting user, for example, the credit granting score of the common user is improved, or the common user is directly given login authority, so that the common user can also log in safely when the system is in the unsafe state.
In one or more embodiments of the present invention, after the first user logs in, the identity authentication method may further include:
acquiring a safety index of a system;
if the safety index indicates that the system is in an unsafe state, the ordinary user is prohibited from logging in;
acquiring a request of the single-point trust user for improving the authorization scores of other second users in the group; optionally, the single-point trust user may request to directly increase the trust score of the user in the group to the trust score threshold, or request to increase the trust score of the user in the group by a specified score.
Increasing the credit granting score of the second user according to the request; optionally, when the credit granting score of the second user is increased, the second user may be identified, and whether the second user is a user that causes the system to be in an unsafe state is determined, and if the second user is a user that causes the system to be in the unsafe state, the credit granting score of the second user may not be increased, so as to implement dynamic credit granting, and break through a limitation that authentication can only be performed when the user logs in a conventional identity authentication manner, so that identity security can cover a full period of user operation.
In one or more embodiments of the invention, when there is serious danger information in the computer or the system is attacked, the ordinary user is prohibited from logging in, and the associated user is also prohibited from logging in. But at this time, in order to ensure the stability of the system, it is necessary to ensure that the single-point trust user can normally log in. By processing the authentication information in real time, the single-point trust user can start an authorization mode. The single-point trust user is used for trusting the associated user, so that normal login of a part of users can be ensured. Therefore, the situation that the system cannot work normally due to the fact that too many users cannot log in can be prevented, and the stability of the system is guaranteed.
And determining whether the second user is allowed to log in or not according to the credit granting score of the second user. In addition, if whether the second user is the user causing the system to be in the unsafe state is not considered when the credit granting score of the second user is improved, the second user can be judged when whether the second user is allowed to log in is determined, and if the second user is judged to be the user causing the system to be in the unsafe state, the login of the second user is limited; and if the second user is not the user causing the system to be in an unsafe state, and the credit granting score of the second user meets the credit granting score threshold, allowing the second user to log in.
According to the identity authentication method, the identity authentication device, the storage medium and the electronic equipment, which are disclosed by one or more embodiments of the invention, the credit granting score of the first user is obtained in response to the login request of the first user, whether the first user is allowed to login is determined according to the credit granting score of the first user, and the credit granting score of the first user is increased or decreased according to the current login condition of the first user, so that the identity authentication of the user can be carried out according to the historical login condition of the user, and the safety of a computer system can be effectively ensured. After the first user logs in, the credit granting scores of other users related to the first user are increased or decreased according to the current login condition of the first user, and the safety of the user can be covered in a full period. The users are grouped, so that the users with similar characteristics can be divided into one group, and credit scores of the users can be adjusted by taking the group as a unit, thereby facilitating the management of the users. After the first user logs in, the credit granting scores of the first user and the related users are processed according to the safety state of the system, so that the harm of dangerous users to the system can be effectively reduced. The users are divided into single-point credit granting users and ordinary users according to the credit granting scores of the users, the single-point credit granting users are given credit granting rights items granted to the ordinary users in the group, when the system is in an unsafe state, the ordinary users in the group can also log in the system safely, and the stability of the system is guaranteed. When the system is in an unsafe state, the credit granting score of the common users in the group is improved through the single-point credit granting user, so that the common users in the group can also safely log in the system, the problem that the system cannot work normally due to the fact that too many users cannot log in is avoided, and the stability of the system is guaranteed.
In order to facilitate understanding of the identity authentication method according to the embodiment of the present invention, the identity authentication method according to the embodiment of the present invention is exemplarily described as an example with reference to fig. 2. As shown in fig. 2, the method includes:
step 201: uniformly scoring all users;
step 202: grade of the user is distinguished according to the score (such as the credit score);
step 203: judging whether the users are high-scoring users, for example, users with scores far higher than those of other users, determining the high-scoring users as single-point credit granting users, and determining the low-scoring users as common users;
step 204: and clustering the users, wherein the users belonging to one group with the single-point credit granting users are the associated authenticated users (namely the associated users) of the single-point credit granting users.
Step 205: processing real-time authentication information, if the user logs in safely, improving the score of the associated authentication user, if the system has dangerous information, reducing the score of the associated authentication user, and if the score of the associated authentication user is lower than the designated score, forbidding the associated authentication user to log in;
step 206: if serious dangerous information exists or the system is attacked, the single-point trust user is used for performing trust login on the associated authentication user.
Fig. 3 is a schematic structural diagram illustrating an identity authentication apparatus according to one or more embodiments of the present invention, and as shown in fig. 3, the apparatus 30 includes:
the first obtaining module 31 is configured to respond to a login request of a first user, and obtain a credit granting score of the first user, where the credit granting score is related to a historical login situation of the first user;
a determining module 32 configured to determine whether to allow the first user to log in according to the credit rating of the first user;
the first scoring module 33 is configured to increase or decrease the credit granting score of the first user according to the current login condition of the first user.
In one or more embodiments of the present invention, the identity authentication apparatus may further include:
and the second scoring module is configured to increase or decrease credit granting scores of other users associated with the first user according to the current login condition of the first user after determining whether to allow the first user to log in according to the score of the first user, wherein the other users associated with the first user are users belonging to the same group as the first user.
In one or more embodiments of the present invention, the identity authentication apparatus may further include:
the second obtaining module is configured to obtain feature data of a user before obtaining the credit granting score of a first user in response to a login request of the first user, wherein the feature data at least comprises one of the following data: a user name, a group to which the user belongs, a user category and a credit rating of the user; a grouping module configured to group users according to the characteristic data.
In one or more embodiments of the present invention, the identity authentication apparatus may further include:
the third acquisition module is configured to acquire a security index of a system after the first user logs in;
a third scoring module configured to reduce the credit granting score for the first user and other users associated with the first user if the security indicator indicates that the system is in an unsafe state.
In one or more embodiments of the present invention, the identity authentication apparatus may further include:
the dividing module is configured to divide the users into single-point credit granting users and common users according to the credit granting scores of the users before the credit granting scores of the first users are acquired in response to login requests of the first users, wherein the single-point credit granting users have the authority of improving the credit granting scores of the common users in the single-point credit granting users.
In one or more embodiments of the present invention, the identity authentication apparatus may further include:
the fourth acquisition module is configured to acquire the security index of the system after the first user logs in;
a forbidding module configured to forbid the ordinary user from logging in if the security index indicates that the system is in an unsafe state;
the fifth obtaining module is configured to obtain a request for improving the authorization score of other second users in the group of the single-point trust user;
the fourth scoring module is configured to improve the credit granting score of the second user according to the request;
and the determining module is configured to determine whether to allow the second user to log in according to the credit granting score of the second user.
One or more embodiments of the present invention also provide an electronic device including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; the power supply circuit is used for supplying power to each circuit or device of the electronic equipment; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing any one of the identity authentication methods.
One or more embodiments of the present invention also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform any one of the above-described identity authentication methods.
Accordingly, as shown in fig. 4, an electronic device provided by an embodiment of the present invention may include: the device comprises a shell 41, a processor 42, a memory 43, a circuit board 44 and a power circuit 45, wherein the circuit board 44 is arranged inside a space enclosed by the shell 41, and the processor 42 and the memory 43 are arranged on the circuit board 44; a power supply circuit 45 for supplying power to each circuit or device of the server; the memory 43 is used for storing executable program code; the processor 42 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 43, for executing any one of the identity authentication methods provided by the foregoing embodiments.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (9)
1. An identity authentication method, comprising:
responding to a login request of a first user, and acquiring a credit granting score of the first user, wherein the credit granting score is related to the historical login condition of the first user;
determining whether the first user is allowed to log in or not according to the credit granting score of the first user;
and increasing or decreasing the credit granting score of the first user according to the current login condition of the first user.
2. The method of claim 1, wherein after determining whether to allow the first user to log in based on the first user's rating, the method further comprises:
and according to the login condition of the first user at this time, increasing or decreasing the credit granting scores of other users associated with the first user, wherein the other users associated with the first user are users belonging to the same group as the first user.
3. The method of claim 1, wherein prior to obtaining the trust score of the first user in response to a login request of the first user, the method further comprises:
acquiring characteristic data of a user, wherein the characteristic data at least comprises one of the following data:
a user name, a group to which the user belongs, a user category and a credit rating of the user;
and grouping the users according to the characteristic data.
4. The method of claim 1, wherein after the first user logs in, the method further comprises:
acquiring a safety index of a system;
and if the safety index indicates that the system is in an unsafe state, reducing the credit granting scores of the first user and other users related to the first user.
5. The method of claim 1, wherein prior to obtaining the trust score of the first user in response to a login request of the first user, the method further comprises:
and dividing the users into single-point credit granting users and common users according to the credit granting scores of the users, wherein the single-point credit granting users have the authority of improving the credit granting scores of the common users in the group.
6. The method of claim 5, wherein after the first user logs in, the method further comprises:
acquiring a safety index of a system;
if the safety index indicates that the system is in an unsafe state, the ordinary user is prohibited from logging in;
acquiring a request of the single-point trust user for improving the authorization scores of other second users in the group;
increasing the credit granting score of the second user according to the request;
and determining whether the second user is allowed to log in or not according to the credit granting score of the second user.
7. An identity authentication apparatus, comprising:
the system comprises a first obtaining module, a second obtaining module and a third obtaining module, wherein the first obtaining module is configured to respond to a login request of a first user and obtain credit granting scores of the first user, and the credit granting scores are determined by historical login conditions of the first user;
the determining module is configured to determine whether to allow the first user to log in according to the credit granting score of the first user;
and the first scoring module is configured to increase or decrease the credit granting score of the first user according to the current login condition of the first user.
8. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; the power supply circuit is used for supplying power to each circuit or device of the electronic equipment; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing the identity authentication method of any one of the above claims 1 to 6.
9. A non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the identity authentication method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111058121.8A CN113779521B (en) | 2021-09-09 | 2021-09-09 | Identity authentication method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111058121.8A CN113779521B (en) | 2021-09-09 | 2021-09-09 | Identity authentication method and device, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113779521A true CN113779521A (en) | 2021-12-10 |
| CN113779521B CN113779521B (en) | 2024-05-24 |
Family
ID=78842181
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111058121.8A Active CN113779521B (en) | 2021-09-09 | 2021-09-09 | Identity authentication method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113779521B (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2014026020A (en) * | 2012-07-25 | 2014-02-06 | Kyocera Document Solutions Inc | Image forming apparatus |
| WO2015184894A2 (en) * | 2015-01-27 | 2015-12-10 | 中兴通讯股份有限公司 | Method and device for implementing multi-user login mode |
| CN107343007A (en) * | 2017-07-17 | 2017-11-10 | 广西科技大学 | Distributed file management method and system based on user identity and purview certification |
| CN108076018A (en) * | 2016-11-16 | 2018-05-25 | 阿里巴巴集团控股有限公司 | Identity authorization system, method, apparatus and account authentication method |
| CN108574658A (en) * | 2017-03-07 | 2018-09-25 | 腾讯科技(深圳)有限公司 | A kind of application login method and its equipment |
| CN110166438A (en) * | 2019-04-19 | 2019-08-23 | 平安科技(深圳)有限公司 | Login method, device, computer equipment and the computer storage medium of account information |
| WO2019195143A1 (en) * | 2018-04-05 | 2019-10-10 | Visa International Service Association | System, method, and apparatus for authenticating a user |
| EP3567536A1 (en) * | 2018-05-09 | 2019-11-13 | Capital One Services, LLC | Real-time selection of authentication procedures based on risk assessment |
| US20200014702A1 (en) * | 2015-06-02 | 2020-01-09 | Dipankar Dasgupta | Adaptive multi-factor authentication system with multi-user permission strategy to access sensitive information |
| US20200028850A1 (en) * | 2018-07-20 | 2020-01-23 | International Business Machines Corporation | Privileged identity authentication based on user behaviors |
| CN112417416A (en) * | 2020-11-19 | 2021-02-26 | 深圳市德普光业科技有限公司 | Authentication interaction method, system and storage medium of service system |
| CN112653679A (en) * | 2020-12-14 | 2021-04-13 | 北京指掌易科技有限公司 | Dynamic identity authentication method, device, server and storage medium |
| US20210168148A1 (en) * | 2019-12-02 | 2021-06-03 | Michael Boodaei | Contextual scoring of authenticators |
-
2021
- 2021-09-09 CN CN202111058121.8A patent/CN113779521B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2014026020A (en) * | 2012-07-25 | 2014-02-06 | Kyocera Document Solutions Inc | Image forming apparatus |
| WO2015184894A2 (en) * | 2015-01-27 | 2015-12-10 | 中兴通讯股份有限公司 | Method and device for implementing multi-user login mode |
| US20200014702A1 (en) * | 2015-06-02 | 2020-01-09 | Dipankar Dasgupta | Adaptive multi-factor authentication system with multi-user permission strategy to access sensitive information |
| CN108076018A (en) * | 2016-11-16 | 2018-05-25 | 阿里巴巴集团控股有限公司 | Identity authorization system, method, apparatus and account authentication method |
| CN108574658A (en) * | 2017-03-07 | 2018-09-25 | 腾讯科技(深圳)有限公司 | A kind of application login method and its equipment |
| CN107343007A (en) * | 2017-07-17 | 2017-11-10 | 广西科技大学 | Distributed file management method and system based on user identity and purview certification |
| WO2019195143A1 (en) * | 2018-04-05 | 2019-10-10 | Visa International Service Association | System, method, and apparatus for authenticating a user |
| EP3567536A1 (en) * | 2018-05-09 | 2019-11-13 | Capital One Services, LLC | Real-time selection of authentication procedures based on risk assessment |
| US20200028850A1 (en) * | 2018-07-20 | 2020-01-23 | International Business Machines Corporation | Privileged identity authentication based on user behaviors |
| CN110166438A (en) * | 2019-04-19 | 2019-08-23 | 平安科技(深圳)有限公司 | Login method, device, computer equipment and the computer storage medium of account information |
| US20210168148A1 (en) * | 2019-12-02 | 2021-06-03 | Michael Boodaei | Contextual scoring of authenticators |
| CN112417416A (en) * | 2020-11-19 | 2021-02-26 | 深圳市德普光业科技有限公司 | Authentication interaction method, system and storage medium of service system |
| CN112653679A (en) * | 2020-12-14 | 2021-04-13 | 北京指掌易科技有限公司 | Dynamic identity authentication method, device, server and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 郭威;: "企业级信息管理***认证统一管理的设计与实现", 南方能源建设, no. 1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113779521B (en) | 2024-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110851274B (en) | Resource access control method, device, equipment and storage medium | |
| US10243935B2 (en) | User authentication based on tracked activity | |
| US9332019B2 (en) | Establishment of a trust index to enable connections from unknown devices | |
| US20180041488A1 (en) | System and methods for enhancing authentication procedures in an anti-fraud environment | |
| US8365245B2 (en) | Previous password based authentication | |
| US9882914B1 (en) | Security group authentication | |
| CN112653714A (en) | Access control method, device, equipment and readable storage medium | |
| CN112613020A (en) | Identity verification method and device | |
| CN109639724B (en) | Password retrieving method, password retrieving device, computer device and storage medium | |
| US20170171188A1 (en) | Non-transitory computer-readable recording medium, access monitoring method, and access monitoring apparatus | |
| CN112231726B (en) | Access control method and device based on trusted verification and computer equipment | |
| CN110751488A (en) | Intelligent terminal safety payment method, terminal and medium | |
| GB2511054A (en) | Protecting multi-factor authentication | |
| CN112653679B (en) | Dynamic identity authentication method, device, server and storage medium | |
| CN111953635B (en) | Interface request processing method and computer-readable storage medium | |
| CN111309978A (en) | Transformer substation system safety protection method and device, computer equipment and storage medium | |
| KR101768942B1 (en) | System and method for secure authentication to user access | |
| CN111814121B (en) | Login authentication management system and method based on computer system | |
| CN113779521B (en) | Identity authentication method and device, storage medium and electronic equipment | |
| CN112464213A (en) | Operating system access control method, device, equipment and storage medium | |
| CN110839215B (en) | Cluster communication method, server, terminal equipment and storage medium | |
| CN112138404A (en) | Game APP login verification method and system | |
| CN110955884B (en) | Method and device for determining upper limit times of password trial and error | |
| CN114404998A (en) | Account abnormity verification method, account abnormity verification device, client and computer readable storage medium | |
| CN111193687B (en) | Validity verification method, device, equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |