CN114741677A - Method and device for distributing data access authority based on user behavior fingerprint - Google Patents

Method and device for distributing data access authority based on user behavior fingerprint Download PDF

Info

Publication number
CN114741677A
CN114741677A CN202210270948.3A CN202210270948A CN114741677A CN 114741677 A CN114741677 A CN 114741677A CN 202210270948 A CN202210270948 A CN 202210270948A CN 114741677 A CN114741677 A CN 114741677A
Authority
CN
China
Prior art keywords
behavior
touch
condition
user
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210270948.3A
Other languages
Chinese (zh)
Other versions
CN114741677B (en
Inventor
李振军
陆芸婷
廖银萍
刘运时
周兵
夏清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Institute of Technology
Original Assignee
Shenzhen Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Institute of Technology filed Critical Shenzhen Institute of Technology
Priority to CN202210270948.3A priority Critical patent/CN114741677B/en
Publication of CN114741677A publication Critical patent/CN114741677A/en
Application granted granted Critical
Publication of CN114741677B publication Critical patent/CN114741677B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The embodiment of the invention provides a method and a device for distributing data access authority based on user behavior fingerprints, wherein the method is used for determining the access authority of data in a mobile control terminal through local processing of the mobile control terminal; the method comprises the following steps: generating a behavior fingerprint corresponding to a binding user according to a pre-recorded user behavior condition of the binding user during use; when the mobile control terminal is awakened in an interactive mode, acquiring the current user behavior condition, and generating a behavior verification fingerprint according to the current user behavior condition; access restrictions on the permission data are removed when the behavior verification fingerprint matches the behavior fingerprint. Through local processing, the personal privacy of the user is ensured safely, and personal information is prevented from being leaked; the mobile control terminal is enabled to judge the user authority under the scene without a network through local processing; by using the behavior fingerprint as a condition of authority distribution, the leakage of privacy data when the mobile control terminal is lost can be reduced.

Description

Method and device for distributing data access authority based on user behavior fingerprint
Technical Field
The invention relates to the technical field of data security, in particular to a method and a device for distributing data access permission based on user behavior fingerprints.
Background
With the continuous development of mobile device technology, various mobile control terminals are widely applied to daily life of people, and once become a part of people which cannot be lost in life and work. These terminal devices store and associate a large amount of private information of the user, so that the security of the terminal device becomes especially important.
Existing terminal devices generally use different forms of passwords to confirm the identity of a user, for example: character codes, fingerprints, human faces and the like. However, character passwords are easily cracked or revealed; fingerprints and human faces are easy to be imitated by lawbreakers under the support of the current image technology, so that the cracking purpose is achieved.
User behaviors are difficult to copy and high in cracking difficulty, and are taken as a preferred target of identity authentication of a new generation, but the current identity authentication modes based on the user behaviors are all based on a cloud computing mode, terminal equipment needs to send behavior characteristics of a user to a cloud server for characteristic recognition so as to achieve the purpose of authentication, risks of hijacking of data or leakage of server data are very easy to occur in the authentication process, and personal privacy of the user is not guaranteed; and the authentication process is extremely network-dependent, and in the signal blind area, such as: airplanes, elevators, etc. cannot be authenticated, which brings great inconvenience to users.
Disclosure of Invention
In view of the above, the present application is directed to a method and apparatus for assigning data access rights based on user behavior fingerprints, which overcomes or at least partially solves the above problems, and comprises:
a method for assigning data access rights based on user behavior fingerprints is used for determining the access rights of data in a mobile control terminal through local processing of the mobile control terminal; the mobile control terminal comprises at least two of a direction sensor, a touch sensor and a physical key; the data comprises authority data and non-authority data; the method comprises the following steps:
the mobile control terminal generates a behavior fingerprint corresponding to the binding user according to the pre-recorded user behavior condition of the binding user during use; wherein the user behavior condition comprises at least two of a direction condition fed back by the direction sensor, a touch condition fed back by the touch sensor and a trigger condition fed back by the physical key;
when the mobile control terminal is awakened in an interactive mode, the mobile control terminal acquires the current user behavior condition and generates a behavior verification fingerprint according to the current user behavior condition;
and when the behavior verification fingerprint is matched with the behavior fingerprint, the mobile control terminal releases the access limitation of the authority data.
Further, the non-permission data includes non-verification data and verification data; the method further comprises:
periodically recording a first behavior condition of the bound user when the bound user calls the verification data;
recording a second behavior condition of the bound user when the bound user calls the authority data;
and generating the user behavior situation according to the first behavior situation and the second behavior situation.
Further, the step of periodically recording the first behavior of the bound user when invoking the verification data includes:
when the verification data is in an acquisition period, acquiring at least two of a first direction change parameter fed back by the direction sensor, a first touch parameter fed back by the touch sensor and a first pressing parameter fed back by the physical key when the user calls the verification data; wherein the first direction change parameter comprises a first inclination angle and a first inclination direction recorded by the direction sensor; the first touch parameters comprise first touch coordinates recorded by the touch sensor and first touch time corresponding to each coordinate; the first pressing parameter comprises a first key triggering time and a first triggering number of times of the physical pressing;
generating the first behavior according to at least two of a first direction change parameter, a first touch parameter and a first press parameter.
Further, the step of recording a second behavior of the bound user when invoking the rights data includes:
acquiring at least two of a second direction change parameter fed back by the direction sensor, a second touch parameter fed back by the touch sensor and a second pressing parameter fed back by the physical key when the user calls the authority data; wherein the second direction change parameter comprises a second inclination angle and a second inclination direction recorded by the direction sensor; the second touch parameter comprises a second touch coordinate recorded by the touch sensor and second touch time corresponding to each coordinate; the second pressing parameter comprises a second key triggering time and a second triggering number of times of the physical pressing;
generating the second behavior condition according to at least two of a second direction change parameter, a second touch parameter and a second press parameter.
Further, the step of generating the user behavior based on the first behavior and the second behavior includes:
determining intersection coordinates between the first touch parameters and the second touch parameters;
generating a touch verification area according to the intersection coordinate and the union coordinate between the first touch parameter and the second touch parameter and a preset weight;
calculating the average touch time of the touch verification area according to the first touch time corresponding to all the first touch coordinates and the second touch time corresponding to all the second touch coordinates contained in the touch verification area;
and generating the touch condition according to the touch verification area and the average touch time.
Further, the step of generating the user behavior based on the first behavior and the second behavior includes:
determining a direction intersection between the first tilt direction and the second tilt direction;
calculating an average inclination angle of the inclined verification area according to all the first inclination angles and all the second inclination angles contained in the inclined verification area, and generating an inclined verification area according to the direction intersection and the average inclination angle of the inclined verification area;
and generating the direction condition according to the inclination verification area and the average inclination angle.
Further, the step of generating the user behavior based on the first behavior and the second behavior includes:
determining the average trigger time of the physical key according to the first trigger time and the second trigger time;
determining the average triggering times of the physical key according to the first triggering times and the second triggering times;
and generating the triggering condition according to the average triggering time and the average triggering times.
An apparatus for assigning data access rights based on user behavior fingerprints, the apparatus being configured to determine access rights for data in a mobile control terminal through local processing of the mobile control terminal; the mobile control terminal comprises at least two of a direction sensor, a touch sensor and a physical key; the data comprises authority data and non-authority data; characterized in that the device comprises:
the behavior fingerprint generating module is used for generating a behavior fingerprint corresponding to the binding user according to the pre-recorded user behavior condition of the binding user in use; wherein the user behavior condition comprises at least two of a direction condition fed back by the direction sensor, a touch condition fed back by the touch sensor and a trigger condition fed back by the physical key;
the behavior verification fingerprint generation module is used for acquiring the current user behavior condition when the mobile control terminal is awakened in an interactive mode and generating a behavior verification fingerprint according to the current user behavior condition;
and the access restriction removing module is used for removing the access restriction of the authority data when the behavior verification fingerprint is matched with the behavior fingerprint.
A computer device comprising a processor, a memory and a computer program stored on the memory and capable of running on the processor, the computer program, when executed by the processor, implementing a method of assigning data access rights based on user behavior fingerprints.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out a method of assigning data access rights based on user behavior fingerprints.
The application has the following advantages:
in the embodiment of the application, the mobile control terminal generates a behavior fingerprint corresponding to a binding user according to a pre-recorded user behavior condition of the binding user during use; wherein the user behavior condition comprises at least two of a direction condition fed back by the direction sensor, a touch condition fed back by the touch sensor and a trigger condition fed back by the physical key; when the mobile control terminal is awakened in an interactive mode, acquiring the current user behavior condition, and generating a behavior verification fingerprint according to the current user behavior condition; releasing the access restriction of the permission data when the behavior verification fingerprint matches the behavior fingerprint. Through local processing, the personal privacy of the user is ensured safely, and personal information is prevented from being leaked; the mobile control terminal is enabled to judge the user authority under the network-free scene through the localization processing process; by taking the behavior fingerprint as the condition of authority distribution, the leakage of privacy data when the mobile control terminal is lost can be reduced, and economic loss caused by misoperation of children can also be avoided.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings needed to be used in the description of the present application will be briefly introduced below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive labor.
FIG. 1 is a flowchart illustrating steps of a method for assigning data access rights based on user behavior fingerprints according to an embodiment of the present application;
FIG. 2 is a block diagram illustrating an apparatus for assigning data access rights based on user behavior fingerprints according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, the present application is described in further detail with reference to the accompanying drawings and the detailed description. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, a method for assigning data access rights based on user behavior fingerprints, which is provided by an embodiment of the present application, is shown, and is used for determining the access rights of data in a mobile control terminal through a local process of the mobile control terminal; the mobile control terminal comprises at least two of a direction sensor, a touch sensor and a physical key; the data comprises authority data and non-authority data; the method comprises the following steps:
s110, the mobile control terminal generates a behavior fingerprint corresponding to a binding user according to a pre-recorded user behavior condition of the binding user during use; the user behavior condition comprises at least two of a direction condition fed back by the direction sensor, a touch condition fed back by the touch sensor and a trigger condition fed back by the physical key;
s120, when the mobile control terminal is awakened in an interactive mode, the mobile control terminal acquires the current user behavior condition and generates a behavior verification fingerprint according to the current user behavior condition;
s130, when the behavior verification fingerprint is matched with the behavior fingerprint, the mobile control terminal releases the access limitation of the authority data.
In the embodiment of the application, the mobile control terminal generates a behavior fingerprint corresponding to a binding user according to a pre-recorded user behavior condition of the binding user during use; wherein the user behavior condition comprises at least two of a direction condition fed back by the direction sensor, a touch condition fed back by the touch sensor and a trigger condition fed back by the physical key; when the mobile control terminal is awakened in an interactive mode, acquiring the current user behavior condition, and generating a behavior verification fingerprint according to the current user behavior condition; releasing the access restriction of the permission data when the behavior verification fingerprint matches the behavior fingerprint. Through local processing, the personal privacy of the user is ensured safely, and personal information is prevented from being leaked; the mobile control terminal is enabled to judge the user authority under the network-free scene through the localization processing process; by taking the behavior fingerprint as the condition of authority distribution, the leakage of privacy data when the mobile control terminal is lost can be reduced, and economic loss caused by misoperation of children can also be avoided.
Next, a method of assigning data access rights based on user behavior fingerprints in the present exemplary embodiment will be further described.
As described in the above step S110, the mobile control terminal generates a behavior fingerprint corresponding to the bound user according to the pre-recorded user behavior of the bound user during use; wherein the user behavior condition comprises at least two of a direction condition fed back by the direction sensor, a touch condition fed back by the touch sensor, and a trigger condition fed back by the physical key.
In an embodiment of the present invention, the step S110 of generating, by the mobile control terminal, a behavior fingerprint corresponding to a bound user according to a pre-recorded user behavior of the bound user during use may be further described with reference to the following description; wherein the user behavior condition comprises at least two specific processes of direction condition fed back by the direction sensor, touch condition fed back by the touch sensor and triggering condition fed back by the physical key.
It should be noted that the direction sensor may be a gyroscope, and the direction condition may include a rotation deviation direction detected by the gyroscope in real time, such as: forward leaning, backward leaning, clockwise rotation, counterclockwise rotation, overturning and the like; and may also include the angle of rotation.
It should be noted that the touch sensor may be a touch screen, and the touch condition may include a position where a user touches the touch screen (the position may be recorded by coordinates) detected by the touch screen in real time; and the touch duration of the screen by the user can be further included.
It should be noted that the physical key may be a screen wakeup button and other functional buttons attached to the device, and the triggering condition may include the number of times of triggering the button; the trigger duration of the button may also be included.
As an example, the behavior fingerprint includes behavior features as features with relevance, where the behavior fingerprint may include all the parameter features in the above-mentioned direction case, touch case and trigger case, or only include some of the parameter features in two or three cases.
In one implementation, while the device screen is being touched continuously (total duration A), a is being touched continuously1After time, the device is tilted backwards by an angle of B DEG and continuously touches a2After time, the device elevation angle returns to 0, and finally, at touch a3The screen touching process ends after a time, where a1+a2+a3=A。
In an embodiment of the present invention, the method further includes:
periodically recording a first behavior of the bound user when the bound user calls the verification data, as described in the following steps;
in an embodiment of the present invention, a specific process of "periodically recording the first behavior of the bound user when invoking the verification data" may be further described in conjunction with the following description.
When the verification data is called, at least two of a first direction change parameter fed back by the direction sensor, a first touch parameter fed back by the touch sensor and a first pressing parameter fed back by the physical key are obtained when the verification data is called by a user; wherein the first direction change parameter comprises a first inclination angle and a first inclination direction recorded by the direction sensor; the first touch parameter comprises a first touch coordinate recorded by the touch sensor and first touch time corresponding to each coordinate; the first pressing parameter comprises a first key triggering time and a first triggering number of times of the physical pressing;
it should be noted that the acquisition period may be a period in minutes or hours, and each kind of data may be acquired based on the same period or different periods; wherein, the acquisition periods of the data with the same relevance must be the same; the acquisition periods of data not having the same association may be different;
specifically, the relevance between different parameters is defined based on whether the accessed data are the same, and when the accessed data are in the acquisition cycle, the number of the acquired parameters for accessing the same data is the same.
The first behavior is generated as a function of at least two of a first direction change parameter, a first touch parameter, and a first press parameter, as described in the following steps.
It should be noted that the first behavior may be a data set including all the foregoing parameters corresponding to the acquisition period; or a hotspot map generated according to various parameters acquired in the acquisition period.
Recording a second behavior condition of the bound user when the bound user calls the authority data as described in the following steps;
in an embodiment of the present invention, a specific process of "recording the second behavior of the bound user when invoking the rights data" in the step may be further described with reference to the following description.
Acquiring at least two of a second direction change parameter fed back by the direction sensor, a second touch parameter fed back by the touch sensor and a second pressing parameter fed back by the physical key when the user calls the authority data; wherein the second direction change parameter comprises a second tilt angle and a second tilt direction recorded by the direction sensor; the second touch parameters comprise second touch coordinates recorded by the touch sensor and second touch time corresponding to each coordinate; the second pressing parameter comprises a second key triggering time and a second triggering number of times of the physical pressing;
generating the second behavior depending on at least two of a second direction change parameter, a second touch parameter and a second press parameter, as described in the following steps.
It should be noted that the 2 nd behavior case may be a data set of all the foregoing parameters; or a hotspot graph generated according to the acquired various parameters.
Generating the user behavior based on the first behavior and the second behavior, as described in the following steps.
In an embodiment of the present invention, a specific process of the step "generating the user behavior according to the first behavior and the second behavior" may be further described in conjunction with the following description.
Determining intersection coordinates between the first touch parameter and the second touch parameter as described in the following steps;
generating a touch verification area according to the intersection coordinates and the union coordinates between the first touch parameters and the second touch parameters and preset weights;
it should be noted that the same coordinate between the screened first touch coordinate and the screened second touch coordinate is set as the intersection coordinate; merging the first touch coordinate and the second touch coordinate into the union coordinate;
it should be noted that the pre-audit weight is assigned according to the appearance condition of the same coordinate in the intersection coordinate, specifically, the number of coordinates in the intersection coordinate is determined (all the same coordinates are one); calculating the occurrence frequency of each coordinate and the quantity of union set coordinate points in a range of 6 pixel points by taking each coordinate as a center; taking the occurrence frequency of each coordinate point as a first sequencing condition, taking the number of union coordinate points within a range of 6 pixel points taking each coordinate as the center as a second sequencing condition, and sequencing each coordinate in the intersection coordinate; setting the weight value of the coordinate of the first 30% in the sequence to 45%; setting the weight value of the coordinates of 30% after sorting as 15%; the weight value of the coordinates between the first 30% and the last 30% of the ranking is set to 30%.
It should be noted that, when there is no direction intersection, the second touch coordinate is ranked under the condition that the number of union coordinates within a range of 6 pixels centered on the second touch coordinate is taken as a ranking condition, and the authority value of the coordinates of the top 30% of the ranking is set to 45%; setting the weight limit value of the coordinates of 30% after sorting as 15%; the weight value for coordinates between the top 30% and the bottom 30% of the sequence is set to 30%.
Note that, the range within 8 pixels is set as the verification region with the coordinate point to which the authority value is assigned as the center.
Calculating the average touch time of the touch verification area according to the first touch time corresponding to all the first touch coordinates and the second touch time corresponding to all the second touch coordinates contained in the touch verification area;
generating the touch condition according to the touch verification area and the average touch time as described in the following steps.
In an embodiment of the present invention, a specific process of the step "generating the user behavior according to the first behavior and the second behavior" may be further described in conjunction with the following description.
Determining a direction intersection between the first tilting direction and the second tilting direction as described in the following step;
it should be noted that the same inclination directions between the first inclination direction and the second inclination direction are set as a direction intersection;
calculating an average inclination angle of the inclined verification area according to all the first inclination angles and all the second inclination angles included in the inclined verification area, and generating an inclined verification area according to the direction intersection and the average inclination angle of the inclined verification area;
generating the orientation condition as a function of the tilt verification area and the average tilt angle, as described in the following steps.
It should be noted that, the number of the oblique directions in the direction intersection is determined (all the same oblique directions are one); calculating the variance of the tangent angle corresponding to each inclination direction; sorting each inclination direction in the direction intersection by taking the variance of each inclination direction as a sorting condition; setting the weight value of the coordinate of the first 30% in the sequence to 45%; setting the weight value of the coordinates of 30% after sorting as 15%; the weight value of the coordinates between the first 30% and the last 30% of the ranking is set to 30%.
In an embodiment of the present invention, a specific process of the step "generating the user behavior according to the first behavior and the second behavior" may be further described in conjunction with the following description.
Determining the average trigger time of the physical key according to the first trigger time and the second trigger time;
determining the average triggering times of the physical key according to the first triggering times and the second triggering times;
and generating the trigger condition according to the average trigger time and the average trigger times as described in the following steps.
As described in step S120, when the mobile control terminal is awakened in an interactive manner, the mobile control terminal obtains the current user behavior, and generates a verification fingerprint according to the current user behavior.
It should be noted that the behavior verification fingerprint is a behavior parameter generated when the current user accesses the non-permission data, where the type of the acquired behavior parameter is the same as the type of the behavior parameter used by the mobile control terminal to generate the behavior fingerprint.
As described in the above step S130, when the behavior verification fingerprint matches the behavior fingerprint, the mobile control terminal releases the access restriction of the authority data.
In an embodiment of the present invention, a specific process of "when the behavior verification fingerprint matches the behavior fingerprint, the mobile control terminal releases the access restriction of the authority data" in step S130 may be further described with reference to the following description.
It should be noted that, when the behavior verification fingerprint does not match the behavior fingerprint, the mobile control terminal may maintain the access limit of the authority data; the rights data may also be deleted to prevent data leakage or loss.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
Referring to fig. 2, a device for assigning data access rights based on user behavior fingerprints, which is provided by an embodiment of the present application, is shown, and is used for determining the access rights of data in a mobile control terminal through a local process of the mobile control terminal; the mobile control terminal comprises at least two of a direction sensor, a touch sensor and a physical key; the data comprises authority data and non-authority data; the device comprises:
a behavior fingerprint generating module 210, configured to generate a behavior fingerprint corresponding to a pre-recorded user behavior of a bound user when the bound user is in use; wherein the user behavior condition comprises at least two of a direction condition fed back by the direction sensor, a touch condition fed back by the touch sensor and a trigger condition fed back by the physical key;
a behavior verification fingerprint generation module 220, configured to obtain a current user behavior when the mobile control terminal is awakened in an interactive manner, and generate a behavior verification fingerprint according to the current user behavior;
an access restriction removal module 230 configured to remove the access restriction of the permission data when the behavior verification fingerprint matches the behavior fingerprint.
In an embodiment of the present invention, the non-permission data includes non-verification data and verification data; the apparatus further comprises:
the first behavior recording module is used for periodically recording the first behavior of the bound user when the bound user calls the verification data;
the second behavior condition recording module is used for recording a second behavior condition of the bound user when the bound user calls the authority data;
and the user behavior condition generating module is used for generating the user behavior condition according to the first behavior condition and the second behavior condition.
In an embodiment of the present invention, the first behavior recording module includes:
the first sensor data acquisition submodule is used for acquiring at least two of a first direction change parameter fed back by the direction sensor, a first touch parameter fed back by the touch sensor and a first pressing parameter fed back by the physical key when the user calls the verification data when the user is in an acquisition period; wherein the first direction change parameter comprises a first inclination angle and a first inclination direction recorded by the direction sensor; the first touch parameter comprises a first touch coordinate recorded by the touch sensor and first touch time corresponding to each coordinate; the first pressing parameter comprises a first key triggering time and a first triggering number of times of the physical pressing;
and the first behavior generation submodule is used for generating the first behavior according to at least two of the first direction change parameter, the first touch parameter and the first pressing parameter.
In an embodiment of the present invention, the first behavior recording module includes:
the second sensor data acquisition submodule is used for acquiring at least two of a second direction change parameter fed back by the direction sensor, a second touch parameter fed back by the touch sensor and a second pressing parameter fed back by the physical key when the user calls the authority data; wherein the second direction change parameter comprises a second tilt angle and a second tilt direction recorded by the direction sensor; the second touch parameters comprise second touch coordinates recorded by the touch sensor and second touch time corresponding to each coordinate; the second pressing parameters comprise second key triggering time and second triggering times of the physical pressing;
and the second behavior condition generation submodule is used for generating the second behavior condition according to at least two items of a second direction change parameter, a second touch parameter and a second pressing parameter.
In an embodiment of the present invention, the user behavior generation module includes:
the touch verification area generation submodule is used for determining intersection coordinates between the first touch parameters and the second touch parameters;
generating a touch verification area according to the intersection coordinate and the union coordinate between the first touch parameter and the second touch parameter and a preset weight;
the average touch time calculation sub-module is used for calculating the average touch time of the touch verification area according to the first touch time corresponding to all the first touch coordinates and the second touch time corresponding to all the second touch coordinates contained in the touch verification area;
and the touch condition generation submodule is used for generating the touch condition according to the touch verification area and the average touch time.
In an embodiment of the present invention, the user behavior generation module includes:
a direction intersection confirmation submodule for determining a direction intersection between the first inclination direction and the second inclination direction;
the inclination verification area generation submodule is used for calculating the average inclination angle of the inclination verification area according to all the first inclination angles and all the second inclination angles contained in the inclination verification area and generating the inclination verification area according to the direction intersection and the average inclination angle of the inclination verification area;
and the direction condition generation submodule is used for generating the direction condition according to the inclination verification area and the average inclination angle.
In an embodiment of the present invention, the user behavior generation module includes:
the average trigger time determining submodule is used for determining the average trigger time of the physical key according to the first trigger time and the second trigger time;
the average triggering time determining submodule is used for determining the average triggering time of the physical key according to the first triggering time and the second triggering time;
and the standard visual image determining submodule is used for generating the triggering condition according to the average triggering time and the average triggering times.
Referring to fig. 3, a computer device for illustrating a method for assigning data access rights based on user behavior fingerprints according to the present application may specifically include the following:
the computer device 12 described above is in the form of a general purpose computing device, and the components of the computer device 12 may include, but are not limited to: one or more processors or processing units 16, a memory 28, and a bus 18 that couples various system components including the memory 28 and the processing unit 16.
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Computer device 12 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by computer device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The memory 28 may include computer system readable media in the form of volatile memory, such as random access memory 30 and/or cache memory 32. Computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (commonly referred to as a "hard disk drive"). Although not shown in FIG. 3, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. The memory may include at least one program product having a set (e.g., at least one) of program modules 42, with the program modules 42 configured to carry out the functions of the embodiments of the application.
Program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules 42, and program data, each of which examples or some combination thereof may include an implementation of a network environment. Program modules 42 generally perform the functions and/or methodologies of the embodiments described herein.
The computer device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, camera, etc.), with one or more devices that enable an operator to interact with the computer device 12, and/or with any devices (e.g., network card, modem, etc.) that enable the computer device 12 to communicate with one or more other computing devices. Such communication may be through the I/O interface 22. Also, computer device 12 may communicate with one or more networks (e.g., a Local Area Network (LAN)), a Wide Area Network (WAN), and/or a public network (e.g., the Internet) via network adapter 20. As shown in FIG. 3, the network adapter 20 communicates with the other modules of the computer device 12 via the bus 18. It should be appreciated that although not shown in FIG. 3, other hardware and/or software modules may be used in connection with computer device 12, including but not limited to: microcode, device drives, redundant processing units 16, external disk drive arrays, RAID systems, tape drives, and data backup storage systems 34, and the like.
The processing unit 16 executes programs stored in the memory 28 to execute various functional applications and data processing, for example, a method for assigning data access rights based on user behavior fingerprints provided in the embodiment of the present application is implemented.
That is, the processing unit 16 implements, when executing the program,: generating a behavior fingerprint corresponding to a binding user according to a pre-recorded user behavior condition of the binding user during use; wherein the user behavior condition comprises at least two of a direction condition fed back by the direction sensor, a touch condition fed back by the touch sensor and a trigger condition fed back by the physical key; when the mobile control terminal is awakened in an interactive mode, acquiring the current user behavior condition, and generating a behavior verification fingerprint according to the current user behavior condition; releasing the access restriction of the permission data when the behavior verification fingerprint matches the behavior fingerprint.
In the embodiments of the present application, the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a method for assigning data access rights based on user behavior fingerprints as provided in all embodiments of the present application.
That is, the program when executed by the processor implements: generating a behavior fingerprint corresponding to a binding user according to a pre-recorded user behavior condition of the binding user during use; wherein the user behavior condition comprises at least two of a direction condition fed back by the direction sensor, a touch condition fed back by the touch sensor, and a trigger condition fed back by the physical key; when the mobile control terminal is awakened in an interactive mode, acquiring the current user behavior condition, and generating a behavior verification fingerprint according to the current user behavior condition; releasing the access restriction of the permission data when the behavior verification fingerprint matches the behavior fingerprint.
Any combination of one or more computer-readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Computer program code for carrying out operations for aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the operator's computer, partly on the operator's computer, as a stand-alone software package, partly on the operator's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the operator's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts in the embodiments are referred to each other.
While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the true scope of the embodiments of the application.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of additional identical elements in the process, method, article, or end device comprising the element.
The method and the device for allocating data access permission based on user behavior fingerprints provided by the application are introduced in detail, a specific example is applied in the text to explain the principle and the implementation mode of the application, and the description of the above embodiment is only used for helping to understand the method and the core idea of the application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific implementation and application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (10)

1. A method for distributing data access authority based on user behavior fingerprint is used for determining the access authority of data in a mobile control terminal through local processing of the mobile control terminal; the mobile control terminal comprises at least two of a direction sensor, a touch sensor and a physical key; the data comprises authority data and non-authority data; characterized in that the method comprises:
the mobile control terminal generates a behavior fingerprint corresponding to the binding user according to the pre-recorded user behavior condition of the binding user during use; wherein the user behavior condition comprises at least two of a direction condition fed back by the direction sensor, a touch condition fed back by the touch sensor and a trigger condition fed back by the physical key;
when the mobile control terminal is awakened in an interactive mode, the mobile control terminal acquires the current user behavior condition and generates a behavior verification fingerprint according to the current user behavior condition;
and when the behavior verification fingerprint is matched with the behavior fingerprint, the mobile control terminal releases the access limitation of the authority data.
2. The method of claim 1, wherein the non-permission data comprises non-authentication data and authentication data; the method further comprises the following steps:
periodically recording a first behavior condition of the bound user when the bound user calls the verification data;
recording a second behavior condition of the bound user when the bound user calls the authority data;
and generating the user behavior situation according to the first behavior situation and the second behavior situation.
3. The method of claim 2, wherein the step of periodically recording a first behavior of the bound user when invoking the verification data comprises:
when the verification data is in an acquisition period, acquiring at least two of a first direction change parameter fed back by the direction sensor, a first touch parameter fed back by the touch sensor and a first pressing parameter fed back by the physical key when the user calls the verification data; wherein the first direction change parameter comprises a first inclination angle and a first inclination direction recorded by the direction sensor; the first touch parameter comprises a first touch coordinate recorded by the touch sensor and first touch time corresponding to each coordinate; the first pressing parameter comprises a first key triggering time and a first triggering number of times of the physical pressing;
generating the first behavior according to at least two of a first direction change parameter, a first touch parameter and a first press parameter.
4. The method of claim 3, wherein the step of recording the second behavior of the bound user when invoking the rights data comprises:
acquiring at least two of a second direction change parameter fed back by the direction sensor, a second touch parameter fed back by the touch sensor and a second pressing parameter fed back by the physical key when the user calls the authority data; wherein the second direction change parameter comprises a second tilt angle and a second tilt direction recorded by the direction sensor; the second touch parameters comprise second touch coordinates recorded by the touch sensor and second touch time corresponding to each coordinate; the second pressing parameter comprises a second key triggering time and a second triggering number of times of the physical pressing;
generating the second behavior condition according to at least two of a second direction change parameter, a second touch parameter and a second press parameter.
5. The method of claim 4, wherein the step of generating the user behavior based on the first behavior and the second behavior comprises:
determining intersection coordinates between the first touch parameters and the second touch parameters;
generating a touch verification area according to the intersection coordinate and the union coordinate between the first touch parameter and the second touch parameter and a preset weight;
calculating the average touch time of the touch verification area according to the first touch time corresponding to all the first touch coordinates and the second touch time corresponding to all the second touch coordinates contained in the touch verification area;
and generating the touch condition according to the touch verification area and the average touch time.
6. The method of claim 4, wherein the step of generating the user behavior based on the first behavior and the second behavior comprises:
determining a direction intersection between the first tilt direction and the second tilt direction;
calculating an average inclination angle of the inclined verification area according to all the first inclination angles and all the second inclination angles contained in the inclined verification area, and generating an inclined verification area according to the direction intersection and the average inclination angle of the inclined verification area;
and generating the direction condition according to the inclination verification area and the average inclination angle.
7. The method of claim 4, wherein the step of generating the user behavior based on the first behavior and the second behavior comprises:
determining the average trigger time of the physical key according to the first trigger time and the second trigger time;
determining the average triggering times of the physical key according to the first triggering times and the second triggering times;
and generating the triggering condition according to the average triggering time and the average triggering times.
8. An apparatus for assigning data access rights based on user behavior fingerprints, the apparatus being configured to determine access rights for data in a mobile control terminal through local processing of the mobile control terminal; the mobile control terminal comprises at least two of a direction sensor, a touch sensor and a physical key; the data comprises authority data and non-authority data; characterized in that the device comprises:
the behavior fingerprint generating module is used for generating a behavior fingerprint corresponding to the binding user according to the pre-recorded user behavior condition of the binding user in use; wherein the user behavior condition comprises at least two of a direction condition fed back by the direction sensor, a touch condition fed back by the touch sensor and a trigger condition fed back by the physical key;
the behavior verification fingerprint generation module is used for acquiring the current user behavior condition when the mobile control terminal is awakened in an interactive mode and generating a behavior verification fingerprint according to the current user behavior condition;
and the access restriction removing module is used for removing the access restriction of the authority data when the behavior verification fingerprint is matched with the behavior fingerprint.
9. A computer device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program when executed by the processor implementing the method of any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 7.
CN202210270948.3A 2022-03-18 2022-03-18 Method and device for distributing data access rights based on user behavior fingerprints Active CN114741677B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210270948.3A CN114741677B (en) 2022-03-18 2022-03-18 Method and device for distributing data access rights based on user behavior fingerprints

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210270948.3A CN114741677B (en) 2022-03-18 2022-03-18 Method and device for distributing data access rights based on user behavior fingerprints

Publications (2)

Publication Number Publication Date
CN114741677A true CN114741677A (en) 2022-07-12
CN114741677B CN114741677B (en) 2023-05-02

Family

ID=82276335

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210270948.3A Active CN114741677B (en) 2022-03-18 2022-03-18 Method and device for distributing data access rights based on user behavior fingerprints

Country Status (1)

Country Link
CN (1) CN114741677B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104318138A (en) * 2014-09-30 2015-01-28 杭州同盾科技有限公司 Method and device for verifying identity of user
CN105303086A (en) * 2015-10-31 2016-02-03 深圳市金立通信设备有限公司 Application starting method and terminal
CN105656873A (en) * 2015-07-30 2016-06-08 宇龙计算机通信科技(深圳)有限公司 Access control method and device
US20160239150A1 (en) * 2016-01-04 2016-08-18 Secugen Corporation Multi-Level Command Sensing Apparatus
CN106062763A (en) * 2015-02-15 2016-10-26 华为技术有限公司 Method and apparatus for displaying application and picture, and electronic device
CN106203035A (en) * 2016-06-28 2016-12-07 广东欧珀移动通信有限公司 A kind of data access control method and mobile terminal
CN107506634A (en) * 2017-07-31 2017-12-22 广东欧珀移动通信有限公司 Display methods, device, storage medium and the terminal of data
CN109416714A (en) * 2016-05-16 2019-03-01 裵在光 User authen method and device based on the touch input comprising finger print information
CN109462691A (en) * 2018-10-27 2019-03-12 中国人民解放军战略支援部队信息工程大学 A kind of implicit means of defence and system based on Fusion
CN113177850A (en) * 2021-04-15 2021-07-27 国任财产保险股份有限公司 Method and device for multi-party identity authentication of insurance

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104318138A (en) * 2014-09-30 2015-01-28 杭州同盾科技有限公司 Method and device for verifying identity of user
CN106062763A (en) * 2015-02-15 2016-10-26 华为技术有限公司 Method and apparatus for displaying application and picture, and electronic device
CN105656873A (en) * 2015-07-30 2016-06-08 宇龙计算机通信科技(深圳)有限公司 Access control method and device
CN105303086A (en) * 2015-10-31 2016-02-03 深圳市金立通信设备有限公司 Application starting method and terminal
US20160239150A1 (en) * 2016-01-04 2016-08-18 Secugen Corporation Multi-Level Command Sensing Apparatus
CN109416714A (en) * 2016-05-16 2019-03-01 裵在光 User authen method and device based on the touch input comprising finger print information
CN106203035A (en) * 2016-06-28 2016-12-07 广东欧珀移动通信有限公司 A kind of data access control method and mobile terminal
CN107506634A (en) * 2017-07-31 2017-12-22 广东欧珀移动通信有限公司 Display methods, device, storage medium and the terminal of data
CN109462691A (en) * 2018-10-27 2019-03-12 中国人民解放军战略支援部队信息工程大学 A kind of implicit means of defence and system based on Fusion
CN113177850A (en) * 2021-04-15 2021-07-27 国任财产保险股份有限公司 Method and device for multi-party identity authentication of insurance

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张友纯: "《计算机网络安全》", 28 February 2006, 华中科技大学出版社 *
黄轩: "《移动电子商务安全研究》", 31 May 2016, 西安电子科技大学出版社 *

Also Published As

Publication number Publication date
CN114741677B (en) 2023-05-02

Similar Documents

Publication Publication Date Title
CN102804196B (en) There is the computing equipment of pattern authentication interface
US20160057157A1 (en) Verification method, apparatus, server and system
EP1782155B1 (en) Methods and apparatuses for automatically selecting a profile
US20120050197A1 (en) Electronic whiteboard system, electronic whiteboard device, and method of controlling electronic whiteboard
US7559083B2 (en) Method and apparatus for generating secured attention sequence
US20050154897A1 (en) Protected access to a secured entity through a randomly selected password requested through an interactive computer controlled display terminal
US9275210B2 (en) System and method of enhancing security of a wireless device through usage pattern detection
CN107450839B (en) Control method and device based on black screen gesture, storage medium and mobile terminal
KR20040070059A (en) Authentication surety and decay system and method
US9172692B2 (en) Systems and methods for securely transferring authentication information between a user and an electronic resource
US20160072792A1 (en) Verification method, apparatus, server and system
CN102214034A (en) Display apparatus, authentication method, and program
US9614838B1 (en) Taking a picture of a one-time use passcode and using the picture to authenticate
US9397992B1 (en) Authentication using color-shape pairings
US20190251242A1 (en) Method and apparatus for user authentication
US9424416B1 (en) Accessing applications from secured states
US20220058280A1 (en) Device and method to control access to protected functionality of applications
US11080379B2 (en) User authentication
CN114741677A (en) Method and device for distributing data access authority based on user behavior fingerprint
CN113656148B (en) Container management method, device, electronic equipment and readable storage medium
WO2018145241A1 (en) Method and device for electronic payment based on fingerprint information
CN114444047A (en) Identity authentication method, device, equipment and storage medium based on virtual reality
US11714891B1 (en) Frictionless authentication for logging on a computer service
US20150154395A1 (en) Image output apparatus, image output system, and computer-readable recording medium
CN106878296B (en) Data access control method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant