WO2017032261A1 - Procédé, dispositif et appareil d'authentification d'identité - Google Patents

Procédé, dispositif et appareil d'authentification d'identité Download PDF

Info

Publication number
WO2017032261A1
WO2017032261A1 PCT/CN2016/095801 CN2016095801W WO2017032261A1 WO 2017032261 A1 WO2017032261 A1 WO 2017032261A1 CN 2016095801 W CN2016095801 W CN 2016095801W WO 2017032261 A1 WO2017032261 A1 WO 2017032261A1
Authority
WO
WIPO (PCT)
Prior art keywords
feature data
user
data
identity authentication
account
Prior art date
Application number
PCT/CN2016/095801
Other languages
English (en)
Chinese (zh)
Inventor
刘发章
华锦芝
Original Assignee
***股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ***股份有限公司 filed Critical ***股份有限公司
Publication of WO2017032261A1 publication Critical patent/WO2017032261A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • the present invention relates to the field of identity authentication technologies, and in particular, to an identity authentication method, apparatus, and device.
  • the existing identity authentication is generally used for authentication at login.
  • a malicious user obtains the account rights of a normal user through various attack means, and can masquerade as a normal user to log in to the system to perform an illegal operation, resulting in user loss.
  • the current identity authentication scheme based on keystroke behavior is a one-time behavior, which is only authenticated at login, and has shortcomings such as low accuracy and inability to learn autonomously.
  • the invention provides an identity authentication method and device, so as to at least solve the problem that the existing identity authentication misidentification rate is high.
  • an identity authentication method including:
  • the user calculates the first feature data according to the keystroke behavior when the user inputs the data
  • the second feature data is used to represent a keystroke behavior of a legitimate user corresponding to the account
  • an identity authentication apparatus comprising:
  • a first feature calculation module configured to calculate first feature data according to a keystroke behavior when the user inputs data in a process of logging in to the account by the user;
  • a difference calculation module configured to calculate a difference between the first feature data and a second feature data; the second feature data is used to represent a keystroke behavior of a legitimate user corresponding to the account;
  • the alarm processing module is configured to perform alarm processing when the difference is greater than a preset threshold.
  • an identity authentication device including:
  • a memory coupled to the processor via a bus interface and configured to store programs and data used by the processor in performing operations
  • the processor is configured to read a program in the memory and perform the following process:
  • the user calculates the first feature data according to the keystroke behavior when the user inputs the data
  • the second feature data is used to represent a keystroke behavior of a legitimate user corresponding to the account
  • the user's keystroke behavior is always detected during the process of logging in the account to the account, and the identity authentication is performed throughout the process, and the sample size detected is larger, even if the malicious user obtains the login information to bypass
  • the authentication is also recognized during the use process because the keystroke behavior is different from the legal user's keystroke behavior, so that the alarm processing is performed to avoid account security damage; in addition, by continuously storing the representation in the database
  • the first feature data of the legal user keystroke behavior, and using the data to update the second feature data can independently learn the change of the user's keystroke behavior over time, and ensure that the second feature data always represents the latest hit of the legitimate user.
  • the characteristics of the key behavior, the accuracy of identity authentication is higher.
  • FIG. 1 is a flow chart of an identity authentication method according to an embodiment of the present invention.
  • FIG. 2 is a flow chart of an identity authentication method according to an embodiment of the present invention.
  • FIG. 3 is a structural block diagram of an identity authentication apparatus according to an embodiment of the present invention.
  • FIG. 4 is a block diagram showing the structure of an identity authentication apparatus according to an embodiment of the present invention.
  • FIG. 5 is a structural block diagram of an identity authentication apparatus according to an embodiment of the present invention.
  • FIG. 6 is a structural block diagram of an identity authentication apparatus according to an embodiment of the present invention.
  • FIG. 7 is a structural block diagram of an identity authentication device according to an embodiment of the present invention.
  • FIG. 8 is a flowchart of a first login of a user according to an embodiment of the present invention.
  • FIG. 9 is a flow diagram of a user's non-initial login in accordance with an embodiment of the present invention.
  • the identity authentication based on the keystroke behavior is only executed when the account is logged in. Since the information input by the user is small, the sample used for the identity authentication is also less, which often leads to an incorrect authentication result and a high error rate.
  • the present disclosure provides an identity authentication method, as shown in FIG. 1, the process includes:
  • Step 1 During the process of logging in the account to the account, the user calculates the first feature data according to the keystroke behavior when the user inputs the data.
  • the first feature data is data for characterizing the keystroke behavior of the user, and includes, for example, but not limited to, a frequency of a keystroke when the user inputs data, a time interval of the keystroke, and a duration of each keystroke. One or more.
  • the "account” referred to in the present invention includes, but is not limited to, a bank account, a website account, and the like.
  • the identity authentication method further includes: prompting the user to input a preset data (for example, may be a text containing text and/or numbers and/or letters), and the step 1 is specifically based on the user.
  • the first feature data is calculated by the keystroke behavior when the preset data is input.
  • Step 2 Calculate a difference between the first feature data and a second feature data.
  • the second feature data is data for characterizing the keystroke behavior of the legal user corresponding to the account, and includes, for example, but not limited to, the frequency of the keystroke when the legal user inputs the data, the time interval of the keystroke, and each keystroke. One or more of the durations.
  • the step 2 is specifically calculating a Mahalanobis distance of the first feature data and the second feature data.
  • the step 2 is specifically calculating the Euclidean distance between the first feature data and the second feature data.
  • Step 3 If the difference between the first feature data and the second feature data is greater than a preset threshold, perform an alarm process.
  • the alarm processing performed in the step 3 includes: However, it is not limited to at least one of the following processes: (1) outputting alarm information; (2) blocking the operation of the user; (3) determining the user as an illegal user and alerting; (4) by registering the account The retained phone and/or email notifies the legitimate user to perform operation authentication for this login.
  • the specific manner of the alarm processing in the step is not limited in the present invention. In the specific implementation, the appropriate alarm mode can be adopted according to the security requirements of the account.
  • the identity authentication is performed throughout the process from the time the user logs in to the account, and even if the malicious user obtains the login information to bypass the login level authentication, the keystroke behavior and the legality are used during the use.
  • the user's keystroke behavior is recognized and the alarm is processed to avoid account security damage.
  • the inventors have also discovered that the user's keystroke habits may change slowly over time, and the current identity authentication system cannot learn the changes of the user's keystroke habits autonomously, which may also result in a higher error rate of the authentication result.
  • the identity authentication method provided by the present invention may further include the following steps:
  • Step 4 If the difference between the first feature data and the second feature data is less than or equal to the preset threshold, update the second feature data by using the first feature data.
  • the step 4 may include:
  • Step 41 Store the first feature data into a database corresponding to the account.
  • the database stores the first feature data calculated by the keystroke behavior when the legitimate user inputs the data each time the legitimate user inputs the data.
  • the user's keystroke behavior may change.
  • the calculated first feature data will also change.
  • Step 42 Update the second feature data by using all data included in the database.
  • the data stored in the database are the first feature data representing the keystroke behavior of the legitimate user, the data can be used to calculate the second feature data for characterizing the legal user keystroke behavior, and the calculated new second is obtained.
  • the feature data replaces the original second feature data for subsequent identity authentication.
  • the process of updating the second feature data using all the data contained in the database includes:
  • the identity authentication method can automatically learn the user's keystroke by continuously storing the first feature data representing the legitimate user keystroke behavior into the database and using the data to update the second feature data.
  • the change of behavior automatically adapts to the subtle changes of the same user's habits, ensuring that the second feature data always characterizes the latest keystroke behavior of legitimate users, overcomes the problem that the authentication fails due to changes in user habits, and improves the accuracy of identity authentication.
  • a data volume threshold can be set. When the total amount of data in the database exceeds the data threshold. All data in the database is sorted in order of storage time from morning to night, and one or more data in which the top is sorted is deleted.
  • the specific implementation process of the identity authentication method is as shown in FIG. 2, and includes the following steps:
  • Step S101 When the user logs in to the account, it is detected whether the second feature data of the keystroke behavior of the legitimate user of the account is stored in the system.
  • step S102 is performed.
  • step S103 is performed.
  • Step S102 prompting the user to input a series of preset data (for example, may include a piece of text), detecting a keystroke behavior when the user inputs the string of preset data, and calculating first feature data for characterizing the keystroke behavior of the user.
  • a series of preset data for example, may include a piece of text
  • first feature data for characterizing the keystroke behavior of the user.
  • Step S103 in the process of the user logging in the account until the user withdraws from the account, calculating the first feature data according to the keystroke behavior when the user inputs the data, and calculating the second feature data corresponding to the first feature data and the current account. The difference between them.
  • step S104 is performed.
  • step S105 is performed.
  • Step S104 The first feature data is stored in a database corresponding to the account, and a new second feature data is calculated by using all data included in the database to replace the original second feature data.
  • step S105 an alarm process is performed.
  • a method of blocking users may be adopted, and for a website account with lower security requirements, an alarm may be used.
  • the identity authentication method has higher accuracy.
  • the user On the one hand, from the time the user logs in to the account, the user always detects the keystroke behavior of the user, and performs identity authentication and detection throughout. The sample size is larger. Even if the malicious user obtains the login information to bypass the login level authentication, it will be identified during the use process because the keystroke behavior is different from the legal user's keystroke behavior, thus performing alarm processing to avoid account security. Loss; on the other hand, by continuously storing the first feature data representing the legitimate user keystroke behavior into the database, and using the data to update the second feature data, the user can learn the keystroke behavior of the user over time. The change ensures that the second feature data always characterizes the latest keystroke behavior of the legitimate user, and the identity authentication is more accurate.
  • calculating a difference between the first feature data and the second feature data currently corresponding to the account in step S103 may be calculating a Mahalanobis distance of the first feature data and the second feature data.
  • the Mahalanobis Distance is a statistic used to describe the distance between two data points.
  • the Mahalanobis distance is commonly used to measure the similarity between known and unknown samples.
  • any random variable R that follows a normal distribution can be defined by X, namely:
  • the Mahalanobis distance of the data set with covariance matrix S is defined as follows:
  • the Mahalanobis distance can be calculated using the following formula:
  • D M (x, ⁇ , S) represents the Mahalanobis distance
  • x represents the first feature data
  • represents the mean value of the second feature data currently corresponding to the account
  • S represents the second feature data currently corresponding to the account.
  • an embodiment of the present invention provides an identity authentication device, which can be used to implement the method described in the foregoing embodiments, as described in the following embodiments. Since the principle of the identity authentication device solving the problem is similar to the identity authentication method, the implementation of the device can be referred to the implementation of the identity authentication method, and the repeated description is not repeated.
  • the term "module" can be implemented A combination of software and/or hardware for a predetermined function. Although the systems described in the following embodiments are preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • the present disclosure provides an identity authentication apparatus
  • FIG. 3 is a structural block diagram of the identity authentication apparatus.
  • the identity authentication apparatus includes: a first feature calculation module 31, and a difference calculation module 32.
  • the alarm processing module 33 which will be specifically described below.
  • the first feature calculation module 31 is configured to calculate the first feature data according to the keystroke behavior when the user inputs the data in the process of logging in the account to the account.
  • the difference calculation module 32 is configured to calculate a difference between the first feature data and a second feature data; and the second feature data is used to represent a keystroke behavior of a legitimate user corresponding to the account.
  • the alarm processing module 33 is configured to perform an alarm process when the difference is greater than a preset threshold.
  • the difference calculation module 32 is configured to calculate a Mahalanobis distance of the first feature data and the second feature data.
  • the difference calculation module 32 is configured to calculate an Euclidean distance of the first feature data and the second feature data.
  • the identity authentication apparatus further includes:
  • the updating module 34 is configured to update the second feature data by using the first feature data when the difference is less than or equal to the preset threshold.
  • the update module 34 further includes:
  • a storage module 341, configured to store the first feature data in a database corresponding to the account
  • the operation module 342 is configured to update the second feature data by using all data included in the database.
  • the identity authentication apparatus further includes:
  • the prompting module 61 is configured to prompt the user to input a preset data before the first feature calculating module 31 calculates the first feature data according to the keystroke behavior when the user inputs data;
  • the first feature calculation module 31 calculates the first feature data according to the keystroke behavior when the user inputs the preset data.
  • the alert processing module 33 performs at least one of the following alerting processes:
  • the legitimate user is notified of the operation and authentication of the login by the phone and/or email that is retained when the account is registered.
  • the first feature data and the second feature data comprise at least one of: a frequency of keystrokes, a time interval of keystrokes, a duration of each keystroke.
  • the user's keystroke behavior is always detected during the process of logging in the account to the account, and the identity authentication is performed throughout the process, and the sample size detected is larger, even if the malicious user obtains the login information to bypass the login level authentication. It will also be identified during the use process because the keystroke behavior is different from the keystroke behavior of the legitimate user, so that the alarm processing can be performed to avoid the account security damage; in addition, the legitimate user keystroke is characterized by continuously depositing into the database.
  • the first feature data of the behavior, and using the data to update the second feature data can independently learn the change of the user's keystroke behavior over time, and ensure that the second feature data always characterizes the latest keystroke behavior of the legitimate user. Identity authentication is more accurate.
  • the above identity authentication device may be separately stored in the computer for use by multiple systems, or may be separately integrated in each system.
  • module division is only a schematic division, and the present invention is not limited thereto, and any module division that can achieve the object of the present invention should fall within the protection scope of the present invention.
  • an identity authentication device is also provided in the embodiment of the present invention, which can be used to implement the identity authentication method described in the foregoing embodiments, as described in the following embodiments. Since the principle of the identity authentication device is similar to the identity authentication method, the implementation of the device can refer to the implementation of the identity authentication method, and the repeated description is not repeated.
  • the present disclosure provides an identity authentication device
  • FIG. 7 is a structural block diagram of the identity authentication device.
  • the identity authentication device includes:
  • a memory 72 coupled to the processor 71 via a bus interface 73, and for storing programs and data used by the processor 71 in performing operations;
  • the processor 71 is configured to read a program in the memory 72 and perform the following process:
  • the user calculates the first feature data according to the keystroke behavior when the user inputs the data
  • the second feature data is used to represent a keystroke behavior of a legitimate user corresponding to the account
  • the user's keystroke behavior is always detected during the process of logging in the account to the account, and the identity authentication is performed throughout the process, and the detected sample size is larger, even if the malicious user obtains the login information to bypass the login level authentication. It will also be identified during the use process because the keystroke behavior is different from the keystroke behavior of the legitimate user, so that the alarm processing can be performed to avoid the account security damage; in addition, the legitimate user keystroke is characterized by continuously depositing into the database.
  • the first feature data of the behavior, and using the data to update the second feature data can independently learn the change of the user's keystroke behavior over time, and ensure that the second feature data always characterizes the latest keystroke behavior of the legitimate user. Identity authentication is more accurate.
  • the new user logs in to the system for the first time and detects that there is no behavior characteristic of the user in the system. It belongs to the new user and prompts the user to manually input a text or some commands. Record the keystroke behaviors of the user input (including the button frequency, the keystroke interval between the key and the key, the duration on a key, etc.). A covariance matrix for each input data is calculated, and the covariance matrix and the input data are saved as behavioral characteristics of the user. For example, a library of behavioral characteristics corresponding to the user can be established, wherein the input data and the corresponding covariance matrix are stored.
  • the user's are respectively the following three sets of data: P, Q, R.
  • the three sets of data (P, Q, R) are recorded, and the corresponding covariance matrix S is obtained through training, and the recorded data and the covariance matrix are stored as the behavior characteristic database of the user.
  • the system automatically records its keystroke behavior (including key frequency, keystroke interval, duration on a key, etc.) during user login, command operation, or text input throughout the process.
  • the Mahalanobis distance is calculated by the Mahalanobis distance model to input the data in the habit and feature database. If the obtained distance is lower than or equal to the preset threshold, it is a legal user, and continues to calculate the distance and compare with the preset threshold; if the obtained distance is higher than the preset threshold, it is an abnormal user, according to the system configuration, Alert or block user actions.
  • An approximate recognition model based on the Mahalanobis distance calculates a covariance matrix of the training data during the training phase, and saves the covariance matrix and all training data.
  • the approximate recognition model calculates the Mahalano between each time feature vector and the test vector (ie, the data currently input by the user) in the training data using the covariance matrix saved during training.
  • the distance is Bis, and returns the smallest Mahalanobis distance, and it is judged according to the preset threshold ⁇ whether the test vector and the training data are from the same user.
  • the approximate recognition model can be expressed in the following mathematical formula:
  • D M is a function of calculating the Mahalanobis distance between two vectors according to the covariance matrix
  • t is the feature vector of the user's current input data
  • x is the saved training data
  • COV is the covariance of the training data.
  • the matrix, ⁇ is a preset threshold, and n represents the number of saved training data.
  • y1 represents the pressing duration vector
  • P is the mean vector of the pressing time duration
  • y2 represents the key frequency vector
  • Q is the mean vector of the key frequency
  • y3 represents the interval time vector of two connected p
  • R is the two connected presses The mean vector of the interval time of the key p.
  • the formula for calculating the distance is: Where x is the currently input data y(y1, y2, y3), and ⁇ is the stored data (P, Q, R), that is, the pressing duration, the key frequency, and the initial interval of the two consecutive pressing keys p
  • P, Q, R the stored data
  • S the initial covariance matrix
  • the system After the user finishes using it, if there is no alarm, the system will exit normally. Record the behavior habits of the user during the current use, and input into the Mahalanobis distance model for training, dynamically learning and adjusting user behavior characteristics.
  • the maximum amount of sample data (for example, the last 100 use record data) can be set, and the overdue record data (for example, data before 100 times) can be deleted from the training data set.
  • the present invention provides an identity authentication method, apparatus, and device.
  • the user always detects the user's keystroke behavior during the process of logging in to the account, and performs identity authentication throughout the process.
  • the sample size is larger, even if malicious.
  • the user obtains the login information to bypass the login level authentication, and is also identified during the use process because the keystroke behavior is different from the legal user's keystroke behavior, thereby performing alarm processing to avoid account security damage;
  • the first feature data representing the legal user keystroke behavior is stored in the database, and the second feature data is updated by using the data, and the user's keystroke behavior is changed autonomously to ensure that the second feature data is always Characterizing the latest keystroke behavior of legitimate users, identity authentication is more accurate.
  • portions of the invention may be implemented in hardware, software, firmware or a combination thereof.
  • multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system.
  • a suitable instruction execution system For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.
  • each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may exist physically separately, or two or more units may be integrated into one module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
  • the integrated modules, if implemented in the form of software functional modules and sold or used as stand-alone products, may also be stored in a computer readable storage medium.
  • the above mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Debugging And Monitoring (AREA)
  • Collating Specific Patterns (AREA)

Abstract

L'invention concerne un procédé, un dispositif et un appareil d'authentification d'identité. Le procédé d'authentification d'identité comprend les étapes suivantes : dans le processus entre la connexion d'un utilisateur à un compte et la déconnexion du compte par l'utilisateur, calcul de premières données caractéristiques conformément à un comportement de frappe de touche de l'utilisateur lors de la saisie de données ; calcul d'une différence entre les premières premières données caractéristiques et des deuxièmes données caractéristiques, les deuxièmes données caractéristiques étant utilisées pour représenter le comportement de frappe de touche d'un utilisateur légitime correspondant au compte ; et si la différence est supérieure à une valeur de seuil prédéfinie, exécution d'un traitement d'avertissement. Dans la présente invention, un comportement de frappe de touche d'un utilisateur est détecté constamment dans le processus entre la connexion d'un utilisateur à un compte et la déconnexion du compte par l'utilisateur, et l'authentification de l'identité est effectuée au cours de la totalité du processus, de sorte que la quantité d'échantillons détectés est plus grande. Même si un utilisateur malveillant obtient des informations de connexion et contourne l'authentification d'un niveau d'ouverture de session, l'utilisateur malveillant peut malgré tout être identifié grâce à la différence entre le comportement de frappe de touche et le comportement de frappe de touche d'un utilisateur légitime au cours du processus d'utilisation. Par conséquent, un traitement d'avertissement est exécuté, ce qui évite un risque pour la sécurité du compte et augmente le degré de précision.
PCT/CN2016/095801 2015-08-21 2016-08-18 Procédé, dispositif et appareil d'authentification d'identité WO2017032261A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510519937.4 2015-08-21
CN201510519937.4A CN105933267A (zh) 2015-08-21 2015-08-21 身份认证方法及装置

Publications (1)

Publication Number Publication Date
WO2017032261A1 true WO2017032261A1 (fr) 2017-03-02

Family

ID=56839904

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/095801 WO2017032261A1 (fr) 2015-08-21 2016-08-18 Procédé, dispositif et appareil d'authentification d'identité

Country Status (2)

Country Link
CN (1) CN105933267A (fr)
WO (1) WO2017032261A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784015A (zh) * 2018-12-27 2019-05-21 腾讯科技(深圳)有限公司 一种身份鉴别方法及装置
CN111031541A (zh) * 2019-11-25 2020-04-17 网络通信与安全紫金山实验室 一种基于接收信号强度的无线通信安全认证方法

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124395B (zh) * 2017-03-16 2020-08-07 华北电力大学 一种基于击键韵律的用户身份识别***的识别方法
CN110046481A (zh) * 2018-01-15 2019-07-23 上海聚虹光电科技有限公司 基于用户习惯特征的身份认证方法
CN108959866B (zh) * 2018-04-24 2020-10-23 西北大学 一种基于高频声波频率的持续身份认证方法
CN109101793A (zh) * 2018-07-12 2018-12-28 方书田 一种基于静态文本击键特征的身份识别方法及***
CN109583161B (zh) * 2018-11-27 2021-08-06 咪咕文化科技有限公司 一种信息处理方法及装置、存储介质
CN109918891B (zh) * 2019-01-24 2023-11-21 平安科技(深圳)有限公司 用户验证方法、装置、计算机设备及存储介质
CN110570199B (zh) * 2019-07-24 2022-10-11 中国科学院信息工程研究所 一种基于用户输入行为的用户身份检测方法及***
CN110502883B (zh) * 2019-08-23 2022-08-19 四川长虹电器股份有限公司 一种基于pca的击键行为异常检测方法
CN112507299B (zh) * 2020-12-04 2022-05-03 重庆邮电大学 持续身份认证***中的自适应击键行为认证方法及装置
CN113032751B (zh) * 2021-03-25 2022-07-01 中南大学 一种基于移动设备击键特征的身份识别方法、装置、设备及介质
CN113609465B (zh) * 2021-10-11 2023-06-20 江苏翔晟信息技术股份有限公司 一种基于人脸识别的ofd文档权限控制***及方法
CN114389901B (zh) * 2022-03-24 2022-08-23 湖南三湘银行股份有限公司 一种基于在线化的客户认证***

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101833619A (zh) * 2010-04-29 2010-09-15 西安交通大学 基于键鼠交叉认证的身份判定方法
US20130343616A1 (en) * 2012-06-24 2013-12-26 Neurologix Security Inc. Biometrics based methods and systems for user authentication
CN104809377A (zh) * 2015-04-29 2015-07-29 西安交通大学 基于网页输入行为特征的网络用户身份监控方法

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101557287A (zh) * 2008-04-07 2009-10-14 冀连有 一种根据用户击键特征进行身份认证的方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101833619A (zh) * 2010-04-29 2010-09-15 西安交通大学 基于键鼠交叉认证的身份判定方法
US20130343616A1 (en) * 2012-06-24 2013-12-26 Neurologix Security Inc. Biometrics based methods and systems for user authentication
CN104809377A (zh) * 2015-04-29 2015-07-29 西安交通大学 基于网页输入行为特征的网络用户身份监控方法

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784015A (zh) * 2018-12-27 2019-05-21 腾讯科技(深圳)有限公司 一种身份鉴别方法及装置
CN109784015B (zh) * 2018-12-27 2023-05-12 腾讯科技(深圳)有限公司 一种身份鉴别方法及装置
CN111031541A (zh) * 2019-11-25 2020-04-17 网络通信与安全紫金山实验室 一种基于接收信号强度的无线通信安全认证方法
CN111031541B (zh) * 2019-11-25 2022-09-06 网络通信与安全紫金山实验室 一种基于接收信号强度的无线通信安全认证方法

Also Published As

Publication number Publication date
CN105933267A (zh) 2016-09-07

Similar Documents

Publication Publication Date Title
WO2017032261A1 (fr) Procédé, dispositif et appareil d'authentification d'identité
US10785241B2 (en) URL attack detection method and apparatus, and electronic device
EP3622402B1 (fr) Détection en temps réel de menaces informatiques en utilisant des analyses comportementales
US11126716B2 (en) System security method and apparatus
CN107276982B (zh) 一种异常登录检测方法及装置
EP2960823B1 (fr) Procédé, dispositif et système de gestion d'autorité
Zarni Aung Permission-based android malware detection
WO2019109743A1 (fr) Procédé et appareil de détection d'attaque d'adresse url, et dispositif électronique
CN107888554B (zh) 服务器攻击的检测方法和装置
CN110933104B (zh) 恶意命令检测方法、装置、设备及介质
TW201816678A (zh) 一種非法交易檢測方法及裝置
WO2017036154A1 (fr) Procédé de traitement d'informations, serveur et support de stockage informatique
KR102131029B1 (ko) 사물인터넷 디바이스 식별 방법 및 시스템
CN110717509B (zh) 基于树***算法的数据样本分析方法及装置
CN104991643B (zh) 一种用户终端的控制方法及用户终端
CN109801409B (zh) 语音开锁方法、电子设备
CN112437053A (zh) 入侵检测方法及装置
US20210075812A1 (en) A system and a method for sequential anomaly revealing in a computer network
US10984105B2 (en) Using a machine learning model in quantized steps for malware detection
WO2020063349A1 (fr) Procédé et dispositif de protection des données, appareil et support de stockage informatique
CN117150294A (zh) 异常值检测方法、装置、电子设备及存储介质
CN112733015B (zh) 一种用户行为分析方法、装置、设备及介质
US10885160B1 (en) User classification
CN111753293B (zh) 一种操作行为监测方法、装置及电子设备和存储介质
CN115146263A (zh) 用户账号的失陷检测方法、装置、电子设备及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16838520

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16838520

Country of ref document: EP

Kind code of ref document: A1