WO2017054482A1 - Method and apparatus for controlling network operation - Google Patents

Method and apparatus for controlling network operation Download PDF

Info

Publication number
WO2017054482A1
WO2017054482A1 PCT/CN2016/083987 CN2016083987W WO2017054482A1 WO 2017054482 A1 WO2017054482 A1 WO 2017054482A1 CN 2016083987 W CN2016083987 W CN 2016083987W WO 2017054482 A1 WO2017054482 A1 WO 2017054482A1
Authority
WO
WIPO (PCT)
Prior art keywords
client
biometric
network operation
user
returned
Prior art date
Application number
PCT/CN2016/083987
Other languages
French (fr)
Chinese (zh)
Inventor
董梁
陈梦
刘飞飞
陈远斌
陈荣
田伟
张耀华
颜国平
华珊珊
Original Assignee
腾讯科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Publication of WO2017054482A1 publication Critical patent/WO2017054482A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the present application relates to the field of Internet technologies, and in particular, to a network operation control method and device.
  • automata registration number On the Internet, cybercriminals currently use automata to perform large-scale crimes. For example, automaton registration number, automaton inquiry, automaton to receive discounts, etc.
  • the network operation control method proposed by the application includes:
  • Determining the network according to the biometric returned by the client and the operation related information Network operation is controlled.
  • the terminal device proposed by the present application includes at least a processor and a memory storing the processor executable instructions.
  • the processor executes the instruction in the memory, the terminal device performs the following operations:
  • the network operation is controlled according to the biometrics returned by the client and the operation related information.
  • FIG. 1 is a schematic structural diagram of a terminal of a hardware operating environment according to the present application.
  • FIG. 2 is a schematic flowchart of an example of a network operation control method provided by the present application.
  • FIG. 3 is a schematic flowchart of an example of a network operation control method provided by the present application.
  • FIG. 4 is a schematic diagram of functional modules of an example of a network operation control apparatus provided by the present application.
  • FIG. 5 is a schematic diagram of functional modules of an example of a network operation control apparatus provided by the present application.
  • the operation related information corresponding to the network operation is acquired; and the feature verification operation occurs to the client.
  • the operation related information may include a user identifier, a time when the network operation is initiated, location information, and an operation type, and thus, according to the operation related information, and based on the uniqueness of the biometric, instead of the ordinary verification code, the automatic blocking is performed.
  • the network attack of the machine can effectively prevent the network attack of the automaton and improve the network security. It not only protects the code workers from distributed manual operations, but also protects network attackers from large-scale automated operations through simple user operations.
  • FIG. 1 is a schematic structural diagram of a terminal (also referred to as a terminal device) in a hardware operating environment according to the present application.
  • the terminal may be a PC, or may be a smartphone, a tablet, an e-book reader, an MP3 (Moving Picture Experts Group Audio Layer III) player, and an MP4 (Moving Picture).
  • MP3 Motion Picture Experts Group Audio Layer III
  • MP4 Motion Picture
  • Experts Group Audio Layer IV dynamic video experts compress standard audio layers 3) Players, portable computers and other portable terminal devices with display functions.
  • the terminal may include a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, and a communication bus 1002.
  • the communication bus 1002 is used to implement connection communication between these components.
  • the user interface 1003 can include a display, an input unit such as a keyboard, and the optional user interface 1003 can also include a standard wired interface, a wireless interface.
  • the network interface 1004 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface).
  • the memory 1005 may be a high speed RAM memory or a non-volatile memory such as a disk memory.
  • the memory 1005 can also optionally be a storage device independent of the aforementioned processor 1001.
  • the mobile terminal may further include a camera, an RF (Radio Frequency) circuit, a sensor, an audio circuit, a WiFi module, and the like.
  • sensors such as light sensors, motion sensors, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display according to the brightness of the ambient light, and the proximity sensor may turn off the display and/or when the mobile terminal moves to the ear. Backlighting.
  • the gravity acceleration sensor can detect the magnitude of acceleration in each direction (usually three axes), and can detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of the mobile terminal (such as horizontal and vertical screen switching, Related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; of course, the mobile terminal can also be equipped with other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor, etc. No longer.
  • terminal structure shown in FIG. 1 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements.
  • an operating system may be included in the memory 1005 as a computer storage medium.
  • a network communication module may be included in the memory 1005 as a computer storage medium.
  • a user interface module may be included in the memory 1005 as a computer storage medium.
  • a network operation control application may be included in the memory 1005 as a computer storage medium.
  • the network interface 1004 is mainly used to connect to the background server and perform data communication with the background server;
  • the user interface 1003 is mainly used to connect the client (user end), and perform data communication with the client;
  • the processor 1001 can be used to invoke a network operation control application (also referred to as a machine executable instruction) stored in the memory 1005 and perform the following operations:
  • the operation related information includes at least the user identifier of the client, or the time and location information of the network operation initiation and/or Or type;
  • the network operation is controlled according to the biometrics returned by the client and the operation related information.
  • the uniqueness of the biometrics may be used according to the operation related information to replace the common verification code to block the network attack of the automaton and improve the network security.
  • processor 1001 can call the network operation control application stored in the memory 1005, and also performs the following operations:
  • the method further includes: storing the user identifier of the user in association with the registered biometric;
  • the network operation Upon detecting that the client initiates a network operation, the network operation is controlled based on biometrics stored in association with the user identity and biometrics returned by the client.
  • the foregoing step of associating the user identifier of the user with the registered biometrics may include:
  • biometric registration request sent by the client, where the biometric registration request includes a user identifier and a biometric of the user;
  • the user identification is stored in association with the biometric of the user.
  • the processor 1001 when controlling network operations, can invoke a network operation control application stored in the memory 1005 to perform the following operations:
  • the biometric returned by the client is not a biometric corresponding to the user identifier (ie, a biometric stored in association with the user identifier); or
  • the processor 1001 when controlling network operations, can invoke a network operation control application stored in the memory 1005 to perform the following operations:
  • the number of user identifiers corresponding to the same type or multiple operation types corresponding to the biometric feature if the number of the user identifiers is greater than a setting If the threshold and/or the time interval and the physical distance satisfy the set condition, the verification fails, and the network operation is prohibited.
  • processor 1001 can invoke a network operations control application stored in memory 1005 to perform the following operations:
  • the network operation control method proposed by an example of the present application includes:
  • Step S101 Acquire operation-related information corresponding to the network operation when the client initiates a network operation, where the operation-related information includes at least a user identifier of the client.
  • This example utilizes the uniqueness of biometrics to replace the common verification code to block the network attack of the automaton, and can prevent the high-volume automatic operation of the network attacker and improve the network security.
  • the terminal When the terminal detects that the client initiates the network operation, the terminal obtains the operation related information corresponding to the network operation, where the operation related information includes at least the user identifier of the client, or may also include the time and location information of the network operation initiation. And / or type.
  • the method before monitoring the client to initiate a network operation, the method further includes: storing the user identifier of the user in association with the registered biometric; wherein, when detecting that the client initiates the network operation, according to the The biometrics stored by the user identity association and the biometrics returned by the client control the network operation. For example, the network operation is controlled by judging whether the biometric stored in association with the user identifier matches the biometric currently returned by the client.
  • the user ID of the client may be a registered account assigned to the user when the user is registered, or may be other information that can identify the specified user.
  • This example uses a registered account as an example.
  • the user's biometric is collected as a registered account. Verification code when logging in. Therefore, in the registration process, the registered account number can be stored in association with the biometric of the user. For example, one-to-one correspondence may be stored, that is, one account corresponds to one biometric of the user; or one account corresponds to multiple biometrics, that is, multiple biometrics are collected; or may be a case where one biometric has multiple accounts.
  • the uniqueness of the biometric feature can be used instead of the common verification code to block the network attack of the automaton, and the high-volume automatic operation of the network attacker can be prevented, and the effectiveness against the network attack can be improved.
  • the user identifier and the biometric feature of the user may also be provided by the client through the biometric registration request after the client is registered, and then the acquired user identifier is associated with the biometric of the user. storage.
  • the operation related information may further include a time, an operation type, and location information of the client initiated by the network operation.
  • the operation related information corresponding to the network operation is obtained for subsequently controlling the network operation by operating the related information and the biometrics of the user.
  • Step S102 generating a feature verification operation to the client, and acquiring a biometric returned by the client;
  • a feature feature verification operation is performed to the client, and the biometric returned by the client is obtained.
  • Biometrics here include, but are not limited to, faces, fingerprints, voice prints, irises, and the like. Because of the unique and unforgeable nature of the creature, it is considered that the finite latitude can be used to replace the infinite IP address.
  • the terminal system can request biometric comparison, and utilize the correlation between the user identification and the biometrics, thereby effectively combating the high-volume automatic operation of the criminals and improving the confrontation. Effectiveness.
  • the phenomenon detected by the system is a plurality of services corresponding to multiple accounts of a biological individual. This is a very obvious abnormal feature, based on which the current operation can be effectively intercepted. If the bad guys illegally record and store a large number of biometrics for automatic machine breakthrough, then on the system side, it can be found that the same biological individual may change the physical position of the long distance in a short time, which is not possible under normal circumstances. Do it, based on this, you can also strike.
  • the feature verification operation occurs to the client, such as scanning the user's facial features, scanning fingerprints, and the like.
  • Biometric Identification Technology can be used to identify biometric features such as facial features and fingerprints.
  • Biometric identification technology refers to a technology for authenticating human biometrics.
  • biometrics technology is closely integrated with high-tech means such as optics, acoustics, biosensors, and biostatistics, and uses the inherent physiological and behavioral characteristics of the human body to identify individuals.
  • a biometric system is a feature template that samples biometric features, extracts their unique features, converts them into digital codes, and further combines these codes.
  • the recognition system obtains its characteristics and compares it with the feature templates in the data to determine whether it matches, thereby deciding to accept or reject the user.
  • biometrics is mainly related to computer vision, image processing and pattern recognition, computer auditory, speech processing, multi-sensor technology, virtual reality, computer graphics, visualization technology, computer-aided design, and intelligence. Other related research such as robot perception systems.
  • Biometrics that have been used for biometric identification include hand shape, fingerprint, face shape, iris, retina, pulse, auricle, and the like.
  • Step S103 controlling the network operation according to the biometric returned by the client and the operation related information.
  • the operation related information includes a user identifier of the client, the biometric returned according to the client, and the operation related information.
  • the process of controlling the network operation may include:
  • the operation related information may include a user identifier of the client, a time when the network operation is initiated, an operation type, and location information, where the biometric returned according to the client and the operation are related.
  • Information, when controlling the network operation one or more combinations of the following conditions may be considered to determine whether to control the network operation, that is, various abnormalities may be combined or judged, or a single The exception is used as a judgment condition.
  • the time and operation type initiated by the network operation it is determined that the number of operation types corresponding to the biometric returned by the client within a predetermined time is plural.
  • the verification fails.
  • the network operation is prohibited.
  • the process of controlling the network operation may include:
  • the bad guys use illegal means to obtain a large number of biometrics and use these features to register their accounts in bulk.
  • the system detected biometric A, biometric B, and biometric C appearing in Shanghai, Guangxi, and Nanjing respectively (bad guys use VPN to escape strikes), but biometrics A, B, The real owners of C had their own account operations in Shenzhen, Sichuan, and Yunnan one minute ago.
  • the system will find an abnormality: biometrics A, B, and C occurred thousands of kilometers in one minute. Physical displacement, which is not possible under normal circumstances, unless the bad guys use biometrics to evade the use of VPNs in different provinces and cities.
  • the possible threshold of the time interval may also be set. If the time interval is less than the set threshold, and the physical distance is greater than the set threshold, the verification fails, and the network operation is prohibited.
  • the operation related information includes a user identifier of the client, a time when the network operation is initiated, and an operation type, and according to the biometric returned by the client and the operation related information,
  • the process of controlling network operations may include:
  • the verification fails, and the network operation is prohibited.
  • the verification fails, and the network operation is prohibited.
  • the network operation when determining whether the network operation is abnormal according to the time and operation type initiated by the network operation, it may not be limited to whether it is the same operation type, and may also be combined with multiple operation types. such as:
  • the biometrics A are used to perform different types of operations on the accounts B, C, and D, for example, using the account B to log in to QQ, using the account C to log in to WeChat, and using the account D to purchase goods online, and B, C.
  • the D account has never been operated by A in the history, or the account B, the account C and the account D are related to each other. Therefore, it can be determined that the operation is not the user's operation, and the network operation can be prohibited.
  • the biometrics, time, account number, and operation type are used as verification joint latitudes to replace the simple network environment, and solve the problem caused by the unlimited resources of the traditional verification method based on the IP address, through limited biometrics. It protects malicious operators from large-scale automated operations. At the same time, it associates accounts with user biometrics and establishes strong mapping relationships. It can effectively defend against network attacks, especially distributed human operations by malicious attackers.
  • the solution of the present example associates a certain operation of an account with a real person through biometrics. Since biometrics are not counterfeit, they can be viewed as a finite latitude.
  • Example 1 The bad guys use illegal means to obtain a large number of biometrics and use these features to register accounts in bulk. For example, the system detected biometric A, biometric B, and biometric C appearing in Shanghai, Guangxi, and Nanjing respectively (bad guys use VPN to escape strikes), but the real owners of biometrics A, B, and C were in Shenzhen one minute ago. Sichuan and Yunnan have separately operated their own accounts, and the system will find an abnormality: the biological characteristics A, B, and C have physical displacements of thousands of kilometers in one minute, which is impossible under normal circumstances. Unless the bad guys steal biometrics, they use different provinces and cities to escape the VPN.
  • Example 2 The bad guys use the distributed manual verification, that is, the coder performs the balance inquiry action on the 10,000 stolen account. The purpose is to prevent the system from detecting a large number of requests in the same network environment and being hit. At this point the system can find 1 exception:
  • Biometric A performs the same type of operations on accounts B, C, and D, respectively, and the B, C, and D accounts have never been operated by A in history. Therefore, it can be determined that the operation is not the user's own operation and can be hit.
  • the biometrics, time, location, account number, and operation type are used as verification joint latitudes, which replaces the simple network environment in the past, and can overcome the shortcomings of the traditional verification method based on the unlimited address of the IP address, through limited biometrics. Defend the bad guys in large quantities Dynamic operation; at the same time, the account is associated with the real person to establish a strong mapping relationship, effectively combating the distributed manual operation of the code worker.
  • an example of the present application proposes a network operation control method.
  • the example is based on the example shown in FIG. 2 above.
  • the method before monitoring the client to initiate the network operation, the method further includes:
  • Step S90 receiving a registration request sent by the client, and acquiring a biometric feature of the client side user;
  • Step S100 The user identifier is allocated to the user according to the registration request, and the user identifier is stored in association with the biometric feature of the user; or the biometric registration request sent by the client is received, where the biometric registration request includes a user identification and a biometric of the user; storing the user identification in association with the biometric of the user.
  • the example also includes a user registration process.
  • the user identifier may be a registered account that is assigned to the user when the user is registered, or may be other information that can identify the specified user. This example is exemplified by the registered account.
  • the user may initiate a registration request to the client according to the network operation requirement, and the client allocates a registration account to the user according to the registration request, and associates the registration account with the biometric of the user.
  • a registration account For example, one-to-one correspondence may be stored, that is, one account corresponds to one biometric of the user; or one account corresponds to multiple biometrics, that is, multiple biometrics are collected; or may be a case where one biometric has multiple accounts.
  • the purpose of associating the registered account with the biometric of the user is to record the most original biometrics of an account, to detect an abnormality caused by the operation of the later account by other bio-individuals; Avoid registering a large number of accounts with the same biometric.
  • the biometric registration request sent by the client may be received, where the biometric registration request includes the user identifier and the biometric of the user, and the user identifier is The biometric association of the user is stored.
  • Biometrics here include, but are not limited to, faces, fingerprints, voice prints, irises, and the like. Because of the unique and unforgeable nature of the creature, it is considered that the finite latitude can be used to replace the infinite IP address.
  • the terminal system can request biometric comparison and utilize the association between the user identifier and the biometric feature, thereby effectively preventing the malicious operation of the malicious attacker from being mass-produced and improving the confrontation.
  • the effectiveness of cyber attacks can be performed.
  • the phenomenon detected by the system is a plurality of services corresponding to multiple accounts of a biological individual. This is an obvious abnormal feature, and based on this, the current operation can be performed. Effective interception; if the bad guys illegally record and store a large number of biometrics for automatic machine breakthrough, then on the system side, it can be found that the same biological individual may change the physical position of the long distance in a short time, which is under normal circumstances. It is impossible to do so, based on this, it can also be hit.
  • the present application also proposes some examples of network operation control devices.
  • the network operation control apparatus includes: an operation information acquisition module 201, a biometrics acquisition module 202, and an operation control module 203, wherein:
  • the operation information obtaining module 201 is configured to acquire operation related information corresponding to the network operation when the client initiates a network operation, where the operation related information includes at least a user identifier of the client;
  • the biometric acquisition module 202 is configured to generate a feature verification operation to the client to obtain a biometric feature returned by the client.
  • the operation control module 203 is configured to control the network operation according to the biometric returned by the client and the operation related information.
  • the uniqueness of the biometric feature is used, instead of the ordinary verification code to block the attack of the automaton, and the high-volume automatic operation of the malicious attacker is prevented, so as to prevent the network attack of the automaton and improve the effectiveness against the network attack. Sex.
  • the terminal When the terminal detects that the client initiates a network operation, the terminal obtains the operation corresponding to the network operation.
  • the operation related information includes at least the user identifier of the client, or may also include time, location information, and/or type of the network operation initiation.
  • the user ID of the client may be a registered account assigned to the user when the user is registered, or may be other information that can identify the specified user.
  • the registered account is used as an example, and when registering, the biometric of the user is collected as The verification code when the account is registered. Therefore, in the registration process, the registered account number can be stored in association with the biometric of the user. For example, one-to-one correspondence may be stored, that is, one account corresponds to one biometric of the user; or one account corresponds to multiple biometrics, that is, multiple biometrics are collected; or may be a case where one biometric has multiple accounts.
  • the operation related information may further include a time, an operation type, and location information of the client initiated by the network operation.
  • the operation related information corresponding to the network operation is obtained for subsequently controlling the network operation by operating the related information and the biometrics of the user.
  • a feature feature verification operation is performed to the client, and the biometric returned by the client is obtained.
  • Biometrics here include, but are not limited to, faces, fingerprints, voice prints, irises, and the like. Because of the unique and unforgeable nature of the creature, it can replace the infinite IP address of the prior art with a limited latitude.
  • the terminal system can request biometric comparison and utilize the correlation between the user identification and the biometrics, thereby effectively combating the large-scale automated operation of the criminals and improving the confrontation. Effectiveness.
  • the phenomenon detected by the system is a plurality of services corresponding to multiple accounts of a biological individual. This is a very obvious abnormal feature, based on which the current operation can be effectively intercepted. If the bad guys illegally record and store a large number of biometrics for automatic machine breakthrough, then on the system side, it can be found that the same biological individual may change the physical position of the long distance in a short time, which is not possible under normal circumstances. Do it, based on this, you can also strike.
  • the feature verification operation occurs to the client, such as scanning the user's facial features, scanning fingerprints, and the like.
  • Biometric Identification Technology can be used to identify biometric features such as facial features and fingerprints.
  • Biometric identification technology refers to a technology for authenticating human biometrics.
  • biometrics technology is closely integrated with high-tech means such as optics, acoustics, biosensors, and biostatistics, and uses the inherent physiological and behavioral characteristics of the human body to identify individuals.
  • a biometric system is a feature template that samples biometric features, extracts their unique features, converts them into digital codes, and further combines these codes.
  • the recognition system obtains its characteristics and compares it with the feature templates in the data to determine whether it matches, thereby deciding to accept or reject the user.
  • biometrics is mainly related to computer vision, image processing and pattern recognition, computer auditory, speech processing, multi-sensor technology, virtual reality, computer graphics, visualization technology, computer-aided design, and intelligence. Other related research such as robot perception systems.
  • Biometrics that have been used for biometric identification include hand shape, fingerprint, face shape, iris, retina, pulse, auricle, and the like.
  • the network operation is controlled according to the biometrics returned by the client and the operation related information.
  • the operation related information includes a user identifier of the client
  • the process of controlling the network operation according to the biometric returned by the client and the operation related information may be include:
  • the operation related information may include a user identifier of the client, a time when the network operation is initiated, an operation type, and location information, where the biometric returned according to the client and the operation are related.
  • Information, when controlling the network operation one or more combinations of the following conditions may be considered to determine whether to control the network operation, that is, various abnormalities may be combined or judged, or a single The exception is used as a judgment condition.
  • the specific implementation has been described in the foregoing and will not be described here.
  • the bad guys use illegal means to obtain a large number of biometrics and use these features to register their accounts in bulk.
  • the system detected biometric A, biometric B, and biometric C appearing in Shanghai, Guangxi, and Nanjing respectively (bad guys use VPN to escape strikes), but the real owners of biometrics A, B, and C were in Shenzhen one minute ago.
  • Sichuan and Yunnan have separately operated their own accounts, and the system will find an abnormality: the biological characteristics A, B, and C have physical displacements of thousands of kilometers in one minute, which is impossible under normal circumstances. Unless the bad guys steal biometrics, they use different provinces and cities to escape the VPN.
  • the possible threshold of the time interval may also be set. If the time interval is less than the set threshold, and the physical distance is greater than the set threshold, the verification fails, and the network operation is prohibited.
  • the operation related information includes a user identifier of the client, a time when the network operation is initiated, and an operation type, and according to the biometric returned by the client and the operation related information,
  • the process of controlling network operations may include:
  • the verification fails, and the network operation is prohibited.
  • the verification fails, and the network operation is prohibited.
  • the verification fails, and the network operation is prohibited.
  • the network operation when determining whether the network operation is abnormal according to the time and operation type initiated by the network operation, it may not be limited to whether it is the same operation type, and may also be combined with multiple operation types. For example:
  • the biometrics A are used to perform different types of operations on the accounts B, C, and D, for example, using the account B to log in to QQ, using the account C to log in to WeChat, and using the account D to purchase goods online, and B, C.
  • the D account history has never been operated by A, or the account B, the account C and the account D are related to each other. Therefore, it can be determined that the operation is not the user's own operation and can be struck.
  • the biometrics, time, account number, and operation type are used as the verification joint latitude, instead of the simple network environment, the problem of the traditional verification method based on the unlimited resource of the IP address can be solved, and the limited biometrics are used. It protects the bad guys from large-scale automated operations; at the same time, it associates the account with the real person and establishes a strong mapping relationship, which can effectively prevent the distributed manual operation of the code workers.
  • the operation related information corresponding to the network operation is acquired; the object feature verification operation is performed to the client, and the biometric returned by the client is obtained; and the return is performed according to the client.
  • the biometrics and the operational related information control the network operation.
  • the operation related information may include a user identifier, a time when the network operation is initiated, location information, and an operation type. Therefore, the uniqueness of the biometric feature may be used according to the operation related information, and the automatic verification code is used instead of the automatic machine.
  • the network attack not only protects the distributed manual operation of the code workers, but also protects the malicious operators from large-scale automated operations through a simple user experience, effectively defends against the attacks of the automaton, and improves the effectiveness against the network attacks. Improve network security.
  • Example 1 The bad guys use illegal means to obtain a large number of biometrics and use these features to register accounts in bulk. For example, the system detected biometric A, biometric B, and biometric C appearing in Shanghai, Guangxi, and Nanjing respectively (bad guys use VPN to escape strikes), but the real owners of biometrics A, B, and C were in Shenzhen one minute ago. Sichuan and Yunnan have separately operated their own accounts, and the system will find an abnormality: the biological characteristics A, B, and C have physical displacements of thousands of kilometers in one minute, which is impossible under normal circumstances. Unless the bad guys steal biometrics, they use different provinces and cities to escape the VPN.
  • Example 2 The bad guys use the distributed manual verification, that is, the coder performs the balance inquiry action on the 10,000 stolen account. The purpose is to prevent the system from detecting a large number of requests in the same network environment and being hit. At this point the system can find 1 exception:
  • Biometric A performs the same type of operations on accounts B, C, and D, respectively, and the B, C, and D accounts have never been operated by A in history. Therefore, it can be determined that the operation is not the user's own operation and can be hit.
  • the biometrics, time, location, account number, and operation type are used as verification joint latitudes to replace the simple network environment, which can solve the problems caused by the unlimited resources of the traditional verification method based on the IP address.
  • the biometrics are used to protect the malicious attackers from large-scale automated operations; at the same time, the account is associated with real people, and a strong mapping relationship is established, which can effectively prevent distributed manual operations of code workers.
  • an example of the present application provides a network operation control apparatus, which is based on the example shown in FIG. 4, and further includes:
  • the registration module 200 is configured to receive a registration request sent by the client, and acquire a biometric feature of the client side user; assign the user identifier to the user according to the registration request, and associate the user identifier with the biometric feature of the user Store; or, receive the raw sent by the client a feature registration request, the biometric registration request including a user identifier and a biometric of the user; storing the user identifier in association with the biometric of the user.
  • the apparatus shown in FIG. 4 and FIG. 5 above may be implemented by hardware or by software.
  • the above device may be a set of machine executable instructions contained in a memory of the terminal device, each module in the device being a software module or an instruction module containing machine executable instructions, in the device
  • any module is called by the processor of the terminal device, the instructions in the module are executed by the processor, thereby implementing the function of the module.
  • this example also includes a specific scheme of the user registration process.
  • the user identifier may be a registered account that is assigned to the user when the user is registered, or may be other information that can identify the specified user.
  • the registered account is taken as an example for description.
  • the user may initiate a registration request to the client according to the network operation requirement, and the client allocates a registration account to the user according to the registration request, and associates the registration account with the biometric of the user.
  • a registration account For example, one-to-one correspondence may be stored, that is, one account corresponds to one biometric of the user; or one account corresponds to multiple biometrics, that is, multiple biometrics are collected; or may be a case where one biometric has multiple accounts.
  • the purpose of associating the registered account with the biometric of the user is to record the most original biometrics of an account, to detect an abnormality caused by the operation of the later account by other bio-individuals; Avoid registering a large number of accounts with the same biometric.
  • the biometric registration request sent by the client may be received, where the biometric registration request includes the user identifier and the biometric of the user, and the user identifier is The biometric association of the user is stored.
  • Biometrics here include, but are not limited to, faces, fingerprints, voice prints, irises, and the like. Because of the unique and unforgeable nature of the creature, it is considered that the finite latitude can be used to replace the infinite IP address.
  • the terminal system can request it to enter The biometric comparison is carried out, and the correlation between the user identification and the biometrics is utilized, so that the automated operation of the large quantities of the criminals can be effectively combated, and the effectiveness of the confrontation is improved.
  • the phenomenon detected by the system is a plurality of services in which a biological individual corresponds to multiple accounts. This is a very obvious anomaly feature, based on this. It is able to effectively intercept the current operation; if the bad guys illegally record and store a large number of biometrics for automatic machine breakthrough, then on the system side, it can be found that the same biological individual may change the physical position of the long distance in a short time, which is Under normal circumstances, it is impossible to do so. For this point, the solution provided in this example can also be effectively defended.
  • the technical solution of the present application which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a non-volatile storage medium (such as ROM/RAM). , a disk, an optical disk, including a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the methods of the various examples of the present application.
  • a terminal device which may be a mobile phone, a computer, a server, or a network device, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Collating Specific Patterns (AREA)
  • Computer And Data Communications (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention relates to a solution for controlling a network operation, comprising: upon detection of initiation of a network operation by a client, acquiring related operation information corresponding to the network operation; delivering a biometric authentication operation request to the client, and acquiring a biometric feature returned by the client; and performing, according to the biometric feature returned by the client and the related operation information, control on the network operation. The solution can improve network security.

Description

网络操作控制方法及设备Network operation control method and device
本申请要求于2015年09月29日提交中国专利局、申请号为201510634508.1、发明名称为“网络操作控制方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201510634508.1, entitled "Network Operation Control Method and Apparatus", filed on Sep. 29, 2015, the entire disclosure of which is incorporated herein by reference.
技术领域Technical field
本申请涉及互联网技术领域,尤其涉及网络操作控制方法及设备。The present application relates to the field of Internet technologies, and in particular, to a network operation control method and device.
发明背景Background of the invention
在互联网上,网络犯罪者目前主要使用自动机来完成大规模的犯罪侵害。例如自动机注册号码、自动机查询、自动机领取优惠等等。On the Internet, cybercriminals currently use automata to perform large-scale crimes. For example, automaton registration number, automaton inquiry, automaton to receive discounts, etc.
从现阶段的情况来看,业界大多数的对抗自动机的方式一般是验证码,并且打击方式大多是针对IP地址,但是随着虚拟专用网(VPN,Virtual Private Network)的成熟发展和分布式人工打码的出现,验证码被突破的情况就变得越来越多;而且IP地址已经逐渐转变成一种无限的资源,使得不法分子可以通过大量生成IP地址来进行操作来逃避打击,从而降低了对抗的有效性。From the current situation, most of the industry's methods against automata are generally verification codes, and most of the attack methods are for IP addresses, but with the mature development and distribution of virtual private networks (VPNs). With the emergence of manual coding, the situation that the verification code is broken is becoming more and more; and the IP address has gradually turned into an infinite resource, so that the criminals can operate by a large number of IP addresses to escape the blow, thereby reducing The effectiveness of the confrontation.
发明内容Summary of the invention
本申请提出的网络操作控制方法,包括:The network operation control method proposed by the application includes:
在监测到客户端发起网络操作时,获取所述网络操作对应的操作相关信息,所述操作相关信息至少包括用户标识,或者还包括所述网络操作发起的时间、位置信息和/或类型;Obtaining operation related information corresponding to the network operation when the client initiates a network operation, where the operation related information includes at least a user identifier, or further includes time, location information, and/or type of the network operation initiation;
向所述客户端下发生物特征验证操作,获取所述客户端返回的生物特征;Generating a feature verification operation to the client to obtain a biometric returned by the client;
根据所述客户端返回的生物特征以及所述操作相关信息,对所述网 络操作进行控制。Determining the network according to the biometric returned by the client and the operation related information Network operation is controlled.
本申请提出的终端设备,至少包括处理器和存储了所述处理器可执行指令的存储器,当所述处理器执行所述存储器中的所述指令时,所述终端设备执行如下操作:The terminal device proposed by the present application includes at least a processor and a memory storing the processor executable instructions. When the processor executes the instruction in the memory, the terminal device performs the following operations:
在监测到客户端发起网络操作时,获取所述网络操作对应的操作相关信息,所述操作相关信息至少包括用户标识,或者还包括所述网络操作发起的时间、位置信息和/或类型;Obtaining operation related information corresponding to the network operation when the client initiates a network operation, where the operation related information includes at least a user identifier, or further includes time, location information, and/or type of the network operation initiation;
向所述客户端下发生物特征验证操作,获取所述客户端返回的生物特征;Generating a feature verification operation to the client to obtain a biometric returned by the client;
根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制。The network operation is controlled according to the biometrics returned by the client and the operation related information.
附图简要说明BRIEF DESCRIPTION OF THE DRAWINGS
图1是本申请涉及的硬件运行环境的终端结构示意图;1 is a schematic structural diagram of a terminal of a hardware operating environment according to the present application;
图2是本申请提供的网络操作控制方法一实例的流程示意图;2 is a schematic flowchart of an example of a network operation control method provided by the present application;
图3是本申请提供的网络操作控制方法一实例的流程示意图;3 is a schematic flowchart of an example of a network operation control method provided by the present application;
图4是本申请提供的网络操作控制装置一实例的功能模块示意图;4 is a schematic diagram of functional modules of an example of a network operation control apparatus provided by the present application;
图5是本申请提供的网络操作控制装置一实例的功能模块示意图。FIG. 5 is a schematic diagram of functional modules of an example of a network operation control apparatus provided by the present application.
为了使本申请提供的技术方案更加清楚、明了,下面将结合附图作进一步详述。In order to make the technical solutions provided by the present application clearer and clearer, the following will be further described in detail with reference to the accompanying drawings.
实施本发明的方式Mode for carrying out the invention
应当理解,此处所描述的具体实例仅仅用以解释本申请,并不用于限定本申请。It is understood that the specific examples described herein are merely illustrative of the application and are not intended to be limiting.
本申请提供的技术方案中,在监测到客户端发起网络操作时,获取此次网络操作对应的操作相关信息;向客户端下发生物特征验证操作, 获取所述客户端返回的生物特征;根据客户端返回的生物特征以及所述操作相关信息,对网络操作进行控制。其中,操作相关信息可以包括用户标识、此次网络操作发起的时间、位置信息及操作类型等,由此,可以根据操作相关信息,并基于生物特征的唯一性,替代普通验证码来阻断自动机的网络攻击,进而可以有效防止自动机的网络攻击,提高网络安全性。不仅可以防御码工分布式人工操作,还可通过简易的用户操作,防御网络攻击者大批量的自动化操作。In the technical solution provided by the application, when the client initiates a network operation, the operation related information corresponding to the network operation is acquired; and the feature verification operation occurs to the client. Obtaining a biometric returned by the client; controlling network operation according to the biometric returned by the client and the operation related information. The operation related information may include a user identifier, a time when the network operation is initiated, location information, and an operation type, and thus, according to the operation related information, and based on the uniqueness of the biometric, instead of the ordinary verification code, the automatic blocking is performed. The network attack of the machine can effectively prevent the network attack of the automaton and improve the network security. It not only protects the code workers from distributed manual operations, but also protects network attackers from large-scale automated operations through simple user operations.
如图1所示,图1是本申请涉及的硬件运行环境的终端(也称为终端设备)结构示意图。As shown in FIG. 1 , FIG. 1 is a schematic structural diagram of a terminal (also referred to as a terminal device) in a hardware operating environment according to the present application.
在一些实例中,终端可以是PC,也可以是智能手机、平板电脑、电子书阅读器、MP3(Moving Picture Experts Group Audio Layer III,动态影像专家压缩标准音频层面3)播放器、MP4(Moving Picture Experts Group Audio Layer IV,动态影像专家压缩标准音频层面3)播放器、便携计算机等具有显示功能的可移动式终端设备。In some examples, the terminal may be a PC, or may be a smartphone, a tablet, an e-book reader, an MP3 (Moving Picture Experts Group Audio Layer III) player, and an MP4 (Moving Picture). Experts Group Audio Layer IV, dynamic video experts compress standard audio layers 3) Players, portable computers and other portable terminal devices with display functions.
如图1所示,该终端可以包括:处理器1001,例如CPU,网络接口1004,用户接口1003,存储器1005,通信总线1002。其中,通信总线1002用于实现这些组件之间的连接通信。用户接口1003可以包括显示屏(Display)、输入单元比如键盘(Keyboard),可选用户接口1003还可以包括标准的有线接口、无线接口。网络接口1004可选的可以包括标准的有线接口、无线接口(如WI-FI接口)。存储器1005可以是高速RAM存储器,也可以是稳定的存储器(non-volatile memory),例如磁盘存储器。存储器1005可选的还可以是独立于前述处理器1001的存储装置。As shown in FIG. 1, the terminal may include a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, and a communication bus 1002. Among them, the communication bus 1002 is used to implement connection communication between these components. The user interface 1003 can include a display, an input unit such as a keyboard, and the optional user interface 1003 can also include a standard wired interface, a wireless interface. The network interface 1004 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface). The memory 1005 may be a high speed RAM memory or a non-volatile memory such as a disk memory. The memory 1005 can also optionally be a storage device independent of the aforementioned processor 1001.
可选地,移动终端还可以包括摄像头、RF(Radio Frequency,射频)电路,传感器、音频电路、WiFi模块等等。其中,传感器比如光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示屏的亮度,接近传感器可在移动终端移动到耳边时,关闭显示屏和/或背光。 作为运动传感器的一种,重力加速度传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别移动终端姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;当然,移动终端还可配置陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。Optionally, the mobile terminal may further include a camera, an RF (Radio Frequency) circuit, a sensor, an audio circuit, a WiFi module, and the like. Among them, sensors such as light sensors, motion sensors, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display according to the brightness of the ambient light, and the proximity sensor may turn off the display and/or when the mobile terminal moves to the ear. Backlighting. As a kind of motion sensor, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (usually three axes), and can detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of the mobile terminal (such as horizontal and vertical screen switching, Related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; of course, the mobile terminal can also be equipped with other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor, etc. No longer.
本领域技术人员可以理解,图1中示出的终端结构并不构成对终端的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。It will be understood by those skilled in the art that the terminal structure shown in FIG. 1 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements.
如图1所示,作为一种计算机存储介质的存储器1005中可以包括操作***、网络通信模块、用户接口模块以及网络操作控制应用程序。As shown in FIG. 1, an operating system, a network communication module, a user interface module, and a network operation control application may be included in the memory 1005 as a computer storage medium.
在图1所示的终端中,网络接口1004主要用于连接后台服务器,与后台服务器进行数据通信;用户接口1003主要用于连接客户端(用户端),与客户端进行数据通信;而在一些实例中,处理器1001可以用于调用存储器1005中存储的网络操作控制应用程序(也称为机器可执行的指令),并执行以下操作:In the terminal shown in FIG. 1, the network interface 1004 is mainly used to connect to the background server and perform data communication with the background server; the user interface 1003 is mainly used to connect the client (user end), and perform data communication with the client; In an example, the processor 1001 can be used to invoke a network operation control application (also referred to as a machine executable instruction) stored in the memory 1005 and perform the following operations:
在监测到客户端发起网络操作时,获取所述网络操作对应的操作相关信息,所述操作相关信息至少包括所述客户端的用户标识,或者还包括所述网络操作发起的时间、位置信息和/或类型;Obtaining the operation related information corresponding to the network operation when the client initiates the network operation, where the operation related information includes at least the user identifier of the client, or the time and location information of the network operation initiation and/or Or type;
向所述客户端下发生物特征验证操作,获取所述客户端返回的生物特征;Generating a feature verification operation to the client to obtain a biometric returned by the client;
根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制。The network operation is controlled according to the biometrics returned by the client and the operation related information.
上述实例中,可以根据操作相关信息,利用生物特征的唯一性,来替代普通验证码来阻断自动机的网络攻击,提高网络安全性。In the above example, the uniqueness of the biometrics may be used according to the operation related information to replace the common verification code to block the network attack of the automaton and improve the network security.
进一步地,处理器1001可以调用存储器1005中存储的网络操作控制应用程序,还执行以下操作: Further, the processor 1001 can call the network operation control application stored in the memory 1005, and also performs the following operations:
在监测到客户端发起网络操作之前,所述方法还包括:将用户的用户标识与其注册的生物特征关联存储;Before detecting that the client initiates the network operation, the method further includes: storing the user identifier of the user in association with the registered biometric;
在监测到客户端发起网络操作时,根据与所述用户标识关联存储的生物特征以及所述客户端返回的生物特征对所述网络操作进行控制。Upon detecting that the client initiates a network operation, the network operation is controlled based on biometrics stored in association with the user identity and biometrics returned by the client.
其中,上述将用户的用户标识与其注册的生物特征关联存储的步骤可包括:The foregoing step of associating the user identifier of the user with the registered biometrics may include:
接收客户端发送的注册请求,并获取客户端侧用户的生物特征;Receiving a registration request sent by the client, and obtaining a biometric of the client side user;
根据所述注册请求为所述用户分配用户标识,将所述用户标识与所述用户的生物特征关联存储;或者,Assigning a user identifier to the user according to the registration request, and storing the user identifier in association with the biometric feature of the user; or
接收客户端发送的生物特征注册请求,所述生物特征注册请求包括用户标识以及用户的生物特征;Receiving a biometric registration request sent by the client, where the biometric registration request includes a user identifier and a biometric of the user;
将所述用户标识与所述用户的生物特征关联存储。The user identification is stored in association with the biometric of the user.
在一些实例中,在对网络操作进行控制时,处理器1001可以调用存储器1005中存储的网络操作控制应用程序,执行以下操作:In some examples, when controlling network operations, the processor 1001 can invoke a network operation control application stored in the memory 1005 to perform the following operations:
判断是否满足以下条件中的任一种或任意组合:Determine if any or any combination of the following conditions is met:
所述客户端返回的生物特征不是与用户标识对应的生物特征(即与该用户标识关联存储的生物特征);或者The biometric returned by the client is not a biometric corresponding to the user identifier (ie, a biometric stored in association with the user identifier); or
根据所述网络操作发起的时间及位置信息,确定当次操作的时间与所述生物特征对应的上次发起操作的时间间隔及物理距离,并且所述时间间隔及所述物理距离满足设定条件;或者Determining, according to the time and location information initiated by the network operation, a time interval and a physical distance of the last initiated operation corresponding to the biometric, and the time interval and the physical distance satisfy the set condition ;or
根据所述网络操作发起的时间和操作类型,获取所述客户端返回的生物特征对应的在预定时间内同一种或多种操作类型对应的用户标识的个数,并且所述用户标识的个数大于设定阈值;Obtaining, according to the time and operation type of the network operation, the number of user identifiers corresponding to the same type or multiple operation types corresponding to the biometrics returned by the client, and the number of the user identifiers Greater than the set threshold;
若判定满足上述条件中的任一种或任意组合,则验证不通过,禁止所述网络操作。If it is determined that any one of the above conditions or any combination is satisfied, the verification fails, and the network operation is prohibited.
在一些实例中,在对网络操作进行控制时,处理器1001可以调用存储器1005中存储的网络操作控制应用程序,执行以下操作: In some examples, when controlling network operations, the processor 1001 can invoke a network operation control application stored in the memory 1005 to perform the following operations:
根据所述用户标识,判断所述客户端返回的生物特征是否为与用户标识对应的生物特征;若是,则执行以下步骤:Determining, according to the user identifier, whether the biometric returned by the client is a biometric corresponding to the user identifier; if yes, performing the following steps:
根据所述网络操作发起的时间及位置信息,确定当次操作的时间与所述生物特征对应的上次发起操作的时间间隔及物理距离;和/或Determining, according to the time and location information initiated by the network operation, a time interval and a physical distance of the last initiated operation corresponding to the biometric time; and/or
根据所述网络操作发起的时间和操作类型,获取所述生物特征对应的在预定时间内的同一种或多种操作类型对应的用户标识的个数;若所述用户标识的个数大于设定阈值和/或所述时间间隔及所述物理距离满足设定条件,则验证不通过,禁止所述网络操作。Obtaining, according to the time and operation type of the network operation, the number of user identifiers corresponding to the same type or multiple operation types corresponding to the biometric feature; if the number of the user identifiers is greater than a setting If the threshold and/or the time interval and the physical distance satisfy the set condition, the verification fails, and the network operation is prohibited.
在一些实例中,处理器1001可以调用存储器1005中存储的网络操作控制应用程序,执行以下操作:In some examples, processor 1001 can invoke a network operations control application stored in memory 1005 to perform the following operations:
设定所述时间间隔及所述物理距离满足设定条件为所述时间间隔小于设定阈值,且所述物理距离大于设定阈值。And setting the time interval and the physical distance to satisfy the setting condition that the time interval is less than a set threshold, and the physical distance is greater than a set threshold.
如图2所示,本申请一实例提出的网络操作控制方法,包括:As shown in FIG. 2, the network operation control method proposed by an example of the present application includes:
步骤S101,在监测到客户端发起网络操作时,获取此次网络操作对应的操作相关信息,所述操作相关信息至少包括所述客户端的用户标识;Step S101: Acquire operation-related information corresponding to the network operation when the client initiates a network operation, where the operation-related information includes at least a user identifier of the client.
本实例利用生物特征的唯一性,替代普通验证码来阻断自动机的网络攻击,可以防御网络攻击者的大批量的自动化操作,提高网络安全性。This example utilizes the uniqueness of biometrics to replace the common verification code to block the network attack of the automaton, and can prevent the high-volume automatic operation of the network attacker and improve the network security.
终端在监测到客户端发起网络操作时,获取此次网络操作对应的操作相关信息,所述操作相关信息至少包括所述客户端的用户标识,或者还可以包括此次网络操作发起的时间、位置信息和/或类型。When the terminal detects that the client initiates the network operation, the terminal obtains the operation related information corresponding to the network operation, where the operation related information includes at least the user identifier of the client, or may also include the time and location information of the network operation initiation. And / or type.
在一些实例中,在监测到客户端发起网络操作之前,所述方法还包括:将用户的用户标识与其注册的生物特征关联存储;其中,在监测到客户端发起网络操作时,根据与所述用户标识关联存储的生物特征以及所述客户端返回的生物特征对所述网络操作进行控制。比如:通过判断与用户标识关联存储的生物特征与客户端当前返回的生物特征是否吻合来对网络操作进行控制。 In some examples, before monitoring the client to initiate a network operation, the method further includes: storing the user identifier of the user in association with the registered biometric; wherein, when detecting that the client initiates the network operation, according to the The biometrics stored by the user identity association and the biometrics returned by the client control the network operation. For example, the network operation is controlled by judging whether the biometric stored in association with the user identifier matches the biometric currently returned by the client.
该客户端的用户标识,可以是用户注册时为用户分配的注册账号,或者也可以是其他可以标识指定用户的信息,本实例以注册账号进行举例,在注册时,采集用户的生物特征作为注册账号登录时的验证码。因此,在注册程序中,将所述注册账号与所述用户的生物特征可以关联存储。比如可以一一对应存储,即一个账号对应用户的一个生物特征;或者,一个账户对应多个生物特征,即采集多个生物特征;或者还可以是一个生物特征有多个帐号的情况。The user ID of the client may be a registered account assigned to the user when the user is registered, or may be other information that can identify the specified user. This example uses a registered account as an example. When registering, the user's biometric is collected as a registered account. Verification code when logging in. Therefore, in the registration process, the registered account number can be stored in association with the biometric of the user. For example, one-to-one correspondence may be stored, that is, one account corresponds to one biometric of the user; or one account corresponds to multiple biometrics, that is, multiple biometrics are collected; or may be a case where one biometric has multiple accounts.
上述实例,可利用生物特征的唯一性,替代普通验证码来阻断自动机的网络攻击,防御网络攻击者大批量的自动化操作,提高对抗网络攻击的有效性。In the above example, the uniqueness of the biometric feature can be used instead of the common verification code to block the network attack of the automaton, and the high-volume automatic operation of the network attacker can be prevented, and the effectiveness against the network attack can be improved.
另外,用户标识及用户的生物特征的获取,也可以在客户端注册后,由客户端通过生物特征注册请求的方式携带提供,之后,将获取的所述用户标识与所述用户的生物特征关联存储。In addition, the user identifier and the biometric feature of the user may also be provided by the client through the biometric registration request after the client is registered, and then the acquired user identifier is associated with the biometric of the user. storage.
此外,操作相关信息还可以包括客户端此次网络操作发起的时间、操作类型及位置信息。In addition, the operation related information may further include a time, an operation type, and location information of the client initiated by the network operation.
其中,获取此次网络操作对应的操作相关信息是为了后续通过操作相关信息和用户的生物特征对网络操作进行控制。The operation related information corresponding to the network operation is obtained for subsequently controlling the network operation by operating the related information and the biometrics of the user.
步骤S102,向所述客户端下发生物特征验证操作,获取所述客户端返回的生物特征;Step S102, generating a feature verification operation to the client, and acquiring a biometric returned by the client;
在本实例中,在监测到客户端发起网络操作后,向客户端下发生物特征验证操作,获取所述客户端返回的生物特征。In this example, after detecting that the client initiates a network operation, a feature feature verification operation is performed to the client, and the biometric returned by the client is obtained.
这里的生物特征包含但不仅限于人脸、指纹、声纹、虹膜等。由于生物具有唯一性和不可伪造的特征,则认为可以用有限的纬度来替换以往无限的IP地址。Biometrics here include, but are not limited to, faces, fingerprints, voice prints, irises, and the like. Because of the unique and unforgeable nature of the creature, it is considered that the finite latitude can be used to replace the infinite IP address.
当***对用户的某次网络操作下发验证操作时,终端***可以要求其进行生物特征比对,利用用户标识与生物特征的关联性,从而可以有效打击不法分子大批量的自动化操作,提高对抗的有效性。 When the system issues a verification operation to a certain network operation of the user, the terminal system can request biometric comparison, and utilize the correlation between the user identification and the biometrics, thereby effectively combating the high-volume automatic operation of the criminals and improving the confrontation. Effectiveness.
例如,如果坏人使用分布式人工验证,则***所检测到的现象就是一个生物个体对应多个帐号的多个业务,这是一个很明显的异常特征,基于这一点就能够对当前操作进行有效拦截;如果坏人通过非法记录,储存大量生物特征进行自动机突破,那么在***侧可以发现,同一个生物个体可能会在短时间发生长距离的物理位置变化,这一点在正常情况下,也是不可能做到的,基于这一点同样可以进行打击。For example, if the bad guy uses distributed manual verification, the phenomenon detected by the system is a plurality of services corresponding to multiple accounts of a biological individual. This is a very obvious abnormal feature, based on which the current operation can be effectively intercepted. If the bad guys illegally record and store a large number of biometrics for automatic machine breakthrough, then on the system side, it can be found that the same biological individual may change the physical position of the long distance in a short time, which is not possible under normal circumstances. Do it, based on this, you can also strike.
更为具体地,向客户端下发生物特征验证操作,比如可以是扫描用户的面部特征、扫描指纹等。More specifically, the feature verification operation occurs to the client, such as scanning the user's facial features, scanning fingerprints, and the like.
其中,对面部特征、指纹等生物特征的识别可以采用常用的生物识别技术(Biometric Identification Technology),生物识别技术是指利用人体生物特征进行身份认证的一种技术。Among them, biometric identification technology (Biometric Identification Technology) can be used to identify biometric features such as facial features and fingerprints. Biometric identification technology refers to a technology for authenticating human biometrics.
更具体一点,生物特征识别技术就是通过计算机与光学、声学、生物传感器和生物统计学原理等高科技手段密切结合,利用人体固有的生理特性和行为特征来进行个人身份的鉴定。More specifically, biometrics technology is closely integrated with high-tech means such as optics, acoustics, biosensors, and biostatistics, and uses the inherent physiological and behavioral characteristics of the human body to identify individuals.
生物识别***是对生物特征进行取样,提取其唯一的特征并且转化成数字代码,并进一步将这些代码组合而成的特征模板。用户同识别***交互进行身份认证时,识别***获取其特征并与数据可中的特征模板进行比对,以确定是否匹配,从而决定接受或拒绝该用户。A biometric system is a feature template that samples biometric features, extracts their unique features, converts them into digital codes, and further combines these codes. When the user interacts with the identification system for identity authentication, the recognition system obtains its characteristics and compares it with the feature templates in the data to determine whether it matches, thereby deciding to accept or reject the user.
在目前的研究与应用领域中,生物特征识别主要关系到计算机视觉、图象处理与模式识别、计算机听觉、语音处理、多传感器技术、虚拟现实、计算机图形学、可视化技术、计算机辅助设计、智能机器人感知***等其他相关的研究。已被用于生物识别的生物特征有手形、指纹、脸形、虹膜、视网膜、脉搏、耳廓等。In current research and application fields, biometrics is mainly related to computer vision, image processing and pattern recognition, computer auditory, speech processing, multi-sensor technology, virtual reality, computer graphics, visualization technology, computer-aided design, and intelligence. Other related research such as robot perception systems. Biometrics that have been used for biometric identification include hand shape, fingerprint, face shape, iris, retina, pulse, auricle, and the like.
步骤S103,根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制。Step S103, controlling the network operation according to the biometric returned by the client and the operation related information.
具体地,作为一种实施方式,所述操作相关信息包括所述客户端的用户标识,所述根据所述客户端返回的生物特征以及所述操作相关信 息,对所述网络操作进行控制的过程可以包括:Specifically, as an implementation manner, the operation related information includes a user identifier of the client, the biometric returned according to the client, and the operation related information. The process of controlling the network operation may include:
根据所述用户标识,判断所述客户端返回的生物特征是否为与用户标识对应的生物特征;若不是,则验证不通过,禁止所述网络操作,其中网络操作比如可以为:注册QQ号码、邮箱,查询信息,某种应用的权限控制,领取优惠,访问某个应用或网站等,由此,通过用户的生物特征的验证匹配,并结合用户标识,可以实现对用户的网络操作进行有效控制,从而有效的防止自动机突破,提高对抗的有效性。Determining, according to the user identifier, whether the biometric returned by the client is a biometric corresponding to the user identifier; if not, the verification fails, and the network operation is prohibited, wherein the network operation may be: registering a QQ number, E-mail, query information, permission control of an application, receiving a discount, accessing an application or website, etc., thereby enabling effective control of the user's network operation by verifying and matching the biometric features of the user and combining the user identification Therefore, it effectively prevents the automatic machine from breaking through and improves the effectiveness of the confrontation.
作为另一种实施方式,所述操作相关信息可以包括所述客户端的用户标识、所述网络操作发起的时间、操作类型及位置信息,在根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制时,可以考虑以下条件的一种或多种组合,以判断是否对网络操作进行控制,也就是说,可以对各种异常进行组合判断,也可以将单一的异常作为判断条件。In another implementation manner, the operation related information may include a user identifier of the client, a time when the network operation is initiated, an operation type, and location information, where the biometric returned according to the client and the operation are related. Information, when controlling the network operation, one or more combinations of the following conditions may be considered to determine whether to control the network operation, that is, various abnormalities may be combined or judged, or a single The exception is used as a judgment condition.
比如,判断是否满足以下条件中的任一种或任意组合:For example, determine if any one or any combination of the following conditions is met:
1、根据用户标识,判定所述客户端返回的生物特征不是与用户标识对应的生物特征;或者1. determining, according to the user identifier, that the biometric returned by the client is not a biometric corresponding to the user identifier; or
2、根据所述网络操作发起的时间及位置信息,确定当次操作的时间与所述客户端返回的生物特征对应的上次发起操作的时间间隔及物理距离,其中,所述时间间隔及所述物理距离满足设定条件;或者And determining, according to the time and location information of the network operation, a time interval and a physical distance of the last initiated operation corresponding to the biometric returned by the client, where the time interval and the location The physical distance satisfies the set condition; or
根据所述网络操作发起的时间和操作类型,获取所述客户端返回的生物特征对应的在预定时间内的同一种或多种操作类型对应的用户标识的个数,其中,所述用户标识的个数大于设定阈值;或者,Obtaining, according to the time and operation type of the network operation, the number of user identifiers corresponding to the same type or multiple operation types corresponding to the biometrics returned by the client, where the user identifiers The number is greater than the set threshold; or,
根据所述网络操作发起的时间和操作类型,判定所述客户端返回的生物特征对应的在预定时间内的操作类型的数量为多个。According to the time and operation type initiated by the network operation, it is determined that the number of operation types corresponding to the biometric returned by the client within a predetermined time is plural.
在一些实例中,可以设定如果满足上述条件中的一种或多种组合,则验证不通过,禁止所述网络操作。In some instances, it may be set that if one or more of the above conditions are met, the verification fails and the network operation is disabled.
在一些实例中,又或者采用如下组合方案: In some instances, the following combination scheme is also employed:
根据所述用户标识,判断所述客户端返回的生物特征是否为与用户标识对应的生物特征;若是,则执行以下步骤:Determining, according to the user identifier, whether the biometric returned by the client is a biometric corresponding to the user identifier; if yes, performing the following steps:
根据所述网络操作发起的时间及位置信息,确定当次操作的时间与所述生物特征对应的上次发起操作的时间间隔及物理距离;和/或Determining, according to the time and location information initiated by the network operation, a time interval and a physical distance of the last initiated operation corresponding to the biometric time; and/or
根据所述网络操作发起的时间和操作类型,获取所述生物特征在预定时间内进行同一操作类型对应的用户标识的个数,和/或Acquiring, according to the time and operation type initiated by the network operation, the number of user identifiers corresponding to the same operation type in the predetermined time, and/or
根据所述网络操作发起的时间和操作类型,判断所述生物特征在预定时间内进行的操作类型的数量是否为多个;Determining, according to the time and operation type initiated by the network operation, whether the number of operation types performed by the biometric in a predetermined time is multiple;
若所述时间间隔及所述物理距离满足设定条件、和/或若所述用户标识的个数大于设定阈值、和/或判定所述操作类型的数量为多个,则验证不通过,禁止所述网络操作。If the time interval and the physical distance satisfy the set condition, and/or if the number of the user identifiers is greater than a set threshold, and/or the number of the operation types is determined to be multiple, the verification fails. The network operation is prohibited.
更为具体地,作为一种实施方式,若所述操作相关信息包括所述客户端的用户标识、此次网络操作发起的时间及位置信息,则所述根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制的过程可以包括:More specifically, as an implementation manner, if the operation related information includes a user identifier of the client, a time and location information of the network operation initiation, the biometric and the returned according to the client The operation related information, the process of controlling the network operation may include:
根据所述用户标识,判断所述客户端返回的生物特征是否为用户标识对应的生物特征;若不是,则根据此次网络操作发起的时间及位置信息,判断当次操作的时间与所述生物特征对应的上次发起操作的时间间隔及两地之间的物理距离,是否满足设定条件,若所述时间间隔及所述物理距离满足设定条件,则验证不通过,禁止所述网络操作。Determining, according to the user identifier, whether the biometric returned by the client is a biometric corresponding to the user identifier; if not, determining the time of the current operation and the biometric according to time and location information initiated by the network operation Whether the time interval of the last initiating operation corresponding to the feature and the physical distance between the two places satisfy the setting condition, if the time interval and the physical distance satisfy the setting condition, the verification fails, and the network operation is prohibited. .
比如,在得到当次操作的时间,与该生物特征上次发起操作的时间间隔及物理距离时,如果时间间隔小于上述物理距离的飞机航程时间,则判断操作存在异常,验证不通过,禁止所述网络操作。For example, when the time of the current operation and the time interval and physical distance of the biometric feature last initiated operation, if the time interval is less than the aircraft range time of the physical distance, the operation operation is abnormal, and the verification fails. Network operation.
具体实例如下:Specific examples are as follows:
坏人使用非法手段获取大量生物特征,并利用这些特征批量注册帐号。比如,***检测到生物特征A、生物特征B、生物特征C分别出现在上海、广西、南京(坏人使用VPN逃避打击),但是生物特征A、B、 C真实主人分别在一分钟前在深圳、四川、云南分别进行过对自有帐号的操作,这里***就会发现一个异常:生物特征A、B、C分别在一分钟内发生了上千公里的物理位移,这是正常情况下无法做到的,除非是坏人盗用生物特征时为了逃避打击使用了不同省市的VPN。The bad guys use illegal means to obtain a large number of biometrics and use these features to register their accounts in bulk. For example, the system detected biometric A, biometric B, and biometric C appearing in Shanghai, Guangxi, and Nanjing respectively (bad guys use VPN to escape strikes), but biometrics A, B, The real owners of C had their own account operations in Shenzhen, Sichuan, and Yunnan one minute ago. The system will find an abnormality: biometrics A, B, and C occurred thousands of kilometers in one minute. Physical displacement, which is not possible under normal circumstances, unless the bad guys use biometrics to evade the use of VPNs in different provinces and cities.
因此,根据实际情况,也可以设定时间间隔的可能阈值,若所述时间间隔小于设定阈值,且所述物理距离大于设定阈值,则验证不通过,禁止所述网络操作。Therefore, according to the actual situation, the possible threshold of the time interval may also be set. If the time interval is less than the set threshold, and the physical distance is greater than the set threshold, the verification fails, and the network operation is prohibited.
在一些实例中,还可以采用如下方式:In some instances, the following methods can also be used:
根据所述用户标识,判断所述客户端返回的生物特征是否为用户标识关联的生物特征;若是,则根据此次网络操作发起的时间及位置信息,判断当次操作的时间与所述生物特征对应的上次发起操作的时间间隔及物理距离;若所述时间间隔及物理距离满足设定条件,则验证不通过,禁止所述网络操作。Determining, according to the user identifier, whether the biometric returned by the client is a biometric associated with the user identifier; if yes, determining the time of the current operation and the biometric according to time and location information initiated by the network operation Corresponding time interval and physical distance of the last initiated operation; if the time interval and the physical distance satisfy the set condition, the verification fails, and the network operation is prohibited.
在一些实例中,还可以采用如下方式:In some instances, the following methods can also be used:
根据此次网络操作发起的时间及位置信息,判断当次操作的时间与所述客户端返回的生物特征对应的上次发起操作的时间间隔及物理距离;Determining, according to the time and location information initiated by the network operation, a time interval and a physical distance of the last initiated operation corresponding to the biometric feature returned by the client;
若所述时间间隔及所述物理距离满足设定条件,则验证不通过,禁止所述网络操作。If the time interval and the physical distance satisfy the set condition, the verification fails, and the network operation is prohibited.
在一些实例中,所述操作相关信息包括所述客户端的用户标识、此次网络操作发起的时间及操作类型,所述根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制的过程可以包括:In some examples, the operation related information includes a user identifier of the client, a time when the network operation is initiated, and an operation type, and according to the biometric returned by the client and the operation related information, The process of controlling network operations may include:
根据所述用户标识,判断所述客户端返回的生物特征是否为与用户标识关联的生物特征;若不是,则根据此次网络操作发起的时间和操作类型,获取所述生物特征在预定时间内进行同一操作类型对应的用户标识的个数;Determining, according to the user identifier, whether the biometric returned by the client is a biometric associated with the user identifier; if not, acquiring the biometric in a predetermined time according to the time and operation type initiated by the network operation Number of user IDs corresponding to the same operation type;
若所述用户标识的个数大于设定阈值,则验证不通过,禁止所述网 络操作。If the number of the user identifiers is greater than a set threshold, the verification fails, and the network is prohibited. Network operation.
在一些实例中,还可以采用如下方式:In some instances, the following methods can also be used:
根据所述用户标识,判断所述客户端返回的生物特征是否为与用户标识关联的生物特征;若是,则根据此次网络操作发起的时间和操作类型,获取所述生物特征在预定时间内进行同一操作类型对应的用户标识的个数;Determining, according to the user identifier, whether the biometric returned by the client is a biometric associated with the user identifier; if yes, acquiring the biometric in a predetermined time according to the time and operation type initiated by the network operation Number of user IDs corresponding to the same operation type;
若所述用户标识的个数大于设定阈值,则验证不通过,禁止所述网络操作。If the number of the user identifiers is greater than a set threshold, the verification fails, and the network operation is prohibited.
在一些实例中,还可以采用如下方式:In some instances, the following methods can also be used:
根据此次网络操作发起的时间和操作类型,获取所述客户端返回的生物特征在预定时间内进行同一操作类型对应的用户标识的个数;Obtaining, according to the time and operation type initiated by the network operation, the number of user identifiers corresponding to the same operation type obtained by the biometric returned by the client in a predetermined time;
若所述用户标识的个数大于设定阈值,则验证不通过,禁止所述网络操作。If the number of the user identifiers is greater than a set threshold, the verification fails, and the network operation is prohibited.
需要说明的是,在根据网络操作发起的时间和操作类型,判断网络操作是否异常时,也可以不限于是否为同一操作类型,还可以结合多种操作类型进行判断。比如:It should be noted that, when determining whether the network operation is abnormal according to the time and operation type initiated by the network operation, it may not be limited to whether it is the same operation type, and may also be combined with multiple operation types. such as:
在预定时间内(比如同时),利用生物特征A分别对帐号B、C、D进行不同类型的操作,比如利用帐号B登录QQ,利用帐号C登录微信,利用帐号D网购商品,而B、C、D帐号历史上从来没有被A操作过,或者,帐号B、帐号C与帐号D相互关联,因此可以判定此次操作不是用户本人操作,可以禁止本次网络操作。During the predetermined time (for example, at the same time), the biometrics A are used to perform different types of operations on the accounts B, C, and D, for example, using the account B to log in to QQ, using the account C to log in to WeChat, and using the account D to purchase goods online, and B, C. The D account has never been operated by A in the history, or the account B, the account C and the account D are related to each other. Therefore, it can be determined that the operation is not the user's operation, and the network operation can be prohibited.
本申请的实例中,将生物特征、时间、帐号、操作类型作为验证联合纬度,替代以往单纯网络环境,解决传统验证方式基于IP地址这一无限资源所带来的问题,通过有限的生物特征来防御恶意攻击者大批量的自动化操作;同时将帐号和用户的生物特征关联起来,建立强映射关系,能有效防御网络攻击,尤其是恶意攻击者的分布式人工操作。In the example of the present application, the biometrics, time, account number, and operation type are used as verification joint latitudes to replace the simple network environment, and solve the problem caused by the unlimited resources of the traditional verification method based on the IP address, through limited biometrics. It protects malicious operators from large-scale automated operations. At the same time, it associates accounts with user biometrics and establishes strong mapping relationships. It can effectively defend against network attacks, especially distributed human operations by malicious attackers.
还需要说明的是,上述各种实施方式可以组合实施,比如位置信息 与操作类型进行组合判断,等等,在此不再赘述。It should also be noted that the above various embodiments may be implemented in combination, such as location information. The combination judgment with the operation type, and the like, will not be described herein.
由上述方案可知,本实例的方案通过生物特征将某个帐号的某次操作和真实的人关联起来。由于生物特征不可仿造,因此可以把它看成一种有限的纬度。It can be seen from the above scheme that the solution of the present example associates a certain operation of an account with a real person through biometrics. Since biometrics are not counterfeit, they can be viewed as a finite latitude.
当恶意攻击者的使用有限的纬度进行大规模的自动机操作时,就一定会出现同一特征被多次使用,这是可以用来打击黑产的指标之一。同样的,如果恶意攻击者的使用分布式人工验证方法,也称为码工,由于生物特征的唯一性,码工在工作时必然会出现同一生物个体多次操作不同帐号的行为,并且此次操作的生物特征一定与历史记录不同,这是可以用来打击黑色产业的指标之二。When a malicious attacker uses a limited latitude for large-scale automata operations, it is certain that the same feature is used multiple times, which is one of the indicators that can be used to combat black production. Similarly, if a malicious attacker uses a distributed manual verification method, also known as a code worker, due to the uniqueness of the biometrics, the code worker will inevitably have the same biological individual operating multiple accounts differently at work, and this time The biological characteristics of the operation must be different from the historical records, which is the second indicator that can be used to combat the black industry.
举例如下:Examples are as follows:
例子一:坏人使用非法手段获取大量生物特征,并利用这些特征批量注册帐号。比如,***检测到生物特征A、生物特征B、生物特征C分别出现在上海、广西、南京(坏人使用VPN逃避打击),但是生物特征A、B、C真实主人分别在一分钟前在深圳、四川、云南分别进行过对自有帐号的操作,这里***就会发现一个异常:生物特征A、B、C分别在一分钟内发生了上千公里的物理位移,这是正常情况下无法做到的,除非是坏人盗用生物特征时为了逃避打击使用了不同省市的VPN。Example 1: The bad guys use illegal means to obtain a large number of biometrics and use these features to register accounts in bulk. For example, the system detected biometric A, biometric B, and biometric C appearing in Shanghai, Guangxi, and Nanjing respectively (bad guys use VPN to escape strikes), but the real owners of biometrics A, B, and C were in Shenzhen one minute ago. Sichuan and Yunnan have separately operated their own accounts, and the system will find an abnormality: the biological characteristics A, B, and C have physical displacements of thousands of kilometers in one minute, which is impossible under normal circumstances. Unless the bad guys steal biometrics, they use different provinces and cities to escape the VPN.
例子二:坏人通过分布式人工验证,也就是码工对10000被盗帐号进行余额查询动作,目的是为了防止***检测到在相同网络环境下发生大量请求而被打击。此时***可以发现1个异常:Example 2: The bad guys use the distributed manual verification, that is, the coder performs the balance inquiry action on the 10,000 stolen account. The purpose is to prevent the system from detecting a large number of requests in the same network environment and being hit. At this point the system can find 1 exception:
生物特征A分别对帐号B、C、D进行相同类型的操作,而B、C、D帐号历史上从来没有被A操作过,因此可以判定此次操作不是用户本人操作,可以进行打击。Biometric A performs the same type of operations on accounts B, C, and D, respectively, and the B, C, and D accounts have never been operated by A in history. Therefore, it can be determined that the operation is not the user's own operation and can be hit.
本申请的实例中,将生物特征、时间、位置、帐号、操作类型作为验证联合纬度,替代以往单纯网络环境,能够克服传统验证方式基于IP地址这一无限资源的缺点,通过有限的生物特征来防御坏人大批量的自 动化操作;同时将帐号和真实的人关联起来,建立强映射关系,有效打击码工的分布式人工操作。In the example of the present application, the biometrics, time, location, account number, and operation type are used as verification joint latitudes, which replaces the simple network environment in the past, and can overcome the shortcomings of the traditional verification method based on the unlimited address of the IP address, through limited biometrics. Defend the bad guys in large quantities Dynamic operation; at the same time, the account is associated with the real person to establish a strong mapping relationship, effectively combating the distributed manual operation of the code worker.
如图3所示,本申请一实例提出了一种网络操作控制方法。该实例基于上述图2所示的实例,在上述步骤S101中,在监测到客户端发起网络操作之前,进一步包括:As shown in FIG. 3, an example of the present application proposes a network operation control method. The example is based on the example shown in FIG. 2 above. In the foregoing step S101, before monitoring the client to initiate the network operation, the method further includes:
步骤S90,接收客户端发送的注册请求,并获取客户端侧用户的生物特征;Step S90, receiving a registration request sent by the client, and acquiring a biometric feature of the client side user;
步骤S100,根据所述注册请求为所述用户分配用户标识,将所述用户标识与所述用户的生物特征关联存储;或者,接收客户端发送的生物特征注册请求,所述生物特征注册请求包括用户标识以及用户的生物特征;将所述用户标识与所述用户的生物特征关联存储。Step S100: The user identifier is allocated to the user according to the registration request, and the user identifier is stored in association with the biometric feature of the user; or the biometric registration request sent by the client is received, where the biometric registration request includes a user identification and a biometric of the user; storing the user identification in association with the biometric of the user.
相比图2所示的实例,本实例还包括用户注册流程。Compared to the example shown in FIG. 2, the example also includes a user registration process.
如前所述,用户标识可以是用户注册时为用户分配的注册账号,或者也可以是其他可以标识指定用户的信息,本实例以注册账号进行举例。As described above, the user identifier may be a registered account that is assigned to the user when the user is registered, or may be other information that can identify the specified user. This example is exemplified by the registered account.
具体地,用户可以根据网络操作需要,向客户端发起注册请求,客户端根据所述注册请求为所述用户分配注册账号,将所述注册账号与所述用户的生物特征关联存储。比如可以一一对应存储,即一个账号对应用户的一个生物特征;或者,一个账户对应多个生物特征,即采集多个生物特征;或者还可以是一个生物特征有多个帐号的情况。Specifically, the user may initiate a registration request to the client according to the network operation requirement, and the client allocates a registration account to the user according to the registration request, and associates the registration account with the biometric of the user. For example, one-to-one correspondence may be stored, that is, one account corresponds to one biometric of the user; or one account corresponds to multiple biometrics, that is, multiple biometrics are collected; or may be a case where one biometric has multiple accounts.
将所述注册账号与所述用户的生物特征关联存储的目的在于:记录一个帐号最原始的生物特征,用来检测后期帐号被其他生物个体操作时而产生的异常;打击注册方面的批量操作行为,避免同一生物特征注册大量帐号。The purpose of associating the registered account with the biometric of the user is to record the most original biometrics of an account, to detect an abnormality caused by the operation of the later account by other bio-individuals; Avoid registering a large number of accounts with the same biometric.
此外,作为另一种实施方式,还可以在所述客户端注册后,接收客户端发送的生物特征注册请求,该生物特征注册请求包括用户标识以及用户的生物特征,并将所述用户标识与所述用户的生物特征关联存储。 In addition, as another implementation manner, after the client registers, the biometric registration request sent by the client may be received, where the biometric registration request includes the user identifier and the biometric of the user, and the user identifier is The biometric association of the user is stored.
这里的生物特征包含但不仅限于人脸、指纹、声纹、虹膜等。由于生物具有唯一性和不可伪造的特征,则认为可以用有限的纬度来替换以往无限的IP地址。Biometrics here include, but are not limited to, faces, fingerprints, voice prints, irises, and the like. Because of the unique and unforgeable nature of the creature, it is considered that the finite latitude can be used to replace the infinite IP address.
当***对用户的某次网络操作下发验证时,终端***可以要求其进行生物特征比对,利用用户标识与生物特征的关联性,从而可以有效打击恶意攻击者大批量的自动化操作,提高对抗网络攻击的有效性。When the system issues verification for a certain network operation of the user, the terminal system can request biometric comparison and utilize the association between the user identifier and the biometric feature, thereby effectively preventing the malicious operation of the malicious attacker from being mass-produced and improving the confrontation. The effectiveness of cyber attacks.
例如,如果恶意攻击者使用分布式人工验证,则***所检测到的现象就是一个生物个体对应多个帐号的多个业务,这是一个很明显的异常特征,基于这一点就能够对当前操作进行有效拦截;如果坏人通过非法记录,储存大量生物特征进行自动机突破,那么在***侧可以发现,同一个生物个体可能会在短时间发生长距离的物理位置变化,这一点在正常情况下,也是不可能做到的,基于这一点同样可以进行打击。For example, if a malicious attacker uses distributed manual authentication, the phenomenon detected by the system is a plurality of services corresponding to multiple accounts of a biological individual. This is an obvious abnormal feature, and based on this, the current operation can be performed. Effective interception; if the bad guys illegally record and store a large number of biometrics for automatic machine breakthrough, then on the system side, it can be found that the same biological individual may change the physical position of the long distance in a short time, which is under normal circumstances. It is impossible to do so, based on this, it can also be hit.
对应地,本申请还提出了网络操作控制装置的一些实例。Correspondingly, the present application also proposes some examples of network operation control devices.
如图4所示,本申请一实例提出的网络操作控制装置,包括:操作信息获取模块201、生物特征获取模块202以及操作控制模块203,其中:As shown in FIG. 4, the network operation control apparatus provided by an example of the present application includes: an operation information acquisition module 201, a biometrics acquisition module 202, and an operation control module 203, wherein:
操作信息获取模块201,用于在监测到客户端发起网络操作时,获取此次网络操作对应的操作相关信息,所述操作相关信息至少包括所述客户端的用户标识;The operation information obtaining module 201 is configured to acquire operation related information corresponding to the network operation when the client initiates a network operation, where the operation related information includes at least a user identifier of the client;
生物特征获取模块202,用于向所述客户端下发生物特征验证操作,获取所述客户端返回的生物特征;The biometric acquisition module 202 is configured to generate a feature verification operation to the client to obtain a biometric feature returned by the client.
操作控制模块203,用于根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制。The operation control module 203 is configured to control the network operation according to the biometric returned by the client and the operation related information.
具体地,本实例中,利用生物特征的唯一性,替代普通验证码来阻断自动机的攻击,防御恶意攻击者大批量的自动化操作,以防止自动机的网络攻击,提高对抗网络攻击的有效性。Specifically, in this example, the uniqueness of the biometric feature is used, instead of the ordinary verification code to block the attack of the automaton, and the high-volume automatic operation of the malicious attacker is prevented, so as to prevent the network attack of the automaton and improve the effectiveness against the network attack. Sex.
终端在监测到客户端发起网络操作时,获取此次网络操作对应的操 作相关信息,所述操作相关信息至少包括所述客户端的用户标识,或者还可以包括此次网络操作发起的时间、位置信息和/或类型。When the terminal detects that the client initiates a network operation, the terminal obtains the operation corresponding to the network operation. For related information, the operation related information includes at least the user identifier of the client, or may also include time, location information, and/or type of the network operation initiation.
该客户端的用户标识,可以是用户注册时为用户分配的注册账号,或者也可以是其他可以标识指定用户的信息,本实例中,以注册账号进行举例,在注册时,采集用户的生物特征作为注册账号登录时的验证码。因此,在注册程序中,将所述注册账号与所述用户的生物特征可以关联存储。比如可以一一对应存储,即一个账号对应用户的一个生物特征;或者,一个账户对应多个生物特征,即采集多个生物特征;或者还可以是一个生物特征有多个帐号的情况。The user ID of the client may be a registered account assigned to the user when the user is registered, or may be other information that can identify the specified user. In this example, the registered account is used as an example, and when registering, the biometric of the user is collected as The verification code when the account is registered. Therefore, in the registration process, the registered account number can be stored in association with the biometric of the user. For example, one-to-one correspondence may be stored, that is, one account corresponds to one biometric of the user; or one account corresponds to multiple biometrics, that is, multiple biometrics are collected; or may be a case where one biometric has multiple accounts.
此外,操作相关信息还可以包括客户端此次网络操作发起的时间、操作类型及位置信息。In addition, the operation related information may further include a time, an operation type, and location information of the client initiated by the network operation.
其中,获取此次网络操作对应的操作相关信息是为了后续通过操作相关信息和用户的生物特征对网络操作进行控制。The operation related information corresponding to the network operation is obtained for subsequently controlling the network operation by operating the related information and the biometrics of the user.
在本实例中,在监测到客户端发起网络操作后,向客户端下发生物特征验证操作,获取所述客户端返回的生物特征。In this example, after detecting that the client initiates a network operation, a feature feature verification operation is performed to the client, and the biometric returned by the client is obtained.
这里的生物特征包含但不仅限于人脸、指纹、声纹、虹膜等。由于生物具有唯一性和不可伪造的特征,因此其可以用有限的纬度来替换现有技术中无限的IP地址。Biometrics here include, but are not limited to, faces, fingerprints, voice prints, irises, and the like. Because of the unique and unforgeable nature of the creature, it can replace the infinite IP address of the prior art with a limited latitude.
当***对用户的某次网络操作下发验证时,终端***可以要求其进行生物特征比对,利用用户标识与生物特征的关联性,从而可以有效打击不法分子大批量的自动化操作,提高对抗的有效性。When the system issues verification for a certain network operation of the user, the terminal system can request biometric comparison and utilize the correlation between the user identification and the biometrics, thereby effectively combating the large-scale automated operation of the criminals and improving the confrontation. Effectiveness.
例如,如果坏人使用分布式人工验证,则***所检测到的现象就是一个生物个体对应多个帐号的多个业务,这是一个很明显的异常特征,基于这一点就能够对当前操作进行有效拦截;如果坏人通过非法记录,储存大量生物特征进行自动机突破,那么在***侧可以发现,同一个生物个体可能会在短时间发生长距离的物理位置变化,这一点在正常情况下,也是不可能做到的,基于这一点同样可以进行打击。 For example, if the bad guy uses distributed manual verification, the phenomenon detected by the system is a plurality of services corresponding to multiple accounts of a biological individual. This is a very obvious abnormal feature, based on which the current operation can be effectively intercepted. If the bad guys illegally record and store a large number of biometrics for automatic machine breakthrough, then on the system side, it can be found that the same biological individual may change the physical position of the long distance in a short time, which is not possible under normal circumstances. Do it, based on this, you can also strike.
更为具体地,向客户端下发生物特征验证操作,比如可以是扫描用户的面部特征、扫描指纹等。More specifically, the feature verification operation occurs to the client, such as scanning the user's facial features, scanning fingerprints, and the like.
其中,对面部特征、指纹等生物特征的识别可以采用常用的生物识别技术(Biometric Identification Technology),生物识别技术是指利用人体生物特征进行身份认证的一种技术。Among them, biometric identification technology (Biometric Identification Technology) can be used to identify biometric features such as facial features and fingerprints. Biometric identification technology refers to a technology for authenticating human biometrics.
更具体一点,生物特征识别技术就是通过计算机与光学、声学、生物传感器和生物统计学原理等高科技手段密切结合,利用人体固有的生理特性和行为特征来进行个人身份的鉴定。More specifically, biometrics technology is closely integrated with high-tech means such as optics, acoustics, biosensors, and biostatistics, and uses the inherent physiological and behavioral characteristics of the human body to identify individuals.
生物识别***是对生物特征进行取样,提取其唯一的特征并且转化成数字代码,并进一步将这些代码组合而成的特征模板。用户同识别***交互进行身份认证时,识别***获取其特征并与数据可中的特征模板进行比对,以确定是否匹配,从而决定接受或拒绝该用户。A biometric system is a feature template that samples biometric features, extracts their unique features, converts them into digital codes, and further combines these codes. When the user interacts with the identification system for identity authentication, the recognition system obtains its characteristics and compares it with the feature templates in the data to determine whether it matches, thereby deciding to accept or reject the user.
在目前的研究与应用领域中,生物特征识别主要关系到计算机视觉、图象处理与模式识别、计算机听觉、语音处理、多传感器技术、虚拟现实、计算机图形学、可视化技术、计算机辅助设计、智能机器人感知***等其他相关的研究。已被用于生物识别的生物特征有手形、指纹、脸形、虹膜、视网膜、脉搏、耳廓等。In current research and application fields, biometrics is mainly related to computer vision, image processing and pattern recognition, computer auditory, speech processing, multi-sensor technology, virtual reality, computer graphics, visualization technology, computer-aided design, and intelligence. Other related research such as robot perception systems. Biometrics that have been used for biometric identification include hand shape, fingerprint, face shape, iris, retina, pulse, auricle, and the like.
之后,根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制。Thereafter, the network operation is controlled according to the biometrics returned by the client and the operation related information.
具体地,作为一种实施方式,所述操作相关信息包括所述客户端的用户标识,所述根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制的过程可以包括:Specifically, as an implementation manner, the operation related information includes a user identifier of the client, and the process of controlling the network operation according to the biometric returned by the client and the operation related information may be include:
根据所述用户标识,判断所述客户端返回的生物特征是否为与用户标识关联的生物特征;若不是,则验证不通过,禁止所述网络操作,其中网络操作比如可以为:注册QQ号码、邮箱,查询信息,某种应用的权限控制,领取优惠,访问某个应用或网站等,由此,通过用户的生物特征的验证匹配,并结合用户标识,可以实现对用户的网络操作进行有 效控制,从而有效的防止自动机突破,提高对抗的有效性。Determining, according to the user identifier, whether the biometric returned by the client is a biometric associated with the user identifier; if not, the verification fails, and the network operation is prohibited, wherein the network operation may be: registering a QQ number, E-mail, query information, permission control of an application, receiving a discount, accessing an application or website, etc., thereby, through the user's biometric verification matching, combined with the user identification, the user's network operation can be realized. Effective control, thus effectively preventing automatic machine breakthrough and improving the effectiveness of confrontation.
作为另一种实施方式,所述操作相关信息可以包括所述客户端的用户标识、所述网络操作发起的时间、操作类型及位置信息,在根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制时,可以考虑以下条件的一种或多种组合,以判断是否对网络操作进行控制,也就是说,可以对各种异常进行组合判断,也可以将单一的异常作为判断条件。具体的实现,前文已有描述,这里不再赘述。In another implementation manner, the operation related information may include a user identifier of the client, a time when the network operation is initiated, an operation type, and location information, where the biometric returned according to the client and the operation are related. Information, when controlling the network operation, one or more combinations of the following conditions may be considered to determine whether to control the network operation, that is, various abnormalities may be combined or judged, or a single The exception is used as a judgment condition. The specific implementation has been described in the foregoing and will not be described here.
具体实例如下:Specific examples are as follows:
坏人使用非法手段获取大量生物特征,并利用这些特征批量注册帐号。比如,***检测到生物特征A、生物特征B、生物特征C分别出现在上海、广西、南京(坏人使用VPN逃避打击),但是生物特征A、B、C真实主人分别在一分钟前在深圳、四川、云南分别进行过对自有帐号的操作,这里***就会发现一个异常:生物特征A、B、C分别在一分钟内发生了上千公里的物理位移,这是正常情况下无法做到的,除非是坏人盗用生物特征时为了逃避打击使用了不同省市的VPN。The bad guys use illegal means to obtain a large number of biometrics and use these features to register their accounts in bulk. For example, the system detected biometric A, biometric B, and biometric C appearing in Shanghai, Guangxi, and Nanjing respectively (bad guys use VPN to escape strikes), but the real owners of biometrics A, B, and C were in Shenzhen one minute ago. Sichuan and Yunnan have separately operated their own accounts, and the system will find an abnormality: the biological characteristics A, B, and C have physical displacements of thousands of kilometers in one minute, which is impossible under normal circumstances. Unless the bad guys steal biometrics, they use different provinces and cities to escape the VPN.
因此,根据实际情况,也可以设定时间间隔的可能阈值,若所述时间间隔小于设定阈值,且所述物理距离大于设定阈值,则验证不通过,禁止所述网络操作。Therefore, according to the actual situation, the possible threshold of the time interval may also be set. If the time interval is less than the set threshold, and the physical distance is greater than the set threshold, the verification fails, and the network operation is prohibited.
在一些实例中,还可以采用如下方式:In some instances, the following methods can also be used:
根据所述用户标识,判断所述客户端返回的生物特征是否为与用户标识关联的生物特征;若是,则根据此次网络操作发起的时间及位置信息,判断当次操作的时间与所述生物特征对应的上次发起操作的时间间隔及物理距离;若所述时间间隔及所述物理距离满足设定条件,则验证不通过,禁止所述网络操作。Determining, according to the user identifier, whether the biometric returned by the client is a biometric associated with the user identifier; if yes, determining the time of the current operation and the biometric according to time and location information initiated by the network operation The time interval and the physical distance of the last initiated operation corresponding to the feature; if the time interval and the physical distance satisfy the set condition, the verification fails, and the network operation is prohibited.
在一些实例中,还可以采用如下方式:In some instances, the following methods can also be used:
根据此次网络操作发起的时间及位置信息,判断当次操作的时间与所述客户端返回的生物特征对应的上次发起操作的时间间隔及物理距 离;Determining the time interval and physical distance of the last initiated operation corresponding to the biometric returned by the client according to the time and location information initiated by the network operation. from;
若所述时间间隔及所述物理距离满足设定条件,则验证不通过,禁止所述网络操作。If the time interval and the physical distance satisfy the set condition, the verification fails, and the network operation is prohibited.
在一些实例中,所述操作相关信息包括所述客户端的用户标识、此次网络操作发起的时间及操作类型,所述根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制的过程可以包括:In some examples, the operation related information includes a user identifier of the client, a time when the network operation is initiated, and an operation type, and according to the biometric returned by the client and the operation related information, The process of controlling network operations may include:
根据所述用户标识,判断所述客户端返回的生物特征是否为与用户标识关联的生物特征;若不是,则根据此次网络操作发起的时间和操作类型,获取所述生物特征在预定时间内进行同一操作类型对应的用户标识的个数;Determining, according to the user identifier, whether the biometric returned by the client is a biometric associated with the user identifier; if not, acquiring the biometric in a predetermined time according to the time and operation type initiated by the network operation Number of user IDs corresponding to the same operation type;
若所述用户标识的个数大于设定阈值,则验证不通过,禁止所述网络操作。If the number of the user identifiers is greater than a set threshold, the verification fails, and the network operation is prohibited.
在一些实例中,还可以采用如下方式:In some instances, the following methods can also be used:
根据所述用户标识,判断所述客户端返回的生物特征是否为与用户标识关联的生物特征;若是,则根据此次网络操作发起的时间和操作类型,获取所述生物特征在预定时间内进行同一操作类型对应的用户标识的个数;Determining, according to the user identifier, whether the biometric returned by the client is a biometric associated with the user identifier; if yes, acquiring the biometric in a predetermined time according to the time and operation type initiated by the network operation Number of user IDs corresponding to the same operation type;
若所述用户标识的个数大于设定阈值,则验证不通过,禁止所述网络操作。If the number of the user identifiers is greater than a set threshold, the verification fails, and the network operation is prohibited.
在一些实例中,还可以采用如下方式:In some instances, the following methods can also be used:
根据此次网络操作发起的时间和操作类型,获取所述客户端返回的生物特征在预定时间内进行同一操作类型对应的用户标识的个数;Obtaining, according to the time and operation type initiated by the network operation, the number of user identifiers corresponding to the same operation type obtained by the biometric returned by the client in a predetermined time;
若所述用户标识的个数大于设定阈值,则验证不通过,禁止所述网络操作。If the number of the user identifiers is greater than a set threshold, the verification fails, and the network operation is prohibited.
需要说明的是,在根据网络操作发起的时间和操作类型,判断网络操作是否异常时,也可以不限于是否为同一操作类型,还可以结合多种操作类型进行判断。比如: It should be noted that, when determining whether the network operation is abnormal according to the time and operation type initiated by the network operation, it may not be limited to whether it is the same operation type, and may also be combined with multiple operation types. For example:
在预定时间内(比如同时),利用生物特征A分别对帐号B、C、D进行不同类型的操作,比如利用帐号B登录QQ,利用帐号C登录微信,利用帐号D网购商品,而B、C、D帐号历史上从来没有被A操作过,或者,帐号B、帐号C与帐号D相互关联,因此可以判定此次操作不是用户本人操作,可以进行打击。During the predetermined time (for example, at the same time), the biometrics A are used to perform different types of operations on the accounts B, C, and D, for example, using the account B to log in to QQ, using the account C to log in to WeChat, and using the account D to purchase goods online, and B, C. The D account history has never been operated by A, or the account B, the account C and the account D are related to each other. Therefore, it can be determined that the operation is not the user's own operation and can be struck.
本申请的实例中,将生物特征、时间、帐号、操作类型作为验证联合纬度,替代以往单纯网络环境,能够解决传统验证方式基于IP地址这一无限资源所产生的问题,通过有限的生物特征来防御坏人大批量的自动化操作;同时将帐号和真实的人关联起来,建立强映射关系,能够有效防御码工的分布式人工操作。In the example of the present application, the biometrics, time, account number, and operation type are used as the verification joint latitude, instead of the simple network environment, the problem of the traditional verification method based on the unlimited resource of the IP address can be solved, and the limited biometrics are used. It protects the bad guys from large-scale automated operations; at the same time, it associates the account with the real person and establishes a strong mapping relationship, which can effectively prevent the distributed manual operation of the code workers.
还需要说明的是,上述各种实施方式可以组合实施,比如位置信息与操作类型进行组合判断,等等,在此不再赘述。It should be noted that the foregoing various implementation manners may be implemented in combination, such as combining location information and operation type, and so on, and details are not described herein again.
本实例中,在监测到客户端发起网络操作时,获取此次网络操作对应的操作相关信息;向客户端下发生物特征验证操作,获取所述客户端返回的生物特征;根据客户端返回的生物特征以及所述操作相关信息,对网络操作进行控制。其中,操作相关信息可以包括用户标识、此次网络操作发起的时间、位置信息及操作类型等,由此,可以根据操作相关信息,利用生物特征的唯一性,替代普通验证码来阻断自动机的网络攻击,不仅可以防御码工的分布式人工操作,还可通过简易的用户体验,防御恶意攻击者大批量的自动化操作,有效的防御自动机的攻击,提高了对抗网络攻击的有效性,使网络安全性得以提高。In this example, when the client initiates a network operation, the operation related information corresponding to the network operation is acquired; the object feature verification operation is performed to the client, and the biometric returned by the client is obtained; and the return is performed according to the client. The biometrics and the operational related information control the network operation. The operation related information may include a user identifier, a time when the network operation is initiated, location information, and an operation type. Therefore, the uniqueness of the biometric feature may be used according to the operation related information, and the automatic verification code is used instead of the automatic machine. The network attack not only protects the distributed manual operation of the code workers, but also protects the malicious operators from large-scale automated operations through a simple user experience, effectively defends against the attacks of the automaton, and improves the effectiveness against the network attacks. Improve network security.
由上述方案可知,通过生物特征将某个帐号的某次操作和真实的自然人关联起来,由于生物特征不可仿造,因此可以把它看成一种有限的纬度。It can be seen from the above scheme that a certain operation of an account is associated with a real natural person through biometrics, and since the biometric is not counterfeit, it can be regarded as a limited latitude.
当坏人(即恶意攻击者)使用有限的纬度进行大规模的自动机操作时,就一定会出现同一特征被多次使用,这是可以用来打击网络黑色产业的指标之一。同样的,如果坏人使用分布式人工验证,也就是现在的 码工,由于生物特征的唯一性,码工在工作时必然会出现同一生物个体多次操作不同帐号的行为,并且此次操作的生物特征一定与历史记录不同,这是可以用来打击网络黑色产业的指标之二。When a bad person (ie, a malicious attacker) uses a limited latitude for large-scale automata operations, it is certain that the same feature is used multiple times, which is one of the indicators that can be used to combat the network black industry. Similarly, if the bad guys use distributed manual verification, it is now The code worker, due to the uniqueness of the biometrics, the code worker will inevitably have the behavior of the same biological entity to operate different accounts multiple times, and the biometrics of this operation must be different from the historical records, which can be used to combat the network black. The second indicator of the industry.
举例如下:Examples are as follows:
例子一:坏人使用非法手段获取大量生物特征,并利用这些特征批量注册帐号。比如,***检测到生物特征A、生物特征B、生物特征C分别出现在上海、广西、南京(坏人使用VPN逃避打击),但是生物特征A、B、C真实主人分别在一分钟前在深圳、四川、云南分别进行过对自有帐号的操作,这里***就会发现一个异常:生物特征A、B、C分别在一分钟内发生了上千公里的物理位移,这是正常情况下无法做到的,除非是坏人盗用生物特征时为了逃避打击使用了不同省市的VPN。Example 1: The bad guys use illegal means to obtain a large number of biometrics and use these features to register accounts in bulk. For example, the system detected biometric A, biometric B, and biometric C appearing in Shanghai, Guangxi, and Nanjing respectively (bad guys use VPN to escape strikes), but the real owners of biometrics A, B, and C were in Shenzhen one minute ago. Sichuan and Yunnan have separately operated their own accounts, and the system will find an abnormality: the biological characteristics A, B, and C have physical displacements of thousands of kilometers in one minute, which is impossible under normal circumstances. Unless the bad guys steal biometrics, they use different provinces and cities to escape the VPN.
例子二:坏人通过分布式人工验证,也就是码工对10000被盗帐号进行余额查询动作,目的是为了防止***检测到在相同网络环境下发生大量请求而被打击。此时***可以发现1个异常:Example 2: The bad guys use the distributed manual verification, that is, the coder performs the balance inquiry action on the 10,000 stolen account. The purpose is to prevent the system from detecting a large number of requests in the same network environment and being hit. At this point the system can find 1 exception:
生物特征A分别对帐号B、C、D进行相同类型的操作,而B、C、D帐号历史上从来没有被A操作过,因此可以判定此次操作不是用户本人操作,可以进行打击。Biometric A performs the same type of operations on accounts B, C, and D, respectively, and the B, C, and D accounts have never been operated by A in history. Therefore, it can be determined that the operation is not the user's own operation and can be hit.
本申请的实例中,将生物特征、时间、位置、帐号、操作类型作为验证联合纬度,来替代以往单纯网络环境,能够解决传统验证方法基于IP地址这一无限资源所带来的问题,通过有限的生物特征来防御恶意攻击者大批量的自动化操作;同时将帐号和真实的人关联起来,建立强映射关系,能够有效防御码工分布式的人工操作。In the example of the present application, the biometrics, time, location, account number, and operation type are used as verification joint latitudes to replace the simple network environment, which can solve the problems caused by the unlimited resources of the traditional verification method based on the IP address. The biometrics are used to protect the malicious attackers from large-scale automated operations; at the same time, the account is associated with real people, and a strong mapping relationship is established, which can effectively prevent distributed manual operations of code workers.
如图5所示,本申请一实例提出了网络操作控制装置,该装置基于上述图4所示的实例,该装置还包括:As shown in FIG. 5, an example of the present application provides a network operation control apparatus, which is based on the example shown in FIG. 4, and further includes:
注册模块200,用于接收客户端发送的注册请求,并获取客户端侧用户的生物特征;根据所述注册请求为所述用户分配用户标识,将所述用户标识与所述用户的生物特征关联存储;或者,接收客户端发送的生 物特征注册请求,所述生物特征注册请求包括用户标识以及用户的生物特征;将所述用户标识与所述用户的生物特征关联存储。The registration module 200 is configured to receive a registration request sent by the client, and acquire a biometric feature of the client side user; assign the user identifier to the user according to the registration request, and associate the user identifier with the biometric feature of the user Store; or, receive the raw sent by the client a feature registration request, the biometric registration request including a user identifier and a biometric of the user; storing the user identifier in association with the biometric of the user.
上述图4和图5所示的装置可以采用硬件实现,也可以采用软件来实现。当采用软件来实现时,上述装置可以为包含在终端设备的存储器中的机器可执行指令集,该装置中的各模块就为包含机器可执行指令的软件模块或称指令模块,当该装置中的任一模块被终端设备的处理器调用时,该模块中的指令会被处理器执行,进而实现该模块的功能。The apparatus shown in FIG. 4 and FIG. 5 above may be implemented by hardware or by software. When implemented in software, the above device may be a set of machine executable instructions contained in a memory of the terminal device, each module in the device being a software module or an instruction module containing machine executable instructions, in the device When any module is called by the processor of the terminal device, the instructions in the module are executed by the processor, thereby implementing the function of the module.
相比上述实例,本实例还包括用户注册流程的具体方案。Compared to the above examples, this example also includes a specific scheme of the user registration process.
如前所述,用户标识可以是用户注册时为用户分配的注册账号,或者也可以是其他可以标识指定用户的信息,本实例中以注册账号为例进行说明。As described above, the user identifier may be a registered account that is assigned to the user when the user is registered, or may be other information that can identify the specified user. In this example, the registered account is taken as an example for description.
具体地,用户可以根据网络操作需要,向客户端发起注册请求,客户端根据所述注册请求为所述用户分配一注册账号,将所述注册账号与所述用户的生物特征关联存储。比如可以一一对应存储,即一个账号对应用户的一个生物特征;或者,一个账户对应多个生物特征,即采集多个生物特征;或者还可以是一个生物特征有多个帐号的情况。Specifically, the user may initiate a registration request to the client according to the network operation requirement, and the client allocates a registration account to the user according to the registration request, and associates the registration account with the biometric of the user. For example, one-to-one correspondence may be stored, that is, one account corresponds to one biometric of the user; or one account corresponds to multiple biometrics, that is, multiple biometrics are collected; or may be a case where one biometric has multiple accounts.
将所述注册账号与所述用户的生物特征关联存储的目的在于:记录一个帐号最原始的生物特征,用来检测后期帐号被其他生物个体操作时而产生的异常;打击注册方面的批量操作行为,避免同一生物特征注册大量帐号。The purpose of associating the registered account with the biometric of the user is to record the most original biometrics of an account, to detect an abnormality caused by the operation of the later account by other bio-individuals; Avoid registering a large number of accounts with the same biometric.
此外,作为另一种实施方式,还可以在所述客户端注册后,接收客户端发送的生物特征注册请求,该生物特征注册请求包括用户标识以及用户的生物特征,并将所述用户标识与所述用户的生物特征关联存储。In addition, as another implementation manner, after the client registers, the biometric registration request sent by the client may be received, where the biometric registration request includes the user identifier and the biometric of the user, and the user identifier is The biometric association of the user is stored.
这里的生物特征包含但不仅限于人脸、指纹、声纹、虹膜等。由于生物具有唯一性和不可伪造的特征,则认为可以用有限的纬度来替换以往无限的IP地址。Biometrics here include, but are not limited to, faces, fingerprints, voice prints, irises, and the like. Because of the unique and unforgeable nature of the creature, it is considered that the finite latitude can be used to replace the infinite IP address.
当***对用户的某次网络操作下发验证时,终端***可以要求其进 行生物特征比对,利用用户标识与生物特征的关联性,从而可以有效打击不法分子大批量的自动化操作,提高对抗的有效性。When the system issues verification to a user's network operation, the terminal system can request it to enter The biometric comparison is carried out, and the correlation between the user identification and the biometrics is utilized, so that the automated operation of the large quantities of the criminals can be effectively combated, and the effectiveness of the confrontation is improved.
例如,如果坏人(或称恶意攻击者)使用分布式人工操作,则***所检测到的现象就是一个生物个体对应多个帐号的多个业务,这是一个很明显的异常特征,基于这一点就能够对当前操作进行有效拦截;如果坏人通过非法记录,储存大量生物特征进行自动机突破,那么在***侧可以发现,同一个生物个体可能会在短时间发生长距离的物理位置变化,这一点在正常情况下,也是不可能做到的,对于这一点本实例提供的方案同样可以进行有效防御。For example, if a bad person (or a malicious attacker) uses distributed manual operations, the phenomenon detected by the system is a plurality of services in which a biological individual corresponds to multiple accounts. This is a very obvious anomaly feature, based on this. It is able to effectively intercept the current operation; if the bad guys illegally record and store a large number of biometrics for automatic machine breakthrough, then on the system side, it can be found that the same biological individual may change the physical position of the long distance in a short time, which is Under normal circumstances, it is impossible to do so. For this point, the solution provided in this example can also be effectively defended.
还需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It is also to be understood that the term "comprises", "comprising", or any other variants thereof is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device that comprises a And includes other elements not explicitly listed, or elements that are inherent to such a process, method, article, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device that comprises the element.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实例提供的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个非易失性存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本申请各个实例的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method provided by the above example can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is more Good implementation. Based on such understanding, the technical solution of the present application, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a non-volatile storage medium (such as ROM/RAM). , a disk, an optical disk, including a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the methods of the various examples of the present application.
以上所述仅为本申请的实例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或流程变换,或直接或间接运用在其它相关的技术领域,均同理包括在本申请的专利保护范围 内。 The above description is only an example of the present application, and thus does not limit the scope of the patent application, and the equivalent structure or process transformation made by the specification and the drawings of the present application, or directly or indirectly applied to other related technical fields, The same applies to the scope of patent protection of this application. Inside.

Claims (11)

  1. 一种网络操作控制方法,所述方法包括:A network operation control method, the method comprising:
    在监测到客户端发起网络操作时,获取所述网络操作对应的操作相关信息,所述操作相关信息至少包括用户标识,或者还包括所述网络操作发起的时间、位置信息和/或类型;Obtaining operation related information corresponding to the network operation when the client initiates a network operation, where the operation related information includes at least a user identifier, or further includes time, location information, and/or type of the network operation initiation;
    向所述客户端下发生物特征验证操作,获取所述客户端返回的生物特征;Generating a feature verification operation to the client to obtain a biometric returned by the client;
    根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制。The network operation is controlled according to the biometrics returned by the client and the operation related information.
  2. 根据权利要求1所述的方法,在监测到客户端发起网络操作之前,所述方法还包括:将用户的用户标识与其注册的生物特征关联存储;The method of claim 1, before detecting that the client initiates a network operation, the method further comprising: associating the user identifier of the user with the registered biometric;
    在监测到客户端发起网络操作时,根据与所述用户标识关联存储的生物特征以及所述客户端返回的生物特征对所述网络操作进行控制。Upon detecting that the client initiates a network operation, the network operation is controlled based on biometrics stored in association with the user identity and biometrics returned by the client.
  3. 根据权利要求2所述的方法,其中,所述将用户的用户标识与其注册的生物特征关联存储的步骤包括:The method of claim 2 wherein said step of associating a user identification of a user with its registered biometrics comprises:
    接收客户端发送的注册请求,并从客户端侧获取一用户的生物特征;Receiving a registration request sent by the client, and acquiring a biometric of the user from the client side;
    根据所述注册请求为所述用户分配用户标识,将所述用户标识与所述用户的生物特征关联存储;Assigning a user identifier to the user according to the registration request, and storing the user identifier in association with the biometric feature of the user;
    或者,接收客户端发送的生物特征注册请求,所述生物特征注册请求包括用户标识以及用户的生物特征;Or receiving a biometric registration request sent by the client, where the biometric registration request includes a user identifier and a biometric of the user;
    将所述用户标识与所述用户的生物特征关联存储。The user identification is stored in association with the biometric of the user.
  4. 根据权利要求1所述的方法,其中,所述对所述网络操作进行控制的步骤包括:The method of claim 1 wherein said step of controlling said network operation comprises:
    判断是否满足以下条件中的任一种或任意组合:Determine if any or any combination of the following conditions is met:
    所述客户端返回的生物特征不是与所述用户标识关联存储的生物 特征;或者The biometric returned by the client is not a biometric stored in association with the user identifier Feature; or
    根据所述网络操作发起的时间及位置信息,确定当次操作的时间与所述客户端返回的生物特征对应的上次操作的时间间隔及物理距离,并且所述时间间隔及所述物理距离满足设定条件;或者Determining, according to the time and location information initiated by the network operation, a time interval and a physical distance of the last operation corresponding to the biometric returned by the client, and the time interval and the physical distance are satisfied. Set conditions; or
    根据所述网络操作发起的时间和操作类型,获取所述客户端返回的生物特征对应的在预定时间内的同一种或多种操作类型对应的用户标识的个数,并且所述用户标识的个数大于设定阈值;Obtaining, according to the time and operation type of the network operation, the number of user identifiers corresponding to the same type or multiple operation types corresponding to the biometrics returned by the client, and the user identifiers The number is greater than the set threshold;
    若判定满足上述条件中的任一种或任意组合,则验证不通过,禁止所述网络操作。If it is determined that any one of the above conditions or any combination is satisfied, the verification fails, and the network operation is prohibited.
  5. 根据权利要求1所述的方法,在监测到客户端发起网络操作之前,所述方法还包括:将用户的用户标识与其注册的生物特征关联存储;The method of claim 1, before detecting that the client initiates a network operation, the method further comprising: associating the user identifier of the user with the registered biometric;
    其中,所述对所述网络操作进行控制的步骤包括:The step of controlling the network operation includes:
    根据所述用户标识,判断所述客户端返回的生物特征是否为与所述用户标识关联存储的生物特征;若是,则执行以下步骤:Determining, according to the user identifier, whether the biometric returned by the client is a biometric stored in association with the user identifier; if yes, performing the following steps:
    根据所述网络操作发起的时间及位置信息,确定当次操作的时间与所述客户端返回的生物特征对应的上次操作的时间间隔及物理距离;和/或Determining, according to the time and location information initiated by the network operation, a time interval and a physical distance of the last operation corresponding to the biometric returned by the client; and/or
    根据所述网络操作发起的时间和操作类型,获取所述客户端返回的生物特征对应的在预定时间内的同一种或多种操作类型对应的用户标识的个数;Obtaining, according to the time and operation type initiated by the network operation, the number of user identifiers corresponding to the same type or multiple operation types corresponding to the biometrics returned by the client;
    若所述时间间隔及所述物理距离满足设定条件和/或所述用户标识的个数大于设定阈值,则验证不通过,禁止所述网络操作。If the time interval and the physical distance satisfy the set condition and/or the number of the user identifier is greater than a set threshold, the verification fails, and the network operation is prohibited.
  6. 根据权利要求4或5所述的方法,其中,所述时间间隔及所述物理距离满足设定条件为所述时间间隔小于设定阈值,且所述物理距离大于设定阈值。The method according to claim 4 or 5, wherein the time interval and the physical distance satisfy a set condition that the time interval is less than a set threshold, and the physical distance is greater than a set threshold.
  7. 一种终端设备,至少包括处理器和存储了所述处理器可执行指 令的存储器,当所述处理器执行所述存储器中的所述指令时,所述终端设备执行如下操作:A terminal device comprising at least a processor and storing the processor executable finger a memory, when the processor executes the instruction in the memory, the terminal device performs the following operations:
    在监测到客户端发起网络操作时,获取所述网络操作对应的操作相关信息,所述操作相关信息至少包括用户标识,或者还包括所述网络操作发起的时间、位置信息和/或类型;Obtaining operation related information corresponding to the network operation when the client initiates a network operation, where the operation related information includes at least a user identifier, or further includes time, location information, and/or type of the network operation initiation;
    向所述客户端下发生物特征验证操作,获取所述客户端返回的生物特征;Generating a feature verification operation to the client to obtain a biometric returned by the client;
    根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制。The network operation is controlled according to the biometrics returned by the client and the operation related information.
  8. 根据权利要求7所述的设备,当所述处理器执行所述存储器中的所述指令时,所述终端设备还执行如下操作:The apparatus of claim 7, when the processor executes the instruction in the memory, the terminal device further performs the following operations:
    在监测到客户端发起网络操作之前,将用户的用户标识与其注册的生物特征关联存储;Before the client initiates the network operation, the user identifier of the user is stored in association with the registered biometrics;
    其中,在监测到客户端发起网络操作时,根据与所述用户标识关联存储的生物特征以及所述客户端返回的生物特征对所述网络操作进行控制。The network operation is controlled according to the biometric stored in association with the user identifier and the biometric returned by the client when the client initiates a network operation.
  9. 根据权利要求7所述的设备,其中,所述对所述网络操作进行控制的步骤包括:判断是否满足以下条件中的任一种或任意组合:The apparatus of claim 7, wherein said controlling said network operation comprises determining whether any one or any combination of the following conditions is met:
    所述客户端返回的生物特征不是与所述用户标识关联存储的生物特征;或者The biometric returned by the client is not a biometric stored in association with the user identifier; or
    根据所述网络操作发起的时间及位置信息,确定当次操作的时间与所述客户端返回的生物特征对应的上次操作的时间间隔及物理距离,并且所述时间间隔及所述物理距离满足预定条件;或者Determining, according to the time and location information initiated by the network operation, a time interval and a physical distance of the last operation corresponding to the biometric returned by the client, and the time interval and the physical distance are satisfied. Predetermined condition; or
    根据所述网络操作发起的时间和操作类型,获取所述客户端返回的生物特征对应的在预定时间内的同一种或多种操作类型对应的用户标识的个数,其中,所述用户标识的个数大于设定阈值;Obtaining, according to the time and operation type of the network operation, the number of user identifiers corresponding to the same type or multiple operation types corresponding to the biometrics returned by the client, where the user identifiers The number is greater than the set threshold;
    若判定满足上述条件中的任一种或任意组合,则验证不通过,禁止 所述网络操作。If it is determined that any one of the above conditions or any combination is satisfied, the verification fails, and the prohibition is prohibited. The network operates.
  10. 根据权利要求7所述的设备,其特征在于,当所述处理器执行所述存储器中的所述指令时,所述终端设备还执行如下操作:The device according to claim 7, wherein when said processor executes said instruction in said memory, said terminal device further performs the following operations:
    在监测到客户端发起网络操作之前,将用户的用户标识与其注册的生物特征关联存储;Before the client initiates the network operation, the user identifier of the user is stored in association with the registered biometrics;
    其中,所述对所述网络操作进行控制的步骤包括:The step of controlling the network operation includes:
    根据所述用户标识,判断所述客户端返回的生物特征是否为与所述用户标识关联存储的生物特征;若是,则执行以下步骤:Determining, according to the user identifier, whether the biometric returned by the client is a biometric stored in association with the user identifier; if yes, performing the following steps:
    根据所述网络操作发起的时间及位置信息,确定当次操作的时间与所述客户端返回的生物特征对应的上次操作的时间间隔及物理距离;和/或Determining, according to the time and location information initiated by the network operation, a time interval and a physical distance of the last operation corresponding to the biometric returned by the client; and/or
    根据所述网络操作发起的时间和操作类型,获取所述客户端返回的生物特征对应的在预定时间内的同一种或多种操作类型对应的用户标识的个数;Obtaining, according to the time and operation type initiated by the network operation, the number of user identifiers corresponding to the same type or multiple operation types corresponding to the biometrics returned by the client;
    若所述时间间隔及所述物理距离满足设定条件和/或所述用户标识的个数大于设定阈值,则验证不通过,禁止所述网络操作。If the time interval and the physical distance satisfy the set condition and/or the number of the user identifier is greater than a set threshold, the verification fails, and the network operation is prohibited.
  11. 一种非易失性计算机可读存储介质,其特征在于,存储有程序,所述程序能够使计算机执行如下步骤:A non-transitory computer readable storage medium characterized by storing a program capable of causing a computer to perform the following steps:
    在监测到客户端发起网络操作时,获取所述网络操作对应的操作相关信息,所述操作相关信息至少包括用户标识,或者还包括所述网络操作发起的时间、位置信息和/或类型;Obtaining operation related information corresponding to the network operation when the client initiates a network operation, where the operation related information includes at least a user identifier, or further includes time, location information, and/or type of the network operation initiation;
    向所述客户端下发生物特征验证操作,获取所述客户端返回的生物特征;Generating a feature verification operation to the client to obtain a biometric returned by the client;
    根据所述客户端返回的生物特征以及所述操作相关信息,对所述网络操作进行控制。 The network operation is controlled according to the biometrics returned by the client and the operation related information.
PCT/CN2016/083987 2015-09-29 2016-05-31 Method and apparatus for controlling network operation WO2017054482A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510634508.1A CN106559394B (en) 2015-09-29 2015-09-29 Network operation control method and device
CN2015106345081 2015-09-29

Publications (1)

Publication Number Publication Date
WO2017054482A1 true WO2017054482A1 (en) 2017-04-06

Family

ID=58415909

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/083987 WO2017054482A1 (en) 2015-09-29 2016-05-31 Method and apparatus for controlling network operation

Country Status (2)

Country Link
CN (1) CN106559394B (en)
WO (1) WO2017054482A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107094146A (en) * 2017-05-05 2017-08-25 北京图凌科技有限公司 A kind of processing method of peration data, terminal and service end

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140270404A1 (en) * 2013-03-15 2014-09-18 Eyelock, Inc. Efficient prevention of fraud
CN104618348A (en) * 2015-01-12 2015-05-13 中国科学院信息工程研究所 Method for resisting automatic programming batch illegalities
CN104836781A (en) * 2014-02-20 2015-08-12 腾讯科技(北京)有限公司 Method distinguishing identities of access users, and device

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070209014A1 (en) * 2006-01-11 2007-09-06 Youssef Youmtoub Method and apparatus for secure data input
CN101272237B (en) * 2008-04-22 2010-10-06 北京飞天诚信科技有限公司 Method and system for automatically generating and filling login information
CN103856470B (en) * 2012-12-06 2018-06-19 腾讯科技(深圳)有限公司 Detecting method of distributed denial of service attacking and detection device
CN104518876B (en) * 2013-09-29 2019-01-04 腾讯科技(深圳)有限公司 Service login method and device
CN103686729B (en) * 2013-12-05 2016-12-07 何文秀 A kind of identity card carries out Mobile banking's authentication method and the system of self-help registration
CN104901801B (en) * 2014-03-06 2019-01-11 腾讯科技(深圳)有限公司 Auth method and device
CN103886238A (en) * 2014-03-28 2014-06-25 上海云享科技有限公司 Account login method and device based on palm prints
CN103957506B (en) * 2014-05-06 2017-12-05 重庆邮电大学 Anti-theft tracking of mobile phone system and method based on IMSI detections and recognition of face

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140270404A1 (en) * 2013-03-15 2014-09-18 Eyelock, Inc. Efficient prevention of fraud
CN104836781A (en) * 2014-02-20 2015-08-12 腾讯科技(北京)有限公司 Method distinguishing identities of access users, and device
CN104618348A (en) * 2015-01-12 2015-05-13 中国科学院信息工程研究所 Method for resisting automatic programming batch illegalities

Also Published As

Publication number Publication date
CN106559394A (en) 2017-04-05
CN106559394B (en) 2020-08-11

Similar Documents

Publication Publication Date Title
US11888839B1 (en) Continuous authentication through orchestration and risk calculation post-authentication system and method
KR102038851B1 (en) Method and system for verifying identities
US20180082304A1 (en) System for user identification and authentication
US20160269411A1 (en) System and Method for Anonymous Biometric Access Control
CN104052734B (en) It the attack detecting that is identified using global device-fingerprint and prevents
WO2017121270A1 (en) Method and apparatus for allocating device identifiers
US9626498B2 (en) Multi-person gestural authentication and authorization system and method of operation thereof
US10686793B2 (en) Integrated biometrics for application security
WO2017036310A1 (en) Authentication information update method and device
US10366217B2 (en) Continuous user authentication
US11329998B1 (en) Identification (ID) proofing and risk engine integration system and method
EP3042337B1 (en) World-driven access control using trusted certificates
JP2015503866A (en) Device and method for user authentication and user existence verification based on Turing test
US10068077B2 (en) False alarm avoidance
KR20170126444A (en) Face detection
US20200366670A1 (en) A system and method for authenticating a user
US20140130126A1 (en) Systems and methods for automatically identifying and removing weak stimuli used in stimulus-based authentication
US11811777B2 (en) Multi-factor authentication using confidant verification of user identity
Kwon et al. CCTV-based multi-factor authentication system
WO2017054482A1 (en) Method and apparatus for controlling network operation
CN111159687B (en) Account information processing method, electronic equipment and server
Zhong et al. Connecting physical-world to cyber-world: Security and privacy issues in pervasive sensing
CN109818924A (en) A kind of device of the login railway dedicated system based on recognition of face
KR102582683B1 (en) Method for verifying the target person, and server and program using the same
CN113836509B (en) Information acquisition method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16850107

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 22/08/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16850107

Country of ref document: EP

Kind code of ref document: A1