[go: up one dir, main page]

CN105847216A - Identity authentication method and device - Google Patents

Identity authentication method and device Download PDF

Info

Publication number
CN105847216A
CN105847216A CN201510012502.0A CN201510012502A CN105847216A CN 105847216 A CN105847216 A CN 105847216A CN 201510012502 A CN201510012502 A CN 201510012502A CN 105847216 A CN105847216 A CN 105847216A
Authority
CN
China
Prior art keywords
password
user
proficiency
described user
input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510012502.0A
Other languages
Chinese (zh)
Inventor
汪凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201510012502.0A priority Critical patent/CN105847216A/en
Priority to PCT/CN2016/070130 priority patent/WO2016112792A1/en
Publication of CN105847216A publication Critical patent/CN105847216A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

本申请提供一种身份认证方法及装置。方法包括:获取用户输入的密码以及用户输入密码的熟练度;根据用户输入的密码和用户输入密码的熟练度,对用户进行身份认证。本申请同时结合用户输入的密码以及用户输入密码的熟练度对用户进行身份认证,可以提高身份认证的安全性,同时不再依赖用户的终端设备,实现上更加灵活性。

The present application provides an identity authentication method and device. The method includes: obtaining the password input by the user and the proficiency of the user inputting the password; and performing identity authentication on the user according to the password input by the user and the proficiency of the user inputting the password. This application combines the password input by the user and the proficiency of the password input by the user to authenticate the user at the same time, which can improve the security of the identity authentication, and at the same time no longer rely on the user's terminal equipment, making the implementation more flexible.

Description

身份认证方法及装置Identity authentication method and device

【技术领域】【Technical field】

本申请涉及互联网技术领域,尤其涉及一种身份认证方法及装置。The present application relates to the technical field of the Internet, in particular to an identity authentication method and device.

【背景技术】【Background technique】

随着计算机技术的发展,密码安全问题一直是计算机领域内的一个重要研究方向,尤其是在互联网迅速发展的今天,密码安全技术也层出不穷。With the development of computer technology, password security has always been an important research direction in the computer field, especially in today's rapid development of the Internet, password security technologies are emerging in an endless stream.

目前,相对比较安全的密码技术是两步验证法。以谷歌(google)的两步验证法为例,该两步验证法首先要用户在的密码输入框输入密码,然后向用户注册时绑定的手机发送动态密码,要求用户再次输入动态密码。只有两次的密码校验都通过了,才确认用户是合法用户,并允许用户执行相应操作,例如登录。Currently, the relatively safe encryption technology is the two-step verification method. Take Google's two-step verification method as an example. This two-step verification method first requires the user to enter the password in the password input box, and then sends a dynamic password to the mobile phone bound when the user registers, requiring the user to enter the dynamic password again. Only when the two password verifications pass, can the user be confirmed as a legitimate user and allow the user to perform corresponding operations, such as logging in.

上述两步验证法虽然在密码安全上面有一定提高,但是由于该方法依赖于用户的手机,在使用上存在一定限制,不够灵活,例如若手机当时不在用户身边,或者由于客观原因(如手机没有信号或没电等)无法接收到动态密码,导致合法用户无法进行身份认证,无法执行相应操作。Although the above-mentioned two-step verification method has certain improvements in password security, because the method relies on the user's mobile phone, there are certain limitations in use and is not flexible enough. For example, if the mobile phone is not with the user at the time, or due to objective reasons (such as mobile phone not Signal or power failure, etc.) cannot receive the dynamic password, resulting in the inability of legitimate users to perform identity authentication and perform corresponding operations.

【发明内容】【Content of invention】

本申请的多个方面提供一种身份认证方法及装置,用以在提高身份认证安全性的同时,提高身份认证的灵活性。Various aspects of the present application provide an identity authentication method and device, which are used to increase the flexibility of identity authentication while improving the security of identity authentication.

本申请的一方面,提供一种身份认证方法,包括:In one aspect of the present application, an identity authentication method is provided, including:

获取用户输入的密码以及所述用户输入所述密码的熟练度;Obtaining the password entered by the user and the user's proficiency in entering the password;

根据所述用户输入的密码和所述用户输入所述密码的熟练度,对所述用户进行身份认证。Perform identity authentication on the user according to the password input by the user and the user's proficiency in inputting the password.

本申请的另一方面,提供一种身份认证装置,包括:Another aspect of the present application provides an identity authentication device, including:

获取模块,用于获取用户输入的密码以及所述用户输入所述密码的熟练度;An acquisition module, configured to acquire the password input by the user and the user's proficiency in inputting the password;

认证模块,用于根据所述用户输入的密码和所述用户输入所述密码的熟练度,对所述用户进行身份认证。An authentication module, configured to authenticate the user according to the password input by the user and the proficiency of the user in inputting the password.

在本申请中,获取用户输入的密码和用户输入密码的熟练度,同时根据用户输入的密码和用户输入密码的熟练度,对用户进行身份认证。与现有技术中仅根据密码对用户进行身份认证的方法相比,由于结合了两种信息,所以提高了身份认证的安全性;另外,用户输入密码的熟练度可以在用户输入密码的过程中获取,通过熟练度识别当前进行密码输入的是不是用户本人,实现对用户的认证,不需要依赖用户的终端设备接收动态密码,因此在使用上不受用户的终端设备的限制,具有较高的灵活性。In this application, the password entered by the user and the proficiency of the user's input password are obtained, and the user is authenticated according to the password entered by the user and the proficiency of the user's input password. Compared with the method in the prior art that only authenticates the user based on the password, the security of the identity authentication is improved due to the combination of two kinds of information; in addition, the user's proficiency in inputting the password can be improved during the process of the user inputting the password. Acquisition, through proficiency to identify whether the current password input is the user himself, to achieve user authentication, without relying on the user's terminal equipment to receive dynamic passwords, so the use is not limited by the user's terminal equipment, and has a high flexibility.

【附图说明】【Description of drawings】

为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application, the following will briefly introduce the drawings that need to be used in the embodiments or the description of the prior art. Obviously, the accompanying drawings in the following description are of the present application For some embodiments, those of ordinary skill in the art can also obtain other drawings based on these drawings without paying creative efforts.

图1为本申请一实施例提供的身份认证方法的流程示意图;FIG. 1 is a schematic flow diagram of an identity authentication method provided by an embodiment of the present application;

图2为本申请一实施例提供的身份认证装置的结构示意图。Fig. 2 is a schematic structural diagram of an identity authentication device provided by an embodiment of the present application.

【具体实施方式】【detailed description】

为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments It is a part of the embodiments of this application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of this application.

图1为本申请一实施例提供的身份认证方法的流程示意图。如图1所示,该方法包括:FIG. 1 is a schematic flowchart of an identity authentication method provided by an embodiment of the present application. As shown in Figure 1, the method includes:

101、获取用户输入的密码以及用户输入该密码的熟练度。101. Obtain the password input by the user and the user's proficiency in inputting the password.

102、根据用户输入的密码和用户输入该密码的熟练度,对用户进行身份认证。102. Perform identity authentication on the user according to the password input by the user and the proficiency of the user in inputting the password.

本实施例提供一种身份认证方法,可由身份认证装置来执行。本实施例提供的身份认证方法可应用于各种需要验证用户身份的场景,例如各种应用系统的登录过程、基于互联网的支付过程以及网络资源的访问过程等;相应的,身份认证装置可以是各种系统中的客户端或专门负责身份认证的装置。This embodiment provides an identity authentication method, which can be executed by an identity authentication device. The identity authentication method provided by this embodiment can be applied to various scenarios that need to verify the identity of the user, such as the login process of various application systems, the payment process based on the Internet, and the access process of network resources; correspondingly, the identity authentication device can be Clients in various systems or devices dedicated to identity authentication.

举例说明,当用户需要登录某一应用系统,例如QQ或微信或天猫或淘宝等时,该应用系统的客户端向用户提供一登录界面,登录界面上显示有用户名输入框、密码输入框以及登录按钮(或者是提交按钮),用于供用户输入用户名和密码。用户输入用户名和密码,并点击登录按钮或提交按钮,以向客户端提供用户名和密码。此时,客户端接收用户输入的用户名和密码。在该应用场景中,身份认证装置可以是应用系统的客户端,该客户端除了具有身份认证功能之外,还具有实现相应业务的功能。For example, when a user needs to log in to an application system, such as QQ or WeChat or Tmall or Taobao, the client of the application system provides the user with a login interface, which displays a user name input box and a password input box And a login button (or a submit button) for the user to enter a username and password. The user enters the username and password and clicks the login button or the submit button to provide the username and password to the client. At this point, the client receives the user name and password entered by the user. In this application scenario, the identity authentication device may be a client of the application system, and the client has the function of implementing corresponding services in addition to the identity authentication function.

举例说明,当用户需要使用在线支付业务时,在线支付系统的客户端向用户提供一在线支付界面,该支付界面上显示有支付金额、支付方、密码输入框、验证码以及确定按钮等信息,其中,密码输入框用于供用户输入密码。用户在密码输入框中输入密码,点击确认按钮,以向在线支付系统的客户端提供密码。此时,在线支付系统的客户端接收用户输入的密码。在该应用场景中,身份认证装置可以是在线支付系统的客户端。For example, when a user needs to use an online payment service, the client of the online payment system provides the user with an online payment interface, which displays information such as payment amount, payer, password input box, verification code, and a confirmation button. Wherein, the password input box is used for the user to input a password. The user enters the password in the password input box and clicks the confirm button to provide the password to the client of the online payment system. At this time, the client terminal of the online payment system receives the password input by the user. In this application scenario, the identity authentication device may be a client of an online payment system.

考虑到用户的密码有可能被盗,因此若仅仅依据用户输入的密码对用户进行身份认证,其安全性较低。为此本实施例提供一种安全性较高的身份认证方法,具体如下:Considering that the user's password may be stolen, if the user is authenticated only based on the password entered by the user, the security is low. For this reason, this embodiment provides a highly secure identity authentication method, specifically as follows:

当需要对用户进行身份认证时,身份认证装置获取用户输入的密码,同时获取用户输入该密码的熟练度。例如,身份认证装置可以向用户提供一交互界面,在该交互界面上提供密码输入框和提交按钮等信息,以供用户输入身份认证所需的密码。When the user needs to be authenticated, the identity authentication device acquires the password input by the user, and at the same time acquires the user's proficiency in inputting the password. For example, the identity authentication device may provide the user with an interactive interface, on which information such as a password input box and a submit button is provided for the user to input the password required for identity authentication.

其中,不同用户输入同一密码的熟练度一般不同。尤其是,一个熟悉密码的用户与一个不熟悉密码的用户相比,其两者在输入密码的熟练度上会有较大差异。熟悉密码的用户在输入密码时的输入动作比较流畅,比较快速;相反,不熟悉密码的用户在输入密码时的输入动作就会有停顿,速度也会比较慢。Wherein, different users generally have different levels of proficiency in inputting the same password. In particular, compared with a user who is familiar with passwords and a user who is not familiar with passwords, there will be a large difference in the proficiency of inputting passwords between the two. Users who are familiar with passwords can input passwords more smoothly and quickly; on the contrary, users who are not familiar with passwords will pause when inputting passwords, and the speed will be slower.

基于上述分析,本实施例可以通过用户输入密码的熟练度来判断输入密码的用户是否是预先注册的合法用户。Based on the above analysis, in this embodiment, it can be judged whether the user entering the password is a pre-registered legal user according to the user's proficiency in inputting the password.

之后,身份认证装置根据用户输入的密码和用户输入密码的熟练度,对用户进行身份认证。Afterwards, the identity authentication device performs identity authentication on the user according to the password input by the user and the user's proficiency in inputting the password.

由于本实施例除了采用用户输入的密码之外,还同时结合了用户输入密码的熟练度这一信息对用户进行身份认证,与现有技术中仅根据一种信息对用户进行身份认证的方法相比,其安全性有所提高;另外,用户输入密码的熟练度可以在用户输入密码的过程中获取,通过熟练度识别当前进行密码输入的是不是用户本人,实现对用户的认证,不需要依赖用户的终端设备接收动态密码,因此在使用上不受用户的终端设备的限制,具有较高的灵活性。In addition to using the password entered by the user, this embodiment also combines the information of the proficiency of the user's input password to authenticate the user, which is different from the method in the prior art that only uses one kind of information to authenticate the user. In addition, the proficiency of the user's password input can be obtained during the process of the user's password input. Through the proficiency, it can be identified whether the user who is currently entering the password is the user himself, and the authentication of the user is realized without relying on The user's terminal equipment receives the dynamic password, so the use is not limited by the user's terminal equipment, and has high flexibility.

在一可选实施方式中,身份认证装置根据用户输入的密码和用户输入密码的熟练度,对用户进行身份认证的方式包括:In an optional implementation manner, the identity authentication device performs identity authentication on the user according to the password input by the user and the proficiency of the password input by the user, including:

判断用户输入的密码与预设的密码是否相同;Determine whether the password entered by the user is the same as the preset password;

若用户输入的密码与预设的密码相同,判断用户输入密码的熟练度是否在预设熟练度范围内;If the password entered by the user is the same as the preset password, determine whether the user's proficiency in entering the password is within the preset proficiency range;

若用户输入密码的熟练度在预设熟练度范围内,确定用户属于合法用户。If the proficiency of the user in inputting the password is within the preset proficiency range, it is determined that the user is a legitimate user.

在上述可选实施方式中,合法用户需要预先进行注册,并预先设定密码。另外,身份认证装置也要预先设定合法用户输入密码的熟练度范围。具体的,身份认证装置将用户输入的密码与预设的密码进行比较;若用户输入的密码与预设的密码相同,进一步判断用户输入密码的熟练度是否在预设熟练度范围内;若用户输入密码的熟练度在预设熟练度范围内,说明用户属于合法用户。In the above optional implementation manner, the legal user needs to register in advance and set a password in advance. In addition, the identity authentication device also pre-sets the proficiency range of the legal user inputting the password. Specifically, the identity authentication device compares the password input by the user with the preset password; if the password input by the user is the same as the preset password, it further judges whether the proficiency of the user input password is within the preset proficiency range; if the user If the proficiency of entering the password is within the preset proficiency range, it means that the user is a legitimate user.

可选的,当用户输入的密码与预设的密码不相同,或用户输入密码的熟练度不在预设熟练度范围内时,确定用户属于非法用户。或者Optionally, when the password input by the user is different from the preset password, or the user's proficiency in entering the password is not within the preset proficiency range, it is determined that the user is an illegal user. or

可选的,当用户输入的密码与预设的密码不相同时,确定用户属于非法用户;当用户输入的密码与预设的密码相同,但用户输入密码的熟练度不在预设熟练度范围内时,确定用户属于可疑用户。Optionally, when the password entered by the user is different from the preset password, it is determined that the user is an illegal user; when the password entered by the user is the same as the preset password, but the user's proficiency in entering the password is not within the preset proficiency range , it is determined that the user is a suspicious user.

若用户的密码丢失或被盗,即使通过了密码验证,由于输入密码的熟练度与合法用户输入密码的熟练度不一样,所以也会将非法用户识别出来,提高了身份认证的安全性。另外,与现有技术中的动态密码相比,用户输入密码的熟练度只需在用户输入密码的过程中获取即可,且不依赖于用户的终端设备,所以不受用户终端设备的限制,具有较高的灵活性。If the user's password is lost or stolen, even if the user passes the password verification, since the proficiency of entering the password is different from that of the legitimate user, the illegal user will be identified, which improves the security of identity authentication. In addition, compared with the dynamic password in the prior art, the proficiency of the user's password input only needs to be acquired during the process of the user's password input, and does not depend on the user's terminal equipment, so it is not limited by the user's terminal equipment. Has high flexibility.

在一可选实施方式中,考虑到用户越熟悉所要输入的密码,其输入速度就越快,则可以用用户输入密码中单个字符的耗时来表示用户输入密码的熟练度;耗时越短,表示用户输入密码的熟练度越高;反之,表示用户输入密码的熟练度越低。In an optional implementation, considering that the more familiar the user is with the password to be entered, the faster the input speed, the user's proficiency in entering the password can be represented by the time spent on inputting a single character in the password; the shorter the time-consuming , indicating that the user's proficiency in entering the password is higher; on the contrary, it indicates that the user's proficiency in entering the password is lower.

基于上述,一种获取用户输入密码的熟练度的方式包括:监控用户输入密码过程中产生的键盘事件,以获得该密码包括的字符个数和用户输入密码的总耗时;进一步,根据用户输入密码的总耗时和该密码包括的字符个数,获得用户输入该密码中单个字符的平均耗时以作为用户输入密码的熟练度。这种方式实现相对简单,效率较高。Based on the above, a method for obtaining the user's proficiency in password input includes: monitoring the keyboard events generated during the user's password input process to obtain the number of characters included in the password and the total time consumed by the user to input the password; further, according to the user input The total time-consuming of the password and the number of characters included in the password, and the average time-consuming for the user to input a single character in the password is obtained as the proficiency of the user in entering the password. This method is relatively simple to implement and has high efficiency.

基于上述获取用户输入密码的熟练度的实现方式,一种判断用户输入密码的熟练度是否在预设熟练度范围内的实现方式包括:Based on the above implementation of obtaining the proficiency of the user's input password, an implementation of judging whether the user's proficiency of entering the password is within the preset range of proficiency includes:

获取用户输入密码中单个字符的平均耗时与预先获取的标准耗时的差值;Obtain the difference between the average time-consuming time for a user to input a single character in the password and the pre-acquired standard time-consuming;

将所获取的差值与预设的阈值区间进行比较;Comparing the obtained difference with a preset threshold interval;

若所述差值在预设的阈值区间内,确定用户输入密码的熟练度在预设熟练度范围内;If the difference is within the preset threshold interval, it is determined that the user's proficiency in inputting the password is within the preset proficiency range;

若所述差值不在预设的阈值区间内,确定用户输入密码的熟练度不在预设熟练度范围内。If the difference is not within the preset threshold interval, it is determined that the user's proficiency in inputting the password is not within the preset proficiency range.

在上述实施例中,预设熟练度范围可以用阈值区间来表示,相当于将熟练度范围进行了量化,有利于实现和操作。其中,根据密码以及应用场景等的不同,该阈值区间的取值也会有所不同,本实施例并不限定该阈值区间的具体取值。举例说明,假设该阈值区间可以为[0.00,0.08],则若单个字符的平均耗时可以是0.2秒,标准耗时为0.15秒,单个字符的平均耗时与标准耗时的差值为0.05,该差值在上述阈值区间内,说明用户输入密码的熟练度在预设熟练度范围内,可以判定进行密码输入的用户是合法用户。In the above embodiment, the preset proficiency range may be represented by a threshold interval, which is equivalent to quantifying the proficiency range, which is convenient for implementation and operation. Wherein, according to different passwords and application scenarios, the value of the threshold interval will also be different, and this embodiment does not limit the specific value of the threshold interval. For example, assuming that the threshold interval can be [0.00,0.08], then if the average time-consuming of a single character can be 0.2 seconds, the standard time-consuming is 0.15 seconds, and the difference between the average time-consuming of a single character and the standard time-consuming is 0.05 , if the difference is within the above-mentioned threshold range, it means that the user's proficiency in entering the password is within the preset proficiency range, and it can be determined that the user who entered the password is a legitimate user.

值得说明的是,在实施上述方案之前,需要预先获取标准耗时。一种获取标准耗时的方式包括:It is worth noting that before implementing the above solution, it is necessary to obtain the standard time-consuming in advance. One way to obtain the standard time consumption includes:

预先设定一学习周期。该学习周期可以是指定的一段时间,例如3天、一周、一个月等。或者,也可以设定用户输入密码的次数,例如10次、20次等,则该学习周期具体可以是用户输入密码的次数来确定。A learning period is set in advance. The learning period may be a specified period of time, such as 3 days, one week, one month, and so on. Alternatively, the number of times the user enters the password can also be set, such as 10 times, 20 times, etc., and the learning period can be specifically determined by the number of times the user enters the password.

在该学习周期内,用户会多次输入密码,用户输入密码的最大次数设为N,N是大于1的自然数。对于用户第i次输入密码来说,身份认证装置可以获取用户在学习周期内第i次输入密码中单个字符的平均耗时,记为Si。例如,身份认证装置可以监控用户在学习周期内第i次输入密码过程中产生的键盘事件,以获得密码包括的字符个数和用户第i次输入密码的总耗时;根据用户第i次输入密码的总耗时和密码包括的字符个数,获得用户第i次输入密码中单个字符的平均耗时。其中,i=1,2,…,N。这样,身份认证装置可以获取用户在预设学习周期内每次输入密码中单个字符的平均耗时,总共是N个平均耗时;之后可以计算所获取的N个平均耗时的标准差,以作为上述标准耗时。所述标准差的计算方法如下:During the learning period, the user will enter the password multiple times, and the maximum number of times the user enters the password is set to N, where N is a natural number greater than 1. For the i-th time when the user enters the password, the identity authentication device can obtain the average time spent on inputting a single character in the i-th password by the user within the learning period, which is denoted as S i . For example, the identity authentication device can monitor the keyboard events generated by the user during the ith password input process in the learning cycle, so as to obtain the number of characters included in the password and the total time consumed by the user to input the password for the ith time; The total time-consuming of the password and the number of characters included in the password, and the average time-consuming for the i-th input of a single character in the password by the user. Wherein, i=1, 2, . . . , N. In this way, the identity authentication device can obtain the average time-consuming of each input of a single character in the password by the user within the preset learning period, which is a total of N average time-consuming; then the standard deviation of the obtained N average time-consuming can be calculated to obtain Time consuming by the above standards. The calculation method of the standard deviation is as follows:

针对N个平均耗时,计算平均值E=(S1+S2+…+SN)/N;For N average time-consuming, calculate the average value E=(S 1 +S 2 +...+S N )/N;

根据公式(∑(Si E)2/N)1/2,计算标准差SS。According to the formula (Σ(S i E) 2 /N) 1/2 , the standard deviation SS is calculated.

基于上述各实施方式,为了进一步提高身份认证的安全性,同时又要降低将误判的概率(即降低合法用户判定为非法用户的概率),当用户输入的密码与预设的密码相同,但用户输入密码的熟练度不在预设熟练度范围内时,可以将其判定为疑似非法用户(即可疑用户),而不是直接判定为非法用户,这样可以进一步根据用户输入的验证码,对用户进行身份认证。该验证码可以是现有技术中的动态密码。Based on the above implementations, in order to further improve the security of identity authentication, and at the same time reduce the probability of misjudgment (that is, reduce the probability that a legal user is judged as an illegal user), when the password entered by the user is the same as the preset password, but When the proficiency of the user's password input is not within the preset proficiency range, it can be judged as a suspected illegal user (that is, a suspicious user) instead of being directly judged as an illegal user. In this way, the user can be further verified according to the verification code entered by the user. Authentication. The verification code can be a dynamic password in the prior art.

具体的,当判断出用户输入的密码与预设的密码相同,但用户输入密码的熟练度不在预设熟练度范围内时,身份认证装置可以向预先与用户名绑定的终端设备发送验证码,并向用户提供验证码输入界面,以供用户输入接收到的验证码,以便通过验证码对用户做进一步认证。Specifically, when it is determined that the password entered by the user is the same as the preset password, but the user's proficiency in entering the password is not within the preset proficiency range, the identity authentication device may send a verification code to the terminal device bound to the user name in advance , and provide the user with a verification code input interface for the user to input the received verification code, so as to further authenticate the user through the verification code.

具体的,身份认证装置可以将用户输入的验证码与发送给用户的验证码进行比较;若两者相同,则确定用户是合法用户;若两者不相同,则确定用户是非法用户。Specifically, the identity authentication device can compare the verification code input by the user with the verification code sent to the user; if the two are the same, it is determined that the user is a legitimate user; if the two are not the same, it is determined that the user is an illegal user.

对用户来说,若是合法用户,则可以从其终端设备获取验证码,并提供给身份认证装置;若是非法用户,则无法获取验证码,从而无法通过身份认证。For the user, if it is a legal user, it can obtain a verification code from its terminal equipment and provide it to the identity authentication device; if it is an illegal user, it cannot obtain the verification code, so that it cannot pass the identity authentication.

在上述实施方式中,将用户输入密码的熟练度与两步验证法相结合,先基于用户输入密码的熟练度判断进行密码输入是否是注册该密码的用户,如果判定是注册该密码的用户,则不需要启动两步认证法中的第二步,可以在保证身份认证安全性的基础上规避用户终端设备的限制,具有较大的灵活性;如果判定是可疑用户,那么就开启两步认证法中的第二步,有利于在保证身份认证安全性的基础上尽量减低误判概率。值得说明的是,一般来讲密码作为一个用户最为关键的数据,用户输入的耗时都是在一个范围之内,开启第二步验证的概率极低,降低了对用户终端设备的依赖,整个方法在实现上比较灵活。In the above embodiment, the proficiency of the user's password input is combined with the two-step verification method. First, based on the proficiency of the user's password input, it is judged whether the password input is the user who registered the password. If it is determined that the user is the user who registered the password, then There is no need to start the second step in the two-step authentication method, and it can avoid the restrictions on user terminal equipment on the basis of ensuring the security of identity authentication, which has greater flexibility; if it is determined that the user is suspicious, then start the two-step authentication method In the second step, it is beneficial to minimize the probability of misjudgment on the basis of ensuring the security of identity authentication. It is worth noting that, generally speaking, the password is the most critical data for a user, and the time-consuming input by the user is within a certain range. The probability of enabling the second-step verification is extremely low, which reduces the dependence on the user's terminal equipment. The method is more flexible in implementation.

需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本申请并不受所描述的动作顺序的限制,因为依据本申请,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本申请所必须的。It should be noted that for the foregoing method embodiments, for the sake of simple description, they are expressed as a series of action combinations, but those skilled in the art should know that the present application is not limited by the described action sequence. Depending on the application, certain steps may be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification belong to preferred embodiments, and the actions and modules involved are not necessarily required by this application.

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the foregoing embodiments, the descriptions of each embodiment have their own emphases, and for parts not described in detail in a certain embodiment, reference may be made to relevant descriptions of other embodiments.

图2为本申请一实施例提供的身份认证装置的结构示意图。如图2所示,该装置包括:获取模块21和认证模块22。Fig. 2 is a schematic structural diagram of an identity authentication device provided by an embodiment of the present application. As shown in FIG. 2 , the device includes: an acquisition module 21 and an authentication module 22 .

获取模块21,用于获取用户输入的密码以及用户输入密码的熟练度。The acquiring module 21 is configured to acquire the password input by the user and the user's proficiency in inputting the password.

认证模块22,用于根据获取模块21获取的用户输入的密码和用户输入密码的熟练度,对用户进行身份认证。The authentication module 22 is configured to authenticate the identity of the user according to the password input by the user acquired by the acquisition module 21 and the proficiency of the password input by the user.

在一可选实施方式中,认证模块具体用于:判断用户输入的密码与预设的密码是否相同;若用户输入的密码与预设的密码相同,判断用户输入密码的熟练度是否在预设熟练度范围内;若用户输入密码的熟练度在预设熟练度范围内,确定用户属于合法用户。In an optional embodiment, the authentication module is specifically used to: determine whether the password input by the user is the same as the preset password; within the proficiency range; if the user's proficiency in entering the password is within the preset proficiency range, it is determined that the user is a legitimate user.

认证模块还用于:若用户输入的密码与预设的密码不相同,或用户输入密码的熟练度不在预设熟练度范围内,确定用户属于非法用户。或者The authentication module is also used to determine that the user is an illegal user if the password input by the user is not the same as the preset password, or the user's proficiency in inputting the password is not within the preset proficiency range. or

认证模块还用于:在用户输入的密码与预设的密码不相同时,确定用户属于非合法用户;在用户输入的密码与预设的密码相同,但用户输入密码的熟练度不在预设熟练度范围内时,确定用户属于可疑用户。The authentication module is also used to: when the password entered by the user is different from the preset password, determine that the user is an illegal user; when the password entered by the user is the same as the preset password, but the user's proficiency in entering the password is not higher than the preset proficiency When it is within the range, it is determined that the user is a suspicious user.

进一步,认证模块还用于:在所述属于可疑用户时,继续根据所户输入的验证码,对用户进行身份验证。Further, the authentication module is also used for: when the user belongs to a suspicious user, continue to verify the identity of the user according to the verification code input by the user.

在一可选实施方式中,获取模块21具体用于:监控用户输入密码过程中产生的键盘事件,以获得密码包括的字符个数和用户输入密码的总耗时;根据用户输入密码的总耗时和密码包括的字符个数,获得用户输入密码中单个字符的平均耗时以作为用户输入密码的熟练度。In an optional embodiment, the obtaining module 21 is specifically used to: monitor the keyboard events generated during the process of user inputting the password, so as to obtain the number of characters included in the password and the total time-consuming for the user to input the password; The time and the number of characters included in the password, and the average time consumed by the user to input a single character in the password is obtained as the user's proficiency in entering the password.

基于上述获取模块21获取用户输入密码的熟练度的方案,认证模块22用于判断用户输入密码的熟练度是否在预设熟练度范围内,具体为:Based on the scheme that the above-mentioned acquisition module 21 acquires the proficiency of the user's input password, the authentication module 22 is used to judge whether the user's proficiency of the password input is within the preset proficiency range, specifically:

获取用户输入密码中单个字符的平均耗时与预先获取的标准耗时的差值;若差值在预设的阈值区间,确定用户输入密码的熟练度在预设熟练度范围内;若差值不在预设的阈值区间,确定用户输入密码的熟练度不在预设熟练度范围内。Obtain the difference between the average time-consuming of a single character in the user's input password and the pre-acquired standard time-consuming; if the difference is within the preset threshold range, it is determined that the user's proficiency in entering the password is within the preset proficiency range; if the difference is If it is not within the preset threshold interval, it is determined that the user's proficiency in inputting the password is not within the preset proficiency range.

进一步,获取模块21还用于预先获取标准耗时,具体的:获取用户在预设学习周期内第i次输入密码中单个字符的平均耗时,i=1,2,…,N,N是用户在学习周期内输入密码的最大次数,N是大于1的自然数;计算获取的N个平均耗时的标准差,以作为标准耗时。Further, the obtaining module 21 is also used to pre-acquire the standard time-consuming, specifically: obtaining the average time-consuming of the i-th input of a single character in the password by the user within the preset learning period, i=1, 2, ..., N, N is The maximum number of times the user enters the password during the learning period, N is a natural number greater than 1; calculate the standard deviation of the average time-consuming of the obtained N, and use it as the standard time-consuming.

本实施例提供的身份认证装置,获取用户输入的密码和用户输入密码的熟练度,同时根据用户输入的密码和用户输入密码的熟练度,对用户进行身份认证。由于本实施例提供的身份认证装置同时结合了两种信息对用户进行身份认证,所以提高了身份认证的安全性;另外,用户输入密码的熟练度可以在用户输入密码的过程中获取,通过熟练度识别当前进行密码输入的是不是用户本人,实现对用户的认证,不需要依赖用户的终端设备接收动态密码,因此在使用上不受用户的终端设备的限制,具有较高的灵活性。The identity authentication device provided in this embodiment obtains the password input by the user and the proficiency of the user input password, and at the same time performs identity authentication on the user according to the password input by the user and the proficiency of the user input password. Since the identity authentication device provided in this embodiment combines two types of information to authenticate the user at the same time, the security of the identity authentication is improved; in addition, the proficiency of the user's password input can be acquired during the process of the user's password input. It can identify whether the current password input is the user himself, realize the authentication of the user, and do not need to rely on the user's terminal equipment to receive the dynamic password, so the use is not limited by the user's terminal equipment, and has high flexibility.

所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, device and method can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware, or in the form of hardware plus software functional units.

上述以软件功能单元的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能单元存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本申请各个实施例所述方法的部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The above-mentioned integrated units implemented in the form of software functional units may be stored in a computer-readable storage medium. The above-mentioned software functional units are stored in a storage medium, and include several instructions to make a computer device (which may be a personal computer, server, or network device, etc.) or a processor (processor) execute the methods described in various embodiments of the present application. partial steps. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other various media that can store program codes. .

最后应说明的是:以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, rather than limiting them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still Modifications are made to the technical solutions described in the foregoing embodiments, or equivalent replacements are made to some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the present application.

Claims (14)

1. an identity identifying method, it is characterised in that including:
The password of acquisition user's input and described user input the proficiency of described password;
The password inputted according to described user and described user input the proficiency of described password, to described user Carry out authentication.
Method the most according to claim 1, it is characterised in that described according to described user input close Code and described user input the proficiency of described password, and described user is carried out authentication, including:
Judge that the password that described user inputs is the most identical with the password preset;
If the password of described user input is identical with the password preset, it is judged that described user inputs described password Whether proficiency is in the range of default proficiency;
If described user inputs the proficiency of described password in the range of default proficiency, determine that described user belongs to In validated user.
Method the most according to claim 2, it is characterised in that the described user of described acquisition inputs described The proficiency of password, including:
Monitor described user and input the KeyEvent produced in described cryptographic processes, include obtaining described password Character number and described user input the total time-consuming of described password;
The character number that the most time-consuming and described password of described password includes is inputted, it is thus achieved that institute according to described user State user and input the average time-consuming to input the ripe of described password as described user of single character in described password White silk degree.
Method the most according to claim 3, it is characterised in that the described user of described judgement inputs described The proficiency of password whether in the range of default proficiency, including:
Obtain described user and input the average the most time-consuming with the standard obtained in advance of single character in described password Difference;
If described difference is in default threshold interval, determine that described user inputs the proficiency of described password and exists In the range of described default proficiency;
If described difference is not at default threshold interval, determine that described user inputs the proficiency of described password not In the range of described default proficiency.
Method the most according to claim 4, it is characterised in that described to obtain described standard in advance time-consuming, Including:
Obtain described user i & lt in default learning cycle and input the average consumption of single character in described password Time, i is the natural number less than N, and N is the maximum times that user inputs described password in described learning cycle;
Calculate the N number of the most time-consuming standard deviation of described acquisition, using time-consuming as described standard.
6. according to the method described in any one of claim 2-5, it is characterised in that also include:
If the password of described user input differs with the password preset, determine that described user belongs to non-legally and uses Family;
If the password of described user input is identical with the password preset, but described user inputs the ripe of described password White silk degree, not in the range of default proficiency, determines that described user belongs to suspicious user.
Method the most according to claim 6, it is characterised in that also include:
If it is determined that described user belongs to suspicious user, then continue the identifying code inputted according to described user, to institute State user and carry out authentication.
8. an identification authentication system, it is characterised in that including:
Acquisition module, the password and described user for obtaining user's input inputs the proficiency of described password;
Authentication module, inputs the skilled of described password for password and the described user inputted according to described user Degree, carries out authentication to described user.
Device the most according to claim 8, it is characterised in that described authentication module specifically for:
Judge that the password that described user inputs is the most identical with the password preset;
If the password of described user input is identical with the password preset, it is judged that described user inputs described password Whether proficiency is in the range of default proficiency;
If described user inputs the proficiency of described password in the range of default proficiency, determine that described user belongs to In validated user.
Device the most according to claim 9, it is characterised in that described acquisition module specifically for:
Monitor described user and input the KeyEvent produced in described cryptographic processes, include obtaining described password Character number and described user input the total time-consuming of described password;
The character number that the most time-consuming and described password of described password includes is inputted, it is thus achieved that institute according to described user State user and input the average time-consuming to input the ripe of described password as described user of single character in described password White silk degree.
11. devices according to claim 10, it is characterised in that described authentication module specifically for:
Obtain described user and input the average the most time-consuming with the standard obtained in advance of single character in described password Difference;
If described difference is at default threshold interval, determine that described user inputs the proficiency of described password in institute In the range of stating default proficiency;
If described difference is not at default threshold interval, determine that described user inputs the proficiency of described password not In the range of described default proficiency.
12. devices according to claim 11, it is characterised in that described acquisition module is additionally operable to:
Obtain described user i & lt in default learning cycle and input the average consumption of single character in described password Time, i=1,2 ..., N, N are the maximum times that user inputs described password in described learning cycle, and N is Natural number more than 1;
Calculate the N number of the most time-consuming standard deviation of described acquisition, using time-consuming as described standard.
13. according to the device described in any one of claim 9-12, it is characterised in that described authentication module is also For:
When the password that described user inputs differs with the password preset, determine that described user belongs to non-legally User;
The password inputted described user is identical with the password preset, but described user inputs the ripe of described password When white silk degree is not in the range of default proficiency, determine that described user belongs to suspicious user.
14. devices according to claim 13, it is characterised in that described authentication module is additionally operable to:
When described user belongs to suspicious user, continue the identifying code inputted according to described user, to described use Family carries out authentication.
CN201510012502.0A 2015-01-12 2015-01-12 Identity authentication method and device Pending CN105847216A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510012502.0A CN105847216A (en) 2015-01-12 2015-01-12 Identity authentication method and device
PCT/CN2016/070130 WO2016112792A1 (en) 2015-01-12 2016-01-05 Identity authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510012502.0A CN105847216A (en) 2015-01-12 2015-01-12 Identity authentication method and device

Publications (1)

Publication Number Publication Date
CN105847216A true CN105847216A (en) 2016-08-10

Family

ID=56405236

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510012502.0A Pending CN105847216A (en) 2015-01-12 2015-01-12 Identity authentication method and device

Country Status (2)

Country Link
CN (1) CN105847216A (en)
WO (1) WO2016112792A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106656756A (en) * 2016-12-15 2017-05-10 北京容联光辉科技有限公司 Operation method and device of instant messaging software

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11576048B1 (en) * 2020-04-28 2023-02-07 T-Mobile Innovations Llc Mitigating authentication-based hacking of access restricted telecommunication services

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101478401A (en) * 2009-01-21 2009-07-08 东北大学 Authentication method and system based on key stroke characteristic recognition
CN101499905A (en) * 2008-02-02 2009-08-05 诚实科技股份有限公司 Image password authentication system and method for mobile device
US20100083370A1 (en) * 2008-09-26 2010-04-01 Mitac Technology Corp. System and method for dynamic cypher authentication
CN101894223A (en) * 2009-05-20 2010-11-24 鸿富锦精密工业(深圳)有限公司 Password protection method and system
CN103078863A (en) * 2013-01-08 2013-05-01 青岛海信宽带多媒体技术有限公司 Method, device and system for login authentication

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN2045517U (en) * 1988-11-16 1989-10-04 沈阳市建筑五金三厂 Anti-thief warner

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499905A (en) * 2008-02-02 2009-08-05 诚实科技股份有限公司 Image password authentication system and method for mobile device
US20100083370A1 (en) * 2008-09-26 2010-04-01 Mitac Technology Corp. System and method for dynamic cypher authentication
CN101478401A (en) * 2009-01-21 2009-07-08 东北大学 Authentication method and system based on key stroke characteristic recognition
CN101894223A (en) * 2009-05-20 2010-11-24 鸿富锦精密工业(深圳)有限公司 Password protection method and system
CN103078863A (en) * 2013-01-08 2013-05-01 青岛海信宽带多媒体技术有限公司 Method, device and system for login authentication

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106656756A (en) * 2016-12-15 2017-05-10 北京容联光辉科技有限公司 Operation method and device of instant messaging software
CN106656756B (en) * 2016-12-15 2019-09-13 北京容联光辉科技有限公司 The operation method and device of instant message applications

Also Published As

Publication number Publication date
WO2016112792A1 (en) 2016-07-21

Similar Documents

Publication Publication Date Title
US10673843B2 (en) System and method for authentication service
US11003749B2 (en) Risk analysis apparatus and method for risk based authentication
US11663578B2 (en) Login using QR code
CN106330850B (en) Security verification method based on biological characteristics, client and server
EP3378214B1 (en) Controlling access to online resources using device validations
US9800574B2 (en) Method and apparatus for providing client-side score-based authentication
CN106453205B (en) identity verification method and device
US20170109751A1 (en) System and method for carrying strong authentication events over different channels
WO2016015687A1 (en) Voiceprint verification method and device
US9009793B2 (en) Dynamic pin dual factor authentication using mobile device
KR20190014124A (en) Two factor authentication
US9882719B2 (en) Methods and systems for multi-factor authentication
CN105656850B (en) Data processing method, related device and system
Huang et al. Development of a typing behaviour recognition mechanism on android
Al Rousan et al. A comparative analysis of biometrics types: literature review
CN104486306B (en) Identity authentication method is carried out based on finger hand vein recognition and cloud service
CN113872989B (en) SSL protocol-based authentication method, SSL protocol-based authentication device, computer equipment and storage medium
CN113794571A (en) Authentication method, device and medium based on dynamic password
CN105847216A (en) Identity authentication method and device
US11483166B2 (en) Methods and devices for enrolling and authenticating a user with a service
CN117336092A (en) Client login method and device, electronic equipment and storage medium
CN108574657B (en) Server access method, device and system, computing equipment and server
CN114466358B (en) User identity continuous authentication method and device based on zero trust
KR102459974B1 (en) System and method for data authentication
CN112685293A (en) Testing method of encryption interface and related equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160810

RJ01 Rejection of invention patent application after publication