[go: up one dir, main page]

WO2016107415A1 - Auxiliary identity authentication method based on user network behavior feature - Google Patents

Auxiliary identity authentication method based on user network behavior feature Download PDF

Info

Publication number
WO2016107415A1
WO2016107415A1 PCT/CN2015/097581 CN2015097581W WO2016107415A1 WO 2016107415 A1 WO2016107415 A1 WO 2016107415A1 CN 2015097581 W CN2015097581 W CN 2015097581W WO 2016107415 A1 WO2016107415 A1 WO 2016107415A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
verification
account
time
secondary authentication
Prior art date
Application number
PCT/CN2015/097581
Other languages
French (fr)
Chinese (zh)
Inventor
冯亮
尹亚伟
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2016107415A1 publication Critical patent/WO2016107415A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • the present invention relates to a secondary authentication method and, more particularly, to a secondary authentication method based on user network behavior characteristics.
  • the existing technical solutions have the following problems: (1) The method of short message verification requires the user to carry the mobile phone with him and the environment in which he has a good wireless communication information, so the applicability is poor, and if the short message receiving delay occurs, the user may be caused. The situation of loss of aging in response to delays; (2) The way of biometric identification requires additional specific hardware and software facilities, so the cost is higher and the application is narrower.
  • the present invention proposes a secondary authentication method based on user network behavior characteristics that is widely applicable, convenient, effective, and low in cost.
  • a secondary authentication method comprising the following steps:
  • the data processing server performs a master identity verification process for the user in a conventional manner, and if the result of the master identity verification process is "pass”, then send a secondary authentication request to the authentication server associated with it to trigger the secondary authentication process, and allow the user to perform subsequent actual data interaction processes only if the secondary authentication result is "pass";
  • the secondary verification server performs a secondary authentication process for the user based on the user identification model running thereon and transmits the secondary authentication result back to the data processing server.
  • analyzing the social network account data includes: (1) manually determining and marking the category of each social networking website account to classify each social networking website account as a "normal account” or a "junk account” respectively. (2) Extracting specific feature attributes of individual users using the social networking website account from the social networking website account data to form training data.
  • the user identification model is constructed based on a classifier pattern, and the user recognition model is trained based on a machine learning algorithm, wherein the user recognition model quantifies the characteristic attribute of the user by It is compared to a predetermined one or more thresholds to actually verify the identity of the user.
  • the feature attribute includes basic information of the user, social information, and social behavior information.
  • the secondary verification request includes a first user identifier of the user for the primary authentication process.
  • the step (A3) further comprises: (1) after receiving the auxiliary verification request, the verification server prompts the user to log in to a specific social networking site through a specific user interface to Obtaining social networking site account data associated with the user, wherein the user logs into the social networking site using a second user identifier; (2) if the login operation fails, the authentication server prompts the user "login failed, unable to verify And returning a verification result indicating "unable to verify” to the data processing server, if the login operation is successful, proceeding to step (3); (3) determining whether the current login is the first time of the user by querying the verification history database Logging in, and if it is the first login, associating the first user identifier with the second user identifier and recording the association in the verification history database and proceeding to step (5), if not for the first time Login, then pass Querying the verification history database to determine whether the second user identifier is consistent with an association identifier indicated in a verification record previously associated with the first user identifie
  • the step (A3) further comprises: prompting the user that the account registration time is too short if the reason for the verification failure is that the time difference between the registration time and the current time is less than the time threshold.
  • the auxiliary identity verification method based on user network behavior characteristics disclosed by the invention has the following advantages: wide applicability, convenience and efficiency, and low cost.
  • FIG. 1 is a flow chart of a secondary authentication method in accordance with an embodiment of the present invention.
  • the auxiliary authentication method disclosed by the present invention includes the following steps: (A1) collecting and analyzing social network website (for example, Weibo website, etc.) account data to obtain a training data set, and constructing a user identification model accordingly as well as Training the user identification model with the training data set as input to enable it to function properly; (A2) before the user intends to perform an actual data interaction process with a data processing server (eg, a service provider server)
  • the data processing server performs a primary authentication process for the user in a conventional manner, and if the result of the primary authentication process is "pass", sends a secondary authentication request to the authentication server associated therewith to trigger the secondary authentication The process, and allowing the user to perform subsequent actual data interaction processes only if the secondary authentication result is "pass”;
  • the secondary verification server executes for the user based on the user identification model running thereon A secondary authentication process that passes the secondary authentication results back to the data
  • analyzing the social network account data includes: (1) manually determining and marking the category of each social networking website account to classify each social networking website account as a “normal account”. Or "junk account”; (2) extracting specific feature attributes of individual users who use the social networking website account from the social networking site account data to form training data.
  • the user identification model is constructed based on a classifier mode, and the user identification model is trained based on a machine learning algorithm, wherein the user identification model quantifies a user's
  • the feature attributes are compared and compared to a predetermined one or more thresholds to actually authenticate the user.
  • the number of "normal account” and "junk account” included in the training data set is substantially equal. This can effectively prevent the tilt of the training data and affect the working effect of the user identification model.
  • the feature attribute includes basic information of the user (for example, whether the area is set, the value of the local setting, the gender setting, the value of the gender setting, whether the avatar is set, birthday) Whether to set, the value of the birthday setting, whether the mailbox is set, whether the occupation information is set, the number of professional experiences, whether the education information is set, the number of educations, etc.), social information (for example, the number of fans, the number of followers, and the ratio of the two) , the number of two-way friends, whether the followers are grouped, the number of groups grouped, etc.) and social behavior information (for example, the number of posts posted, the average time span of postings in a day, the percentage of blog posts with URLs, blog posts @ others The average number, the number of similar blog posts, the proportion of similar blog posts, the average number of similar blog posts, the average release time for similar posts, the average number of comments posted, and so on.
  • basic information of the user for example, whether the area is set, the value of the local setting, the gender setting, the
  • the user identification model can determine and identify the type of user using the social networking website account, such as a junk account. Generally, it has the following characteristics: basic information is less filled, has a small number of fans, more followers, and the latter is much more than the former, less published blog posts and comments, or a large number of advertisements and false news in a short time.
  • the secondary authentication request includes a first user identifier (ie, a user ID) of the user for the primary authentication process.
  • a first user identifier ie, a user ID
  • the step (A3) further includes: (1) after receiving the auxiliary verification request, the verification server prompts the user to log in to the specific through a specific user interface.
  • Social networking site such as a microblogging site that has authorized the authentication server to obtain relevant social networking site account data through the user's login operation) to obtain social networking site account data associated with the user (which is socialized)
  • the website server sends to the verification server), wherein the user logs into the social networking website using a second user identifier (ie, the user's social networking website account); (2) if the login operation fails, the authentication server prompts the user "Login failed, cannot be verified” and returns a verification result indicating "unable to verify” to the data processing server.
  • step (3) determine the current login by querying the verification history database Whether it is the first login of the user, and if it is the first login, the first user identifier and the Decoding the second user identifier and recording the association in the verification history database and proceeding to step (5), if not logging in for the first time, determining the second user identifier by querying the verification history database Whether the association identifier indicated in the previous verification record associated with the first user identifier (ie, the previously recorded association relationship with the first user identifier) is consistent, and if not, the verification is terminated.
  • step (4) determining a time and current time of the last successful verification related to the second user identifier Time difference, if the time difference does not exceed the predetermined threshold, terminate the verification process and return a verification result indicating "verification successful" to the data processing server, if the time difference exceeds a predetermined threshold, proceed to step (5);
  • a predetermined threshold which is configured by an administrator of the verification server
  • a time difference if the probability value does not exceed the predetermined threshold and the time difference does not exceed a predetermined time threshold (which is configured by an administrator of the authentication server), then Determining the verification time, account information, and verification result of the current verification of the account in the verification history database and terminating the verification process and returning a verification result indicating "verification successful" to the data processing server; otherwise, terminating the verification process and A verification result indicating "verification failure" is returned to the data processing server.
  • a predetermined time threshold which is configured by an administrator of the authentication server
  • the step (A3) further includes: if the reason for the verification failure is that the time difference between the registration time and the current time is less than the time threshold, prompting the user to “account registration time” Too short.”
  • the auxiliary authentication method disclosed by the present invention has the following advantages: wide applicability, convenience and efficiency, and low cost.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention provides an auxiliary identity authentication method. The method comprises: collect and analyze social networking site account data to obtain a training data set, and accordingly, construct a user identification model and train the user identification model by using the training data set as an input; before a user intends to perform an actual data exchange process with a data processing server, the data processing server performs a main identity authentication process for the user in a normal manner, and if the result of the main identity authentication process is "success", sends an auxiliary authentication request to an authentication server associated with the data processing server to trigger an auxiliary identity authentication process; and an auxiliary authentication server performs the auxiliary identity authentication process for the user based on the user identification model running on the auxiliary authentication server. The disclosed auxiliary identity authentication method has wide applicability, is convenient and effective, and has low costs.

Description

基于用户网络行为特征的辅助身份验证方法Auxiliary authentication method based on user network behavior characteristics 技术领域Technical field
本发明涉及辅助身份验证方法,更具体地,涉及基于用户网络行为特征的辅助身份验证方法。The present invention relates to a secondary authentication method and, more particularly, to a secondary authentication method based on user network behavior characteristics.
背景技术Background technique
目前,随着计算机和网络应用的日益广泛以及不同领域的业务种类的日益丰富,在常规的主验证过程(例如基于用户名和密码的验证方式)之外对网络用户进行辅助身份验证变得越来越重要。At present, with the increasing popularity of computers and network applications and the growing variety of services in different fields, it is becoming more and more necessary for the secondary authentication process (such as username and password based authentication) to authenticate users to network users. The more important.
现有的辅助身份验证方法通常借助手机短信(即在主验证通过之后向用户发送短信,用户随之基于该短信传送回响应信息,由此辅助确定用户的身份)或者生物识别(例如基于用户的指纹、虹膜、语音等等辅助确定用户的身份)而实现,。Existing secondary authentication methods typically rely on mobile phone text messages (ie, sending a text message to the user after the primary authentication is passed, the user then transmits back a response message based on the message, thereby assisting in determining the identity of the user) or biometric (eg, user-based) Fingerprint, iris, voice, etc. assist in determining the identity of the user).
然而,现有的技术方案存在如下问题:(1)短信验证的方式需要用户随身携带手机并且所处的环境具有良好的无线通信信息,因而适用性较差,并且如果发生短信接收延迟会导致用户响应延误而失去时效的情况;(2)生物识别的方式需要附加的特定硬件和软件设施,故成本较高且适用面较窄。However, the existing technical solutions have the following problems: (1) The method of short message verification requires the user to carry the mobile phone with him and the environment in which he has a good wireless communication information, so the applicability is poor, and if the short message receiving delay occurs, the user may be caused. The situation of loss of aging in response to delays; (2) The way of biometric identification requires additional specific hardware and software facilities, so the cost is higher and the application is narrower.
因此,存在如下需求:提供适用性广泛、便捷有效并且成本较低的基于用户网络行为特征的辅助身份验证方法。Therefore, there is a need to provide a secondary authentication method based on user network behavior characteristics that is widely applicable, convenient, effective, and low in cost.
发明内容Summary of the invention
为了解决上述现有技术方案所存在的问题,本发明提出了适用性广泛、便捷有效并且成本较低的基于用户网络行为特征的辅助身份验证方法。In order to solve the problems existing in the above prior art solutions, the present invention proposes a secondary authentication method based on user network behavior characteristics that is widely applicable, convenient, effective, and low in cost.
本发明的目的是通过以下技术方案实现的:The object of the invention is achieved by the following technical solutions:
一种辅助身份验证方法,所述辅助身份验证方法包括下列步骤:A secondary authentication method, the secondary authentication method comprising the following steps:
(A1)收集并分析社交网站账户数据以得到训练数据集,并随之构建用户识别模型以及将所述训练数据集作为输入训练所述用户识别模型,以使其能够正常工作; (A1) collecting and analyzing social network account data to obtain a training data set, and then constructing a user identification model and training the user identification model with the training data set as input to enable it to work normally;
(A2)当用户意图进行与数据处理服务器之间的实际数据交互过程之前,所述数据处理服务器以常规的方式执行针对该用户的主身份验证过程,并且如果所述主身份验证过程的结果是“通过”,则向与其相关联的验证服务器发送辅助验证请求以触发辅助身份验证过程,并仅在辅助身份验证结果为“通过”的情况下允许该用户进行后续的实际数据交互过程;(A2) before the user intends to perform an actual data interaction process with the data processing server, the data processing server performs a master identity verification process for the user in a conventional manner, and if the result of the master identity verification process is "pass", then send a secondary authentication request to the authentication server associated with it to trigger the secondary authentication process, and allow the user to perform subsequent actual data interaction processes only if the secondary authentication result is "pass";
(A3)所述辅助验证服务器基于运行于其上的所述用户识别模型执行针对该用户的辅助身份验证过程,并将辅助身份验证结果传送回所述数据处理服务器。(A3) The secondary verification server performs a secondary authentication process for the user based on the user identification model running thereon and transmits the secondary authentication result back to the data processing server.
在上面所公开的方案中,优选地,分析社交网站账户数据包括:(1)人工判断并标示每个社交网站账户的类别从而将各个社交网站账户分别归类为“正常账号”或“垃圾账号”;(2)从社交网站账户数据中抽取出使用所述社交网站账户的各个用户的特定的特征属性以形成训练数据。In the solution disclosed above, preferably, analyzing the social network account data includes: (1) manually determining and marking the category of each social networking website account to classify each social networking website account as a "normal account" or a "junk account" respectively. (2) Extracting specific feature attributes of individual users using the social networking website account from the social networking website account data to form training data.
在上面所公开的方案中,优选地,基于分类器模式构建所述用户识别模型,并基于机器学习算法训练所述用户识别模型,其中,所述用户识别模型通过量化用户的所述特征属性并将其与预定的一个或多个阈值相比较来实际验证用户身份。In the solution disclosed above, preferably, the user identification model is constructed based on a classifier pattern, and the user recognition model is trained based on a machine learning algorithm, wherein the user recognition model quantifies the characteristic attribute of the user by It is compared to a predetermined one or more thresholds to actually verify the identity of the user.
在上面所公开的方案中,优选地,所述特征属性包括用户的基本信息、社交信息以及社交行为信息。In the solution disclosed above, preferably, the feature attribute includes basic information of the user, social information, and social behavior information.
在上面所公开的方案中,优选地,所述辅助验证请求包含用户的用于主身份验证过程的第一用户标识符。In the solution disclosed above, preferably, the secondary verification request includes a first user identifier of the user for the primary authentication process.
在上面所公开的方案中,优选地,所述步骤(A3)进一步包括:(1)在接收到所述辅助验证请求后,所述验证服务器通过特定的用户界面提示用户登录特定的社交网站以获得与该用户相关联的社交网站账户数据,其中,所述用户使用第二用户标识符登录所述社交网站;(2)如果登录操作失败,则所述验证服务器提示用户“登录失败,无法验证”并向所述数据处理服务器返回指示“无法验证”的验证结果,如果所述登录操作成功,则进入步骤(3);(3)通过查询验证历史纪录数据库确定当前登录是否是该用户的首次登录,并且如果是首次登录,则将所述第一用户标识符与所述第二用户标识符相关联并将关联关系纪录在所述验证历史纪录数据库中并进入步骤(5),如果不是首次登录,则通 过查询所述验证历史纪录数据库确定所述第二用户标识符是否与之前与所述第一用户标识符相关联的验证纪录中所指示的关联标识符相一致,如果不一致,则终止验证过程并向所述数据处理服务器返回指示“验证失败”的验证结果,如果一致,进入步骤(4);(4)确定与所述第二用户标识符相关的最近一次成功验证的时间与当前时间的时间差,如果该时间差不超过预定的阈值,则终止验证过程并向所述数据处理服务器返回指示“验证成功”的验证结果,如果该时间差超过预定的阈值,则进入步骤(5);(5)获取与该用户相关联的社交网站账户数据并抽取出该用户的所述特征属性,随之通过该用户识别模型计算该账户被分类为“正常账号”的概率值,随之将该概率值与预定的阈值相比较并计算该账户的注册时间与当前时间的时间差,如果该概率值不超过所述预定的阈值并且所述时间差不超过预定的时间阈值,则在所述验证历史纪录数据库中纪录该账户的本次验证的验证时间、账户信息和验证结果并终止验证过程以及向所述数据处理服务器返回指示“验证成功”的验证结果,否则,终止验证过程以及向所述数据处理服务器返回指示“验证失败”的验证结果。In the solution disclosed above, preferably, the step (A3) further comprises: (1) after receiving the auxiliary verification request, the verification server prompts the user to log in to a specific social networking site through a specific user interface to Obtaining social networking site account data associated with the user, wherein the user logs into the social networking site using a second user identifier; (2) if the login operation fails, the authentication server prompts the user "login failed, unable to verify And returning a verification result indicating "unable to verify" to the data processing server, if the login operation is successful, proceeding to step (3); (3) determining whether the current login is the first time of the user by querying the verification history database Logging in, and if it is the first login, associating the first user identifier with the second user identifier and recording the association in the verification history database and proceeding to step (5), if not for the first time Login, then pass Querying the verification history database to determine whether the second user identifier is consistent with an association identifier indicated in a verification record previously associated with the first user identifier, and if not, terminate the verification process and Returning a verification result indicating "verification failure" to the data processing server, if yes, proceeding to step (4); (4) determining a time difference between the last successful verification time and the current time associated with the second user identifier If the time difference does not exceed the predetermined threshold, terminate the verification process and return a verification result indicating "verification successful" to the data processing server, if the time difference exceeds a predetermined threshold, proceed to step (5); (5) obtain Social network website account data associated with the user and extracting the characteristic attribute of the user, and then calculating, by the user identification model, a probability value that the account is classified as a “normal account number”, and then the probability value is predetermined The threshold is compared and the time difference between the registration time of the account and the current time is calculated, if the probability value does not exceed the Determining a threshold and the time difference does not exceed a predetermined time threshold, recording a verification time, account information, and verification result of the current verification of the account in the verification history database and terminating the verification process and the data processing server A verification result indicating "verification successful" is returned, otherwise, the verification process is terminated and a verification result indicating "verification failure" is returned to the data processing server.
在上面所公开的方案中,优选地,所述步骤(A3)进一步包括:如果验证失败的原因是注册时间与当前时间的时间差小于所述时间阈值,则提示用户“账号注册时间太短”。In the solution disclosed above, preferably, the step (A3) further comprises: prompting the user that the account registration time is too short if the reason for the verification failure is that the time difference between the registration time and the current time is less than the time threshold.
本发明所公开的基于用户网络行为特征的辅助身份验证方法具有以下优点:具有广泛的适用性、并且便捷有效且成本较低。The auxiliary identity verification method based on user network behavior characteristics disclosed by the invention has the following advantages: wide applicability, convenience and efficiency, and low cost.
附图说明DRAWINGS
结合附图,本发明的技术特征以及优点将会被本领域技术人员更好地理解,其中:The technical features and advantages of the present invention will be better understood by those skilled in the art, in which:
图1是根据本发明的实施例的辅助身份验证方法的流程图。1 is a flow chart of a secondary authentication method in accordance with an embodiment of the present invention.
具体实施方式detailed description
图1是根据本发明的实施例的辅助身份验证方法的流程图。如图1所示,本发明所公开的辅助身份验证方法包括下列步骤:(A1)收集并分析社交网站(例如微博网站等等)账户数据以得到训练数据集,并随之构建用户识别模型以及 将所述训练数据集作为输入训练所述用户识别模型,以使其能够正常工作;(A2)当用户意图进行与数据处理服务器(例如服务提供方服务器)之间的实际数据交互过程之前,所述数据处理服务器以常规的方式执行针对该用户的主身份验证过程,并且如果所述主身份验证过程的结果是“通过”,则向与其相关联的验证服务器发送辅助验证请求以触发辅助身份验证过程,并仅在辅助身份验证结果为“通过”的情况下允许该用户进行后续的实际数据交互过程;(A3)所述辅助验证服务器基于运行于其上的所述用户识别模型执行针对该用户的辅助身份验证过程,并将辅助身份验证结果传送回所述数据处理服务器。1 is a flow chart of a secondary authentication method in accordance with an embodiment of the present invention. As shown in FIG. 1, the auxiliary authentication method disclosed by the present invention includes the following steps: (A1) collecting and analyzing social network website (for example, Weibo website, etc.) account data to obtain a training data set, and constructing a user identification model accordingly as well as Training the user identification model with the training data set as input to enable it to function properly; (A2) before the user intends to perform an actual data interaction process with a data processing server (eg, a service provider server) The data processing server performs a primary authentication process for the user in a conventional manner, and if the result of the primary authentication process is "pass", sends a secondary authentication request to the authentication server associated therewith to trigger the secondary authentication The process, and allowing the user to perform subsequent actual data interaction processes only if the secondary authentication result is "pass"; (A3) the secondary verification server executes for the user based on the user identification model running thereon A secondary authentication process that passes the secondary authentication results back to the data processing server.
优选地,在本发明所公开的辅助身份验证方法中,分析社交网站账户数据包括:(1)人工判断并标示每个社交网站账户的类别从而将各个社交网站账户分别归类为“正常账号”或“垃圾账号”;(2)从社交网站账户数据中抽取出使用所述社交网站账户的各个用户的特定的特征属性以形成训练数据。Preferably, in the auxiliary authentication method disclosed by the present invention, analyzing the social network account data includes: (1) manually determining and marking the category of each social networking website account to classify each social networking website account as a “normal account”. Or "junk account"; (2) extracting specific feature attributes of individual users who use the social networking website account from the social networking site account data to form training data.
优选地,在本发明所公开的辅助身份验证方法中,基于分类器模式构建所述用户识别模型,并基于机器学习算法训练所述用户识别模型,其中,所述用户识别模型通过量化用户的所述特征属性并将其与预定的一个或多个阈值相比较来实际验证用户身份。Preferably, in the auxiliary authentication method disclosed by the present invention, the user identification model is constructed based on a classifier mode, and the user identification model is trained based on a machine learning algorithm, wherein the user identification model quantifies a user's The feature attributes are compared and compared to a predetermined one or more thresholds to actually authenticate the user.
优选地,在本发明所公开的辅助身份验证方法中,所述训练数据集所包含的“正常账号”和“垃圾账号”的数量基本相等。这可以有效地防止训练数据的倾斜而影响用户识别模型的工作效果。Preferably, in the secondary authentication method disclosed by the present invention, the number of "normal account" and "junk account" included in the training data set is substantially equal. This can effectively prevent the tilt of the training data and affect the working effect of the user identification model.
优选地,在本发明所公开的辅助身份验证方法中,所述特征属性包括用户的基本信息(例如,地区是否设置、地区设置的值、性别是否设置、性别设置的值、头像是否设置、生日是否设置、生日设置的值、邮箱是否设置、职业信息是否设置、职业经历的次数、教育信息是否设置、教育的次数等等)、社交信息(例如,粉丝数、关注数、以及两者的比例、双向好友的数量、关注者是否进行分组,分组的组数等等)以及社交行为信息(例如,发布博文的数量、一天内平均发文的时间跨度、含有URL的博文比例、博文中@其他人的平均数量、类似博文的数量、类似博文的比例、类似博文的平均数量、类似博文的发布平均间隔时间、发布博文的平均评论数等等)。基于这些特征信息,所述用户识别模型能够判断和识别使用该社交网站账户的用户的类型,例如垃圾账号 一般会具有下列特征:基本信息较少填写,拥有少量的粉丝,较多的关注者,并且后者数量远多于前者,较少发布博文和评论,或者短时间内传播大量广告、虚假消息。Preferably, in the auxiliary authentication method disclosed by the present invention, the feature attribute includes basic information of the user (for example, whether the area is set, the value of the local setting, the gender setting, the value of the gender setting, whether the avatar is set, birthday) Whether to set, the value of the birthday setting, whether the mailbox is set, whether the occupation information is set, the number of professional experiences, whether the education information is set, the number of educations, etc.), social information (for example, the number of fans, the number of followers, and the ratio of the two) , the number of two-way friends, whether the followers are grouped, the number of groups grouped, etc.) and social behavior information (for example, the number of posts posted, the average time span of postings in a day, the percentage of blog posts with URLs, blog posts @ others The average number, the number of similar blog posts, the proportion of similar blog posts, the average number of similar blog posts, the average release time for similar posts, the average number of comments posted, and so on. Based on the feature information, the user identification model can determine and identify the type of user using the social networking website account, such as a junk account. Generally, it has the following characteristics: basic information is less filled, has a small number of fans, more followers, and the latter is much more than the former, less published blog posts and comments, or a large number of advertisements and false news in a short time.
优选地,在本发明所公开的辅助身份验证方法中,所述辅助验证请求包含用户的用于主身份验证过程的第一用户标识符(即用户ID)。Preferably, in the secondary authentication method disclosed by the present invention, the secondary authentication request includes a first user identifier (ie, a user ID) of the user for the primary authentication process.
优选地,在本发明所公开的辅助身份验证方法中,所述步骤(A3)进一步包括:(1)在接收到所述辅助验证请求后,所述验证服务器通过特定的用户界面提示用户登录特定的社交网站(例如微博网站,其已对验证服务器进行了授权,使其能够通过用户的登录操作获取相关的社交网站账户数据)以获得与该用户相关联的社交网站账户数据(其由社交网站服务器发送至所述验证服务器),其中,所述用户使用第二用户标识符(即用户的社交网站账户)登录所述社交网站;(2)如果登录操作失败,则所述验证服务器提示用户“登录失败,无法验证”并向所述数据处理服务器返回指示“无法验证”的验证结果,如果所述登录操作成功,则进入步骤(3);(3)通过查询验证历史纪录数据库确定当前登录是否是该用户的首次登录,并且如果是首次登录,则将所述第一用户标识符与所述第二用户标识符相关联并将关联关系纪录在所述验证历史纪录数据库中并进入步骤(5),如果不是首次登录,则通过查询所述验证历史纪录数据库确定所述第二用户标识符是否与之前与所述第一用户标识符相关联的验证纪录(即之前纪录的与所述第一用户标识符相关的关联关系)中所指示的关联标识符相一致,如果不一致,则终止验证过程并向所述数据处理服务器返回指示“验证失败”的验证结果,如果一致,进入步骤(4);(4)确定与所述第二用户标识符相关的最近一次成功验证的时间与当前时间的时间差,如果该时间差不超过预定的阈值,则终止验证过程并向所述数据处理服务器返回指示“验证成功”的验证结果,如果该时间差超过预定的阈值,则进入步骤(5);(5)获取与该用户相关联的社交网站账户数据并抽取出该用户的所述特征属性,随之通过该用户识别模型计算该账户被分类为“正常账号”的概率值,随之将该概率值与预定的阈值(其由验证服务器的管理员配置)相比较并计算该账户的注册时间与当前时间的时间差,如果该概率值不超过所述预定的阈值并且所述时间差不超过预定的时间阈值(其由验证服务器的管理员配置),则在 所述验证历史纪录数据库中纪录该账户的本次验证的验证时间、账户信息和验证结果并终止验证过程以及向所述数据处理服务器返回指示“验证成功”的验证结果,否则,终止验证过程以及向所述数据处理服务器返回指示“验证失败”的验证结果。Preferably, in the auxiliary authentication method disclosed by the present invention, the step (A3) further includes: (1) after receiving the auxiliary verification request, the verification server prompts the user to log in to the specific through a specific user interface. Social networking site (such as a microblogging site that has authorized the authentication server to obtain relevant social networking site account data through the user's login operation) to obtain social networking site account data associated with the user (which is socialized) The website server sends to the verification server), wherein the user logs into the social networking website using a second user identifier (ie, the user's social networking website account); (2) if the login operation fails, the authentication server prompts the user "Login failed, cannot be verified" and returns a verification result indicating "unable to verify" to the data processing server. If the login operation is successful, proceed to step (3); (3) determine the current login by querying the verification history database Whether it is the first login of the user, and if it is the first login, the first user identifier and the Decoding the second user identifier and recording the association in the verification history database and proceeding to step (5), if not logging in for the first time, determining the second user identifier by querying the verification history database Whether the association identifier indicated in the previous verification record associated with the first user identifier (ie, the previously recorded association relationship with the first user identifier) is consistent, and if not, the verification is terminated. And returning to the data processing server a verification result indicating "verification failure", if yes, proceeding to step (4); (4) determining a time and current time of the last successful verification related to the second user identifier Time difference, if the time difference does not exceed the predetermined threshold, terminate the verification process and return a verification result indicating "verification successful" to the data processing server, if the time difference exceeds a predetermined threshold, proceed to step (5); Obtaining social networking website account data associated with the user and extracting the characteristic attribute of the user, followed by The user identification model calculates a probability value that the account is classified as a "normal account number", and then compares the probability value with a predetermined threshold (which is configured by an administrator of the verification server) and calculates the registration time and current time of the account. a time difference, if the probability value does not exceed the predetermined threshold and the time difference does not exceed a predetermined time threshold (which is configured by an administrator of the authentication server), then Determining the verification time, account information, and verification result of the current verification of the account in the verification history database and terminating the verification process and returning a verification result indicating "verification successful" to the data processing server; otherwise, terminating the verification process and A verification result indicating "verification failure" is returned to the data processing server.
优选地,在本发明所公开的辅助身份验证方法中,所述步骤(A3)进一步包括:如果验证失败的原因是注册时间与当前时间的时间差小于所述时间阈值,则提示用户“账号注册时间太短”。Preferably, in the auxiliary authentication method disclosed by the present invention, the step (A3) further includes: if the reason for the verification failure is that the time difference between the registration time and the current time is less than the time threshold, prompting the user to “account registration time” Too short."
由上可见,本发明所公开的辅助身份验证方法具有下列优点:具有广泛的适用性、并且便捷有效且成本较低。As can be seen from the above, the auxiliary authentication method disclosed by the present invention has the following advantages: wide applicability, convenience and efficiency, and low cost.
尽管本发明是通过上述的优选实施方式进行描述的,但是其实现形式并不局限于上述的实施方式。应该认识到:在不脱离本发明主旨和范围的情况下,本领域技术人员可以对本发明做出不同的变化和修改。 Although the invention has been described in terms of the preferred embodiments described above, the implementation forms are not limited to the embodiments described above. It will be appreciated that various changes and modifications can be made in the present invention without departing from the spirit and scope of the invention.

Claims (7)

  1. 一种辅助身份验证方法,所述辅助身份验证方法包括下列步骤:A secondary authentication method, the secondary authentication method comprising the following steps:
    (A1)收集并分析社交网站账户数据以得到训练数据集,并随之构建用户识别模型以及将所述训练数据集作为输入训练所述用户识别模型,以使其能够正常工作;(A1) collecting and analyzing social network account data to obtain a training data set, and then constructing a user identification model and training the user identification model with the training data set as input to enable it to work normally;
    (A2)当用户意图进行与数据处理服务器之间的实际数据交互过程之前,所述数据处理服务器以常规的方式执行针对该用户的主身份验证过程,并且如果所述主身份验证过程的结果是“通过”,则向与其相关联的验证服务器发送辅助验证请求以触发辅助身份验证过程,并仅在辅助身份验证结果为“通过”的情况下允许该用户进行后续的实际数据交互过程;(A2) before the user intends to perform an actual data interaction process with the data processing server, the data processing server performs a master identity verification process for the user in a conventional manner, and if the result of the master identity verification process is "pass", then send a secondary authentication request to the authentication server associated with it to trigger the secondary authentication process, and allow the user to perform subsequent actual data interaction processes only if the secondary authentication result is "pass";
    (A3)所述辅助验证服务器基于运行于其上的所述用户识别模型执行针对该用户的辅助身份验证过程,并将辅助身份验证结果传送回所述数据处理服务器。(A3) The secondary verification server performs a secondary authentication process for the user based on the user identification model running thereon and transmits the secondary authentication result back to the data processing server.
  2. 根据权利要求1所述的辅助身份验证方法,其特征在于,分析社交网站账户数据包括:(1)人工判断并标示每个社交网站账户的类别从而将各个社交网站账户分别归类为“正常账号”或“垃圾账号”;(2)从社交网站账户数据中抽取出使用所述社交网站账户的各个用户的特定的特征属性以形成训练数据。The auxiliary authentication method according to claim 1, wherein the analyzing the social network account data comprises: (1) manually determining and marking the category of each social networking website account to classify each social networking website account as a "normal account". Or "junk account"; (2) extracting specific feature attributes of individual users using the social networking website account from social networking website account data to form training data.
  3. 根据权利要求2所述的辅助身份验证方法,其特征在于,基于分类器模式构建所述用户识别模型,并基于机器学习算法训练所述用户识别模型,其中,所述用户识别模型通过量化用户的所述特征属性并将其与预定的一个或多个阈值相比较来实际验证用户身份。The secondary authentication method according to claim 2, wherein the user identification model is constructed based on a classifier mode, and the user identification model is trained based on a machine learning algorithm, wherein the user identification model quantifies a user The feature attribute is compared to a predetermined one or more thresholds to actually verify the identity of the user.
  4. 根据权利要求3所述的辅助身份验证方法,其特征在于,所述特征属性包括用户的基本信息、社交信息以及社交行为信息。The secondary authentication method according to claim 3, wherein the feature attribute comprises basic information of the user, social information, and social behavior information.
  5. 根据权利要求4所述的辅助身份验证方法,其特征在于,所述辅助验证请求包含用户的用于主身份验证过程的第一用户标识符。The secondary authentication method according to claim 4, wherein the secondary authentication request includes a first user identifier of the user for the primary identity verification process.
  6. 根据权利要求4所述的辅助身份验证方法,其特征在于,所述步骤(A3)进一步包括:(1)在接收到所述辅助验证请求后,所述验证服务器通过特定的 用户界面提示用户登录特定的社交网站以获得与该用户相关联的社交网站账户数据,其中,所述用户使用第二用户标识符登录所述社交网站;(2)如果登录操作失败,则所述验证服务器提示用户“登录失败,无法验证”并向所述数据处理服务器返回指示“无法验证”的验证结果,如果所述登录操作成功,则进入步骤(3);(3)通过查询验证历史纪录数据库确定当前登录是否是该用户的首次登录,并且如果是首次登录,则将所述第一用户标识符与所述第二用户标识符相关联并将关联关系纪录在所述验证历史纪录数据库中并进入步骤(5),如果不是首次登录,则通过查询所述验证历史纪录数据库确定所述第二用户标识符是否与之前与所述第一用户标识符相关联的验证纪录中所指示的关联标识符相一致,如果不一致,则终止验证过程并向所述数据处理服务器返回指示“验证失败”的验证结果,如果一致,进入步骤(4);(4)确定与所述第二用户标识符相关的最近一次成功验证的时间与当前时间的时间差,如果该时间差不超过预定的阈值,则终止验证过程并向所述数据处理服务器返回指示“验证成功”的验证结果,如果该时间差超过预定的阈值,则进入步骤(5);(5)获取与该用户相关联的社交网站账户数据并抽取出该用户的所述特征属性,随之通过该用户识别模型计算该账户被分类为“正常账号”的概率值,随之将该概率值与预定的阈值相比较并计算该账户的注册时间与当前时间的时间差,如果该概率值不超过所述预定的阈值并且所述时间差不超过预定的时间阈值,则在所述验证历史纪录数据库中纪录该账户的本次验证的验证时间、账户信息和验证结果并终止验证过程以及向所述数据处理服务器返回指示“验证成功”的验证结果,否则,终止验证过程以及向所述数据处理服务器返回指示“验证失败”的验证结果。The secondary authentication method according to claim 4, wherein the step (A3) further comprises: (1) after receiving the secondary verification request, the verification server passes a specific The user interface prompts the user to log in to a particular social networking site to obtain social networking site account data associated with the user, wherein the user logs into the social networking site using the second user identifier; (2) if the login operation fails, then The verification server prompts the user to "login failed, cannot be verified" and returns a verification result indicating "unable to verify" to the data processing server. If the login operation is successful, proceed to step (3); (3) verify the history by querying The database determines whether the current login is the first login of the user, and if it is the first login, associates the first user identifier with the second user identifier and records the association in the verification history database And proceeding to step (5), if not logging in for the first time, determining whether the second user identifier is associated with the verification record previously associated with the first user identifier by querying the verification history database The identifiers are consistent, if not, the verification process is terminated and returned to the data processing server The verification result indicating "verification failure", if yes, proceeds to step (4); (4) determines the time difference between the time of the last successful verification associated with the second user identifier and the current time, if the time difference does not exceed the predetermined time Threshold, then terminate the verification process and return a verification result indicating "verification successful" to the data processing server, if the time difference exceeds a predetermined threshold, proceed to step (5); (5) acquire social interaction associated with the user The website account data extracts the characteristic attribute of the user, and then calculates, by the user identification model, a probability value that the account is classified as a “normal account number”, and then compares the probability value with a predetermined threshold and calculates the The time difference between the registration time of the account and the current time. If the probability value does not exceed the predetermined threshold and the time difference does not exceed the predetermined time threshold, the verification of the current verification of the account is recorded in the verification history database. Time, account information and verification results and terminate the verification process and return an indication to the data processing server "verification Gong "verification result, otherwise, the process is terminated and authentication server to the data processing is returned indicating" verification failure "verification result.
  7. 根据权利要求6所述的辅助身份验证方法,其特征在于,所述步骤(A3)进一步包括:如果验证失败的原因是注册时间与当前时间的时间差小于所述时间阈值,则提示用户“账号注册时间太短”。 The secondary authentication method according to claim 6, wherein the step (A3) further comprises: if the reason for the verification failure is that the time difference between the registration time and the current time is less than the time threshold, prompting the user to "account registration" Time is too short".
PCT/CN2015/097581 2014-12-30 2015-12-16 Auxiliary identity authentication method based on user network behavior feature WO2016107415A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410837692.5A CN105591747B (en) 2014-12-30 2014-12-30 Assisted identity authentication method based on user network behaviors feature
CN201410837692.5 2014-12-30

Publications (1)

Publication Number Publication Date
WO2016107415A1 true WO2016107415A1 (en) 2016-07-07

Family

ID=55931023

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/097581 WO2016107415A1 (en) 2014-12-30 2015-12-16 Auxiliary identity authentication method based on user network behavior feature

Country Status (3)

Country Link
CN (1) CN105591747B (en)
TW (1) TW201633197A (en)
WO (1) WO2016107415A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111901347A (en) * 2020-07-29 2020-11-06 南方电网科学研究院有限责任公司 Dynamic identity authentication method and device under zero trust
CN114386021A (en) * 2021-12-30 2022-04-22 海南大学 Verification method for generating content in cross DIKW mode
CN116319046A (en) * 2023-04-04 2023-06-23 广州市单元信息科技有限公司 Account identity verification method and system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109344583B (en) * 2018-08-22 2020-10-23 创新先进技术有限公司 Threshold determination and body verification method and device, electronic equipment and storage medium
CN109614777B (en) * 2018-11-23 2020-09-11 第四范式(北京)技术有限公司 Intelligent device and user identity authentication method and device of intelligent device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070156836A1 (en) * 2006-01-05 2007-07-05 Lenovo(Singapore) Pte. Ltd. System and method for electronic chat identity validation
CN103150374A (en) * 2013-03-11 2013-06-12 中国科学院信息工程研究所 Method and system for identifying abnormal microblog users
CN103731488A (en) * 2013-12-26 2014-04-16 黄伟 Photo sharing method and system
CN103914494A (en) * 2013-01-09 2014-07-09 北大方正集团有限公司 Method and system for identifying identity of microblog user

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970289B (en) * 2012-11-09 2015-11-04 同济大学 Identity Authentication Method Based on Web User Behavior Pattern

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070156836A1 (en) * 2006-01-05 2007-07-05 Lenovo(Singapore) Pte. Ltd. System and method for electronic chat identity validation
CN103914494A (en) * 2013-01-09 2014-07-09 北大方正集团有限公司 Method and system for identifying identity of microblog user
CN103150374A (en) * 2013-03-11 2013-06-12 中国科学院信息工程研究所 Method and system for identifying abnormal microblog users
CN103731488A (en) * 2013-12-26 2014-04-16 黄伟 Photo sharing method and system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111901347A (en) * 2020-07-29 2020-11-06 南方电网科学研究院有限责任公司 Dynamic identity authentication method and device under zero trust
CN111901347B (en) * 2020-07-29 2022-12-06 南方电网科学研究院有限责任公司 Dynamic identity authentication method and device under zero trust
CN114386021A (en) * 2021-12-30 2022-04-22 海南大学 Verification method for generating content in cross DIKW mode
CN116319046A (en) * 2023-04-04 2023-06-23 广州市单元信息科技有限公司 Account identity verification method and system
CN116319046B (en) * 2023-04-04 2023-09-01 广州市单元信息科技有限公司 Account identity verification method and system

Also Published As

Publication number Publication date
CN105591747B (en) 2019-11-22
CN105591747A (en) 2016-05-18
TW201633197A (en) 2016-09-16

Similar Documents

Publication Publication Date Title
US10841319B2 (en) System and method for validating users using social network information
CN107276982B (en) A kind of abnormal login detection method and device
CN104301286B (en) User log-in authentication method and device
US9824197B2 (en) Classifier training method and apparatus, identity authentication method and system
US8732803B2 (en) Automated entity verification
WO2016107415A1 (en) Auxiliary identity authentication method based on user network behavior feature
US20170149772A1 (en) Identity authentication method, system, business server and authentication server
EP3211825B1 (en) Trusted terminal verification method and apparatus
CN104281882A (en) Method and system for predicting social network information popularity on basis of user characteristics
CN104303483A (en) User-based identification system for social networks
JP2019530930A (en) Identity recognition method and apparatus
CN110620770A (en) Method and device for analyzing network black product account number
CN107835247B (en) A credit authentication and security system and method
WO2020155508A1 (en) Suspicious user screening method and apparatus, computer device and storage medium
WO2019128930A1 (en) Operation processing method, account information processing method, device, and storage medium
US9754209B1 (en) Managing knowledge-based authentication systems
WO2017084513A1 (en) Method and server for processing verification information
CN110351267B (en) Method and device for determining social media account number stolen
CN111402896B (en) A voice verification method and network equipment
US10454914B2 (en) System and method for verifying user supplied items asserted about the user for searching
CN110401959A (en) Method, device, electronic device and storage medium for detecting network rubbing terminals
US20230368233A1 (en) System and methods for universal identification and passport management
CN108241803A (en) A kind of access control method of heterogeneous system
CN118631479A (en) Abnormal account detection method, device, computer equipment and storage medium
CN114444039A (en) A data model-based authentication method and terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15875093

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 06/11/2017)

122 Ep: pct application non-entry in european phase

Ref document number: 15875093

Country of ref document: EP

Kind code of ref document: A1