CN101887499A - User identity management method and system - Google Patents
User identity management method and system Download PDFInfo
- Publication number
- CN101887499A CN101887499A CN 201010228017 CN201010228017A CN101887499A CN 101887499 A CN101887499 A CN 101887499A CN 201010228017 CN201010228017 CN 201010228017 CN 201010228017 A CN201010228017 A CN 201010228017A CN 101887499 A CN101887499 A CN 101887499A
- Authority
- CN
- China
- Prior art keywords
- user
- identity
- logged
- user identity
- user behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a user identity management method and a user identity management system, and belongs to the technical field of information management. The method and the system solve the problems that the conventional user identity management technology has easily-counterfeited verification strategies, has no further security measures after passing the verification and cannot verify special users separately. The method comprises the following steps of: verifying a user registry identity through a logically independent virtual host according to the acquired human physiological property; and verifying the registered user identity through the logically independent virtual host according to the acquired user behavior mode. By verifying the user registry identity through the logically independent virtual host according to the human physiological property and verifying the registered user identity according to the user behavior mode, the verification strategies are difficultly counterfeited, the user identity after passing the verification can be further verified, and the special users can be verified separately.
Description
Technical field
The present invention relates to a kind of user identity management method and system, belong to the information management technique field.
Background technology
The existing user identity management system methods of verifying by a verification system that adopt comprise that fingerprint recognition or gate inhibition block mode such as identification and verify whether certain user is legal more.Though the precision of this method checking is higher, but be forged easily, be to use technology widely because refer to duplicating of film and gate inhibition card, and in case passed through checking, the arbitrarily corresponding system of turnover of user just leaves, do not have further safety practice, cause the security of user identity management system relatively poor.In addition, most of user identity management system adopts unified authentication policy that user identity is verified, can't realize special user is verified separately.
Summary of the invention
The invention provides a kind of user identity management method and system, be forged easily to solve the authentication policy in existing user identity management technology, exist, problem by not having further safety practice after verifying and can't verifying separately special user.
A kind of user identity management method comprises:
By logic independently fictitious host computer according to the Human Physiology characteristic obtained the user is logined identity and verifies;
By logic independently fictitious host computer according to the user behavior pattern that obtains the logged-in user identity is verified.
A kind of user identity management system comprises:
The user logins authentication module, be used for by logic independently fictitious host computer according to the Human Physiology characteristic obtained the user is logined identity and verifies;
The logged-in user authentication module, be used for by logic independently fictitious host computer according to the user behavior pattern that obtains the logged-in user identity is verified.
The present invention by logic independently fictitious host computer according to human body physiological characteristics the user is logined identity and verifies, also the logged-in user identity is verified according to user behavior pattern, make that authentication policy is more difficult to be forged, by can also further verifying user identity after the checking, can also verify separately special user.
Description of drawings
Fig. 1 is the schematic flow sheet of a kind of method of user identity being verified based on human body physiological characteristics and user behavior pattern of providing of the specific embodiment of the present invention;
Fig. 2 is the schematic flow sheet of a kind of user identity management method of providing of the specific embodiment of the present invention;
Fig. 3 is the structural representation of a kind of user identity management system that provides of the specific embodiment of the present invention.
Embodiment
The specific embodiment of the present invention provides a kind of user identity management method, as shown in Figure 1, be a kind of method of user identity being verified based on human body physiological characteristics and user behavior pattern, logic independently fictitious host computer manages respectively the user by physiological property and behavior pattern to user A, user B and user C.For this method of clearer explanation, now describe in conjunction with Fig. 2, this method specifically can comprise:
Particularly, the verification system that present embodiment provides can be arranged in one or more main frames, in each main frame, be provided with fully independently fictitious host computer of a plurality of logics, each fictitious host computer is verified at an authentication policy, and realize that by hard disk, subregion Intel Virtualization Technology the Human Physiology characteristic of all validated users can be stored in the user behavior storehouse by one or more virtual hard disks or the fictitious host computer formed.For example a fictitious host computer is only verified user's fingerprint, when the user passes through fingerprint authentication, the fingerprint of storing in the user behavior storehouse is compared, if this user's fingerprint is by checking, it is legal to think that then this user logins identity, allows the corresponding main frame of visit; A fictitious host computer is only verified user's retina, when the user verifies by retina, the retina of storing in the user behavior storehouse is compared, if this user's retina is by checking, it is legal to think that then this user logins identity, allows the corresponding main frame of visit; A fictitious host computer is only verified user's voice, when the user verifies by voice, the voice of storing in the user behavior storehouse is compared, if this user's voice by verifying that it is legal to think that then this user logins identity, allows the corresponding main frame of visit.
Particularly, when the user by checking and when beginning to visit corresponding main frame, can also further verify the user by user behavior pattern, to avoid forging the lawbreaker of human body physiological property by checking, in proof procedure same adopt a plurality of logics fully independently fictitious host computer verify that the user behavior pattern of all validated users can be stored in the user behavior storehouse.For example a fictitious host computer is only verified the click frequency in the user behavior pattern, when logged-in user visit main frame, gather the click frequency of this logged-in user of a period of time, compare with this user's who preserves in the user behavior storehouse click frequency range, if do not surpass this scope, think that then this logged-in user identity is legal, otherwise will stop the access rights of this logged-in user; A fictitious host computer only knocks frequency to the keyboard in the user behavior pattern and verifies, when logged-in user visit main frame, the keyboard of gathering this logged-in user of a period of time knocks frequency, knocking frequency range with this user's who preserves in the user behavior storehouse keyboard compares, if do not surpass this scope, think that then this logged-in user identity is legal, otherwise will stop the access rights of this logged-in user; A fictitious host computer is only verified the application program scope of application in the user behavior pattern, when logged-in user visit main frame, gather the application program of the use of this logged-in user of a period of time, compare with this application program of user scope of application of preserving in the user behavior storehouse, if do not surpass this scope, think that then this logged-in user identity is legal, otherwise will stop the access rights of this logged-in user; A fictitious host computer is only verified the preference network address in the user behavior pattern, when logged-in user visit main frame, gather the network address of the login of this logged-in user of a period of time, compare with this user's who preserves in the user behavior storehouse preference network address, if do not surpass this scope, think that then this logged-in user identity is legal, otherwise will stop the access rights of this logged-in user.
Further, this method can also comprise human body physiological characteristics and the behavior pattern of obtaining renewal, and is stored in and is used for verifying that the user logins the user behavior storehouse of identity and logged-in user identity.
Particularly, when the user of needs checking changes, need upgrade the information of preserving in the user behavior storehouse.When for example needing to increase a new user, the human body physiological characteristics that can gather this user is stored in the user behavior storehouse, uses main frame after a period of time the user, preserves this user's user behavior feature again according to sampling; When a user's of needs change human body physiological characteristics or user behavior feature, after the sampling by a period of time, sampled result is updated in the user behavior storehouse; When a user's of needs deletions authorization information, this user's of preserving in the user behavior storehouse human body physiological characteristics and user behavior feature got final product.
This embodiment by logic independently fictitious host computer according to human body physiological characteristics the user is logined identity and verifies, also the logged-in user identity is verified according to user behavior pattern, make that authentication policy is more difficult to be forged, by can also further verifying user identity after the checking; To special user, a new fictitious host computer only need be set and compose and to realize independent checking with special authentication policy; In the time need changing to checking user's identity, only need to revise authentication policy, have higher security and accuracy.
The specific embodiment of the present invention also provides a kind of user identity management system, as shown in Figure 3, can comprise that specifically the user logins authentication module 31 and logged-in user authentication module 32, the user login authentication module 31 be used for by logic independently fictitious host computer according to the Human Physiology characteristic obtained the user is logined identity and verifies; Logged-in user authentication module 32 be used for by logic independently fictitious host computer according to the user behavior pattern that obtains the logged-in user identity is verified.
Wherein, login in the authentication module 31 the user, the Human Physiology characteristic comprises at least a in fingerprint, retina and the voice; In logged-in user authentication module 32, user behavior pattern comprises that click frequency, keyboard knock at least a in frequency, the application program scope of application and the preference network address.
In addition, this system can also comprise study module 33, is used to obtain the human body physiological characteristics and the user behavior pattern of renewal, and is stored in and is used for verifying that the user logins the user behavior storehouse of identity and logged-in user identity.
The embodiment of the processing capacity of each module that comprises in the said apparatus is described in method embodiment before, no longer is repeated in this description at this.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of claims.
Claims (8)
1. a user identity management method is characterized in that, comprising:
By logic independently fictitious host computer according to the Human Physiology characteristic obtained the user is logined identity and verifies;
By logic independently fictitious host computer according to the user behavior pattern that obtains the logged-in user identity is verified.
2. method according to claim 1 is characterized in that, described Human Physiology characteristic comprises at least a in fingerprint, retina and the voice.
3. method according to claim 1 is characterized in that, described user behavior pattern comprises that click frequency, keyboard knock at least a in frequency, the application program scope of application and the preference network address.
4. according to any described method of claim 1 to 3, it is characterized in that this method also comprises:
Obtain the human body physiological characteristics and the user behavior pattern of renewal, and be stored in and be used for verifying that the user logins the user behavior storehouse of identity and logged-in user identity.
5. a user identity management system is characterized in that, comprising:
The user logins authentication module, be used for by logic independently fictitious host computer according to the Human Physiology characteristic obtained the user is logined identity and verifies;
The logged-in user authentication module, be used for by logic independently fictitious host computer according to the user behavior pattern that obtains the logged-in user identity is verified.
6. system according to claim 5 is characterized in that, logins in the authentication module the user, and described Human Physiology characteristic comprises at least a in fingerprint, retina and the voice.
7. system according to claim 5 is characterized in that, in the logged-in user authentication module, described user behavior pattern comprises that click frequency, keyboard knock at least a in frequency, the application program scope of application and the preference network address.
8. according to any described system of claim 5 to 7, it is characterized in that this system also comprises:
Study module is used to obtain the human body physiological characteristics and the user behavior pattern of renewal, and is stored in and is used for verifying that the user logins the user behavior storehouse of identity and logged-in user identity.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010228017 CN101887499A (en) | 2010-07-08 | 2010-07-08 | User identity management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010228017 CN101887499A (en) | 2010-07-08 | 2010-07-08 | User identity management method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101887499A true CN101887499A (en) | 2010-11-17 |
Family
ID=43073416
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010228017 Pending CN101887499A (en) | 2010-07-08 | 2010-07-08 | User identity management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101887499A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179097A (en) * | 2011-12-23 | 2013-06-26 | 成都有尔创意品牌管理有限公司 | Method and system for sending information |
| CN105827406A (en) * | 2015-01-05 | 2016-08-03 | 腾讯科技(深圳)有限公司 | Identity verification method, identity verification device, and identity verification system |
| CN105991281A (en) * | 2015-02-04 | 2016-10-05 | 中国移动通信集团公司 | Identity authentication method, equipment and system |
| CN106384027A (en) * | 2016-09-05 | 2017-02-08 | 四川长虹电器股份有限公司 | User identity recognition system and recognition method thereof |
| CN106789879A (en) * | 2016-11-18 | 2017-05-31 | 合肥铭锶伟途信息科技有限公司 | Deep learning personal information management system based on vast capacity FPGA |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6421453B1 (en) * | 1998-05-15 | 2002-07-16 | International Business Machines Corporation | Apparatus and methods for user recognition employing behavioral passwords |
| CN1588889A (en) * | 2004-09-24 | 2005-03-02 | 清华大学 | Abnormal detection method for user access activity in attached net storage device |
| US7185106B1 (en) * | 2002-11-15 | 2007-02-27 | Juniper Networks, Inc. | Providing services for multiple virtual private networks |
| CN101365193A (en) * | 2007-08-09 | 2009-02-11 | 财团法人Seoul大学校产学协力财团 | System and method for customer authentication execution based on customer behavior mode |
-
2010
- 2010-07-08 CN CN 201010228017 patent/CN101887499A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6421453B1 (en) * | 1998-05-15 | 2002-07-16 | International Business Machines Corporation | Apparatus and methods for user recognition employing behavioral passwords |
| US7185106B1 (en) * | 2002-11-15 | 2007-02-27 | Juniper Networks, Inc. | Providing services for multiple virtual private networks |
| CN1588889A (en) * | 2004-09-24 | 2005-03-02 | 清华大学 | Abnormal detection method for user access activity in attached net storage device |
| CN101365193A (en) * | 2007-08-09 | 2009-02-11 | 财团法人Seoul大学校产学协力财团 | System and method for customer authentication execution based on customer behavior mode |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179097A (en) * | 2011-12-23 | 2013-06-26 | 成都有尔创意品牌管理有限公司 | Method and system for sending information |
| CN105827406A (en) * | 2015-01-05 | 2016-08-03 | 腾讯科技(深圳)有限公司 | Identity verification method, identity verification device, and identity verification system |
| CN105991281A (en) * | 2015-02-04 | 2016-10-05 | 中国移动通信集团公司 | Identity authentication method, equipment and system |
| CN106384027A (en) * | 2016-09-05 | 2017-02-08 | 四川长虹电器股份有限公司 | User identity recognition system and recognition method thereof |
| CN106789879A (en) * | 2016-11-18 | 2017-05-31 | 合肥铭锶伟途信息科技有限公司 | Deep learning personal information management system based on vast capacity FPGA |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10891360B2 (en) | Systems and methods for improving KBA identity authentication questions | |
| CN101674184B (en) | Identity recognition method based on user keystroke characteristic | |
| US9288669B2 (en) | Mobile touch authentication refresh | |
| CN102761555B (en) | Mandatory access control system and control method based on access history | |
| CN107924436A (en) | Control is accessed using the electronic device of biological identification technology | |
| Kovalchuk et al. | Overview of ICmetrics Technology–Security Infrastructure for Autonomous and Intelligent Healthcare System | |
| DE202015009846U1 (en) | Device for processing biometric information in an electronic device | |
| DE102014118223A1 (en) | Multi-touch authentication by local device | |
| CN101887499A (en) | User identity management method and system | |
| Lovisotto et al. | Mobile biometrics in financial services: A five factor framework | |
| WO2016045225A1 (en) | Password fault tolerance method based on mouse behaviour | |
| CN106878344A (en) | A kind of biological characteristic authentication, register method and device | |
| US9210149B2 (en) | Method for publicly providing protected electronic documents | |
| CN103207963A (en) | Two-factor authentication system based on fingerprint and vein recognition | |
| CN202372990U (en) | USB (Universal Serial Bus) key with fingerprint identifying function | |
| CN105279453B (en) | It is a kind of to support the partitions of file for separating storage management to hide system and method | |
| Yadav et al. | A Robust Secure Access Entrance Method Based on Multi Model Biometric Credentials Iris and Finger Print | |
| CN101459514A (en) | Method and apparatus for biological identification, biological characteristic data ciphering method | |
| CN104036268A (en) | Fingerprint registration method, rapid fingerprint authentication method and terminal device | |
| CN204423472U (en) | The safety door prohibition system of private residence | |
| CN103532956A (en) | Biological information-based authentication method in cloud operation system | |
| CN116561737A (en) | Password validity detection method based on user behavior base line and related equipment thereof | |
| DE112016002436T5 (en) | Controlling access to resource functions at a resource control point via a user device | |
| Kovalchuk et al. | A practical proposal for ensuring the provenance of hardware devices and their safe operation | |
| US10990654B1 (en) | Age-based app lock |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101117 |