[go: up one dir, main page]

CN106507308A - A method and device for identity authentication - Google Patents

A method and device for identity authentication Download PDF

Info

Publication number
CN106507308A
CN106507308A CN201611075196.6A CN201611075196A CN106507308A CN 106507308 A CN106507308 A CN 106507308A CN 201611075196 A CN201611075196 A CN 201611075196A CN 106507308 A CN106507308 A CN 106507308A
Authority
CN
China
Prior art keywords
sub
terminal
time
time period
probability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611075196.6A
Other languages
Chinese (zh)
Inventor
张琦
华锦芝
王宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN201611075196.6A priority Critical patent/CN106507308A/en
Publication of CN106507308A publication Critical patent/CN106507308A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present embodiments relate to field of information security technology, more particularly to a kind of identity identifying method and device, including:Determine that the first sub- time period belonging to the time of the ID authentication request for receiving terminal transmission, the ID authentication request include the current location of the terminal and current service;From all reference zones, the first reference zone belonging to the current location is determined, the reference zone is that the historical position according to the terminal within the described first sub- time period determines;Determine that the terminal is located at the first probability of first reference zone within the described first sub- time period, and the terminal runs the second probability of the current service within the described first sub- time period;Authentication is carried out to the user of the terminal according to first probability and second probability.The embodiment of the present invention is in order to improving safety and the convenience of authentication.

Description

一种身份认证方法及装置A method and device for identity authentication

技术领域technical field

本发明涉及信息安全技术领域,尤其涉及一种身份认证方法及装置。The invention relates to the technical field of information security, in particular to an identity authentication method and device.

背景技术Background technique

随着移动互联网的发展和移动终端的普及,移动终端可以为人们提供方便快捷的移动办公和娱乐等各种强大的功能,逐渐成为网络应用登录、线上线下支付等活动的主要工具和平台。通常在移动终端上回保存大量的个人、公司的重要信息或隐私数据,如个人相片、公司情报等,随之而来的安全问题和便利性成为一个挑战。With the development of the mobile Internet and the popularization of mobile terminals, mobile terminals can provide people with various powerful functions such as convenient and fast mobile office and entertainment, and gradually become the main tools and platforms for activities such as network application login and online and offline payment. Usually, a large amount of personal and company important information or privacy data are stored on mobile terminals, such as personal photos, company information, etc., and the subsequent security issues and convenience become a challenge.

目前,移动终端对用户身份认证主要为基于密码的用户认证,如数字密码、生物特征认证等方式。其中数字密码需要用户记忆,并且每次使用都要手工输入和手工录入,旁人从不同角度都可窥视到用户输入的密码,安全性较低,不具有便利性。生物特征认证方式需要专门的输入设备,技术成本过高,且也需要用户参与录入,且成功率不易保证。因此,需要低成本、高便利性的用户身份认证方法。At present, user identity authentication by mobile terminals is mainly password-based user authentication, such as digital passwords, biometric authentication, and the like. Among them, the digital password needs to be memorized by the user, and each time it is used, it must be manually input and entered. Others can peek at the password entered by the user from different angles, which has low security and is not convenient. The biometric authentication method requires a special input device, the technical cost is too high, and it also requires the user to participate in the input, and the success rate is not easy to guarantee. Therefore, a low-cost, high-convenience user identity authentication method is required.

发明内容Contents of the invention

本申请提供一种身份认证方法及装置,用以提高身份认证的安全性和便利性。The present application provides an identity authentication method and device, which are used to improve the security and convenience of identity authentication.

本发明实施例提供一种身份认证方法,包括以下步骤:An embodiment of the present invention provides an identity authentication method, comprising the following steps:

确定接收到终端发送的身份认证请求的时间所属的第一子时间段,所述身份认证请求中包括所述终端的当前位置以及当前服务;determining the first sub-time period to which the time of receiving the identity authentication request sent by the terminal belongs, the identity authentication request including the current location and current service of the terminal;

从所有参考区域中,确定所述当前位置所属的第一参考区域,所述参考区域是根据所述终端在所述第一子时间段内的历史位置确定的;From all reference areas, determine a first reference area to which the current position belongs, where the reference area is determined according to the historical position of the terminal within the first sub-time period;

确定所述终端在所述第一子时间段内位于所述第一参考区域的第一概率,以及所述终端在所述第一子时间段内运行所述当前服务的第二概率;determining a first probability that the terminal is located in the first reference area during the first sub-time period, and a second probability that the terminal operates the current service during the first sub-time period;

根据所述第一概率和所述第二概率对所述终端的用户进行身份验证。The user of the terminal is authenticated according to the first probability and the second probability.

可选的,所述确定接收到终端发送的身份认证请求的当前时间之前,还包括:Optionally, the determining before the current time of receiving the identity authentication request sent by the terminal further includes:

将历史时长划分为多个历史时间段,将每个历史时间段划分为N个子时间段,其中,每个历史时间段内的第M个子时间段相对应,M≤N;Divide the historical time period into multiple historical time periods, and divide each historical time period into N sub-time periods, where the Mth sub-time period in each historical time period corresponds to M≤N;

确定每个子时间段对应的地理区域集合,其中所述子时间段对应的地理区域集合是由所述终端在所述子时间段的历史位置确定的地理区域组成的;determining a set of geographical areas corresponding to each sub-time period, wherein the set of geographical areas corresponding to the sub-time period is composed of geographical areas determined by the historical position of the terminal in the sub-time period;

确定同一集合中不同地理区域之间的距离,将距离小于距离阈值的地理区域进行合并,作为一个参考区域。Determine the distance between different geographical areas in the same set, and combine the geographical areas whose distance is less than the distance threshold as a reference area.

可选的,所述确定同一集合中不同地理区域之间的距离,包括:Optionally, the determining the distance between different geographic regions in the same set includes:

针对一个地理区域,获取所述地理区域中所述终端的所有历史位置的经度和纬度;确定所有经度的平均值以及所有纬度的平均值,作为所述地理区域的类中心的坐标;根据所述地理区域的类中心的坐标,确定所述地理区域与除所述地理区域外任一个地理区域之间的距离。For a geographical area, obtain the longitude and latitude of all historical positions of the terminal in the geographical area; determine the average value of all longitudes and the average value of all latitudes as the coordinates of the class center of the geographical area; according to the The coordinates of the class center of the geographical area, which determines the distance between the geographical area and any geographical area except the geographical area.

可选的,所述确定所述终端在所述第一子时间段内位于所述第一参考区域的第一概率,包括:Optionally, the determining the first probability that the terminal is located in the first reference area within the first sub-period includes:

从所有第一子时间段对应的参考区域中,确定包含所述终端的历史位置个数最多的第二参考区域;From the reference areas corresponding to all the first sub-time periods, determine the second reference area containing the largest number of historical positions of the terminal;

确定所述第一参考区域中包含的所述终端的历史位置个数,与所述第二参考区域中包含的历史位置个数的比值,作为所述第一概率。Determining a ratio of the number of historical locations of the terminal included in the first reference area to the number of historical locations included in the second reference area as the first probability.

可选的,所述确定所述终端在所述第一子时间段内运行所述当前服务的第二概率,包括:Optionally, the determining the second probability that the terminal runs the current service within the first sub-time period includes:

确定所有第一子时间段内,所述终端运行每个服务的总运行时间;determining the total running time of each service run by the terminal in all first sub-time periods;

选取运行时间最长的服务作为第一服务;Select the service with the longest running time as the first service;

确定所有第一子时间段内,所述当前服务的总运行时间;determining the total running time of the current service in all first sub-time periods;

确定所述当前服务的总运行时间与所述第一服务的总运行时间的比值,作为所述第二概率。A ratio of the total running time of the current service to the total running time of the first service is determined as the second probability.

一种身份认证装置,包括:An identity authentication device, comprising:

子时间段确定单元,用于确定接收到终端发送的身份认证请求的时间所属的第一子时间段,所述身份认证请求中包括所述终端的当前位置以及当前服务;A sub-time period determining unit, configured to determine the first sub-time period to which the time of receiving the identity authentication request sent by the terminal belongs, and the identity authentication request includes the current location and current service of the terminal;

参考区域确定单元,用于从所有参考区域中,确定所述当前位置所属的第一参考区域,所述参考区域是根据所述终端在所述第一子时间段内的历史位置确定的;a reference area determining unit, configured to determine a first reference area to which the current location belongs from all reference areas, the reference area being determined according to the historical position of the terminal within the first sub-time period;

概率计算单元,用于确定所述终端在所述第一子时间段内位于所述第一参考区域的第一概率,以及所述终端在所述第一子时间段内运行所述当前服务的第二概率;a probability calculation unit, configured to determine a first probability that the terminal is located in the first reference area within the first sub-time period, and a probability that the terminal runs the current service within the first sub-time period second probability;

身份验证单元,用于根据所述第一概率和所述第二概率对所述终端的用户进行身份验证。An identity verification unit, configured to perform identity verification on a user of the terminal according to the first probability and the second probability.

可选的,还包括:Optionally, also include:

划分单元,用于将历史时长划分为多个历史时间段,将每个历史时间段划分为N个子时间段,其中,每个历史时间段内的第M个子时间段相对应,M≤N;The division unit is used to divide the historical time period into multiple historical time periods, and divide each historical time period into N sub-time periods, wherein the Mth sub-time period in each historical time period corresponds to M≤N;

集合单元,用于确定每个子时间段对应的地理区域集合,其中所述子时间段对应的地理区域集合是由所述终端在所述子时间段的历史位置确定的地理区域组成的;A collection unit, configured to determine a set of geographical areas corresponding to each sub-time period, wherein the set of geographical areas corresponding to the sub-time period is composed of geographical areas determined by the historical position of the terminal in the sub-time period;

合并单元,用于确定同一集合中不同地理区域之间的距离,将距离小于距离阈值的地理区域进行合并,作为一个参考区域。The merging unit is used to determine the distance between different geographical areas in the same set, and merge the geographical areas whose distance is smaller than the distance threshold as a reference area.

可选的,所述合并单元,具体用于:Optionally, the merging unit is specifically used for:

针对一个地理区域,获取所述地理区域中所述终端的所有历史位置的经度和纬度;确定所有经度的平均值以及所有纬度的平均值,作为所述地理区域的类中心的坐标;根据所述地理区域的类中心的坐标,确定所述地理区域与除所述地理区域外任一个地理区域之间的距离。For a geographical area, obtain the longitude and latitude of all historical positions of the terminal in the geographical area; determine the average value of all longitudes and the average value of all latitudes as the coordinates of the class center of the geographical area; according to the The coordinates of the class center of the geographical area, which determines the distance between the geographical area and any geographical area except the geographical area.

可选的,所述概率计算单元,具体用于:Optionally, the probability calculation unit is specifically used for:

从所有第一子时间段对应的参考区域中,确定包含所述终端的历史位置个数最多的第二参考区域;From the reference areas corresponding to all the first sub-time periods, determine the second reference area containing the largest number of historical positions of the terminal;

确定所述第一参考区域中包含的所述终端的历史位置个数,与所述第二参考区域中包含的历史位置个数的比值,作为所述第一概率。Determining a ratio of the number of historical locations of the terminal included in the first reference area to the number of historical locations included in the second reference area as the first probability.

可选的,所述概率计算单元,具体用于:Optionally, the probability calculation unit is specifically used for:

确定所有第一子时间段内,所述终端运行每个服务的总运行时间;determining the total running time of each service run by the terminal in all first sub-time periods;

选取运行时间最长的服务作为第一服务;Select the service with the longest running time as the first service;

确定所有第一子时间段内,所述当前服务的总运行时间;determining the total running time of the current service in all first sub-time periods;

确定所述当前服务的总运行时间与所述第一服务的总运行时间的比值,作为所述第二概率。A ratio of the total running time of the current service to the total running time of the first service is determined as the second probability.

本发明实施例中,用户使用终端上的服务之前,终端需要验证使用者的身份,向服务器发送身份认证请求,身份请求中包括终端的当前位置以及当前服务。服务器确定接收到身份认证请求的时间,并确定该时间所属的第一子时间段。服务器中存储有进行身份认证的多个参考区域,参考区域是服务器根据终端在第一子时间段内的历史位置确定的。服务器计算终端在是第一子时间段内位于第一参考区域的第一概率,并计算终端在第一子时间段内运行当前服务的第二概率,并根据第一概率和第二概率对用户进行身份验证。本发明实施例中,考虑用户在指定时间内的行动轨迹和使用服务的习惯,当前时间确定用户在当前位置使用当前服务的概率,从而对用户的身份进行认证,无需用户手工输入密码或输入指纹等生物特征,避免了用户参与认证的麻烦,提高了便利性。同时,依据用户平日的行为习惯对用户身份进行认证,避免了用户输入的安全隐患,提高了身份认证的安全性和可靠性。In the embodiment of the present invention, before the user uses the service on the terminal, the terminal needs to verify the user's identity and send an identity authentication request to the server, and the identity request includes the current location of the terminal and the current service. The server determines the time when the identity authentication request is received, and determines the first sub-time period to which the time belongs. Multiple reference areas for identity authentication are stored in the server, and the reference area is determined by the server according to the historical position of the terminal within the first sub-time period. The server calculates the first probability that the terminal is located in the first reference area within the first sub-time period, and calculates the second probability that the terminal runs the current service within the first sub-time period, and calculates the user's information based on the first probability and the second probability Authenticate. In the embodiment of the present invention, considering the user's action trajectory and service usage habits within a specified time, the current time determines the probability of the user using the current service at the current location, thereby authenticating the user's identity without the need for the user to manually enter a password or input a fingerprint And other biometric features, avoiding the trouble of users participating in authentication and improving convenience. At the same time, the user's identity is authenticated according to the user's daily behavior habits, which avoids the safety hazard of user input and improves the security and reliability of identity authentication.

附图说明Description of drawings

为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. For Those of ordinary skill in the art can also obtain other drawings based on these drawings without any creative effort.

图1为本发明实施例适用的一种系统架构示意图;FIG. 1 is a schematic diagram of a system architecture applicable to an embodiment of the present invention;

图2为本发明实施例提供的一种身份认证方法的流程示意图;FIG. 2 is a schematic flowchart of an identity authentication method provided by an embodiment of the present invention;

图3为本发明具体实施例中身份认证方法的流程示意图;3 is a schematic flow diagram of an identity authentication method in a specific embodiment of the present invention;

图4为本发明实施例提供的一种身份认证装置的结构示意图。Fig. 4 is a schematic structural diagram of an identity authentication device provided by an embodiment of the present invention.

具体实施方式detailed description

为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明一部份实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, rather than all embodiments . Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

如图1所示,本发明实施例所适用的一种系统架构,包括终端101和服务器102。终端101可以是手机、平板电脑或者是专用的手持设备等具有无线通信功能的移动电子设备,也可以是PC、笔记本电脑、服务器等有线接入方式连接上网的设备。服务器102可以是计算机等网络设备。优选地,服务器102可以采用云计算技术进行信息处理。As shown in FIG. 1 , a system architecture applicable to this embodiment of the present invention includes a terminal 101 and a server 102 . The terminal 101 may be a mobile electronic device with a wireless communication function such as a mobile phone, a tablet computer, or a dedicated handheld device, or may be a device connected to the Internet through a wired access method such as a PC, a notebook computer, or a server. The server 102 may be a network device such as a computer. Preferably, the server 102 may use cloud computing technology for information processing.

终端101可以通过INTERNET网络与服务器102进行通信,也可以通过全球移动通信系统(Global System for Mobile Communications,简称GSM)、长期演进(long termevolution,简称LTE)系统等移动通信系统与运算服务器102进行通信。The terminal 101 can communicate with the server 102 through the Internet network, or communicate with the computing server 102 through mobile communication systems such as the Global System for Mobile Communications (GSM for short) and the long term evolution (LTE for short) system. .

本发明实施例提供一种优选的实施方式,以终端101为手机为例进行介绍。The embodiment of the present invention provides a preferred implementation mode, and the terminal 101 is a mobile phone as an example for introduction.

图2示例性示出了本发明实施例提供的一种身份认证方法的流程示意图,如图2所示,本发明实施例提供的身份认证方法,包括以下步骤:Figure 2 exemplarily shows a schematic flowchart of an identity authentication method provided by an embodiment of the present invention. As shown in Figure 2, the identity authentication method provided by this embodiment of the present invention includes the following steps:

步骤201、确定接收到终端发送的身份认证请求的时间所属的第一子时间段,所述身份认证请求中包括所述终端的当前位置以及当前服务;Step 201. Determine the first sub-time period to which the time when the identity authentication request sent by the terminal is received, the identity authentication request includes the current location and current service of the terminal;

步骤202、从所有参考区域中,确定所述当前位置所属的第一参考区域,所述参考区域是根据所述终端在所述第一子时间段内的历史位置确定的;Step 202. From all reference areas, determine a first reference area to which the current location belongs, and the reference area is determined according to the historical position of the terminal within the first sub-time period;

步骤203、确定所述终端在所述第一子时间段内位于所述第一参考区域的第一概率,以及所述终端在所述第一子时间段内运行所述当前服务的第二概率;Step 203: Determine a first probability that the terminal is located in the first reference area within the first sub-time period, and a second probability that the terminal operates the current service within the first sub-time period ;

步骤204、根据所述第一概率和所述第二概率对所述终端的用户进行身份验证。Step 204, perform identity verification on the user of the terminal according to the first probability and the second probability.

本发明实施例中,用户使用终端上的服务之前,终端需要验证使用者的身份,向服务器发送身份认证请求,身份请求中包括终端的当前位置以及当前服务。服务器确定接收到身份认证请求的时间,并确定该时间所属的第一子时间段。服务器中存储有进行身份认证的多个参考区域,参考区域是服务器根据终端在第一子时间段内的历史位置确定的。服务器计算终端在是第一子时间段内位于第一参考区域的第一概率,并计算终端在第一子时间段内运行当前服务的第二概率,并根据第一概率和第二概率对用户进行身份验证。本发明实施例中,考虑用户在指定时间内的行动轨迹和使用服务的习惯,当前时间确定用户在当前位置使用当前服务的概率,从而对用户的身份进行认证,无需用户手工输入密码或输入指纹等生物特征,避免了用户参与认证的麻烦,提高了便利性。同时,依据用户平日的行为习惯对用户身份进行认证,避免了用户输入的安全隐患,提高了身份认证的安全性和可靠性。In the embodiment of the present invention, before the user uses the service on the terminal, the terminal needs to verify the user's identity and send an identity authentication request to the server, and the identity request includes the current location of the terminal and the current service. The server determines the time when the identity authentication request is received, and determines the first sub-time period to which the time belongs. Multiple reference areas for identity authentication are stored in the server, and the reference area is determined by the server according to the historical position of the terminal within the first sub-time period. The server calculates the first probability that the terminal is located in the first reference area within the first sub-time period, and calculates the second probability that the terminal runs the current service within the first sub-time period, and calculates the user's information based on the first probability and the second probability Authenticate. In the embodiment of the present invention, considering the user's action trajectory and service usage habits within a specified time, the current time determines the probability of the user using the current service at the current location, thereby authenticating the user's identity without the need for the user to manually enter a password or input a fingerprint And other biometric features, avoiding the trouble of users participating in authentication and improving convenience. At the same time, the user's identity is authenticated according to the user's daily behavior habits, which avoids the safety hazard of user input and improves the security and reliability of identity authentication.

本发明实施例中,服务器中存储有多个参考区域,参考区域为根据终端在过去一段时间内的位置确定。步骤201之前,还包括:In the embodiment of the present invention, multiple reference areas are stored in the server, and the reference areas are determined according to the position of the terminal in the past period of time. Before step 201, it also includes:

将历史时长划分为多个历史时间段,将每个历史时间段划分为N个子时间段,其中,每个历史时间段内的第M个子时间段相对应,M≤N;Divide the historical time period into multiple historical time periods, and divide each historical time period into N sub-time periods, where the Mth sub-time period in each historical time period corresponds to M≤N;

确定每个子时间段对应的地理区域集合,其中所述子时间段对应的地理区域集合是由所述终端在所述子时间段的历史位置确定的地理区域组成的;determining a set of geographical areas corresponding to each sub-time period, wherein the set of geographical areas corresponding to the sub-time period is composed of geographical areas determined by the historical position of the terminal in the sub-time period;

确定同一集合中不同地理区域之间的距离,将距离小于距离阈值的地理区域进行合并,作为一个参考区域。Determine the distance between different geographical areas in the same set, and combine the geographical areas whose distance is less than the distance threshold as a reference area.

举例来说,将一段时长的历史时间划分为多个历史时间段,如,一段时长的历史时间可以取过去的半年时间,将半年时间按天为单位划分历史时间段,每个历史时间段为每一天。这样,将每个历史时间段划分为N个子时间段,即为将过去半年时间中每天划分为N个子时间段,这是考虑用户终端每天不同时间所处的位置不同,且使用的服务也会有差别。当然,也可以依据其它划分方式进行历史时间段和子时间段的划分,如根据用户终端一周中工作日和休息日的行为轨迹不同进行划分。本发明实施例中仅提供一种优选的实施方式,以将历史时长按天为单位进行划分历史时间段为例进行介绍。这里可以将每天平均划分为N个子时间段,如每个子时间段为2小时,将每天平均划分为12个子时间段。For example, a period of historical time is divided into multiple historical time periods. For example, a period of historical time can be taken as the past half year, and half a year is divided into historical time periods in units of days. Each historical time period is every day. In this way, dividing each historical time period into N sub-time periods is to divide each day in the past six months into N sub-time periods. have difference. Of course, the historical time period and the sub-time period may also be divided according to other division methods, such as dividing according to different behavior trajectories of the user terminal on working days and rest days in a week. The embodiment of the present invention only provides a preferred implementation manner, and the introduction is made by dividing the historical time length into a historical time period in units of days as an example. Here, each day can be divided into N sub-time periods on average, for example, each sub-time period is 2 hours, and each day can be divided into 12 sub-time periods on average.

由于终端一天中不同时间的活跃程度不同,因此,也可以不平均划分每天的子时间段,使活跃程度高的子时间段的时长较长,活跃程度低的子时间段的时长较短。例如一天中,从0点至8点,每4小时划分为一个子时间段,即划分为2个子时间段,每个子时间段4小时;从8点至20点,每1小时划分为一个子时间段,即划分为12个子时间段,每个子时间段1小时;从20点至24点,每2小时划分为一个子时间段,即划分为2个子时间段,每个子时间段2小时。总的来说,将一天划分为14个子时间段,前两个子时间段每个子时间段4小时,然后12个子时间段每个子时间段1小时,最后两个子时间段每个子时间段2小时。具体的子时间段划分方式可以根据需要进行选择,本发明实施例不做限制。Since the activities of the terminal are different at different times of the day, the sub-time periods of each day may not be evenly divided, so that the duration of the sub-time period with high activity degree is longer, and the duration of the sub-time period with low activity degree is shorter. For example, in a day, from 0:00 to 8:00, every 4 hours is divided into a sub-time period, that is, divided into 2 sub-time periods, and each sub-time period is 4 hours; from 8:00 to 20:00, every 1 hour is divided into a sub-time period. The time period is divided into 12 sub-time periods, and each sub-time period is 1 hour; from 20:00 to 24:00, every 2 hours is divided into a sub-time period, that is, divided into 2 sub-time periods, and each sub-time period is 2 hours. In general, divide the day into 14 sub-time periods, the first two sub-time periods are 4 hours each, then 12 sub-time periods are 1 hour each, and the last two sub-time periods are 2 hours each. The specific manner of dividing sub-time periods may be selected according to needs, and is not limited in this embodiment of the present invention.

需要说明的是,每个历史时间段划分子时间段的方式需完全相同,即每个历史时间段内的第M个子时间段相对应。也就是说,若将一天进行平均划分为12个子时间段,则每天都需平均划分为12个子时间段,则第M个子时间段相对应。若将一天根据用户的行为轨迹划分为多个子时间段,则每一天都需同样方式进行划分,这样第M个子时间段相对应。It should be noted that each historical time period is divided into sub-time periods in exactly the same way, that is, the Mth sub-time period in each historical time period corresponds. That is to say, if a day is divided into 12 sub-time periods on average, every day needs to be divided into 12 sub-time periods on average, and the Mth sub-time period corresponds to it. If a day is divided into multiple sub-time periods according to the user's behavior trajectory, each day needs to be divided in the same way, so that the Mth sub-time period corresponds.

然后确定每个子时间段对应的地理区域,根据每个子时间段内测到的终端的多个地理位置确定一个地理区域,终端的地理位置可以用终端的经纬度坐标表示,故一个地理区域中包括终端在该子时间段内的一个或多个地理位置。将不同历史时间段内的同一个子时间段的地理区域组成集合。具体地,每个历史时间段划分为N个子时间段,由于每个历史时间段的划分方式相同,则将每个历史时间段的第1个子时间段的地理区域组成第1地理区域集合,每个历史时间段的第2个子时间段的地理区域组成第2地理区域集合,以此类推,直至将每个历史时间段的第N个子时间段的地理区域组成第N地理区域集合。Then determine the geographical area corresponding to each sub-time period, and determine a geographical area according to the multiple geographical locations of the terminals measured in each sub-time period. The geographical location of the terminal can be represented by the longitude and latitude coordinates of the terminal, so a geographical area includes the terminal One or more geographic locations within the sub-time period. A collection of geographical areas of the same sub-time period in different historical time periods. Specifically, each historical time period is divided into N sub-time periods, and since each historical time period is divided in the same manner, the geographical area of the first sub-time period of each historical time period is formed into the first geographical area set, and each The geographical areas of the second sub-time period of the first historical time period form the second geographical area set, and so on, until the geographical areas of the Nth sub-time period of each historical time period form the Nth geographical area set.

举例来说,将一天平均划分为12个子时间段,分别为第1子时间段、第2子时间段……第12子时间段,其中,第1子时间段为0点至2点,第2子时间段为2点至4点……第12子时间段为22点至24点。获取一天的第1子时间段内终端的地理位置坐标组成地理区域,历史中一个月时间内包括30个第1子时间段,则第1地理区域集合中包括30个地理区域,一个地理区域对应一天中的第1子时间段。For example, a day is divided into 12 sub-time periods on average, which are the first sub-time period, the second sub-time period ... the 12th sub-time period, wherein the first sub-time period is from 0 o'clock to 2 o'clock, and the The 2nd sub-time period is from 2 o'clock to 4 o'clock... The 12th sub-time period is from 22 o'clock to 24 o'clock. Get the geographic location coordinates of the terminal in the first sub-time period of the day to form a geographical area. There are 30 first sub-time periods in the history, and the first geographical area set includes 30 geographical areas. One geographical area corresponds to The first sub-time period of the day.

确定同一集合中不同地理区域之间的距离,即考察过去一个月中每一天的同一子时间段内,终端的位置轨迹是否相近,若相近,则将位置相近的地理区域进行合并,作为一个参考区域。仍以上述将一天平均划分为12个子时间段为例进行介绍,具体操作方式可以为,将集合中任一地理区域作为地理区域1,考察地理区域1与同一集合中其余29个地理区域之间的距离,遍历其余29个地理区域,将与地理区域1的距离小于阈值的地理区域与地理区域1进行合并作为新的地理区域1,然后遍历其余的地理区域,将与新的地理区域1的距离小于阈值的地理区域,继续与新的地理区域1合并,直至集合中其余所有地理区域与新的地理区域1的距离均大于或等于阈值,则新的地理区域1作为一个参考区域。集合中剩余的地理区域与该参考区域的距离均大于或等于阈值,则从剩余的地理区域中任取一个地理区域作为地理区域2,继续进行如上述类似的合并,直至集合中剩余的地理区域与合并形成的新的地理区域2之间距离均大于或等于阈值,则将新的地理区域2作为一个参考区域。以此类推,直至将集合中的所有地理区域均合并成为参考区域。特殊的,若某个地理区域的距离与其余所有地理区域之间的距离均大于或等于阈值,且与所有参考区域的之间的距离也大于或等于阈值,则将该地理区域独自作为一个参考区域。Determine the distance between different geographical areas in the same set, that is, examine whether the location trajectories of the terminals are similar in the same sub-time period of each day in the past month, and if they are similar, merge the geographical areas with similar positions as a reference area. Still taking the above-mentioned division of a day into 12 sub-time periods as an example, the specific operation method can be as follows: take any geographical area in the set as geographical area 1, and examine the relationship between geographical area 1 and the other 29 geographical areas in the same set , traverse the remaining 29 geographic regions, merge the geographic regions whose distance from geographic region 1 is less than the threshold with geographic region 1 as a new geographic region 1, and then traverse the rest of the geographic regions, and combine them with the new geographic region 1 The geographic areas whose distance is less than the threshold continue to be merged with the new geographic area 1 until the distances between all other geographic areas in the set and the new geographic area 1 are greater than or equal to the threshold, then the new geographic area 1 is used as a reference area. If the distances between the remaining geographical areas in the set and the reference area are greater than or equal to the threshold value, a geographical area is randomly selected from the remaining geographical areas as geographical area 2, and the similar merging as above is continued until the remaining geographical areas in the set are If the distances to the new geographical area 2 formed by merging are greater than or equal to the threshold, the new geographical area 2 is used as a reference area. And so on until all geographic areas in the collection are combined into a reference area. In particular, if the distance between a geographic area and all other geographic areas is greater than or equal to the threshold, and the distance to all reference areas is also greater than or equal to the threshold, then the geographic area is used as a reference alone area.

上述地理区域之间的距离,可以利用地理区域的类中心之间的距离表示。则所述确定同一集合中不同地理区域之间的距离,包括:The distance between the above geographic regions can be represented by the distance between the class centers of the geographic regions. Then said determining the distance between different geographic regions in the same set includes:

针对一个地理区域,获取所述地理区域中所述终端的所有历史位置的经度和纬度;确定所有经度的平均值以及所有纬度的平均值,作为所述地理区域的类中心的坐标;根据所述地理区域的类中心的坐标,确定所述地理区域与除所述地理区域外任一个地理区域之间的距离。For a geographical area, obtain the longitude and latitude of all historical positions of the terminal in the geographical area; determine the average value of all longitudes and the average value of all latitudes as the coordinates of the class center of the geographical area; according to the The coordinates of the class center of the geographical area, which determines the distance between the geographical area and any geographical area except the geographical area.

为了便于计算地理区域之间的距离,本发明实施例引入类中心的概念。由于地理区域中包括终端的各个历史位置,因此,根据终端各个历史位置的经纬度坐标计算地理区域的类中心坐标。具体可以为将所有历史位置坐标的经度取平均值,作为类中心坐标的经度,将所有历史位置坐标的维度取平均值,作为类中心坐标的维度。或者也可以是,从地理区域内所有历史位置的坐标中选取最大经度、最小经度、最大纬度和最小纬度,则将类中心坐标规定为这里最大经度和最大纬度可以对应于不同历史位置的坐标,同样的,最小经度和最小纬度也可以对应于不同历史位置的坐标。In order to facilitate the calculation of distances between geographic regions, the embodiment of the present invention introduces the concept of a class center. Since each historical location of the terminal is included in the geographic area, the class center coordinates of the geographic area are calculated according to the latitude and longitude coordinates of each historical location of the terminal. Specifically, the longitude of all historical position coordinates may be averaged as the longitude of the class center coordinate, and the dimensions of all historical position coordinates may be averaged as the dimension of the class center coordinate. Alternatively, select the maximum longitude, minimum longitude, maximum latitude, and minimum latitude from the coordinates of all historical locations in the geographical area, and specify the class center coordinates as Here the maximum longitude and maximum latitude may correspond to coordinates of different historical locations, and similarly, the minimum longitude and minimum latitude may also correspond to coordinates of different historical locations.

两个地理区域之间的距离可以利用地理区域的类中心距离表示。假设类中心A和类中心B的坐标分别为(α11)和(α22),地球半径为R,则可以利用以下公式计算类中心A和类中心B的距离:The distance between two geographic regions can be represented by the class center distance of the geographic regions. Assuming that the coordinates of class center A and class center B are (α 1 , β 1 ) and (α 2 , β 2 ) respectively, and the radius of the earth is R, the distance between class center A and class center B can be calculated using the following formula:

dis(A,B)=R·arccos[cosβ1cosβ2cos(α12)+sinβ1sinβ2]……公式1dis(A,B)=R·arccos[cosβ 1 cosβ 2 cos(α 12 )+sinβ 1 sinβ 2 ]…Formula 1

其中,dis(A,B)为类中心A与类中心B之间的距离,R为地球半径,(α11)为类中心A的经纬度坐标,(α22)为类中心B的经纬度坐标。Among them, dis(A,B) is the distance between class center A and class center B, R is the radius of the earth, (α 1 , β 1 ) is the longitude and latitude coordinates of class center A, (α 2 , β 2 ) is the class The latitude and longitude coordinates of center B.

上述步骤202中,确定当前位置所属的第一参考区域,也是根据当前位置的经纬度坐标与参考区域的类中心坐标确定。分别计算当前位置与各个参考区域的类中心之间的距离,选取与当前位置距离最小的类中心对应的参考区域为第一参考区域。In the above step 202, determining the first reference area to which the current position belongs is also determined according to the latitude and longitude coordinates of the current position and the class center coordinates of the reference area. The distances between the current position and the class centers of each reference area are calculated respectively, and the reference area corresponding to the class center with the smallest distance to the current position is selected as the first reference area.

优选地,上述步骤203,确定所述终端在所述第一子时间段内位于所述第一参考区域的第一概率,包括:Preferably, the above step 203, determining the first probability that the terminal is located in the first reference area within the first sub-time period, includes:

从所有第一子时间段对应的参考区域中,确定包含所述终端的历史位置个数最多的第二参考区域;From the reference areas corresponding to all the first sub-time periods, determine the second reference area containing the largest number of historical positions of the terminal;

确定所述第一参考区域中包含的所述终端的历史位置个数,与所述第二参考区域中包含的历史位置个数的比值,作为所述第一概率。Determining a ratio of the number of historical locations of the terminal included in the first reference area to the number of historical locations included in the second reference area as the first probability.

具体来说,通过第一子时间段对应的地理区域集合确定了第一子时间段对应的参考区域后,从中确定出终端当前位置所属的第一参考区域。并且,从第一子时间段对应的参考区域中确定出包含终端的历史位置个数最多的,作为第二参考区域。统计出第一参考区域中包含历史位置的个数,记为R,以及第二参考区域中包含历史位置的个数,记为Rmax,然后根据R和Rmax计算出终端在第一子时间段内位于第一参考区域的概率,即第一概率。第一概率的计算公式如下:Specifically, after the reference area corresponding to the first sub-time period is determined through the geographical area set corresponding to the first sub-time period, the first reference area to which the current location of the terminal belongs is determined therefrom. And, the one containing the largest number of historical positions of the terminal is determined from the reference areas corresponding to the first sub-time period as the second reference area. Count the number of historical locations contained in the first reference area, denoted as R, and the number of historical positions contained in the second reference area, denoted as R max , and then calculate the terminal at the first sub-time according to R and R max The probability that the segment is located in the first reference area, that is, the first probability. The calculation formula of the first probability is as follows:

其中,w1为终端在第一子时间段内位于第一参考区域的第一概率,w1的范围为[0,1],R为第一参考区域中包含终端的历史位置个数,Rmax为第二参考区域中包含终端的历史位置个数。Among them, w 1 is the first probability that the terminal is located in the first reference area within the first sub-time period, the range of w 1 is [0, 1], R is the number of historical positions of the terminal contained in the first reference area, R max is the number of historical positions of the terminal contained in the second reference area.

本发明实施例不仅根据终端的位置轨迹信息对用户进行身份验证,还根据用户使用终端服务的习惯来验证用户的身份。优选的,确定所述终端在所述第一子时间段内运行所述当前服务的第二概率,包括:The embodiment of the present invention not only verifies the identity of the user according to the location track information of the terminal, but also verifies the identity of the user according to the user's habit of using terminal services. Preferably, determining the second probability that the terminal runs the current service within the first sub-period includes:

确定所有第一子时间段内,所述终端运行每个服务的总运行时间;determining the total running time of each service run by the terminal in all first sub-time periods;

选取运行时间最长的服务作为第一服务;Select the service with the longest running time as the first service;

确定所有第一子时间段内,所述当前服务的总运行时间;determining the total running time of the current service in all first sub-time periods;

确定所述当前服务的总运行时间与所述第一服务的总运行时间的比值,作为所述第二概率。A ratio of the total running time of the current service to the total running time of the first service is determined as the second probability.

本发明实施例中,用户使用终端上的服务可以是不同类别的应用,如天气、日历、SNS(Social Networking Services,社交网络服务)等,也可以是特定应用内的某个功能,如查询、浏览、购买等。服务器划分历史时长内终端运行所有服务的总时间,将每个服务的运行时间按子时间段进行划分,然后将一个服务在所有子时间段内运行的时间相加,统计第一子时间段内终端运行每个服务的总运行时间,并选取所有第一子时间段内运行时间最长的服务作为第一服务。将终端在所有第一子时间段内运行当前服务的时间与终端在在第一子时间段内运行第一服务的时间相比,作为终端在第一子时间段内运行当前服务的概率,即第二概率。第二概率的计算公式如下:In the embodiment of the present invention, the service on the user's terminal can be different types of applications, such as weather, calendar, SNS (Social Networking Services, social network service), etc., or it can be a certain function in a specific application, such as query, Browse, buy, and more. The server divides the total time of running all services of the terminal in the historical time period, divides the running time of each service into sub-time periods, and then adds up the running time of a service in all sub-time periods, and counts the first sub-time period The terminal runs the total running time of each service, and selects the service with the longest running time in all first sub-time periods as the first service. Comparing the time that the terminal runs the current service in all the first sub-time periods with the time that the terminal runs the first service in the first sub-time period, as the probability that the terminal runs the current service in the first sub-time period, that is second probability. The formula for calculating the second probability is as follows:

其中,w2为终端在第一子时间段内运行当前服务的第二概率,w2的范围为[0,1],S为终端在所有第一子时间段内运行当前服务的时间,Smax为终端在在第一子时间段内运行第一服务的时间。Among them, w 2 is the second probability that the terminal runs the current service in the first sub-time period, the range of w 2 is [0, 1], S is the time that the terminal runs the current service in all the first sub-time periods, S max is the time during which the terminal runs the first service within the first sub-time period.

举例来说,上午9点30分用户在终端使用支付服务,需要对用户进行身份验证。服务器统计过去三个月内每天上午8点至10点该终端运行支付服务的总时长,并统计过去三个月内每天上午8点至10点该终端运行的每一个服务的总时长,确定运行时间最长的服务是查询服务,则第二概率为运行支付服务的时间比上运行查询服务的时间。For example, when a user uses a payment service at a terminal at 9:30 in the morning, the user needs to be authenticated. The server counts the total time of the terminal running the payment service from 8:00 am to 10:00 am every day in the past three months, and counts the total time of each service that the terminal runs from 8:00 am to 10:00 am every day in the past three months, and determines the running time The longest service is the query service, then the second probability is the time to run the payment service compared to the time to run the query service.

确定第一概率和第二概率后,服务器根据第一概率和第二概率对终端的用户进行身份验证。具体可以将第一概率与第二概率加权,将加权后的值与概率阈值对比。若第一概率与第二概率加权的值大于或等于概率阈值,则完成该用户的身份认证,终端执行用户的指令;若第一概率与第二概率加权的值小于概率阈值,则表明认证不通过,终端可以提示用户按其它认证方式继续进行认证。After determining the first probability and the second probability, the server authenticates the user of the terminal according to the first probability and the second probability. Specifically, the first probability and the second probability may be weighted, and the weighted value may be compared with a probability threshold. If the weighted value of the first probability and the second probability is greater than or equal to the probability threshold, the user’s identity authentication is completed, and the terminal executes the user’s instruction; if the weighted value of the first probability and the second probability is smaller than the probability threshold, it indicates that the authentication is not If passed, the terminal can prompt the user to continue authentication by other authentication methods.

为了更清楚地理解本发明,下面以具体的实施例对上述流程进行详细描述,具体实施例为用户欲登陆手机中的聊天软件,需对用户的身份进行验证,登陆的时间为14点40分,具体步骤如图3所示,包括:In order to understand the present invention more clearly, the above-mentioned process is described in detail below with specific embodiments. The specific embodiment is that the user wants to log in to the chat software in the mobile phone, and the identity of the user needs to be verified. The time for logging in is 14:40 , the specific steps are shown in Figure 3, including:

步骤301、服务器将过去半年时间中的每一天划分为17个子时间段,具体为从0点至8点平均划分为2个子时间段,每个子时间段4小时;从8点至22点平均划分为14个子时间段,每个子时间段1小时;从22点至24点为1个子时间段,该子时间段4小时。Step 301. The server divides each day in the past six months into 17 sub-time periods, specifically, divides the period from 0:00 to 8:00 into 2 sub-time periods, and each sub-time period is 4 hours; from 8:00 to 22:00, divides There are 14 sub-time periods, and each sub-time period is 1 hour; from 22:00 to 24:00 is 1 sub-time period, and the sub-time period is 4 hours.

步骤302、服务器统计过去半年时间内手机的历史位置,将手机的历史位置信息处理为时间相关,历史位置用<O,A,T>表示,其中,O为手机的经度,A为手机的纬度,T为记录手机位置的时间。同时,服务器统计过去半年时间内手机上运行的服务,将服务信息处理为时间相关,服务信息用<F,Ts,Te>表示,其中,F为手机运行的服务,Ts为服务运行的起始时间,Te为服务运行的结束时间。Step 302, the server counts the historical location of the mobile phone in the past six months, and processes the historical location information of the mobile phone as time-related, and the historical location is represented by <O, A, T>, where O is the longitude of the mobile phone, and A is the latitude of the mobile phone , T is the time of recording the location of the mobile phone. At the same time, the server counts the services running on the mobile phone in the past six months, and processes the service information as time-related. The service information is represented by <F, Ts, Te>, where F is the service running on the mobile phone, and Ts is the start of the service running Time, Te is the end time of the service running.

步骤303、服务器根据每个子时间段内手机的历史位置,确定每个子时间段对应的地理区域集合,并将距离小于500m的不同地理区域合并形成参考区域。Step 303 , the server determines a set of geographical areas corresponding to each sub-time period according to the historical location of the mobile phone in each sub-time period, and merges different geographical areas whose distance is less than 500m to form a reference area.

步骤304、服务器接收手机发送的身份认证请求,确定手机的当前位置,以及当前时间所属的子时间段为14点至15点。Step 304, the server receives the identity authentication request sent by the mobile phone, determines the current location of the mobile phone, and the sub-time period to which the current time belongs is from 14:00 to 15:00.

步骤305、服务器从子时间段14点至15点对应的参考区域中,确定当前位置所属的第一参考区域。Step 305, the server determines the first reference area to which the current location belongs from the reference areas corresponding to the sub-time period from 14:00 to 15:00.

步骤306、服务器统计子时间段14点至15点对应的参考区域中,包含的历史位置个数最多的第二参考区域。Step 306, the server counts the second reference area that contains the largest number of historical locations among the reference areas corresponding to the sub-time period from 14:00 to 15:00.

步骤307、服务器将第一参考区域中包含手机历史位置的个数,与第二参考区域中包含手机历史位置的个数进行对比,得到第一概率w1Step 307. The server compares the number of historical locations of the mobile phone in the first reference area with the number of historical locations of the mobile phone in the second reference area to obtain a first probability w 1 .

步骤308、服务器统计过去半年内每天的子时间段14点至15点,手机运行该聊天软件的时间之和,以及运行时间最长的服务的时间之和。Step 308, the server counts the sum of the time of running the chat software on the mobile phone and the sum of the time of the service with the longest running time in the sub-time period from 14:00 to 15:00 in the past six months.

步骤309、服务器统计将运行该聊天软件的软件的时间之和,与运行时间最长的服务的时间之和进行对比,得到第二概率w2Step 309 , the server statistics compare the sum of the running time of the chat software with the sum of the running time of the service with the longest running time, and obtain the second probability w 2 .

步骤310、服务器判断w1+w2是否大于概率阈值δ,若是,则执行步骤311;否则执行步骤312。其中,δ的范围为[0,2]。Step 310 , the server judges whether w 1 +w 2 is greater than the probability threshold δ, if yes, execute step 311 ; otherwise, execute step 312 . Among them, the range of δ is [0, 2].

步骤311、服务器确定认证通过。Step 311, the server determines that the authentication is passed.

步骤312、服务器确定认证不通过,提示终端按其它方式进行认证。Step 312, the server determines that the authentication fails, and prompts the terminal to perform authentication in other ways.

图4示例性示出了本发明实施例提供的一种身份认证装置的结构示意图。Fig. 4 exemplarily shows a schematic structural diagram of an identity authentication device provided by an embodiment of the present invention.

如图4所示,本发明实施例提供的一种身份认证装置,包括:As shown in Figure 4, an identity authentication device provided by an embodiment of the present invention includes:

子时间段确定单元401,用于确定接收到终端发送的身份认证请求的时间所属的第一子时间段,所述身份认证请求中包括所述终端的当前位置以及当前服务;The sub-time period determination unit 401 is configured to determine the first sub-time period to which the time of receiving the identity authentication request sent by the terminal belongs, and the identity authentication request includes the current location and current service of the terminal;

参考区域确定单元402,用于从所有参考区域中,确定所述当前位置所属的第一参考区域,所述参考区域是根据所述终端在所述第一子时间段内的历史位置确定的;A reference area determining unit 402, configured to determine a first reference area to which the current location belongs from all reference areas, the reference area is determined according to the historical position of the terminal within the first sub-time period;

概率计算单元403,用于确定所述终端在所述第一子时间段内位于所述第一参考区域的第一概率,以及所述终端在所述第一子时间段内运行所述当前服务的第二概率;A probability calculation unit 403, configured to determine a first probability that the terminal is located in the first reference area within the first sub-time period, and the terminal runs the current service within the first sub-time period the second probability of

身份验证单元404,用于根据所述第一概率和所述第二概率对所述终端的用户进行身份验证。An identity verification unit 404, configured to perform identity verification on a user of the terminal according to the first probability and the second probability.

可选的,还包括:Optionally, also include:

划分单元405,用于将历史时长划分为多个历史时间段,将每个历史时间段划分为N个子时间段,其中,每个历史时间段内的第M个子时间段相对应,M≤N;A division unit 405, configured to divide the historical time period into multiple historical time periods, and divide each historical time period into N sub-time periods, wherein the Mth sub-time period in each historical time period corresponds, M≤N ;

集合单元406,用于确定每个子时间段对应的地理区域集合,其中所述子时间段对应的地理区域集合是由所述终端在所述子时间段的历史位置确定的地理区域组成的;A collection unit 406, configured to determine a set of geographical areas corresponding to each sub-time period, wherein the set of geographical areas corresponding to the sub-time period is composed of geographical areas determined by the historical position of the terminal in the sub-time period;

合并单元407,用于确定同一集合中不同地理区域之间的距离,将距离小于距离阈值的地理区域进行合并,作为一个参考区域。The merging unit 407 is configured to determine the distance between different geographical areas in the same set, and combine the geographical areas whose distance is smaller than the distance threshold as a reference area.

可选的,所述合并单元407,具体用于:Optionally, the merging unit 407 is specifically configured to:

针对一个地理区域,获取所述地理区域中所述终端的所有历史位置的经度和纬度;确定所有经度的平均值以及所有纬度的平均值,作为所述地理区域的类中心的坐标;根据所述地理区域的类中心的坐标,确定所述地理区域与除所述地理区域外任一个地理区域之间的距离。For a geographical area, obtain the longitude and latitude of all historical positions of the terminal in the geographical area; determine the average value of all longitudes and the average value of all latitudes as the coordinates of the class center of the geographical area; according to the The coordinates of the class center of the geographical area, which determines the distance between the geographical area and any geographical area except the geographical area.

可选的,所述概率计算单元403,具体用于:Optionally, the probability calculation unit 403 is specifically configured to:

从所有第一子时间段对应的参考区域中,确定包含所述终端的历史位置个数最多的第二参考区域;From the reference areas corresponding to all the first sub-time periods, determine the second reference area containing the largest number of historical positions of the terminal;

确定所述第一参考区域中包含的所述终端的历史位置个数,与所述第二参考区域中包含的历史位置个数的比值,作为所述第一概率。Determining a ratio of the number of historical locations of the terminal included in the first reference area to the number of historical locations included in the second reference area as the first probability.

可选的,所述概率计算单元403,具体用于:Optionally, the probability calculation unit 403 is specifically configured to:

确定所有第一子时间段内,所述终端运行每个服务的总运行时间;determining the total running time of each service run by the terminal in all first sub-time periods;

选取运行时间最长的服务作为第一服务;Select the service with the longest running time as the first service;

确定所有第一子时间段内,所述当前服务的总运行时间;determining the total running time of the current service in all first sub-time periods;

确定所述当前服务的总运行时间与所述第一服务的总运行时间的比值,作为所述第二概率。A ratio of the total running time of the current service to the total running time of the first service is determined as the second probability.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While preferred embodiments of the invention have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is appreciated. Therefore, it is intended that the appended claims be construed to cover the preferred embodiment as well as all changes and modifications which fall within the scope of the invention.

显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包括这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and equivalent technologies thereof, the present invention also intends to include these modifications and variations.

Claims (10)

1. a kind of identity identifying method, it is characterised in that include:
Determine the first sub- time period belonging to the time of the ID authentication request for receiving terminal transmission, the ID authentication request Include current location and the current service of the terminal;
From all reference zones, the first reference zone belonging to the current location is determined, the reference zone is according to institute State what historical position of the terminal within the described first sub- time period determined;
Determine that the terminal is located at the first probability of first reference zone, and the end within the described first sub- time period The second probability of the current service is run within the described first sub- time period in end;
Authentication is carried out to the user of the terminal according to first probability and second probability.
2. the method for claim 1, it is characterised in that the determination receives the ID authentication request of terminal transmission Before current time, also include:
History duration is divided into multiple historical time sections, each historical time section is divided into N number of sub- time period, wherein, per M-th in the individual historical time section sub- time period is corresponding, M≤N;
Determine the corresponding geographic area set of each sub- time period, between the wherein described period of the day from 11 p.m. to 1 a.m the corresponding geographic area set of section be by The geographic area composition that historical position of the terminal in the sub- time period determines;
Determine the distance between different geographic regions in identity set, geographic area of the distance less than distance threshold is closed And, as a reference zone.
3. method as claimed in claim 2, it is characterised in that in the determination identity set between different geographic regions away from From, including:
For a geographic area, the longitude and latitude of all historical positions of terminal described in the geographic area is obtained;Really The meansigma methodss of fixed all longitudes and the meansigma methodss of all latitudes, used as the coordinate at the class center of the geographic area;According to institute The coordinate at the class center of geographic area is stated, the geographic area is determined and in addition to the geographic area between any one geographic area Distance.
4. method as claimed in claim 2, it is characterised in that determination terminal position within the described first sub- time period In the first probability of first reference zone, including:
From all first sub- time periods corresponding reference zone, determine the historical position number comprising the terminal most the Two reference zones;
Determine the historical position number of the terminal included in first reference zone, with bag in second reference zone The ratio of the historical position number for containing, used as first probability.
5. the method for claim 1, it is characterised in that the determination terminal was transported within the described first sub- time period Second probability of the row current service, including:
Determine in all first sub- time periods, the terminal operating each service total run time;
The most long service of run time is chosen as first service;
Determine in all first sub- time periods, the total run time of the current service;
Determine the total run time of the current service and the ratio of the total run time of the first service, as described second Probability.
6. a kind of identification authentication system, it is characterised in that include:
Sub- time period determining unit, for determining first period of the day from 11 p.m. to 1 a.m belonging to the time for receiving the ID authentication request that terminal sends Between section, the ID authentication request includes the current location of the terminal and current service;
Reference zone determining unit, for from all reference zones, determining the first reference zone belonging to the current location, The reference zone is that the historical position according to the terminal within the described first sub- time period determines;
Probability calculation unit, for determining that the terminal is located at the of first reference zone within the described first sub- time period One probability, and the terminal runs the second probability of the current service within the described first sub- time period;
Identity authenticating unit, tests for carrying out identity according to first probability and second probability to the user of the terminal Card.
7. device as claimed in claim 6, it is characterised in that also include:
Each historical time section, for history duration is divided into multiple historical time sections, is divided into N number of period of the day from 11 p.m. to 1 a.m by division unit Between section, wherein, m-th in each the historical time section sub- time period is corresponding, M≤N;
Aggregation units, for determining the corresponding geographic area set of each sub- time period, between the wherein described period of the day from 11 p.m. to 1 a.m, section is correspondingly The geographic area that reason historical position of the regional ensemble by the terminal in the sub- time period determines constitutes;
Combining unit, for determining the distance between different geographic regions in identity set, by apart from the ground less than distance threshold Reason region merges, used as a reference zone.
8. device as claimed in claim 7, it is characterised in that the combining unit, specifically for:
For a geographic area, the longitude and latitude of all historical positions of terminal described in the geographic area is obtained;Really The meansigma methodss of fixed all longitudes and the meansigma methodss of all latitudes, used as the coordinate at the class center of the geographic area;According to institute The coordinate at the class center of geographic area is stated, the geographic area is determined and in addition to the geographic area between any one geographic area Distance.
9. device as claimed in claim 7, it is characterised in that the probability calculation unit, specifically for:
From all first sub- time periods corresponding reference zone, determine the historical position number comprising the terminal most the Two reference zones;
Determine the historical position number of the terminal included in first reference zone, with bag in second reference zone The ratio of the historical position number for containing, used as first probability.
10. device as claimed in claim 6, it is characterised in that the probability calculation unit, specifically for:
Determine in all first sub- time periods, the terminal operating each service total run time;
The most long service of run time is chosen as first service;
Determine in all first sub- time periods, the total run time of the current service;
Determine the total run time of the current service and the ratio of the total run time of the first service, as described second Probability.
CN201611075196.6A 2016-11-29 2016-11-29 A method and device for identity authentication Pending CN106507308A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611075196.6A CN106507308A (en) 2016-11-29 2016-11-29 A method and device for identity authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611075196.6A CN106507308A (en) 2016-11-29 2016-11-29 A method and device for identity authentication

Publications (1)

Publication Number Publication Date
CN106507308A true CN106507308A (en) 2017-03-15

Family

ID=58327870

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611075196.6A Pending CN106507308A (en) 2016-11-29 2016-11-29 A method and device for identity authentication

Country Status (1)

Country Link
CN (1) CN106507308A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784015A (en) * 2018-12-27 2019-05-21 腾讯科技(深圳)有限公司 A kind of authentication identifying method and device
CN110290142A (en) * 2019-06-28 2019-09-27 腾讯科技(深圳)有限公司 Method for authenticating, device, server and storage medium based on scene
CN116451201A (en) * 2023-03-14 2023-07-18 电子科技大学 Mobile communication identity authentication method and system based on artificial intelligence

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011001026A1 (en) * 2009-06-29 2011-01-06 Elisa Oyj Authentication
US20130042327A1 (en) * 2011-08-12 2013-02-14 Palo Alto Research Center Incorporated Guided implicit authentication
WO2013154936A1 (en) * 2012-04-09 2013-10-17 Brivas Llc Systems, methods and apparatus for multivariate authentication
CN104852886A (en) * 2014-02-14 2015-08-19 腾讯科技(深圳)有限公司 Protection method and device for user account
CN104917643A (en) * 2014-03-11 2015-09-16 腾讯科技(深圳)有限公司 Abnormal account detection method and device
CN105284144A (en) * 2013-06-07 2016-01-27 苹果公司 Model Salient Locations
CN105740667A (en) * 2014-12-10 2016-07-06 阿里巴巴集团控股有限公司 A method and device for information identification based on user behavior

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011001026A1 (en) * 2009-06-29 2011-01-06 Elisa Oyj Authentication
US20130042327A1 (en) * 2011-08-12 2013-02-14 Palo Alto Research Center Incorporated Guided implicit authentication
WO2013154936A1 (en) * 2012-04-09 2013-10-17 Brivas Llc Systems, methods and apparatus for multivariate authentication
CN105284144A (en) * 2013-06-07 2016-01-27 苹果公司 Model Salient Locations
CN104852886A (en) * 2014-02-14 2015-08-19 腾讯科技(深圳)有限公司 Protection method and device for user account
CN104917643A (en) * 2014-03-11 2015-09-16 腾讯科技(深圳)有限公司 Abnormal account detection method and device
CN105740667A (en) * 2014-12-10 2016-07-06 阿里巴巴集团控股有限公司 A method and device for information identification based on user behavior

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ELAINE SHI ET AL.: "Implicit Authentication through Learning User Behavior", 《ISC 2010: INFORMATION SECURITY》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784015A (en) * 2018-12-27 2019-05-21 腾讯科技(深圳)有限公司 A kind of authentication identifying method and device
CN110290142A (en) * 2019-06-28 2019-09-27 腾讯科技(深圳)有限公司 Method for authenticating, device, server and storage medium based on scene
CN110290142B (en) * 2019-06-28 2021-10-22 腾讯科技(深圳)有限公司 Scene-based authentication method, device, server and storage medium
CN116451201A (en) * 2023-03-14 2023-07-18 电子科技大学 Mobile communication identity authentication method and system based on artificial intelligence

Similar Documents

Publication Publication Date Title
US8904496B1 (en) Authentication based on a current location of a communications device associated with an entity
US10826910B2 (en) Frictionless multi-factor authentication system and method
US8953845B2 (en) Login method based on direction of gaze
US10783275B1 (en) Electronic alerts for confidential content disclosures
US9819680B2 (en) Determining user authentication requirements based on the current location of the user in comparison to the users&#39;s normal boundary of location
US8868636B2 (en) Apparatus for secured distributed computing
US8863258B2 (en) Security for future log-on location
US11354389B2 (en) Systems and methods for user-authentication despite error-containing password
US9271110B1 (en) Location awareness session management and cross application session management
US10231122B2 (en) Challenge-response authentication based on internet of things information
US9491165B2 (en) Providing a service based on time and location based passwords
US20120066067A1 (en) Fragmented advertisements for co-located social groups
US9405897B1 (en) Authenticating an entity
US20130159008A1 (en) Systems and methods for verifying healthcare visits
US9699656B2 (en) Systems and methods of authenticating and controlling access over customer data
US9078129B1 (en) Knowledge-based authentication for restricting access to mobile devices
US9721087B1 (en) User authentication
US9256717B2 (en) Managed mobile media platform systems and methods
US9955311B2 (en) Control apparatus, position verification system, non-transitory computer readable medium, and position verification method
US9049211B1 (en) User challenge using geography of previous login
CN105516133A (en) User identity verification method, server and client
CN110704826A (en) Information recommendation method and device, storage medium and electronic equipment
JP5469718B2 (en) Information processing apparatus and method
CN106507308A (en) A method and device for identity authentication
US9465818B2 (en) Finger biometric sensor data synchronization via a cloud computing device and related methods

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170315