CN120165876A

CN120165876A - Account authentication method, system and storage medium

Info

Publication number: CN120165876A
Application number: CN202510321178.4A
Authority: CN
Inventors: 黎扬志
Original assignee: Li Jiuzi Guangzhou Brand Operation Co ltd
Current assignee: Chen Zhifu
Priority date: 2025-03-18
Filing date: 2025-03-18
Publication date: 2025-06-17
Anticipated expiration: 2045-03-18
Also published as: CN120165876B

Abstract

The present invention relates to the field of account authentication technology, and in particular to an account authentication method, system and storage medium. The method comprises the following steps: collecting user account and password information, detecting the synchronous response of a device to the user's account and password information, performing character error elimination and structural standardization on the user's account based on the detection result, generating account block data, obtaining the IP location of the terminal device and performing longitude and latitude mapping, generating a positioning area number to construct a dynamic fingerprint, performing key matrix projection based on the user's dynamic fingerprint, generating projection fingerprint data, constructing a hierarchical authentication code, performing disturbance offset simulation on the hierarchical authentication code, generating an offset authentication key, and performing dynamic rule verification, generating dynamic token data, using the dynamic token data to construct a terminal device trust link, and performing authority control mapping, thereby constructing an authentication account session. The present invention realizes a safer and more flexible account authentication method.

Description

Account authentication method, system and storage medium

Technical Field

The present invention relates to the field of account authentication technologies, and in particular, to an account authentication method, system, and storage medium.

Background

The traditional industrial terminal equipment remote operation and maintenance account number authentication method has a plurality of defects, firstly, static passwords are easy to be utilized by malicious attackers, and are obtained through brute force cracking, dictionary attack or social engineering means, so that an industrial control system (ICS, industrial Control System) is faced with serious invasion risks, secondly, single factor authentication is difficult to effectively cope with advanced persistence threat (APT, advanced Persistent Threat) in an industrial Internet environment, industrial terminal equipment is operated on line for a long time, once credentials are revealed, the attackers can permeate for a long time in a remote mode, so that the stability of the whole production control system is influenced, in addition, the traditional account number authentication technology has larger potential safety hazards in remote access management of the industrial terminal equipment, for example, a traditional authentication mechanism mainly depends on static credentials, is lack of deep analysis on equipment environment, operation behaviors and network access modes, dynamic adaptability authentication is difficult to be realized, the traditional industrial terminal equipment remote authentication system still has a plurality of technical difficulties, firstly, the traditional authentication method mainly depends on fixed password policies and preset identity authentication mechanisms, is lack of dynamic and self-adaption capability, under the industrial remote operation conditions, equipment distribution range is often wide, network authentication environment is complicated, the fixed, when the traditional authentication system is difficult to input into the user access modes when the characteristics of the user access systems are difficult to be different from the traditional authentication system, the characteristics of the user access modes are difficult to input in response to input in normal access conditions, and the condition that the user access conditions are difficult to input to the user access rules and have normal access conditions, the existing authentication method has limited technical means in terms of IP positioning and dynamic fingerprint construction, is difficult to realize accurate user identity recognition, industrial terminal equipment is often in a changeable network environment, IP addresses are frequently changed due to network switching, the static IP-based identity authentication method is difficult to meet the requirements of industrial remote operation and maintenance on high safety and high reliability, meanwhile, the current identity authentication technology still has great defects in terms of privacy protection, the minimum exposure of privacy data cannot be realized while the identity safety is ensured, and the risk of data leakage exists in the industrial operation and maintenance process.

Disclosure of Invention

Based on this, it is necessary to provide an account authentication method, system and storage medium, so as to solve at least one of the above technical problems.

In order to achieve the above purpose, an account authentication method includes the following steps:

Step S1, acquiring user input account information and user input password information, performing character error rejection on the user input account information to obtain standardized input data, performing structural standardized processing on the standardized input data, and performing block mapping to generate account block data;

Step S2, acquiring terminal equipment IP positioning, mapping longitude and latitude for the terminal equipment IP positioning, and superposing longitude and latitude last digits to obtain a positioning area number;

step S3, carrying out key matrix projection based on the dynamic fingerprint of the user to generate projection fingerprint data;

step S4, performing disturbance offset simulation on the layered authentication code to generate an offset authentication key, performing dynamic rule verification on the offset authentication key, and performing self-adaptive key fitting based on a rule verification result to generate dynamic token data;

and step S5, constructing a trust link of the terminal equipment based on the dynamic token data, performing authority control mapping according to the trust link of the terminal equipment, and constructing an authentication account session.

According to the invention, basic data of identity verification is provided for a system by collecting user input account information and password information, the implementation of character error rejection ensures the accuracy of the input data, the generated standardized input data provides a clear basis for subsequent processing, the structure standardization processing and blocking mapping improves the manageability and analysis capability of the data, the acquisition of terminal equipment IP positioning introduces geographic information for user identity verification, the privacy protection of the data is enhanced through latitude mapping and last bit superposition, the generated positioning area number provides geographic characteristics for dynamic fingerprint construction, the dynamic fingerprint construction of the user input password information and account blocking data based on the positioning area number can capture the unique behavior mode of a user, the generated user dynamic fingerprint provides multidimensional characteristics for subsequent security verification, the implementation of dynamic rule verification based on the user dynamic fingerprint ensures the randomness and unpredictability of an offset authentication key, the implementation of dynamic rule verification improves the adaptability and flexibility of the key, the dynamic token data generated by the self-adaptive key provides security for real-time verification, the establishment of a trust link of the terminal equipment ensures the security enhancement of data transmission, the security interaction between the security management capability of the authentication control mapping and the system provides stable interaction authority of the system for the user.

Preferably, step S1 comprises the steps of:

s11, collecting account information input by a user and password information input by the user, and simultaneously monitoring behavior data of a mouse and a keyboard of the device; performing input behavior sequence recognition on the behavior data of the mouse and the keyboard of the equipment to generate an input behavior feature vector, and performing input behavior reverse deduction on the user input account information and the user input password information to generate required input behavior features;

Step S12, carrying out synchronous reaction detection on the input behavior feature vector based on the required input behavior feature to obtain an input behavior synchronous result, directly returning to a terminal home page and recording an account authentication error process when the input behavior synchronous result is judged to be asynchronous input behavior;

Step S13, carrying out rasterization processing on user input account information to obtain rasterized input account information, identifying special characters in the rasterized input account information, and carrying out character error rejection on the rasterized input account information based on the special characters, wherein a character error judging threshold is set to be 2% -5% of a character error rate so as to obtain standardized input data;

Step S14, carrying out length standardization on standardized input data, setting a target length range to be 12-20 characters, filling 0' in a tail complement mode if the character length is less than 12 characters, and intercepting the first 20 characters to generate standard account data if the character length exceeds 20 characters;

And S15, performing forward bit filling on account code data to generate account filling data, and performing block segmentation on the account filling data to generate account block data.

According to the invention, the accurate extraction capability of the user operation characteristics can be improved through the input behavior sequence identification, the input behavior reverse deduction can be used for carrying out characteristic matching according to the actual input habit of the user, so that the authenticity of the account input behavior can be more accurately verified, the input behavior synchronous reaction detection can identify a remote attack scene, malicious programs are prevented from bypassing a local input verification mechanism, the safety of account authentication is improved, the rasterization processing can effectively decompose the spatial distribution characteristics of the account input data, the positioning of special characters is more accurate, the character error elimination strategy is combined with the rasterization data, the character error judgment process is more stable, the character error rate is set within a range of 2% -5%, the fault tolerance of the input data can be ensured, meanwhile, the data distortion caused by excessive correction is avoided, the length standardization can ensure the consistency of the account data in the storage and authentication processes, the tail portion filling and the front cutting mode can ensure that all the account data maintain a fixed length, the character set encoding processing can enhance the uniqueness of the data, the efficiency and the safety of the data processing are improved, the forward filling processing can reduce the information loss in the data transmission process, the segmentation processing can improve the data block integrity, the integrity and the calculation performance of the account can be still high, and the user account calculation efficiency is still high.

Preferably, step S2 comprises the steps of:

Step S21, acquiring IP positioning of the terminal equipment, carrying out geographic position reverse analysis on the IP positioning of the terminal equipment, and generating positioning reference data;

S22, carrying out coordinate system conversion on positioning reference data to obtain original geographic coordinate data, extracting longitude and latitude values based on the original geographic coordinate data, and carrying out final digital fuzzy superposition on the longitude and latitude values to obtain positioning area numbers;

Step S23, extracting the password behavior characteristics of the password information input by the user, tensor construction is carried out on the password behavior characteristics and account blocking data, and data integration is carried out to generate identity characteristic data;

Step S24, carrying out time stamp fusion on the positioning area numbers according to preset time stamp data to obtain space-time anchor point data;

and S25, carrying out dynamic fingerprint mapping on the identity characteristic data based on the space-time anchor point data so as to generate dynamic fingerprints of the user.

According to the invention, the accuracy of user identity verification is improved by acquiring the IP positioning of the terminal equipment, important geographic information support is provided for authentication by positioning reference data generated through geographic position reverse analysis, the data can be standardized by performing coordinate system conversion on the positioning reference data, the obtained original geographic coordinate data provides a basis for subsequent analysis, the implementation of extracting longitude and latitude values enables the system to more accurately position the user, the privacy protection of the geographic information is enhanced in the process of fuzzy superposition of last position values, dynamic characteristics are added for user identity verification by the generated positioning area numbers, the interaction mode of the user can be captured by extracting the password behavior characteristics of user input password information, tensor is constructed and data integration is performed, so that the identity characteristic data is richer, various information sources are synthesized, timeliness of positioning area numbers is enhanced by means of time stamp fusion, the obtained time-space anchor point data provides time dimension support for subsequent identity verification, consistency and safety of the user under different time and space are ensured by performing dynamic fingerprint mapping on the identity characteristic data based on the time-space anchor point data, multidimensional safety and flexibility of authentication are integrally improved, and the comprehensive technology is provided for user account number verification.

Preferably, the key matrix projection based on the user dynamic fingerprint in step S3 includes:

performing multidimensional tensor expansion on the dynamic fingerprint of the user, and extracting the spatial characteristics of the fingerprint;

Performing nonlinear transformation on the fingerprint space characteristics to generate characteristic transformation data;

performing orthogonal base mapping on the characteristic transformation data, and constructing an orthogonal feature matrix;

and performing key space projection on the orthogonal feature matrix to generate projection fingerprint data.

According to the invention, the expression capability and the richness of information are improved by carrying out multidimensional tensor expansion on the dynamic fingerprints of the user, so that the identity characteristics of the user can be analyzed in multiple dimensions, the comprehensive understanding of the behavior mode and the identity characteristics of the user is enhanced, the uniqueness and the variability of the user are facilitated to be identified, the fingerprint space characteristics are extracted, the behavior characteristics of the user under a specific environment are captured, basic data are provided for subsequent characteristic processing, the characteristic transformation data generated by nonlinear transformation are introduced into the complexity and nonlinear relation, the change of the dynamic behaviors of the user can be better adapted, the flexibility and the diversity of the characteristic data are ensured, the implementation of orthogonal base mapping ensures the independence and the separability of the characteristics, the interference among different characteristics is reduced, the improvement of the accuracy of the subsequent analysis is facilitated, the constructed orthogonal feature matrix provides a solid foundation for key space projection, the characteristic data can represent stronger distinguishing capability in higher dimensions, the projected fingerprint data generated by the key space projection not only enhances the safety and the uniqueness of an authentication process, but also provides the high-precision and the security against the security threat of the security and the security of the user in the system by carrying out the high-level security protection against the security and the security.

Preferably, constructing the layered authentication code based on the projected fingerprint data in step S3 includes:

Performing hierarchical slicing processing on the projection fingerprint data, wherein slice levels are 3-5 layers, and obtaining multi-level characteristic slices;

cross-verifying and fusing the multi-level feature slices for 5-10 times to generate interlayer association data;

Carrying out hash round-robin processing based on interlayer associated data to obtain a round-robin hash value;

Performing alternate permutation processing on the round robin hash value, wherein the permutation operation frequency ranges from 2 to 4 times, so as to generate a permutation authentication basic unit;

And carrying out hierarchical coding integration on the replacement authentication basic unit so as to obtain a hierarchical authentication code.

According to the invention, the complex characteristic information can be split into a plurality of layers by carrying out layer slicing processing on the projection fingerprint data, so that each layer can be independently analyzed and processed, the obtained multi-layer characteristic slices provide a basis for subsequent characteristic fusion, the implementation of cross-validation fusion enhances the complementarity and relevance between the characteristics of each layer, the generated inter-layer associated data provides an important basis for constructing more complex and safe authentication codes, the hash round-robin processing can be carried out on the basis of the inter-layer associated data, the obtained round-robin hash value improves the anti-attack capability, an external invader is difficult to recover the original data, the alternate replacement processing is carried out on the round-robin hash value, the safety and the complexity of the data are further enhanced, the generated replacement authentication basic unit realizes multiple protection of the data, the risk of being attacked is reduced, the implementation of hierarchical coding integration ensures that the authentication codes are more compact and efficient in structure, the finally obtained hierarchical authentication codes have high safety and can be flexibly validated in different layers, the safety and reliability of authentication are improved on the whole, and the account number is more reliable for providing a user with a solid account.

Preferably, the performing disturbance offset simulation on the layered authentication code in step S4 includes:

performing time domain spectrum transformation on the layered authentication code to obtain authentication spectrum data;

performing layered scattering transformation on the authentication spectrum data, and performing distribution matrix conversion to generate a scattering distribution matrix;

Performing multi-axis vector rotation simulation on the scattering distribution matrix to obtain rotation disturbance data;

performing convolution fusion processing on the rotation disturbance data and the layered authentication code to generate offset preparation data;

and performing gradient flow adjustment based on the offset preparation data, and performing key integration processing to generate an offset authentication key.

According to the invention, the depth and complexity of data processing are improved by performing time domain frequency spectrum transformation on the layered authentication code, so that the authentication code can show richer information characteristics in a frequency spectrum domain, the obtained authentication frequency spectrum data provides a multidimensional view angle for subsequent scattering transformation, performance of the layered scattering transformation is enhanced, the performance capability of the data in different levels is enhanced, the generated scattering distribution matrix lays a foundation for diversity and anti-interference capability of the data, multi-axis vector rotation simulation on the scattering distribution matrix can effectively increase randomness and unpredictability of the data, the obtained rotation disturbance data improves the security of the authentication code, the risk of being attacked is reduced, convolution fusion processing on the rotation disturbance data and the layered authentication code is realized, the generated offset preparation data provides a powerful foundation for subsequent key generation, the implementation of gradient flow adjustment based on the offset preparation data can optimize the data structure, the generated key achieves optimal balance between security and effectiveness, the final generated offset authentication key has higher security and authentication flexibility, the overall security and authentication security and intelligent account number protection capability are provided for the security account number, and intelligent account number protection capability is more supported by the technology.

Preferably, the performing dynamic rule checking on the offset authentication key and performing adaptive key fitting based on the rule checking result in step S4 includes:

Performing differential integrity detection on the offset authentication key to obtain an integrity check index;

Constructing a multidimensional decision tree according to the integrity index, and carrying out rule verification on the offset authentication key based on the multidimensional decision tree to obtain a rule verification result;

when the rule checking result is that the checking is failed, directly returning to the first page of the terminal, and recording the account authentication error process;

when the rule verification result is that verification passes, elliptic curve mapping is carried out on the offset authentication key to obtain a curve mapping key;

performing high-order polynomial approximation processing on the curve mapping key to obtain a continuous correction key;

Performing mixed hash processing on the continuous correction key based on a preset external state factor to obtain self-adaptive key metadata;

and carrying out recursion compression coding on the adaptive key metadata so as to obtain dynamic token data.

According to the invention, the security of the key is improved by carrying out differential integrity detection on the offset authentication key, an obtained integrity check index provides an important reference for subsequent rule check, a multidimensional decision tree is constructed, the validity and the security of the key can be analyzed in multiple dimensions, the implementation of rule check on the offset authentication key based on the multidimensional decision tree enhances the intelligent management of the authentication process, the generation of a rule check result provides a clear decision basis for a system, when the rule check result is that the check is not passed, the system can quickly respond, return to a terminal and record an account number authentication error process, data support is provided for subsequent security audit, when the rule check result is that the check is passed, elliptic curve mapping is carried out, the complexity and the security of the key are improved, the obtained curve mapping key has stronger anti-cracking capability, the high-order polynomial approximation processing enables the generated continuous correction key to keep stability in a variable environment, the continuous correction key is mixed with hash processing based on a preset external state factor, external information can be introduced into a key generation process, the obtained self-adaptive key metadata improves the system to adapt to a dynamic environment, the dynamic token metadata is more flexible, the self-adaptive key metadata is compressed and the dynamic token is more effectively encoded in a dynamic token is more reliable and the final authentication process is provided for a user, and the user is more reliable and has improved in the security.

Preferably, step S5 comprises the steps of:

Step S51, key deconstructing is carried out based on dynamic token data, the length range of the key is set to 128-256 bits, vector space mapping is carried out, and the vector dimension is set to 32-128 dimensions so as to obtain a link initialization vector;

Step S52, constructing a terminal equipment trust link based on the link initialization vector, and performing authentication user matching on the terminal equipment trust link according to a preset user information base to obtain authentication user information;

Step S53, performing authority mapping processing based on the authentication user information to obtain authority control data;

And S54, carrying out account number session construction on the trust link of the terminal equipment according to the authority control data so as to obtain an authentication account number session.

According to the invention, the key security information can be extracted by carrying out key deconstruction based on dynamic token data, the expression capability of the data is improved by carrying out vector space mapping, so that the link initialization vector has stronger adaptability and flexibility, the trust link constructing process of the terminal equipment enhances the trust degree of the system to the terminal equipment, the matching implementation of the authenticated user ensures the effective butt joint of the user identity information and the system, the obtained authenticated user information provides a basis for the subsequent authority control, the authority mapping processing process based on the authenticated user information ensures the accurate division of the user authority, the obtained authority control data ensures the reasonable limitation of the operation range and the authority of the user in the system, the account session constructing implementation of the trust link of the terminal equipment by combining the authority control data ensures that the authenticated account session has a clear authority structure, the security and the reliability of account authentication are integrally improved, efficient technical support is provided for user identity authentication and authority management, and unauthorized access and operation are effectively prevented.

The invention also provides an account authentication system for executing the account authentication method, which comprises the following steps:

The system comprises an account processing module, a structure standardization processing module, a block mapping module and a data processing module, wherein the account processing module is used for acquiring user input account information and user input password information;

the positioning fingerprint module is used for acquiring the IP positioning of the terminal equipment, mapping the longitude and latitude of the IP positioning of the terminal equipment, and superposing the longitude and latitude terminal positions to obtain a positioning area number;

the key projection module is used for carrying out key matrix projection based on the dynamic fingerprint of the user to generate projection fingerprint data;

The key disturbance module is used for carrying out disturbance offset simulation on the layered authentication code to generate an offset authentication key, carrying out dynamic rule verification on the offset authentication key, and carrying out self-adaptive key fitting based on a rule verification result to generate dynamic token data;

And the trust authentication module is used for constructing a trust link of the terminal equipment based on the dynamic token data, performing authority control mapping according to the trust link of the terminal equipment, and constructing an authentication account session.

According to the invention, the accuracy and consistency of user input information are ensured through the implementation of the account processing module, character error rejection improves the quality of input data, the generation of standardized input data provides a reliable basis for subsequent processing, the organization and management efficiency of data are enhanced through structure standardization processing and blocking mapping, the relevance of user identity verification and geographic information is ensured through the application of the positioning fingerprint module, the safety and uniqueness of authentication are improved through the implementation of dynamic fingerprint construction, the complexity and safety of an authentication process are improved through the implementation of dynamic fingerprint construction, multiple protections are provided for authentication through the implementation of a layered authentication code, the randomness and unpredictability of an authentication key are ensured through the disturbance offset simulation of the key disturbance module, the adaptability and flexibility of the key are enhanced through the implementation of dynamic rule verification, the safety and reliability of data transmission are ensured through the construction of the trust authentication module, the safety and reliability of a system are enhanced through the implementation of control mapping, the safety management capability of a system is enhanced, and the construction of an authentication session is ensured for the interaction and the account stability between a user and the system are ensured.

The invention also provides a computer readable storage medium storing a computer program which when executed implements the account authentication method as described in any one of the above.

The invention ensures the high-efficiency storage and convenient acquisition of the account authentication method through the use of the computer readable storage medium, the stored computer program realizes the automation and standardization of the authentication process, the response speed and the processing efficiency of the system are improved when the program is executed, the reusable authentication logic is provided, the flexibility and the adaptability of the system are enhanced, the reliability of the storage medium reduces the risk of data loss, the expandability of the program supports the upgrading and the optimization of future functions, the safety and the privacy protection of user information processing are ensured, the execution of the computer program reduces the errors of manual operation, the accuracy and the consistency of the whole authentication process are improved, the support of the system integration and the interoperability is provided, the basis is provided for the cooperation between different platforms and devices, and finally the efficient, safe and convenient account authentication mechanism is formed.

Drawings

Fig. 1 is a schematic flow chart of steps of an account authentication method;

FIG. 2 is a detailed implementation step flow diagram of step S2;

The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.

Detailed Description

The following is a clear and complete description of the technical method of the present invention, taken in conjunction with the accompanying drawings, and it is evident that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, are intended to fall within the scope of the present invention.

Furthermore, the drawings are merely schematic illustrations of the present invention and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. The functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor methods and/or microcontroller methods.

It will be understood that, although the terms "first," "second," etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another element. For example, a first element could be termed a second element, and, similarly, a second element could be termed a first element, without departing from the scope of example embodiments. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.

In order to achieve the above objective, please refer to fig. 1 to 2, an account authentication method includes the following steps:

In the embodiment of the invention, the account authentication method comprises the following steps:

In this embodiment, when account information input by a user and password information input by the user are collected, character analysis processing is performed on input data by using a character analysis module, character-by-character verification is performed on the input characters by using a character matching rule base, invalid characters are deleted through an error rejection algorithm to form standardized input data, the standardized input data is input to a data structure conversion module, the data structure conversion module performs data reconstruction according to a preset formatting rule, byte-level data splitting is performed according to a set blocking strategy, account blocking data are generated, the account blocking data are stored in a temporary buffer area, an integrity identifier is added, and the integrity identifier is obtained through calculation through a hash verification algorithm and is used for subsequent data integrity detection.

In this embodiment, data extraction is performed on an IP address corresponding to a terminal device that inputs account information by a user based on an IP parsing module, the extracted IP address is input to a geographic location mapping module, the geographic location mapping module invokes a longitude and latitude conversion algorithm to obtain longitude and latitude data, the longitude and latitude data performs last-bit interception operation through a data processing module, the intercepted numerical values are overlapped and calculated to obtain a positioning area number, the positioning area number is input to a dynamic fingerprint generating module, the dynamic fingerprint generating module receives the positioning area number, password information input by the user and account blocking data, a hash function is used for performing feature encoding on the positioning area number, the password information input by the user and the account blocking data, a plurality of independent feature vectors are generated by a feature decomposition processing module from an encoding result, the feature vectors are input to a fingerprint mapping module, multi-layer fingerprint construction is performed, and finally a dynamic fingerprint of the user is generated.

In this embodiment, a dynamic fingerprint of a user is input to a key matrix projection module, after the key matrix projection module receives the dynamic fingerprint data, matrix transformation is performed according to projection matrix parameters, nonlinear projection is performed on the data after the matrix transformation through a projection mapping module, projection fingerprint data is generated, the projection fingerprint data is input to a layered authentication code construction module, the layered authentication code construction module performs layer-by-layer segmentation on the projection fingerprint data according to an authentication level rule, each layer of data performs independent hash operation, the data after the hash operation are combined to form a layered authentication code, the layered authentication code is stored in a secure storage unit, and unique authentication identifiers are allocated.

In this embodiment, the layered authentication code is input to the disturbance offset module, after the disturbance offset module receives the layered authentication code, the disturbance offset module invokes a disturbance vector generation algorithm to construct a disturbance vector, the disturbance vector is input to the offset matrix calculation module, the offset matrix calculation module performs disturbance transformation on the authentication code by using the offset mapping model, data after the disturbance transformation forms an offset authentication key, the offset authentication key is input to the dynamic rule verification module, the dynamic rule verification module performs matching calculation according to a preset rule template, a matching result is input to the key fitting module, the key fitting module performs key fitting operation according to the fitting calculation model, dynamic token data is finally generated, and the dynamic token data is stored in the token management unit and is bound with the user equipment.

In this embodiment, dynamic token data is input to a trust link construction module of a terminal device, the trust link construction module of the terminal device performs integrity check on the token data according to a token verification mechanism, after the verification is passed, trust link establishment operation is executed, the trust link is input to a permission control mapping module, the permission control mapping module calculates the permission of the terminal according to a permission configuration rule, the calculated permission data is input to an authentication session management module, the authentication session management module constructs an authentication account session according to the permission data, the authentication account session is stored in a session management unit, and the session state is monitored in real time.

Preferably, step S1 comprises the steps of:

In this embodiment, when acquiring account information input by a user and password information input by the user, an input monitoring module of a terminal device is used to capture keyboard input and mouse click behaviors synchronously, input content and user operation time are stored in a correlated manner to obtain complete user input sequence data, meanwhile, a keyboard Scan Code (Scan Code) and character input time intervals are recorded by a kernel-level input monitoring tool, so as to generate an input behavior time sequence of the user, the time sequence data is converted into a high-dimensional behavior feature vector, and stored in a behavior analysis buffer area, on the basis, the input account information and password information are deduced reversely, the input behavior feature set corresponding to the input behavior is compared by comparing the past input modes of the user, when the input behavior feature vector and the expected input behavior feature set are compared synchronously, a time window sliding matching method is adopted, the sliding window size is set to be 500ms, the sliding step size is 50ms, the time distribution of the input behavior is calculated in the time window, the time sequence synchronization degree of the user input is extracted, if the sliding matching score is lower than the set synchronization threshold value, the sliding matching score is not 75%, if the difference is not equal to the step size, the difference is equal to the first 75%, the user input is not equal to the window is set, the input by the user input window is equal to the serial window, the remote control, the input is cut, the character is input by the character string is input, if the input is equal to the error, the character string is equal to the input window is equal to the value, and the error is set, and the character string is input by the input window is fixed, and the character is input by the characteristics, and the character is input by the method, converting the characters into ASCII codes, storing the ASCII codes into a two-dimensional array, and then identifying special characters in the rasterized data, including symbols, A number of, Calculating character distribution offset based on the detected special character position, carrying out error correction by combining with a character error judging threshold, setting the error judging threshold to 2% -5%, namely, if the character similarity is higher than 95%, retaining the original character, if the character similarity is lower than 95%, but higher than 90%, carrying out fuzzy matching replacement, if the character similarity is lower than 90%, removing the character, obtaining standardized input data in the mode, setting the target character length range to be 12-20 characters when the standardized input data is subjected to length standardization, if the character length is smaller than 12 characters, adopting a fixed filling mode to fill character '0' at the tail part to ensure that the data reaches the minimum length, if the character length is longer than 20 characters, intercepting the first 20 characters, deleting the excess part to enable the excess part to accord with the maximum length limit, and then carrying out character set coding processing on the normalized account data, converting all characters into a standard coding format by adopting a UTF-8 coding mode, calculating byte distribution characteristics of each character, storing the byte distribution characteristics into an account data storage structure, firstly calculating highest data of binary representation when carrying out forward bit filling processing on the coded account data, filling '1' at the front end of the data if the highest data is 0, filling '0' at the front end of the data if the highest data is 1, ensuring that the first character after filling the data and the original data form a binary inverse relation, enhancing the uniqueness of the data, then carrying out block segmentation on the filled data, adopting a fixed segmentation strategy, setting the length of each segment of data to be 4 bytes, sequentially splitting and storing the block storage units according to the sequence, and finally completing the construction of the account block data.

Preferably, step S2 comprises the steps of:

In this embodiment, when obtaining the IP positioning of the terminal device, the network interface of the industrial terminal device is used to obtain the public network IP address of the current device, the WHOIS database interface is invoked to query the IP address attribution information, including the distribution operator, the registration area and the autonomous system number ASN (Autonomous System Number ) of the IP address, the IP address attribution information and the historical access IP record of the industrial terminal device are compared by crossing, the secondary tracing analysis is performed on the address not within the known IP range, and the GeoIP database is used to obtain the detailed geographic information of the IP, including the country, City (city), Longitude and latitude information, meanwhile, backtracking suspicious IP addresses by combining a DNS analysis server to confirm whether the IP addresses belong to a proxy server, inquiring host names and subnet information corresponding to the IP by using an IP reverse analysis technology when carrying out geographic position reverse analysis on the IP positioning of terminal equipment, adopting global BGP (Border Gateway Protocol ) routing table data to cross-verify the accessibility of the IP addresses and possible routing paths, combining a geographic information database (such as MaxMind GeoIP or IP2 Location) to obtain longitude and latitude coordinates of the IP addresses, referring to IP address geographic position data provided by basic telecom operators to carry out comparison so as to improve analysis precision, and finally extracting country, country and company, City (city), When the positioning reference data are subjected to coordinate system conversion, normalization processing is firstly carried out according to the reference coordinates of a Global Navigation Satellite System (GNSS) (Global Navigation SATELLITE SYSTEM ), if the input data use a WGS-84 coordinate system (World Geodetic System 1984 ), ellipsoid parameters are converted to GCJ-02 (Mars coordinate system) to adapt to a domestic map service system, if CGCS2000 (China Geodetic Coordinate System, china country geodetic coordinate system 2000) is used, projection conversion is carried out to UTM (Universal Transverse Mercator, universal transverse axis cutterhead projection) coordinate system, so as to ensure the consistency of geographic coordinates, then the converted longitude and latitude values are extracted, numerical fuzzy superposition processing is carried out, namely, floating weighted disturbance is carried out on the last position of the longitude and latitude values, the digital values are disturbed by using Gaussian Noise (Gaussian Noise), so as to generate positioning area numbers, the security of different equipment positions is ensured, the relative accuracy of the equipment positions is maintained, the password of the user position is extracted, the user is input by using a time sequence key behavior monitoring module, and the user input data comprises the time sequence key input module when the user key input is used for inputting the key behavior information, The method comprises the steps of releasing time, key interval time and key duration, analyzing mouse moving path, speed and clicking position distribution of a user near a password input box by utilizing a mouse input track analysis module, further analyzing gesture stability, clicking force and acceleration characteristics during touch input in a user input process by adopting a biological characteristic recognition technology, constructing password behavior characteristic vectors by using a Long Short-Term Memory network (LSTM) based on time sequence modeling in combination with historical input behavior data, normalizing the password behavior characteristic vectors to serve as part of identity characteristic data, enhancing distinction degree of key behavior characteristics by a characteristic weighting mechanism, and performing vectorization processing on the password behavior characteristic data when tensor construction is performed on the password behavior characteristic and the key time sequence characteristic, The mouse track features and gesture stability features are respectively encoded into multidimensional feature vectors, feature data of different time steps are stored by using a three-dimensional Tensor (Tensor), and are subjected to normalization based on a time window mechanism, meanwhile account data are segmented according to hash indexes, and an account history login mode is extracted, The device uses records and account number change track data to construct a multidimensional behavior feature tensor, splices the password behavior tensor and the account number blocking tensor, extracts deep patterns after feature fusion by using a convolutional neural network (CNN, convolutional Neural Network, convolutional neural network) to enhance the relevance among different features to finally obtain identity feature data, when the positioning area numbers are subjected to time stamp fusion according to preset time stamp data, carries out millisecond time stamp recording on the current login time of the device, synchronizes network time service protocol (NTP, network Time Protocol, network time protocol) calibration, extracts historical login time sequence data, adopts a time window sliding mechanism to segment the login behavior, clusters the login records in the same time window, identifies a short-time high-frequency access mode, calculates a time feature mean value based on a weighted time smoothing method, combines the time feature vector with the positioning area numbers to generate space-time anchor data, when the identity feature data is subjected to dynamic fingerprint mapping based on the space-time anchor data, combines time dimension information of the space-time anchor data with behavior pattern information of the identity feature data to construct a multidimensional identity feature data, uses a hash mapping technology to carry out Multi-dimensional fingerprint feature data, uses a Multi-position feature window sliding mechanism to calculate a Multi-position feature fingerprint (high-fuzzy feature-fuzzy characteristic, and a high-fuzzy feature-fuzzy index (ATF-ATF) to be matched with a high-fuzzy feature, a fuzzy feature is calculated, and a fuzzy feature is matched with the fuzzy feature is calculated, and finally constructing the dynamic fingerprint of the user.

In this embodiment, when a Multi-dimensional tensor expansion is performed on a user dynamic fingerprint, a tensor decomposition technique is used to perform expansion processing on the user dynamic fingerprint data, the user dynamic fingerprint data is represented by a three-dimensional tensor, a first dimension represents a time sequence index, a second dimension represents a behavior feature channel, a third dimension represents a feature value, a high-order singular value decomposition (HOSVD, higher-Order Singular Value Decomposition) method is used to perform a dimension reduction decomposition on the dynamic fingerprint tensor, first a main direction component of the dynamic fingerprint tensor is calculated, a singular value decomposition is performed on the main direction component, feature vectors corresponding to the first k singular values are reserved as low-dimensional fingerprint features after expansion, the expanded fingerprint feature data is stored in a matrix structure, a matrix row represents a time index, represents a behavior feature value, when a nonlinear transformation is performed on a fingerprint space feature, a nonlinear mapping is performed on the fingerprint feature matrix, the fingerprint feature matrix is input into a three-Layer neural network, the first Layer is a full-connection Layer, an activation function is a re (RECTIFIED LINEAR Unit) used to extract a nonlinear feature component, the second Layer is a linear transformation (orthogonal transformation) is performed on the data by using a linear transformation matrix of 37-inverse transformation, and orthogonal transformation is performed by using a linear transformation matrix orthogonal transformation, and orthogonal transformation is performed on the data (orthogonal transformation) is performed by using a three-Layer matrix transformation method, firstly, a first column of a characteristic transformation matrix is selected as an initial base vector, a subsequent column vector is projected step by step, projection components of the characteristic transformation matrix on a constructed orthogonal base are calculated, normalization processing is carried out, a group of mutually orthogonal base vectors is finally obtained, orthogonalized data are stored as an orthogonalized feature matrix, each column of the matrix represents an orthogonalized feature component, each row represents a time index, when the orthogonalized feature matrix is projected in a key space, the orthogonalized feature matrix is projected in the key space by adopting a linear transformation method, firstly, a key matrix is constructed, the dimension of the key matrix is the same as the column number of the orthogonalized feature matrix, each key vector is generated by a pseudorandom number generator, a high-quality random sequence is generated by adopting a MERSENNE TWISTER (Meisson rotation method), matrix multiplication operation is carried out on the key matrix and the orthogonalized feature matrix, projection fingerprint data are obtained, and the projection fingerprint data are stored in an encryption format.

In this embodiment, when the projected fingerprint data is subjected to hierarchical slicing processing, the number of hierarchical slices is first determined, the range of the hierarchical slices is set to 3-5 layers, when the boundary of the hierarchical slices is set, a dynamic window segmentation method is adopted, the uniformity of a numerical interval is calculated according to the numerical distribution condition of the projected fingerprint data, the data is partitioned by a sliding window technology, the step size of each window is dynamically adjusted according to the mean square error of the data, so that the data distribution inside each hierarchical slice is kept relatively balanced, the sliced data is stored as a hierarchical matrix, each matrix represents one hierarchical slice, wherein rows represent time indexes, represent characteristic values, all the slice matrices are stored in independent data channels, and when cross-validation fusion is performed on the multi-level characteristic slices, selecting data of different level slices by adopting a block random sampling method, randomly extracting 10% -15% of data samples from each slice, calculating Euclidean distance between the slices to measure similarity of the data of different levels, adopting a K nearest neighbor (KNN, K-Nearest Neighbors) method to select nearest 5-10 neighbor data points to carry out weighted average to generate inter-layer associated data, adopting a characteristic weighting method to carry out dimension reduction treatment on characteristics with lower weight in the fusion process, enabling the fused data to be more compact, storing the fused inter-layer associated data as a characteristic vector format, firstly carrying out hash mapping on the inter-layer associated data when carrying out hash round-robin treatment based on the inter-layer associated data, adopting SHA-256 (53256, safe hash algorithm) to calculate the hash value of each data block, in order to increase the complexity of the hash result, a hash rotation technology is adopted to circularly shift each hash value, the shift direction and length are determined according to the average value of inter-layer associated data, if the average value is larger than a certain threshold value, the left rotation and the right rotation are carried out, otherwise, the rotated hash values are stored in a hash index table, and a mapping relation between the hash values and original data is established, when the rotation hash values are alternately shifted, a block shifting method is adopted to rearrange the hash values in the hash index table, the number of shifting times is set to 2-4, when each shifting is carried out, a bidirectional shifting strategy is adopted, firstly, two hash values are randomly selected from the index table to exchange, then four continuous hash values are selected to circularly shift, the distribution balance of the shifted data is ensured, after the alternating shifting, the position of each hash value in the index table is changed, the shifted data is stored as an authentication basic unit, when the hierarchical coding basic unit is used for carrying out hierarchical coding, the shifted data is divided into coding blocks with fixed size, when the length of each block is calculated according to the projection entropy value of the hash code (Boud-Chase) and the fingerprint code is calculated, and the fingerprint code is stored in a fingerprint code database, and the fingerprint code is finally coded, and the fingerprint code is obtained.

In this embodiment, when performing time-domain spectrum transformation on a layered authentication code, firstly, a fast fourier Transform (FFT, fast Fourier Transform) algorithm is used to Transform a numerical sequence of the layered authentication code, the amplitude and phase information of a time-domain signal on different frequency components are extracted, in the FFT calculation process, zero padding is performed on input data, so that the data length is expanded to an integer power of 2, so as to improve the calculation efficiency, after FFT transformation, spectrum data is stored as a complex matrix, wherein rows of the matrix represent frequency components, the columns represent time frames, each matrix unit stores the amplitude and phase information of the frequency components on the corresponding time frames, in order to avoid the influence of high-frequency noise on the signal quality, a low-pass filter is used to smooth the spectrum data, the cut-off frequency of the filter is determined according to the frequency distribution characteristics of the layered authentication code, the processed authentication spectrum data is stored as a three-dimensional tensor structure, when performing layered scattering transformation on the authentication spectrum data, firstly, a wavelet scattering transformation (WAVELET SCATTERING Transform) method is used to perform multi-scale expansion on the spectrum data, in the wavelet convolution process, a Morlet wavelet convolution is selected as a matrix, the matrix represents the frequency components, the time frames represent time frames, each matrix is represented by the matrix is processed in a three-dimensional dimension, the same as the method, the three dimensional scattering characteristic is calculated, the three dimensional scattering matrix is normalized, and the three dimensional scattering matrix is calculated, in order to improve the dimensional characteristic of the three dimensional characteristic matrix is calculated, and the three dimensional characteristic matrix is then, and the three dimensional characteristic matrix is processed, and the three dimensional matrix is obtained, and the matrix is processed by the three dimensional matrix is in a method of the method is high-dimensional matrix and dimensional matrix is obtained, simultaneously, the maximum variance information is reserved, finally, a scattering distribution matrix is generated, when multi-axis vector Rotation simulation is carried out on the scattering distribution matrix, feature decomposition is carried out on the matrix, principal component vectors are extracted, the number of Rotation axes is set, the number of Rotation axes is determined according to the number of principal components of the matrix, a random Rotation matrix generation method is adopted, a Rotation transformation matrix is constructed, the random Rotation matrix adopts an orthogonal matrix form so as to ensure that the norm of the matrix after Rotation is kept unchanged, in the actual calculation process, a Givens Rotation (Givens Rotation) method is selected for carrying out uniaxial Rotation operation, in addition, householder transformation (Householder Transformation) is adopted for carrying out high-dimensional Rotation on the matrix, so as to simulate disturbance effects of different angles, rotated data are stored as Rotation disturbance data matrixes, in addition, in a logarithmic normalization method is adopted for carrying out standardization on the data range, in a convolution fusion processing is carried out on Rotation disturbance data and layered authentication codes, in addition, a depth convolution neural network (CNN, convolutional Neural Network) method is adopted for carrying out feature fusion, firstly, rotation disturbance data and layered authentication codes are expanded into the same dimension, channel alignment is carried out, in a convolution operation, a convolution operation is selected 3X 3 convolution kernel is carried out, convolution step size is set as a convolution function, and a linear offset correction is carried out on the data (LU) is kept in a linear offset correction and a linear offset correction (35) is carried out, and a preparation-offset correction and a linear correction and a preparation-free function is carried out on the linear correction-phase-offset correction-carried out function is carried out on the data (35), the method comprises the steps of adopting a self-adaptive gradient optimization (Adam, adaptive Moment Estimation) method to dynamically adjust gradient directions, firstly calculating a gradient matrix of offset preparation data, calculating first moment estimation and second moment estimation, adopting an exponential decay averaging method to smooth historical gradients in the gradient calculation process so as to reduce gradient oscillation, adopting a key integration method to reconstruct keys after gradient adjustment, adopting a key derivation algorithm based on Hash Tree (Hash Tree) to carry out Hash mapping on the adjusted gradient data, generating a key branching structure, and finally obtaining an offset authentication key.

In this embodiment, when performing differential integrity detection on an offset authentication key, firstly, performing hash computation on key data by using a hash integrity verification method, performing unidirectional mapping on the offset authentication key by using SHA-256 (Secure Hash Algorithm-bit, 256 bits of a secure hash algorithm) in the computation process to generate hash summary data with a fixed length, after the hash computation is completed, comparing a current hash value with a stored reference hash value by using a block comparison method, setting granularity of the block comparison to 32 bytes so as to ensure that the detection process can be accurate to a single data block layer, calculating a Hamming distance (HAMMING DISTANCE) between hash values for detecting data variation, judging that the offset authentication key is abnormal in integrity if the Hamming distance exceeds a preset threshold, constructing a decision model by using a CART (Classification and Regression Tree ) algorithm when constructing a multidimensional decision tree according to an integrity index, and firstly defining decision variables including the integrity deviation, a data block differential ratio, sample layering is carried out on an integrity Index data set according to key difference integrity characteristics, a layering standard is set according to key difference integrity characteristics, a base Index (Gini Index) is adopted as a splitting criterion, the non-purity of the data set in different characteristic dimensions is calculated, a characteristic with the minimum non-purity is selected as a splitting point, a decision sub-tree is recursively constructed, a final multidimensional decision tree is generated, offset authentication key data is input in a rule checking process, step-by-step judgment is carried out on the key data according to splitting paths of the multidimensional decision tree, a rule checking result is finally obtained, the rule checking result is stored as a binary identification, a value of 0 indicates that the checking is not passed, a value of 1 indicates that the checking is passed, when the rule checking result is that the checking is not passed, a terminal first page is directly returned, an account authentication error process is recorded, the error record adopts a log storage mode, and the log format comprises an authentication time stamp, A key data hash value, Error type and system state information, in order to ensure log integrity, carry out AES-256 (Advanced Encryption Standard-bit, advanced encryption standard 256 bits) encryption on log data, encryption key is stored in a security storage module (Secure Storage Module), at the same time, accumulate authentication failure counts, trigger an account freezing mechanism according to failure times, trigger an automatic locking logic if authentication failure times exceed a preset threshold, update account state identification in a database, when a rule check result is check pass, carry out elliptic curve mapping on an offset authentication key, adopt an elliptic curve encryption (ECC, elliptic Curve Cryptography) method, firstly select elliptic curve parameters, a curve equation is set as y2=x ³ +ax+b, parameters a and b are set according to NIST (National Institute of STANDARDS AND Technology ) recommended standard, firstly convert the offset authentication key into point coordinates on an elliptic curve, adopt a base point generation mode, calculate corresponding elliptic curve points, finally generate a curve mapping key, store the curve mapping key as a point set, carry out a polynomial approximation curve mapping method, adopt a higher order polynomial curve fitting method (QR) and take a polynomial fitting method, take a maximum fitting method to a maximum factor of a plurality of order curve-fitting method (QR 4) to ensure that the maximum fitting precision is carried out in a curve-fitting method is carried out, a maximum order-fitting method is carried out, a maximum-step-size curve-approximation method is adopted to be a maximum-step-key is carried out, and a maximum-step-key is calculated, and a maximum-step-size is a is calculated, and a maximum-down, and a maximum-of a is a and a maximum-step-and a is a, and a is a, in order to improve the calculation stability, the fitted data is stored as a continuous correction key, and when the continuous correction key is subjected to mixed hash processing based on preset external state factors, external state factor variables including system time are defined at first, A Device identification code (Device ID), User behavior mode, etc., adopt SHA-512 (Secure Hash Algorithm-bit) to carry on one-way Hash conversion to the continuous correction key, and regard external state factor as the Hash input parameter, produce the final adaptive key metadata, in order to improve the key security, adopt HMAC (Hash-based Message Authentication Code, message authentication code based on Hash) method, carry on the second verification to the Hash result, carry on the recursion compression coding to the adaptive key metadata, use idempotent Huffman coding (Idempotent Huffman Coding) method, carry on the variable length coding to the key data, first count the appearance frequency of every character in the key data, construct Huffman tree, and distribute the code according to the weight, adopt the recursive mode to encode and optimize, in the course of encoding, detect the redundancy of the data block, and carry on the repeated compression to the high redundancy data block, finally produce the dynamic token data.

Preferably, step S5 comprises the steps of:

In this embodiment, when key deconstructing is performed based on dynamic token data, firstly, resolving the dynamic token data, adopting a block resolving mode in the resolving process, setting the size of each data block to 16 bytes, performing hash interception processing on the key data obtained through resolving, adopting an SHA-384 (Secure Hash Algorithm 384-bit) method in the intercepting mode, performing hash calculation on the data block, intercepting the first 128-256 bits of the hash result as key main data, performing normalization processing on the intercepted key data to ensure consistency of the key data, adopting maximum and minimum normalization in the normalization method, mapping the key data to an interval [0,1], performing vector space mapping on the key data based on a Gaussian random projection (Gaussian Random Projection) method after key normalization is completed, firstly constructing a projection matrix with a dimension of 128×32 in the vector mapping process, generating the matrix according to normal distribution N (0, 1), performing orthogonalization processing to ensure stability of the vector mapping, performing projection conversion on the normalized key data as input by adopting matrix multiplication, finally generating a link initialization vector, and using a link initialization vector data as an initial floating matrix with a 32-128 dimension, and a UUID (UUID) based on a serial number of a terminal, and firstly, when a link terminal is configured to be a serial number of a unique device is configured based on a UUID (UUID, and a terminal is configured to be a serial number of a terminal is uniquely based on a serial number of a terminal is loaded, and a terminal is configured and a terminal is uniquely based on a serial number of a terminal is loaded on a serial number of a terminal device and a terminal is a terminal serial device and a terminal is a serial device and a serial device is a serial device, network card MAC Address (MEDIA ACCESS Control Address ), Firmware version number and the like, carrying out SHA-512 Hash computation on UUID data, intercepting the first 256 bits as a terminal equipment identity, carrying out Hash fusion processing on a link initialization vector and the terminal equipment identity, wherein the fusion processing adopts an HMAC (Hash-based Message Authentication Code-based message authentication code) method, a secret key is set as an equipment private key, after the fusion computation is completed, a terminal equipment trust link is generated, a terminal equipment trust link data format is a Hash value with a fixed length, then the user identity is matched according to the terminal equipment trust link, the matching process adopts a data query mode based on Hash index, firstly, a preset user information base is subjected to Hash index construction, an index structure adopts a B+ Tree (B+ Tree) data structure, so that query efficiency is improved, in the user matching process, the terminal equipment trust link Hash value is input, and quick search is carried out according to the index structure, if a matching item is searched, corresponding authentication user information is returned, and the authentication user information storage format comprises user ID, When carrying out authority mapping processing based on authentication user information, authority level, equipment binding information and the like, firstly loading an authority control rule set, wherein the authority control rule set is stored in a JSON (JavaScript Object Notation ) format, and each rule comprises a user role, an access authority, a user interface and a user interface, Performing rule matching on authentication user information, wherein in the matching process, user Role information is extracted according to user ID, corresponding authority levels are searched in an authority rule set according to the Role information, a mapping mode based on RBAC (Role-Based Access Control ) model is adopted as an authority mapping mode, a corresponding authority set is obtained according to the user Role in the mapping process, an authority control matrix is constructed according to the authority set, the authority control matrix is stored in a two-dimensional array, the row represents the user Role, the column represents executable operation, the matrix element value is 0 represents no authority, the value is 1 represents execution authority, after authority mapping is completed, authority control data are generated, when account number conversation construction is performed on a trust link of terminal equipment according to the authority control data, authentication user information is firstly loaded, account number state verification is performed according to the authority control data, in the account number state verification process, whether a user account is in a normal state or not is checked, and the state information is derived from a user database and comprises an account activation state, If the account state is normal, generating an account session Token, wherein the Token generation mode adopts a JWT (JSON Web Token) mechanism, and the Token format comprises a user ID, a permission level, an issuing time, Expiration time and the like, adopting HMAC-SHA256 (Hash-based Message Authentication Code Secure Hash Algorithm-256-bit, hash-based message authentication code secure Hash algorithm 256 bits) to carry out signature processing, ensuring the integrity of a token, storing the generated authentication account session in a server session management module, adopting Redis (Remote Dictionary Server ) to carry out session caching so as to improve the access efficiency, returning an account session token after the session establishment is completed, and allowing a user to carry out subsequent operation.

The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.

The foregoing is only a specific embodiment of the invention to enable those skilled in the art to understand or practice the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. An account authentication method, characterized in that it is applied to remote operation and maintenance of industrial terminal equipment, comprising the following steps:

Step S1: collecting the account information and password information input by the user; performing device synchronization reaction detection on the account information and password information input by the user, and eliminating character errors of the account information input by the user based on the synchronization reaction detection result to obtain standardized input data; performing structural standardization processing on the standardized input data, and performing block mapping to generate account block data;

Step S2: Obtain the IP location of the terminal device; perform latitude and longitude mapping on the IP location of the terminal device, and perform latitude and longitude end digit superposition to obtain the location area number; perform dynamic fingerprint construction on the user input password information and account block data based on the location area number to generate a user dynamic fingerprint;

Step S3: Perform key matrix projection based on the user's dynamic fingerprint to generate projected fingerprint data; construct a hierarchical authentication code based on the projected fingerprint data;

Step S4: Perform disturbance shift simulation on the layered authentication code to generate a shift authentication key; perform dynamic rule verification on the shift authentication key, and perform adaptive key fitting based on the rule verification result to generate dynamic token data;

Step S5: Building a terminal device trust link based on the dynamic token data; performing permission control mapping according to the terminal device trust link, and building an authentication account session.

2. The account authentication method according to claim 1, characterized in that step S1 comprises the following steps:

Step S11: collecting user input account information and user input password information, and monitoring device mouse and keyboard behavior data at the same time; performing input behavior sequence recognition on the device mouse and keyboard behavior data to generate an input behavior feature vector; performing input behavior reverse deduction on the user input account information and user input password information to generate the required input behavior feature;

Step S12: Perform synchronous reaction detection on the input behavior feature vector based on the required input behavior feature to obtain the input behavior synchronization result. When the input behavior synchronization result is determined to be an asynchronous input behavior, directly return to the terminal homepage and record the account authentication error process; when the input behavior synchronization result is determined to be a synchronous input behavior, execute the subsequent steps;

Step S13: rasterizing the user input account information to obtain rasterized input account information; identifying special characters in the rasterized input account information; and performing character error elimination on the rasterized input account information based on the special characters, wherein the character error determination threshold is set to a character error rate of 2%-5% to obtain standardized input data;

Step S14: Standardize the length of the standardized input data, and set the target length range to 12-20 characters. If the character length is less than 12 characters, fill it with "0" at the end. If it exceeds 20 characters, cut off the first 20 characters to generate standardized account data. Perform character set encoding on the standardized account data to obtain account code data.

Step S15: forward-fill the account code data to generate account filling data; segment the account filling data into blocks to generate account block data.

3. The account authentication method according to claim 1, characterized in that step S2 comprises the following steps:

Step S21: Obtain the IP location of the terminal device; perform reverse analysis of the geographical location of the IP location of the terminal device to generate positioning reference data;

Step S22: convert the coordinate system of the positioning reference data to obtain original geographic coordinate data; extract longitude and latitude values based on the original geographic coordinate data; perform fuzzy superposition of the last digit values of the longitude and latitude values to obtain the positioning area number;

Step S23: extracting password behavior features of the password information input by the user; constructing a tensor for the password behavior features and account block data, and integrating the data to generate identity feature data;

Step S24: performing timestamp fusion on the positioning area number according to the preset timestamp data to obtain spatiotemporal anchor point data;

Step S25: Perform dynamic fingerprint mapping on the identity feature data based on the spatiotemporal anchor point data to generate a user dynamic fingerprint.

4. The account authentication method according to claim 1, characterized in that the key matrix projection based on the user's dynamic fingerprint in step S3 comprises:

Perform multi-dimensional tensor expansion on user dynamic fingerprints and extract fingerprint space features;

Perform nonlinear transformation on fingerprint space features to generate feature transformation data;

Perform orthogonal basis mapping on the characteristic transformation data and construct an orthogonal characteristic matrix;

The orthogonal feature matrix is projected into the key space to generate the projected fingerprint data.

5. The account authentication method according to claim 1, characterized in that the step S3 of constructing a hierarchical authentication code based on the projected fingerprint data comprises:

The projected fingerprint data is sliced hierarchically, where the slice level is 3-5 layers, and multi-level feature slices are obtained;

Perform cross-validation fusion on multi-level feature slices, with the fusion times ranging from 5 to 10 times, to generate inter-layer correlation data;

Perform hash rotation processing based on inter-layer association data to obtain a rotation hash value;

Performing an alternating permutation process on the rotating hash value, wherein the number of permutation operations ranges from 2 to 4 times, to generate a permutation authentication basic unit;

The replacement authentication basic units are hierarchically encoded and integrated to obtain a hierarchical authentication code.

6. The account authentication method according to claim 1, characterized in that the perturbation and offset simulation of the layered authentication code in step S4 comprises:

Performing time domain spectrum transformation on the hierarchical authentication code to obtain authentication spectrum data;

Performing hierarchical scattering transformation on the certified spectrum data and performing distribution matrix conversion to generate a scattering distribution matrix;

Perform multi-axis vector rotation simulation on the scattering distribution matrix to obtain rotation disturbance data;

Perform convolution fusion processing on the rotation disturbance data and the layered authentication code to generate offset preparation data;

Gradient flow adjustment is performed based on the offset preparation data, and key integration processing is performed to generate an offset authentication key.

7. The account authentication method according to claim 1, characterized in that the step S4 of performing dynamic rule verification on the offset authentication key and performing adaptive key fitting based on the rule verification result comprises:

Perform differential integrity detection on the offset authentication key to obtain an integrity verification indicator;

A multidimensional decision tree is constructed according to the integrity index, and a rule verification is performed on the offset authentication key based on the multidimensional decision tree to obtain a rule verification result;

When the rule verification result is verification failure, it will directly return to the terminal homepage and record the account authentication error process;

When the rule verification result is verification passed, the offset authentication key is mapped by elliptic curve to obtain the curve mapping key;

Perform high-order polynomial approximation processing on the curve mapping key to obtain a continuous correction key;

Performing mixed hashing on the continuous correction key based on a preset external state factor to obtain adaptive key metadata;

The adaptive key metadata is recursively compressed and encoded to obtain dynamic token data.

8. The account authentication method according to claim 1, characterized in that step S5 comprises the following steps:

Step S51: Deconstruct the key based on the dynamic token data, set the key length range to 128-256 bits, and perform vector space mapping, set the vector dimension to 32-128 dimensions, to obtain a link initialization vector;

Step S52: constructing a terminal device trust link based on the link initialization vector; performing authentication user matching on the terminal device trust link according to a preset user information database to obtain authentication user information;

Step S53: Perform permission mapping based on the authenticated user information to obtain permission control data;

Step S54: construct an account session for the terminal device trust link according to the authority control data to obtain an authenticated account session.

9. An account authentication system, characterized in that it is used to execute the account authentication method according to claim 1, and the account authentication system comprises:

The account processing module is used to collect the account information and password information input by the user; remove character errors from the account information input by the user to obtain standardized input data; perform structural standardization on the standardized input data, and perform block mapping to generate account block data;

The positioning fingerprint module is used to obtain the IP location of the terminal device; perform latitude and longitude mapping on the IP location of the terminal device, and perform latitude and longitude end digit superposition to obtain the positioning area number; based on the positioning area number, perform dynamic fingerprint construction on the user input password information and account block data to generate a user dynamic fingerprint;

The key projection module is used to perform key matrix projection based on the user's dynamic fingerprint to generate projected fingerprint data; and to construct a hierarchical authentication code based on the projected fingerprint data;

The key perturbation module is used to simulate the perturbation offset of the layered authentication code to generate the offset authentication key; perform dynamic rule verification on the offset authentication key, and perform adaptive key fitting based on the rule verification result to generate dynamic token data;

The trust authentication module is used to build a terminal device trust link based on dynamic token data; perform permission control mapping according to the terminal device trust link, and build an authentication account session.

10. A computer-readable storage medium storing a computer program, wherein when the computer program is executed, the account authentication method according to any one of claims 1 to 8 is implemented.