[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN106992968B - Face continuous authentication method based on client - Google Patents

Face continuous authentication method based on client Download PDF

Info

Publication number
CN106992968B
CN106992968B CN201710122166.4A CN201710122166A CN106992968B CN 106992968 B CN106992968 B CN 106992968B CN 201710122166 A CN201710122166 A CN 201710122166A CN 106992968 B CN106992968 B CN 106992968B
Authority
CN
China
Prior art keywords
face
client
server
features
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710122166.4A
Other languages
Chinese (zh)
Other versions
CN106992968A (en
Inventor
曹耀和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Zhibei Information Technology Co ltd
Original Assignee
Zhejiang Zhibei Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Zhibei Information Technology Co ltd filed Critical Zhejiang Zhibei Information Technology Co ltd
Priority to CN201710122166.4A priority Critical patent/CN106992968B/en
Publication of CN106992968A publication Critical patent/CN106992968A/en
Application granted granted Critical
Publication of CN106992968B publication Critical patent/CN106992968B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention relates to a face continuous authentication method based on a client, which comprises a registration stage, a face feature template of a user is obtained and stored; in the login authentication stage, the server side verifies the login request of the client side and identifies whether the face characteristics of the client side are consistent with the registered face characteristics; and in the continuous authentication stage, the client side initiates a re-authentication request within a set time interval, the server side respectively extracts common face change characteristics and/or subtle characteristics of the face from the received real-time face image of the client side, verifies whether the common face change characteristics and/or the subtle characteristics of the face are consistent with those of registration and storage, and judges whether the real-time communication connection with the client side is continuously kept. The invention implements multi-layer and continuous human face real-time identity authentication on the client, automatically completes the authentication without user intervention, increases the difficulty of a hacker in cracking the security measures of the client, and greatly improves the security of the data information of the client.

Description

Face continuous authentication method based on client
Technical Field
The invention relates to the technical field of data security, in particular to a face continuous authentication method based on a client.
Background
With the rapid development of network technology, the communication between the client of the mobile device and the client of the PC and the server is faced with a serious security problem. The safety issue mainly relates to: communication data leakage, illegal attack of a man-in-the-middle to the server, access of an illegal client to the server, and the like.
On the other hand, the authentication mode between the client and the server is one-time and one-layer at present, the security measures are easy to be attacked and cracked by network hackers, the network hackers are provided with opportunities, and great hidden dangers are brought to the data information security of users. In a protection mechanism adopting the password, the data confidentiality effect is limited, the probability of the adopted password being cracked is high, and the password is inconvenient to memorize; in the protection mechanism adopting the external key, the physical object, namely the external key is used as an identity certificate to replace password memory, so that the external key is not easy to break and needs no memory, once the external key is lost or stolen, a user can be stranded, and once the authority is granted, the user is difficult to cancel or interrupt in the using process of a system or software, and once a ciphertext is decrypted, the plaintext is difficult to recover into the ciphertext.
In order to solve the problems of the two protection mechanisms, the prior art also provides a scheme for protecting data by using human face features. The scheme stores the password and the template data of the human face features in the computer, and when a user uses the computer to encrypt or decrypt data, the legality of the user can be checked through the human face features of the user, so that the aim of data protection is fulfilled. The identity authentication method based on the face recognition technology overcomes the defects of the traditional identity authentication method, has higher safety, reliability and effectiveness, is more and more emphasized by people, and gradually enters various fields of social life.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a face continuous authentication method based on a client, so as to improve the security of communication, continuous real-time identity authentication and authority management between the client and a server.
The invention is realized in this way, and provides a face continuous authentication method based on a client, which comprises the following steps:
A. a registration stage, wherein user registration information is obtained and stored, and comprises a user password and a face feature template; the face feature template comprises face features, common change features of the face, such as expressions and changes thereof, face shaking features and the like, and fine features of the face, such as lip changes, eyeball movement and the like;
B. in the login authentication stage, when a login authentication request and a face image sent by the client are received, the server extracts face features from the received face image, and determines a target user consistent with the extracted face features in the stored user registration information; after the server passes the verification, the client acquires a password and an authentication result fed back by the server to complete login;
C. in the continuous authentication stage, the client initiates a re-authentication request within a set time interval, extracts the most suitable face image of the user based on the real-time video image, processes the face image and sends the face image to the server, the server extracts the common change features of the face and/or the subtle features of the face from the received face image and determines the target user consistent with the extracted common change features of the face and/or the subtle features of the face in the stored user registration information; and B, the server side verifies whether the target user is consistent with the login authentication target user in the step B in real time, and judges whether to continue to keep real-time communication connection with the client side to finish continuous authentication.
The server side provides continuous authentication for the client side, and the continuous authentication is automatically completed without user intervention. The method increases the difficulty of a hacker in cracking the security measures of the client, and greatly improves the security of the user data information.
Further, the human face features comprise 68 key points and contained areas of edge outlines of five areas, namely eyes, eyebrows, a nose, a mouth and a jaw, and common change features of the human face comprise expressions and changes thereof, face shaking features and blink frequency; the subtle features of the human face comprise lip changes, eyeball movement and sight line changes;
further, in the step C, the time interval of the server side for verifying the common change features of the human face in real time is 1-30 seconds, and the time interval of the server side for verifying the fine features of the human face in real time is 1-30 milliseconds.
Further, the server side verifies that the key points and the area combinations of the common change features of the face are random in real time, and verifies that the key points and the area combinations of the fine features of the face are random in real time.
Further, the continuous authentication phase in step C includes the following steps:
step C1, the client sends a continuous token protection request, the continuous token protection request comprises the encrypted environment information of the client with unique identification function and the face feature set selected in a relevant way;
step C2, the server receives the continuous token protection request, inquires the registration authentication information of the user, confirms the login state, generates a random challenge value, and transmits the encrypted challenge value to the client;
step C3, the client decrypts the challenge value, starts one-time token calculation at a set interval time, encrypts the generated token and transmits the encrypted token to the server;
step C4, the server receives and decrypts the token, carries out synchronous matching verification and authentication processing, and feeds back the user identity authentication result; if the user identity authentication result is qualified, the mutual information communication between the client and the server is continuous, and if the user identity authentication result is failed, the mutual information communication is interrupted; the server side counts and stores the user identity authentication result;
and step C5, after mutual information communication between the client and the server is interrupted due to the failure of the user identity authentication result, the client needs to log in again to be connected with the server.
Further, the method comprises a policy analysis method of the server, when the failure times of the user identity authentication result of the server verifying the common change characteristics of the human face in real time within the set time t1 are equal to or greater than a set value N1, and/or,
and in a set time t2, when the failure times of the user identity authentication result of the server side for verifying the fine characteristics of the human face in real time are equal to or more than a set value N2, the mutual information communication between the client side and the server side is interrupted.
Compared with the prior art, the continuous face authentication method based on the client side implements multi-layer continuous real-time face identity authentication on the client side, and is automatically completed without user intervention. The invention increases the difficulty of hackers in cracking the security measures of the user client, greatly improves the security of data information of the client, and ensures the security of communication between the client and the server.
Drawings
FIG. 1 is a schematic diagram illustrating a communication process between a client and a server according to the present invention;
FIG. 2 is a schematic flow chart illustrating the continuous authentication phase of the present invention;
fig. 3 is a schematic diagram of the distribution of human face features according to the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects to be solved by the present invention more clearly apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, a preferred embodiment of the present invention for a face continuous authentication method based on a client includes the following steps:
A. a registration stage, wherein user registration information is obtained and stored, and comprises a user password and a face feature template R; the face feature template R comprises face features R1, common variation features R2 of the face and subtle features R3 of the face.
The face features R1 include 68 key points of the edge contour of five areas, namely, the eyes, eyebrows, nose, mouth, and chin, as shown in fig. 3. The common change characteristics of the human face comprise expressions and changes thereof, human face shaking characteristics, blink frequency and the like; the fine features of the human face comprise lip changes, eyeball movement, sight line changes and the like.
B. In the login authentication stage, when a login authentication request and a face image sent by the client are received, the server extracts a face feature R1 from the received face image, and determines a target user consistent with the extracted face feature in the stored user registration information; and after the server passes the verification, the client acquires the password and the authentication result fed back by the server to complete login.
And the server program is installed on the server, completes the functions of user registration, login authentication, real-time continuous identity authentication and access control, and provides an operation interface for user management, log audit and security parameter configuration for a security administrator.
And the client program is installed on the client, provides real-time continuous identity information for the user, and provides user registration, real-time login operation and real-time authentication protection operation for the user. The client processes the face image, and the face image processing method comprises the following steps: feature extraction, feature random projection, key generation, feature error correction and the like.
C. A continuous authentication stage, wherein the client initiates a re-authentication request within a set time interval, extracts a most suitable user face image based on a real-time video image, processes the face image, and sends the face image to a server, the server extracts a common change feature R2 of the face and/or a subtle feature R3 of the face from the received face image, and determines a target user consistent with the extracted common change feature R2 of the face and/or the subtle feature R3 of the face in the stored user registration information; and B, the server side verifies whether the target user is consistent with the login authentication target user in the step B in real time, and judges whether to continue to keep real-time communication connection with the client side to finish continuous authentication.
In the step C, the time interval of the server side for verifying the common change characteristics R2 of the human face in real time is 1-30 seconds, and the time interval of the server side for verifying the fine characteristics R3 of the human face in real time is 1-30 milliseconds.
The server side verifies that the key points and the area combination of the common change characteristics R2 of the human face are random in real time, and the server side verifies that the key points and the area combination of the fine characteristics R3 of the human face are random in real time.
The face continuous authentication method based on the client terminal further comprises a strategy analysis method of the server terminal, and when the failure frequency of the server terminal for verifying the user identity authentication result of the common change characteristic R2 of the face in real time is equal to or more than a set value N1 within a set time t1, and/or when the failure frequency of the server terminal for verifying the user identity authentication result of the fine characteristic R3 of the face in real time is equal to or more than a set value N2 within a set time t2, mutual information communication between the client terminal and the server terminal is interrupted.
The time t1 may be set to 1 minute to 5 minutes, and the time t2 may be set to 30 seconds to 1 minute.
Referring to fig. 2, the continuous authentication phase in step C includes the following steps:
step C1, the client sends a continuous token protection request, the continuous token protection request comprises the encrypted environment information of the client with unique identification function and the face feature set selected in a relevant way;
step C2, the server receives the continuous token protection request, inquires the registration authentication information of the user, confirms the login state, generates a random challenge value, and transmits the encrypted challenge value to the client;
step C3, the client decrypts the challenge value, starts one-time token calculation at a set interval time, encrypts the generated token and transmits the encrypted token to the server;
step C4, the server receives and decrypts the token, carries out synchronous matching verification and authentication processing, and feeds back the user identity authentication result; if the user identity authentication result is qualified, the mutual information communication between the client and the server is continuous, and the client is given permission to allow the client to access the protected resource of the server; if the user identity authentication result fails, mutual information communication is interrupted, and the server cancels the authority of the client to access the protected resource; the server side counts and stores the user identity authentication result;
and step C5, after mutual information communication between the client and the server is interrupted due to the failure of the user identity authentication result, the client needs to log in again to be connected with the server.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (5)

1. A face continuous authentication method based on a client is characterized by comprising the following steps:
A. a registration stage, wherein user registration information is obtained and stored, and comprises a user password and a face feature template; the face feature template comprises face features, common change features of the face and fine features of the face;
B. in the login authentication stage, when a login authentication request and a face image sent by the client are received, the server extracts face features from the received face image, and determines a target user consistent with the extracted face features in the stored user registration information; after the server passes the verification, the client acquires a password and an authentication result fed back by the server to complete login;
C. in the continuous authentication stage, the client initiates a re-authentication request within a set time interval, extracts the most suitable face image of the user based on the real-time video image, processes the face image and sends the face image to the server, the server extracts the common change features of the face and/or the subtle features of the face from the received face image and determines the target user consistent with the extracted common change features of the face and/or the subtle features of the face in the stored user registration information; the server side verifies whether the target user is consistent with the login authentication target user in the step B in real time, and judges whether to continue to keep real-time communication connection with the client side to finish continuous authentication;
in the step C, the time interval of the server side for verifying the common change characteristics of the face in real time is 1-30 seconds, and the time interval of the server side for verifying the fine characteristics of the face in real time is 1-30 milliseconds.
2. The client-based continuous authentication method for human faces according to claim 1, wherein the human face features comprise 68 key points and their containing areas of the edge contour of five areas of eyes, eyebrows, nose, mouth and jaw, and the common variation features of the human face comprise expressions and their variations, face shaking features and blink frequency; the subtle features of the human face include lip changes, eye movement and gaze changes.
3. The client-based face continuous authentication method as claimed in claim 2, wherein the server side verifies that the key points of the common variation features of the face and the area combinations thereof are random in real time, and the server side verifies that the key points of the fine features of the face and the area combinations thereof are random in real time.
4. The continuous authentication method for human face based on client end as claimed in claim 1, wherein the continuous authentication phase in step C comprises the following steps:
step C1, the client sends a continuous token protection request, the continuous token protection request comprises the encrypted environment information of the client with unique identification function and the face feature set selected in a relevant way;
step C2, the server receives the continuous token protection request, inquires the registration authentication information of the user, confirms the login state, generates a random challenge value, and transmits the encrypted challenge value to the client;
step C3, the client decrypts the challenge value, starts one-time token calculation at a set interval time, encrypts the generated token and transmits the encrypted token to the server;
step C4, the server receives and decrypts the token, carries out synchronous matching verification and authentication processing, and feeds back the user identity authentication result; if the user identity authentication result is qualified, the mutual information communication between the client and the server is continuous, and if the user identity authentication result is failed, the mutual information communication is interrupted; the server side counts and stores the user identity authentication result;
and step C5, after mutual information communication between the client and the server is interrupted due to the failure of the user identity authentication result, the client needs to log in again to be connected with the server.
5. The continuous authentication method for human face based on client end according to claim 1, further comprising a policy analysis method of the server end, wherein the server end verifies the failure times of the user identity authentication result of the common variation feature of human face in real time within the set time t1 is equal to or greater than the set value N1, and/or,
and in a set time t2, when the failure times of the user identity authentication result of the server side for verifying the fine characteristics of the human face in real time are equal to or more than a set value N2, the mutual information communication between the client side and the server side is interrupted.
CN201710122166.4A 2017-03-03 2017-03-03 Face continuous authentication method based on client Active CN106992968B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710122166.4A CN106992968B (en) 2017-03-03 2017-03-03 Face continuous authentication method based on client

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710122166.4A CN106992968B (en) 2017-03-03 2017-03-03 Face continuous authentication method based on client

Publications (2)

Publication Number Publication Date
CN106992968A CN106992968A (en) 2017-07-28
CN106992968B true CN106992968B (en) 2020-05-19

Family

ID=59411805

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710122166.4A Active CN106992968B (en) 2017-03-03 2017-03-03 Face continuous authentication method based on client

Country Status (1)

Country Link
CN (1) CN106992968B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965326A (en) * 2018-08-21 2018-12-07 南京国电南自电网自动化有限公司 A kind of boss's station secure communication control method and system based on user identity authentication
KR102493561B1 (en) * 2018-09-18 2023-01-31 삼성전자 주식회사 Electronic device and method for controlling connection of external device thereof
CN109145562A (en) * 2018-09-25 2019-01-04 浙江智贝信息科技有限公司 A kind of lasting authenticating identity method and its equipment by finger print mouse
CN110730169A (en) * 2019-09-29 2020-01-24 北京东软望海科技有限公司 Processing method, device and system for guaranteeing account security
CN114095233B (en) * 2021-11-16 2024-10-29 神思电子技术股份有限公司 Continuous user authentication method based on positioning information
CN114416282A (en) * 2021-12-24 2022-04-29 深信服科技股份有限公司 Connection control method, device, related equipment and storage medium
CN116861496A (en) * 2023-09-04 2023-10-10 合肥工业大学 Intelligent medical information safety display method and system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106339658A (en) * 2015-07-09 2017-01-18 阿里巴巴集团控股有限公司 Data processing method and device

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040151347A1 (en) * 2002-07-19 2004-08-05 Helena Wisniewski Face recognition system and method therefor
JP2010027035A (en) * 2008-06-16 2010-02-04 Canon Inc Personal authentication equipment and personal authentication method
CN101958892B (en) * 2010-09-16 2013-02-20 汉王科技股份有限公司 Electronic data protection method, device and system based on face recognition
CN103384234B (en) * 2012-05-04 2016-09-28 深圳市腾讯计算机系统有限公司 Face identity authentication and system
CN104717069B (en) * 2014-05-07 2016-01-06 哈尔滨维科智能系统有限公司 Based on the electronic transaction identification method of face recognition
CN104143083B (en) * 2014-07-11 2018-03-02 北京神州智联科技有限公司 A kind of face identification system of Kernel-based methods management
JP2016081249A (en) * 2014-10-15 2016-05-16 株式会社ソニー・コンピュータエンタテインメント Information processing device and information processing method
JP6096161B2 (en) * 2014-10-15 2017-03-15 ソニー株式会社 Information processing apparatus and information processing method
CN104376249A (en) * 2014-11-28 2015-02-25 苏州福丰科技有限公司 Automatic teller system and processing method based on three-dimensional face recognition

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106339658A (en) * 2015-07-09 2017-01-18 阿里巴巴集团控股有限公司 Data processing method and device

Also Published As

Publication number Publication date
CN106992968A (en) 2017-07-28

Similar Documents

Publication Publication Date Title
CN106992968B (en) Face continuous authentication method based on client
KR102689195B1 (en) Method and device for realizing session identifier synchronization
CN107251035B (en) Account recovery protocol
CN106161032B (en) A kind of identity authentication method and device
US20180082050A1 (en) Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device
CN106888084B (en) Quantum fort machine system and authentication method thereof
WO2020182151A1 (en) Methods for splitting and recovering key, program product, storage medium, and system
CN106921663B (en) Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal
US10686771B2 (en) User sign-in and authentication without passwords
CN105656862B (en) Authentication method and device
CN107257334A (en) Identity authentication method for Hadoop cluster
CN107733636B (en) Authentication method and authentication system
CN109145562A (en) A kind of lasting authenticating identity method and its equipment by finger print mouse
CN103780609A (en) Cloud data processing method and device and cloud data security gateway
US10091189B2 (en) Secured data channel authentication implying a shared secret
KR20180129475A (en) Method, user terminal and authentication service server for authentication
CN110941809A (en) File encryption and decryption method and device, fingerprint password device and readable storage medium
WO2022042745A1 (en) Key management method and apparatus
KR102160656B1 (en) Login Method Using Palm Vein
US11177958B2 (en) Protection of authentication tokens
US20170351849A1 (en) Method for authenticating a user and a secure module, associated electronic apparatus and system
Nahar et al. An enhanced one-time password with biometric authentication for mixed reality surgical Tele-presence
JP2015158881A (en) Access propriety management system and program for preventing session hijack
CN110768792B (en) Main key generation method, device and encryption and decryption method for sensitive security parameters
Le et al. A new pre-authentication protocol in Kerberos 5: Biometric authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 310053 Room B2090, 2nd floor, 368 Liuhe Road, Binjiang District, Hangzhou City, Zhejiang Province

Applicant after: Zhejiang Zhibei Information Technology Co., Ltd.

Address before: 310053 Room B2090, 2nd floor, 368 Liuhe Road, Binjiang District, Hangzhou City, Zhejiang Province

Applicant before: Hangzhou wisdom Mdt InfoTech Ltd

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant