Search

CN-122020631-A - Terminal authentication intensity adjustment method, device, storage medium and product

CN122020631ACN 122020631 ACN122020631 ACN 122020631ACN-122020631-A

Abstract

The application discloses a terminal authentication intensity adjustment method, equipment, a storage medium and a product, which relate to the technical field of security authentication, and are characterized in that operation state data of a user terminal are acquired and input into a preset risk assessment model to generate operation risk scores, login information is extracted from a login process of the user terminal based on a target dimension, a login risk assessment result is generated based on the login information, the login risk grade of the user terminal is judged based on the operation risk scores and the login risk assessment result, and an authentication strategy with corresponding intensity is executed for the user terminal according to the login risk grade. The authentication intensity is dynamically adjusted through the running state data and the login risk assessment result, so that the user experience is improved without dense login in a low risk scene, the basic safety is ensured by adopting conventional authentication in a medium risk scene, the protection of the system is enhanced by forced multi-factor authentication in a high risk scene, the self-adaptive adjustment of the authentication intensity is realized, and the safety and the user satisfaction of the system are remarkably improved.

Inventors

  • LUO YUN

Assignees

  • 唯品会(广州)软件有限公司

Dates

Publication Date
20260512
Application Date
20260210

Claims (10)

  1. 1. The terminal authentication intensity adjusting method is characterized by comprising the following steps of: collecting running state data of a user terminal, inputting the running state data into a preset risk assessment model, and generating running risk scores of the user terminal; extracting login information from a login process of the user terminal based on a target dimension, and generating a login risk assessment result based on the login information; and judging the login risk level of the user terminal based on the running risk score and the login risk assessment result, and executing an authentication strategy with corresponding strength on the user terminal according to the login risk level.
  2. 2. The terminal authentication strength adjustment method according to claim 1, wherein the target dimension includes at least one of a login time dimension, a login address dimension, and a login device dimension, and the login risk assessment result includes at least one of a first assessment result, a second assessment result, a login address risk result, and a login device risk result; The step of extracting login information from the login process of the user terminal based on the target dimension and generating a login risk assessment result based on the login information comprises the following steps: Extracting login timestamp information from a login process of the user terminal based on the login time dimension, and generating the first evaluation result and the second evaluation result based on the login timestamp information, wherein the login timestamp information is used for forming the login information; Extracting an internet protocol address from a login process of the user terminal based on the login address dimension under the condition that the target dimension comprises the login address dimension, and generating a login address risk result based on the internet protocol address, wherein the internet protocol address is used for forming the login information; and under the condition that the target dimension comprises a login device dimension, extracting device hardware characteristic information and device software characteristic information from a login process of the user terminal based on the login device dimension, and generating a login device risk result based on the device hardware characteristic information and the device software characteristic information, wherein the device hardware characteristic information and the device software characteristic information are used for forming the login information.
  3. 3. The terminal authentication strength adjustment method according to claim 2, wherein the step of generating the first evaluation result and the second evaluation result based on the login timestamp information includes: Matching the login timestamp information with a preset normal login time period to obtain a time matching result, wherein the time matching result comprises successful matching or failed matching; Generating the first evaluation result according to the time matching result under the condition that the time matching result is successful; Calculating the time deviation duration of the login time stamp information and the preset normal login time period under the condition that the time matching result is that the matching is failed; and generating the second evaluation result according to the time deviation duration.
  4. 4. The terminal authentication strength adjustment method according to claim 2, wherein the step of generating the login address risk result based on the internet protocol address includes: analyzing the Internet protocol address to acquire geographic position information and/or access network segment information of the user terminal; Matching the geographical position information with a preset historical common login geographical position, calculating a spatial deviation degree and/or judging whether the access network segment information belongs to a preset trusted access network segment or not to obtain the access network segment credibility; and generating the login address risk result according to the spatial deviation degree and/or the access network segment credibility.
  5. 5. The terminal authentication intensity adjustment method according to claim 2, wherein the step of generating the login device risk result based on the device hardware feature information and the device software feature information includes: matching the equipment hardware characteristic information and the equipment software characteristic information with preset safety equipment information to obtain a login equipment matching result; And generating the login equipment risk result according to the login equipment matching result.
  6. 6. The terminal authentication strength adjustment method according to claim 2, wherein the step of determining the login risk level of the user terminal based on the running risk score and the login risk assessment result includes: When the running risk score is in a preset low risk interval, and the first evaluation result, the login address risk result and the login equipment risk result all meet a preset low risk condition, judging that the login risk level of the user terminal is a low risk level; When the running risk score is in a preset middle risk interval or any one of the second evaluation result, the login address risk result and the login equipment risk result meets a preset middle risk condition, judging that the login risk level of the user terminal is a middle risk level; And when the running risk score is in a preset high risk interval or any one of the second evaluation result, the login address risk result and the login equipment risk result meets a preset high risk condition, judging that the login risk level of the user terminal is a high risk level.
  7. 7. The terminal authentication intensity adjustment method according to claim 6, wherein the step of executing the authentication policy of the corresponding intensity on the user terminal according to the login risk level comprises: executing a secret-free authentication strategy under the condition that the login risk level is a low risk level; executing a conventional authentication strategy under the condition that the login risk level is a risk level; And executing a multi-factor authentication strategy under the condition that the login risk level is a high risk level.
  8. 8. An electronic device, characterized in that the device comprises a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program being configured to implement the steps of the terminal authentication strength adjustment method according to any one of claims 1 to 7.
  9. 9. A storage medium, characterized in that the storage medium is a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, realizes the steps of the terminal authentication intensity adjustment method according to any one of claims 1 to 7.
  10. 10. A computer program product, characterized in that the computer program product comprises a computer program which, when being executed by a processor, implements the steps of the terminal authentication strength adjustment method according to any one of claims 1 to 7.

Description

Terminal authentication intensity adjustment method, device, storage medium and product Technical Field The present application relates to the field of security authentication technologies, and in particular, to a method, an apparatus, a storage medium, and a product for adjusting terminal authentication strength. Background In the current digital age, the application system has deeply integrated the work and life of people, and the authentication is used as a first gateway of the safety protection of the application system, and the balance of the safety and the user experience is very important. The reliable authentication mechanism can effectively resist illegal access and ensure the safety of system data and user information. The convenient authentication experience directly influences the acceptance and the use efficiency of the application system by the user, and the cooperative optimization of the application system and the user is a core premise of stable operation and wide popularization of the application system. In the traditional technology, an application system generally adopts a static password and a short message verification code as main authentication modes, authentication is completed by inputting a preset password or receiving and inputting the short message verification code by a user, and the system determines whether to allow access after comparing and verifying authentication information submitted by the user. However, in the conventional technology, the authentication process presents a mechanical repeated solidification characteristic, and key information which can reflect the access security level, such as an access terminal, login time, geographic position, historical behavior and the like of the user, is not distinguished and evaluated at all, so that the authentication strength cannot be dynamically adjusted according to an actual risk scene. Disclosure of Invention The application mainly aims to provide a terminal authentication intensity adjusting method, equipment, a storage medium and a product, and aims to solve the technical problem that in the traditional technical scheme, the authentication intensity cannot be dynamically adjusted according to an actual risk scene due to mechanical solidification in an authentication process. In order to achieve the above object, the present application provides a terminal authentication intensity adjustment method, which includes: collecting running state data of a user terminal, inputting the running state data into a preset risk assessment model, and generating running risk scores of the user terminal; extracting login information from a login process of a user terminal based on a target dimension, and generating a login risk assessment result based on the login information; and judging the login risk level of the user terminal based on the running risk score and the login risk assessment result, and executing an authentication strategy with corresponding strength on the user terminal according to the login risk level. In an embodiment, the target dimension includes at least one of a login time dimension, a login address dimension, and a login device dimension, and the login risk assessment result includes at least one of a first assessment result, a second assessment result, a login address risk result, and a login device risk result; The step of extracting login information from the login process of the user terminal based on the target dimension and generating a login risk assessment result based on the login information comprises the following steps: Extracting login timestamp information from a login process of the user terminal based on the login time dimension, and generating the first evaluation result and the second evaluation result based on the login timestamp information, wherein the login timestamp information is used for forming the login information; Extracting an internet protocol address from a login process of the user terminal based on the login address dimension under the condition that the target dimension comprises the login address dimension, and generating a login address risk result based on the internet protocol address, wherein the internet protocol address is used for forming the login information; and under the condition that the target dimension comprises a login device dimension, extracting device hardware characteristic information and device software characteristic information from a login process of the user terminal based on the login device dimension, and generating a login device risk result based on the device hardware characteristic information and the device software characteristic information, wherein the device hardware characteristic information and the device software characteristic information are used for forming the login information. In an embodiment, the step of generating the first evaluation result and the second evaluation result based on the login timestamp information comprises: Ma