技术领域Technical Field
本发明涉及用户安全认证领域,特别涉及非煤矿山安全监测系统的多用户安全认证方法及系统。The present invention relates to the field of user safety authentication, and in particular to a multi-user safety authentication method and system for a non-coal mine safety monitoring system.
背景技术Background Art
非煤矿山是开采除了煤炭以外(例如:开采放射矿石)的矿山和尾矿库,一般没有瓦斯爆炸的风险,但是,在非煤矿山的采矿过程中,仍然会有其他的风险(例如:放射矿石的辐射和矿石的崩落等),因此,需要进行安全监测。Non-coal mines are mines and tailings ponds that mine materials other than coal (for example, mining radioactive ores). Generally, there is no risk of gas explosion. However, there are still other risks in the mining process of non-coal mines (for example, radiation from radioactive ores and ore collapse, etc.). Therefore, safety monitoring is required.
为了加强对非煤矿山企业的安全运行监管和安全风险智能研判,并为安全设施设计审查、安全许可、重大隐患跟踪整改和采掘施工单位管理等综合业务提供决策支撑,矿山安全监测系统投入应用。矿山安全监测系统的使用用户一般包括:决策领导、安全监管人员和非煤矿上企业数据上报及系统管理人员等,不同身份的使用用户的权限各不相同(例如:安全监管人员对非煤矿山企业在线监测系统运行情况及关键指标运行进行监测,又例如:非煤矿山企业数据上报人员上报本单位的非煤矿山企业运行数据),因此,需要对系统用户进行认证,防止攻击者假冒合法用户。In order to strengthen the supervision of safe operation and intelligent assessment of safety risks of non-coal mining enterprises, and provide decision-making support for comprehensive businesses such as safety facility design review, safety permits, tracking and rectification of major hidden dangers, and management of mining and construction units, the mine safety monitoring system has been put into use. The users of the mine safety monitoring system generally include: decision-making leaders, safety supervisors, data reporting and system management personnel of non-coal mining enterprises, etc. The permissions of users with different identities are different (for example: safety supervisors monitor the operation of the online monitoring system and key indicators of non-coal mining enterprises, and for example: data reporting personnel of non-coal mining enterprises report the operation data of non-coal mining enterprises of their units). Therefore, it is necessary to authenticate system users to prevent attackers from impersonating legitimate users.
申请号为:CN202010347985.0的发明专利公开了一种基于IPK的区块链上链数据安全认证方法与系统,根据区块链应用的具体场景,对上链数据进行安全认证,其中包括:对采集终端的认证、上链数据的签名验证与加密解密。上述发明通过物联网标识作为公钥来完成安全认证,上链数据加密认证不依赖第三方,实现了一种无须依赖中心,直接在本地完成对上链数据安全认证方式,安全性高,同时,能够与区块链去中心化特性完美结合,使得区块链系统架构更简洁,实现性能更高。The invention patent with application number: CN202010347985.0 discloses a blockchain on-chain data security authentication method and system based on IPK. According to the specific scenario of blockchain application, the on-chain data is securely authenticated, including: authentication of the acquisition terminal, signature verification and encryption and decryption of the on-chain data. The above invention uses the IoT identifier as the public key to complete the security authentication. The on-chain data encryption authentication does not rely on a third party, realizing a method of completing the security authentication of the on-chain data directly locally without relying on the center. It has high security. At the same time, it can be perfectly combined with the decentralized characteristics of the blockchain, making the blockchain system architecture simpler and achieving higher performance.
但是,上述现有技术对用户进行安全认证后,没有对用户进行认证限制,存在用户持续认证进行恶意破解的情形,认证管理不适宜,同时,系统的安全性也较低。However, after the above-mentioned prior art performs security authentication on the user, there is no authentication restriction on the user, and there is a situation where the user continues to authenticate maliciously, the authentication management is not suitable, and the security of the system is also low.
有鉴于此,亟需一种解决办法。In view of this, a solution is urgently needed.
发明内容Summary of the invention
本发明目的之一在于提供了非煤矿山安全监测系统的多用户安全认证系统及方法,基于非煤矿山安全监测系统的用户安全认证的认证结果中认证不通过的认证项目和相应第一用户的可认证次数进行相应认证限制,提高了认证限制的适宜性,同时,也提高了系统的安全性。One of the purposes of the present invention is to provide a multi-user security authentication system and method for a non-coal mine safety monitoring system, which imposes corresponding authentication restrictions based on the authentication items that failed the authentication results of the user security authentication of the non-coal mine safety monitoring system and the number of times the corresponding first user can be authenticated, thereby improving the suitability of the authentication restrictions and, at the same time, improving the security of the system.
本发明实施例提供的非煤矿山安全监测系统的多用户安全认证方法,包括:The multi-user security authentication method of the non-coal mine safety monitoring system provided by the embodiment of the present invention includes:
步骤1:获取登录非煤矿山安全监测系统的多个第一用户的登录数据;Step 1: Acquire login data of multiple first users who log in to the non-coal mine safety monitoring system;
步骤2:根据登录数据的登录类型的不同,对第一用户进行相应第一安全认证;Step 2: Performing a corresponding first security authentication on the first user according to different login types of the login data;
步骤3:确定第一用户中第一安全认证通过的第二用户;Step 3: Determine a second user among the first users who has passed the first security authentication;
步骤4:获取第二用户的操作数据,并基于操作数据,对第二用户进行第二安全认证;Step 4: Acquire the operation data of the second user, and perform a second security authentication on the second user based on the operation data;
步骤5:输出认证结果,获取认证结果中为不通过的认证项目和认证结果中为不通过的第一用户的可认证次数并对第一用户进行相应认证限制。Step 5: Output the authentication result, obtain the authentication items that failed in the authentication result and the number of times the first user who failed in the authentication result can be authenticated, and impose corresponding authentication restrictions on the first user.
优选的,步骤1:获取登录非煤矿山安全监测系统的多个第一用户的登录数据,包括:Preferably, step 1: obtaining login data of multiple first users who log in to the non-coal mine safety monitoring system includes:
获取第一用户通过预设的移动端登录对应于非煤矿山安全监测系统的第一app输入的登录数据;Obtaining login data input by a first user through a preset mobile terminal to log in to a first app corresponding to a non-coal mine safety monitoring system;
和/或,and/or,
获取第一用户通过预设的PC端登录对应于非煤矿山安全监测系统的第二app输入的登录数据。The login data input by the first user through the preset PC terminal to log in to the second app corresponding to the non-coal mine safety monitoring system is obtained.
优选的,步骤2:根据登录数据的登录类型的不同,对第一用户进行相应第一安全认证,包括:Preferably, step 2: performing a corresponding first security authentication on the first user according to different login types of the login data, includes:
若登录类型为移动端登录,则通过预设的SSL VPN安全认证网关获取证书认证模板;If the login type is mobile login, the certificate authentication template is obtained through the preset SSL VPN security authentication gateway;
根据对应登录数据和证书认证模板,确定对应第一用户的登录行为是否经过授权;Determining whether the login behavior of the corresponding first user is authorized according to the corresponding login data and the certificate authentication template;
若经过授权,则对应登录验证通过,否则,不通过;If authorized, the corresponding login verification passes, otherwise, it fails;
若登录类型为PC端登录,根据对应登录数据,读取对应第一用户的USBKey,获得读取结果;If the login type is PC login, read the USBKey corresponding to the first user according to the corresponding login data to obtain the reading result;
基于读取结果和预设的验签密码集,确定对应第一用户的登录行为是否经过授权;Based on the reading result and the preset signature verification password set, determine whether the login behavior of the corresponding first user is authorized;
若经过授权,则对应登录验证通过,否则,不通过。If authorized, the corresponding login verification passes, otherwise, it fails.
优选的,读取对应第一用户的USBKey,包括:Preferably, reading the USBKey corresponding to the first user includes:
读取对应第一用户的第一目标存储设备的第一设备标识,同时,将持有第一目标存储设备的第一用户作为第三用户;Reading a first device identifier of a first target storage device corresponding to a first user, and at the same time, treating the first user holding the first target storage device as a third user;
根据预设的设备标识-生物特征集配对列表和第一设备标识,获取配对成功的生物特征集,并作为目标生物特征集;According to the preset device identification-biometric feature set pairing list and the first device identification, a successfully paired biometric feature set is obtained and used as a target biometric feature set;
指示相应第三用户在预设的对应于每一生物特征类型的目标位置处输入相应待识别生物特征,整合所有生物特征类型对应的待识别生物特征获得待识别生物特征集;Instructing the corresponding third user to input the corresponding biometric feature to be identified at a preset target position corresponding to each biometric feature type, and integrating the biometric features to be identified corresponding to all biometric feature types to obtain a biometric feature set to be identified;
将目标生物特征集和待识别生物特征集进行生物特征匹配,若生物特征匹配成功,读取第三用户对应的第一目标存储设备。The target biometric feature set and the to-be-identified biometric feature set are biometrically matched, and if the biometric feature match is successful, the first target storage device corresponding to the third user is read.
优选的,步骤4:获取第二用户的操作数据,并基于操作数据,对第二用户进行第二安全认证,包括:Preferably, step 4: obtaining the operation data of the second user, and performing a second security authentication on the second user based on the operation data, includes:
获取第二用户对应预设的访问权限控制列表;Obtaining a preset access permission control list corresponding to the second user;
基于预设的签名验签服务器,根据用户操作,对访问权限控制列表进行完整性保护,获得完整性保护的保护结果;Based on the preset signature verification server, according to the user operation, the access control list is integrity protected to obtain the protection result of integrity protection;
若保护结果为保护成功,则第二安全认证通过;If the protection result is successful, the second security authentication is passed;
若保护结果为保护失败,则第二安全认证不通过。If the protection result is protection failure, the second security authentication fails.
优选的,步骤5:输出认证结果,获取认证结果中为不通过的认证项目和认证结果中为不通过的第一用户的可认证次数并对第一用户进行相应认证限制,包括:Preferably, step 5: outputting the authentication result, obtaining the authentication items that failed in the authentication result and the number of times the first user who failed in the authentication result can be authenticated, and imposing corresponding authentication restrictions on the first user, includes:
将认证不通过的第一用户作为第四用户,同时,持续获取预设的时间段内认证项目对应的认证结果为不通过的目标数目;The first user who failed the authentication is regarded as the fourth user, and at the same time, the target number of failed authentication results corresponding to the authentication items within a preset time period is continuously obtained;
查询预设的认证项目-风险认证次数库,确定认证项目的风险认证次数;Query the preset certification project-risk certification times database to determine the risk certification times of the certification project;
尝试获取第四用户的用户等级;Try to obtain the user level of the fourth user;
若尝试获取成功,基于预设的用户等级-调整因子确定库,确定对应于风险认证次数的调整因子;If the acquisition attempt is successful, the adjustment factor corresponding to the number of risk authentications is determined based on a preset user level-adjustment factor determination library;
若尝试获取失败,设置对应第四用户对应于风险认证次数的调整因子;If the acquisition attempt fails, setting an adjustment factor corresponding to the number of risk authentications for the fourth user;
赋予风险认证次数对应调整因子进行加权融合并取整,获得可认证次数,若目标数目大于可认证次数,则限制第四用户对相应认证项目的访问。The number of risk authentications is weighted and integrated with the corresponding adjustment factor and rounded to obtain the number of authenticatable times. If the target number is greater than the number of authenticatable times, the fourth user is restricted from accessing the corresponding authentication item.
优选的,若尝试获取失败,设置对应第四用户对应于风险认证次数的调整因子,包括:Preferably, if the acquisition attempt fails, setting an adjustment factor corresponding to the number of risk authentications corresponding to the fourth user includes:
尝试获取失败时,将第四用户作为第五用户;When the acquisition attempt fails, the fourth user is used as the fifth user;
获取可用依据捕捉模板;Get available basis capture templates;
通过可用依据捕捉模板捕捉用于设置第五用户的调整因子的可用依据;capturing, by the available basis capture template, available basis for setting the adjustment factor of the fifth user;
若可用依据捕捉成功,通过可用依据的依据类型对应预设的特征化规则,将可用依据特征化,获得对应于每一依据类型的可用依据的特征值;If the available basis is captured successfully, the available basis is characterized by corresponding the basis type of the available basis to the preset characterization rule, and the characteristic value of the available basis corresponding to each basis type is obtained;
根据可用依据的特征值,构建调整因子;Construct adjustment factors based on the eigenvalues of available evidence;
若可用依据捕捉失败,基于预设的调整因子初始化规则,确定初始化的调整因子。If the available basis capture fails, the initialized adjustment factor is determined based on the preset adjustment factor initialization rule.
优选的,获取可用依据捕捉模板,包括:Preferably, obtaining an available basis capture template includes:
获取本地平台到预设的大数据平台的捕捉路径的路径信息和可用依据的第一形容特征;Obtain path information of the capture path from the local platform to the preset big data platform and the first descriptive features of the available basis;
根据路径信息,建立本地平台到大数据平台的第一访问链路;According to the path information, a first access link from the local platform to the big data platform is established;
根据捕捉贡献和捕捉成本确定第一访问链路对应的捕捉效益;其中,捕捉贡献由捕捉结果的价值和数量确定,捕捉成本由访问第一访问链路消耗的系统资源确定;Determine the capture benefit corresponding to the first access link according to the capture contribution and the capture cost; wherein the capture contribution is determined by the value and quantity of the capture result, and the capture cost is determined by the system resources consumed by accessing the first access link;
获取捕捉效益大于等于预设的捕捉效益阈值的第二访问链路;Acquire a second access link whose capture benefit is greater than or equal to a preset capture benefit threshold;
基于预设的模板构建规则,根据第一形容特征和第二访问链路,构建可用依据捕捉模板;Based on a preset template construction rule, constructing an available basis capture template according to the first descriptive feature and the second access link;
其中,根据第一形容特征和第二访问链路,构建可用依据捕捉模板,包括:According to the first descriptive feature and the second access link, constructing an available basis capture template includes:
获取第二访问链路对应访问的链路资源的资源属性;Obtaining resource attributes of link resources accessed by the second access link;
将资源属性特征化,获得资源属性特征;Characterize resource attributes to obtain resource attribute characteristics;
基于预设的关联构建必要性分析模型,根据第一形容特征和资源属性特征,分析根据第一形容特征和第二访问链路的关联构建必要性;Based on a preset association construction necessity analysis model, according to the first descriptive feature and the resource attribute feature, analyzing the necessity of association construction according to the first descriptive feature and the second access link;
若关联构建必要性的分析结果为有必要进行关联构建,则将对应第二访问链路作为第三访问链路;If the analysis result of the necessity of association establishment is that it is necessary to establish association, the corresponding second access link is used as the third access link;
根据第一形容特征和第三访问链路,确定可用依据捕捉模板。An available basis capture template is determined according to the first descriptive feature and the third access link.
优选的,通过可用依据捕捉模板捕捉用于设置第五用户的调整因子的可用依据,包括:Preferably, capturing available basis for setting the adjustment factor of the fifth user through an available basis capture template includes:
通过可用依据捕捉模板获取第四访问链路对应的大数据平台提供的资源列表,同时,确定用于设置第五用户的调整因子的可用依据的第二形容特征;Acquire a resource list provided by the big data platform corresponding to the fourth access link through the available basis capture template, and determine a second descriptive feature of the available basis for setting the adjustment factor of the fifth user;
依次访问资源列表中的每一列表资源,每次访问时,提取列表资源的资源特征;Access each list resource in the resource list in turn, and extract resource features of the list resource each time the resource is accessed;
匹配第二形容特征和资源特征,确定特征匹配符合的列表资源作为目标资源;Match the second descriptive feature with the resource feature, and determine the list resource that matches the feature as the target resource;
整合所有目标资源,获得用于设置第五用户的调整因子的可用依据。All target resources are integrated to obtain a usable basis for setting the adjustment factor of the fifth user.
本发明实施例提供的非煤矿山安全监测系统的多用户安全认证系统,包括:The multi-user safety authentication system of the non-coal mine safety monitoring system provided by the embodiment of the present invention includes:
登录数据获取模块,用于获取登录非煤矿山安全监测系统的多个第一用户的登录数据;A login data acquisition module, used to acquire login data of multiple first users who log in to the non-coal mine safety monitoring system;
第一安全认证模块,用于根据登录数据的登录类型的不同,对第一用户进行相应第一安全认证;A first security authentication module, used for performing a corresponding first security authentication on the first user according to different login types of the login data;
确定模块,用于确定第一用户中第一安全认证通过的第二用户;A determination module, used to determine a second user among the first users who has passed the first security authentication;
第二安全认证模块,用于获取第二用户的操作数据,并基于操作数据,对第二用户进行第二安全认证;A second security authentication module, used to obtain operation data of a second user and perform a second security authentication on the second user based on the operation data;
认证限制模块,用于输出认证结果,获取认证结果中为不通过的认证项目和认证结果中为不通过的第一用户的可认证次数并对第一用户进行相应认证限制。The authentication restriction module is used to output the authentication result, obtain the authentication items that failed in the authentication result and the number of authentication times of the first user who failed in the authentication result, and impose corresponding authentication restrictions on the first user.
本发明的有益效果为:The beneficial effects of the present invention are:
本发明基于获取的非煤矿山安全监测系统的用户安全认证的认证结果中认证不通过的认证项目和相应第一用户的可认证次数并进行相应认证限制,提高了认证限制的适宜性,同时,也提高了系统的安全性。The present invention obtains authentication results of user safety authentication of a non-coal mine safety monitoring system based on authentication items that have failed authentication and the number of authentication times of the corresponding first user, and performs corresponding authentication restrictions, thereby improving the suitability of the authentication restrictions and, at the same time, also improving the security of the system.
本发明的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Other features and advantages of the present invention will be described in the following description, and partly become apparent from the description, or understood by practicing the present invention. The purpose and other advantages of the present invention can be realized and obtained by the structures particularly pointed out in the written description, claims, and drawings.
下面通过附图和实施例,对本发明的技术方案做进一步的详细描述。The technical solution of the present invention is further described in detail below through the accompanying drawings and embodiments.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
附图用来提供对本发明的进一步理解,并且构成说明书的一部分,与本发明的实施例一起用于解释本发明,并不构成对本发明的限制。在附图中:The accompanying drawings are used to provide a further understanding of the present invention and constitute a part of the specification. Together with the embodiments of the present invention, they are used to explain the present invention and do not constitute a limitation of the present invention. In the accompanying drawings:
图1为本发明实施例中非煤矿山安全监测系统的多用户安全认证方法意图;FIG1 is a schematic diagram of a multi-user safety authentication method for a non-coal mine safety monitoring system according to an embodiment of the present invention;
图2为本发明实施例中非煤矿山安全监测系统的多用户安全认证系统意图。FIG. 2 is a schematic diagram of a multi-user safety authentication system for a non-coal mine safety monitoring system in an embodiment of the present invention.
具体实施方式DETAILED DESCRIPTION
以下结合附图对本发明的优选实施例进行说明,应当理解,此处所描述的优选实施例仅用于说明和解释本发明,并不用于限定本发明。The preferred embodiments of the present invention are described below in conjunction with the accompanying drawings. It should be understood that the preferred embodiments described herein are only used to illustrate and explain the present invention, and are not used to limit the present invention.
本发明实施例提供了非煤矿山安全监测系统的多用户安全认证方法,如图1所示,包括:The embodiment of the present invention provides a multi-user security authentication method for a non-coal mine safety monitoring system, as shown in FIG1 , including:
步骤1:获取登录非煤矿山安全监测系统的多个第一用户的登录数据;非煤矿山安全监测系统为:非煤矿山安全监管监测预警系统;登录数据为:第一用户的登录行为的数据,例如:输入ID为…;Step 1: obtaining login data of multiple first users who log in to the non-coal mine safety monitoring system; the non-coal mine safety monitoring system is: a non-coal mine safety supervision monitoring and early warning system; the login data is: data of the first user's login behavior, for example: input ID is...;
步骤2:根据登录数据的登录类型的不同,对第一用户进行相应第一安全认证;第一安全认证为:登录认证,即认证第一用户是否有登录权限;Step 2: Perform a corresponding first security authentication on the first user according to the login type of the login data; the first security authentication is: login authentication, that is, authenticating whether the first user has login authority;
步骤3:确定第一用户中第一安全认证通过的第二用户;第二用户为:成功登录非煤矿山安全监管监测预警系统的第一用户;Step 3: Determine a second user among the first users who has passed the first security authentication; the second user is: the first user who has successfully logged into the non-coal mine safety supervision monitoring and early warning system;
步骤4:获取第二用户的操作数据,并基于操作数据,对第二用户进行第二安全认证;操作数据为,例如:更改A的权限;第二安全认证为:认证第二用户是否具有请求的操作的所需权限;Step 4: Obtain the operation data of the second user, and perform a second security authentication on the second user based on the operation data; the operation data is, for example, changing the authority of A; the second security authentication is: authenticating whether the second user has the required authority for the requested operation;
步骤5:输出认证结果,获取认证结果中为不通过的认证项目和认证结果中为不通过的第一用户的可认证次数并对第一用户进行相应认证限制。认证项目为,例如:获取某项操作的权限;可认证次数为:用户在规定时间内允许认证相应认证项目的次数;可认证次数为:限制用户的认证行为;用户使用系统时,会出现认证不通过的情形,而系统允许用户频繁认证不通过会降低系统的安全性,与此同时,不同的认证项目的重要程度不同,不同的用户的可信任程度不同,因此,不同用户对不同认证项目的可认证次数不同,认证项目的重要程度越高,对应认证项目的可认证次数越低,用户的可信任程度越高,可认证次数可以上调的程度越大。Step 5: Output the authentication result, obtain the authentication items that failed in the authentication result and the number of times the first user who failed in the authentication result can be authenticated, and impose corresponding authentication restrictions on the first user. The authentication items are, for example: obtaining the authority of a certain operation; the number of times that can be authenticated is: the number of times the user is allowed to authenticate the corresponding authentication item within the specified time; the number of times that can be authenticated is: limiting the user's authentication behavior; when the user uses the system, the authentication will fail, and the system allows the user to frequently fail the authentication, which will reduce the security of the system. At the same time, different authentication items have different importance, and different users have different trust levels. Therefore, different users have different numbers of times that can be authenticated for different authentication items. The higher the importance of the authentication item, the lower the number of times that can be authenticated for the corresponding authentication item, the higher the user's trust level, and the greater the degree to which the number of times that can be authenticated can be adjusted upward.
上述技术方案的工作原理及有益效果为:The working principle and beneficial effects of the above technical solution are:
基于获取的登录非煤矿山安全监测系统的第一用户的登录数据确定登录类型,并进行第一安全认证,接着对第一安全认证通过的第二用户的操作数据进行第二安全认证,最后输出认证结果,获得认证结果后,获取认证结果为不通过的认证项目和认证结果为不通过的第一用户的可认证次数并进行认证限制,可以避免恶意认证和多次认证。The login type is determined based on the login data of the first user who logs into the non-coal mine safety monitoring system, and a first security authentication is performed. Then, a second security authentication is performed on the operation data of the second user who passes the first security authentication. Finally, the authentication result is output. After obtaining the authentication result, the authentication items for which the authentication result failed and the number of times that the first user who has failed the authentication result can be authenticated are obtained, and authentication restrictions are performed, so as to avoid malicious authentication and multiple authentications.
本申请基于获取的非煤矿山安全监测系统的用户安全认证的认证结果中认证不通过的认证项目和相应第一用户的可认证次数并进行相应认证限制,提高了认证限制的适宜性,同时,也提高了系统的安全性。This application is based on the authentication results of user safety authentication of non-coal mine safety monitoring systems, the authentication items that failed the authentication and the number of authentication times of the corresponding first user, and makes corresponding authentication restrictions, which improves the suitability of the authentication restrictions and, at the same time, improves the security of the system.
在一个实施例中,步骤1:获取登录非煤矿山安全监测系统的多个第一用户的登录数据,包括:In one embodiment, step 1: obtaining login data of multiple first users who log in to the non-coal mine safety monitoring system, includes:
获取第一用户通过预设的移动端登录对应于非煤矿山安全监测系统的第一app输入的登录数据;预设的移动端为,例如:智能手机;第一app为:开发人员开发的用于移动端的非煤矿山安全监测应用;Obtaining login data input by a first user through a preset mobile terminal to log in to a first app corresponding to a non-coal mine safety monitoring system; the preset mobile terminal is, for example, a smart phone; the first app is a non-coal mine safety monitoring application developed by a developer for a mobile terminal;
和/或,and/or,
获取第一用户通过预设的PC端登录对应于非煤矿山安全监测系统的第二app输入的登录数据。预设的PC端为,例如:非煤矿山安全监测系统的服务器;第二app为:开发人员开发的用于PC端上的非煤矿山安全监测应用。The login data input by the first user through the preset PC terminal to log in to the second app corresponding to the non-coal mine safety monitoring system is obtained. The preset PC terminal is, for example, a server of the non-coal mine safety monitoring system; the second app is: a non-coal mine safety monitoring application developed by a developer for the PC terminal.
上述技术方案的工作原理及有益效果为:The working principle and beneficial effects of the above technical solution are:
根据第一用户的使用设备的不同,引入两种方式获取登录数据,提高了登录数据获取的全面性。According to the different devices used by the first user, two methods are introduced to obtain login data, thereby improving the comprehensiveness of login data acquisition.
在一个实施例中,步骤2:根据登录数据的登录类型的不同,对第一用户进行相应第一安全认证,包括:In one embodiment, step 2: performing a corresponding first security authentication on the first user according to different login types of the login data includes:
若登录类型为移动端登录,则通过预设的SSL VPN安全认证网关获取证书认证模板;预设的SSL VPN安全认证网关为:采用SSL协议来实现远程VPN接入的协议转换器,由人工预先设置;证书认证模板是为了限定认证过程只进行证书认证;If the login type is mobile login, the certificate authentication template is obtained through the preset SSL VPN security authentication gateway; the preset SSL VPN security authentication gateway is: a protocol converter that uses the SSL protocol to implement remote VPN access, which is pre-set manually; the certificate authentication template is to limit the authentication process to only certificate authentication;
根据对应登录数据和证书认证模板,确定对应第一用户的登录行为是否经过授权;确定时,判断证书认证是否通过,若通过,则对应于登录数据的登录行为经过授权;Determine whether the login behavior of the corresponding first user is authorized according to the corresponding login data and the certificate authentication template; when determining, judge whether the certificate authentication is passed, if passed, the login behavior corresponding to the login data is authorized;
若经过授权,则对应登录验证通过,否则,不通过;If authorized, the corresponding login verification passes, otherwise, it fails;
若登录类型为PC端登录,根据对应登录数据,读取对应第一用户的USBKey,获得读取结果;USBKey是一种USB接口的硬件设备,内置单片机或智能卡芯片,有一定的存储空间;读取结果为:USBKey中的私钥以及数字证书;If the login type is PC login, read the USBKey of the first user according to the corresponding login data to obtain the reading result; USBKey is a hardware device with a USB interface, with a built-in single-chip microcomputer or smart card chip and a certain storage space; the reading result is: the private key and digital certificate in the USBKey;
基于读取结果和预设的验签密码集,确定对应第一用户的登录行为是否经过授权;验签密码集为:多个验签密码的集合,若USBKey中的私钥与验签密码集中任一验签密码匹配,则对应登录验证通过。Based on the reading result and the preset signature verification password set, determine whether the login behavior of the corresponding first user is authorized; the signature verification password set is: a collection of multiple signature verification passwords. If the private key in the USBKey matches any signature verification password in the signature verification password set, the corresponding login verification is passed.
若经过授权,则对应登录验证通过,否则,不通过。If authorized, the corresponding login verification passes, otherwise, it fails.
上述技术方案的工作原理及有益效果为:The working principle and beneficial effects of the above technical solution are:
根据登录记数据的登录类型的不同,分别引入证书认证模板和验签密码集,基于证书认证模板和验签密码集证书认证模板,根据对应登录数据,进行登录行为的授权判定,提升了授权判定的判定效率和精确性。According to the different login types of the login record data, certificate authentication templates and signature verification password sets are introduced respectively. Based on the certificate authentication templates and signature verification password set certificate authentication templates, authorization decisions are made for login behaviors according to the corresponding login data, thereby improving the efficiency and accuracy of authorization decisions.
在一个实施例中,读取对应第一用户的USBKey,包括:In one embodiment, reading the USBKey corresponding to the first user includes:
读取对应第一用户的第一目标存储设备的第一设备标识,同时,将持有第一目标存储设备的第一用户作为第三用户;第一目标存储设备为:硬件检测正常的USBKey;设备标识为:第一目标存储设备唯一的电子ID;第三用户为:持有第一目标存储设备的第一用户;The first device identifier of the first target storage device corresponding to the first user is read, and at the same time, the first user holding the first target storage device is regarded as the third user; the first target storage device is: a USB Key with normal hardware detection; the device identifier is: a unique electronic ID of the first target storage device; the third user is: the first user holding the first target storage device;
根据预设的设备标识-生物特征集配对列表和第一设备标识,获取配对成功的生物特征集,并作为目标生物特征集;设备标识-生物特征集配对列表内包括:多个一一对应的第二设备标识和生物特征集;获取配对成功的生物特征集,获取过程为:判断第一设备标识是否与任一第二设备标识一致,若一致,将对应第二设备标识的生物特征集作为目标生物特征集;According to the preset device identification-biometric feature set pairing list and the first device identification, a successfully paired biometric feature set is obtained and used as a target biometric feature set; the device identification-biometric feature set pairing list includes: a plurality of one-to-one corresponding second device identifications and biometric feature sets; the successfully paired biometric feature set is obtained, and the obtaining process is: determining whether the first device identification is consistent with any second device identification, and if consistent, using the biometric feature set corresponding to the second device identification as the target biometric feature set;
指示相应第三用户在预设的对应于每一生物特征类型的目标位置处输入相应待识别生物特征,整合所有生物特征类型对应的待识别生物特征获得待识别生物特征集;生物特征类型为:目标生物特征集对应的生物特征种类,例如:人脸特征,又例如:指纹特征;目标位置为:生物特征类型对应的待识别生物特征的输入位置,例如:主机上的指纹识别器的位置;待识别生物特征为:第三用户输入的生物特征;待识别生物特征集为:第三用户输入的生物特征的集合;Instruct the corresponding third user to input the corresponding biometric feature to be identified at the preset target position corresponding to each biometric feature type, and integrate the biometric features to be identified corresponding to all biometric feature types to obtain a biometric feature set to be identified; the biometric feature type is: the type of biometric feature corresponding to the target biometric feature set, such as: face feature, and also such as: fingerprint feature; the target position is: the input position of the biometric feature to be identified corresponding to the biometric feature type, such as: the position of the fingerprint identifier on the host; the biometric feature to be identified is: the biometric feature input by the third user; the biometric feature set to be identified is: the collection of biometric features input by the third user;
将目标生物特征集和待识别生物特征集进行生物特征匹配,若生物特征匹配成功,读取第三用户对应的第一目标存储设备。The target biometric feature set and the to-be-identified biometric feature set are biometrically matched, and if the biometric feature match is successful, the first target storage device corresponding to the third user is read.
上述技术方案的工作原理及有益效果为:The working principle and beneficial effects of the above technical solution are:
引入设备标识-生物特征集配对列表,根据第一设备标识,确定目标生物特征集,提高了目标生物特征集获取的准确性;根据目标生物特征集和待识别生物特征集,确定生物特征匹配成功的第三用户对应的第一目标存储设备进行读取,在读取USBKey之前进行生物特征验证,避免了他人盗用USBKey的情形,更加安全。The device identification-biometric set pairing list is introduced to determine the target biometric set based on the first device identification, thereby improving the accuracy of obtaining the target biometric set; based on the target biometric set and the biometric set to be identified, the first target storage device corresponding to the third user with a successful biometric match is determined for reading, and biometric verification is performed before reading the USBKey, thereby avoiding the situation where others steal the USBKey and being more secure.
在一个实施例中,步骤4:获取第二用户的操作数据,并基于操作数据,对第二用户进行第二安全认证,包括:In one embodiment, step 4: obtaining operation data of the second user, and performing a second security authentication on the second user based on the operation data, includes:
获取第二用户对应预设的访问权限控制列表;访问权限控制列表内存储第二用户对应的可实施操作,由人工预先设置;Obtaining a preset access permission control list corresponding to the second user; the access permission control list stores the executable operations corresponding to the second user, which are preset manually;
基于预设的签名验签服务器,根据用户操作,对访问权限控制列表进行完整性保护,获得完整性保护的保护结果;预设的签名验签服务器为:判断用户操作是否在对应访问权限控制列表中的服务器;完整性保护具体为:约束用户操作在对应访问权限控制列表中,不超出访问权限控制列表中的可实施操作的范围;保护结果包括:保护成功和保护失败;Based on the preset signature verification server, the access control list is integrity protected according to the user operation to obtain the protection result of the integrity protection; the preset signature verification server is: a server that determines whether the user operation is in the corresponding access control list; the integrity protection is specifically: constraining the user operation to be in the corresponding access control list and not exceeding the scope of the executable operation in the access control list; the protection results include: protection success and protection failure;
若保护结果为保护成功,则第二安全认证通过;保护成功为:用户操作在对应访问权限控制列表对应的可实施操作内;If the protection result is protection success, the second security authentication is passed; protection success means: the user operation is within the executable operations corresponding to the corresponding access permission control list;
若保护结果为保护失败,则第二安全认证不通过。保护失败为:用户操作不在对应访问权限控制列表对应的可实施操作内。If the protection result is protection failure, the second security authentication fails. Protection failure means that the user operation is not within the executable operations corresponding to the corresponding access permission control list.
上述技术方案的工作原理及有益效果为:The working principle and beneficial effects of the above technical solution are:
第一用户成功登录后,第二用户在系统中的操作不是都被允许的,引入访问权限控制列表,基于预设的签名验签服务器,根据用户操作,对访问权限控制列表进行完整性保护,获得完整性保护的保护结果,通过保护结果确定第二用户的操作行为是否超权限,提升了认证的全面性和合理性。After the first user successfully logs in, not all operations of the second user in the system are allowed. Therefore, an access permission control list is introduced. Based on the preset signature verification server, the access permission control list is integrity protected according to the user operation, and the protection result of the integrity protection is obtained. The protection result is used to determine whether the operation behavior of the second user exceeds the authority, thereby improving the comprehensiveness and rationality of authentication.
在一个实施例中,步骤5:输出认证结果,获取认证结果中为不通过的认证项目和认证结果中为不通过的第一用户的可认证次数并对第一用户进行相应认证限制,包括:In one embodiment, step 5: outputting the authentication result, obtaining the authentication items that failed in the authentication result and the number of times the first user who failed in the authentication result can be authenticated, and imposing corresponding authentication restrictions on the first user, includes:
将认证不通过的第一用户作为第四用户,同时,持续获取预设的时间段内认证项目对应的认证结果为不通过的目标数目;时间段内优选为1小时内,也可由人工根据实际情况预先设置;目标数目为,例如:2次;The first user who failed the authentication is regarded as the fourth user, and at the same time, the target number of failed authentication results corresponding to the authentication items within a preset time period is continuously obtained; the time period is preferably within 1 hour, and can also be preset manually according to actual conditions; the target number is, for example: 2 times;
查询预设的认证项目-风险认证次数库,确定认证项目的风险认证次数;认证项目-风险认证次数库为:数据库,存储多个认证项目和风险认证次数的配对关系;风险认证次数为,例如:3次;Query the preset certification project-risk certification times database to determine the risk certification times of the certification project; the certification project-risk certification times database is: a database that stores the pairing relationship between multiple certification projects and risk certification times; the risk certification times is, for example: 3 times;
尝试获取第四用户的用户等级;用户等级为:第四用户在非煤矿山安全监测系统中的管理权限等级,例如:5级,获取时,调取本地的用户信息库直接获取即可;Try to obtain the user level of the fourth user; the user level is: the management authority level of the fourth user in the non-coal mine safety monitoring system, for example: level 5. When obtaining, call the local user information database to directly obtain it;
若尝试获取成功,基于预设的用户等级-调整因子确定库,确定对应于风险认证次数的调整因子;预设的用户等级-调整因子确定库为数据库,存储用户等级和调整因子的对应关系;调整因子为,例如:1.2;If the acquisition attempt is successful, the adjustment factor corresponding to the number of risk authentication times is determined based on a preset user level-adjustment factor determination library; the preset user level-adjustment factor determination library is a database that stores the corresponding relationship between user levels and adjustment factors; the adjustment factor is, for example: 1.2;
若尝试获取失败,设置对应第四用户对应于风险认证次数的调整因子;用户登录时,存在游客登录或用户没有登录成功,只知道用户IP,无法获取第四用户系统内部的用户等级的情形,因此,设置对应第四用户对应于风险认证次数的调整因子,例如:1;If the attempt to obtain fails, set the adjustment factor of the number of risk authentications corresponding to the fourth user; when the user logs in, there is a situation where a visitor logs in or the user fails to log in successfully, and only the user IP is known, and the user level inside the fourth user system cannot be obtained. Therefore, set the adjustment factor of the number of risk authentications corresponding to the fourth user, for example: 1;
赋予风险认证次数对应调整因子进行加权融合并取整,获得可认证次数,目标数目大于可认证次数,则限制第四用户对相应认证项目的访问。加权融合并取整时,取不超过加权融合结果的最大整数;可认证次数为,例如:4次。The number of risk authentications is weighted and integrated with the corresponding adjustment factor and rounded to obtain the number of authenticatable times. If the target number is greater than the number of authenticatable times, the fourth user is restricted from accessing the corresponding authentication item. When weighted integration is performed and rounded, the maximum integer that does not exceed the weighted integration result is taken; the number of authenticatable times is, for example: 4 times.
上述技术方案的工作原理及有益效果为:The working principle and beneficial effects of the above technical solution are:
获取第一用户的可认证次数时,首先获取预设的时间段内认证项目对应的认证结果为不通过的目标数目,查库确定认证项目的初始预设的风险认证次数;但是对所有人员设置固定的风险认证次数是不合理的,用户等级高的本地用户可信任度高,应该给予更高的容错度,而对身份信息不详细、事后追责更困难的第四用户应该另行设置,因此,当可以获取第四用户的用户等级,引入用户等级-调整因子确定库确定调整因子,否则,设置对应第四用户对应于风险认证次数的调整因子,提高了调整因子获取的精确性;将风险认证次数和对应调整因子融合并取整数值,即可获得第四用户对相应认证项目的可认证次数。当目标数目大于可认证次数,判定为危险访问,直接禁止第四用户对相应认证项目的访问,提高了系统的安全性。When obtaining the number of times the first user can be authenticated, first obtain the target number of authentication results corresponding to the authentication project within the preset time period that are not passed, and check the database to determine the initial preset risk authentication number of the authentication project; however, it is unreasonable to set a fixed number of risk authentications for all personnel. Local users with high user levels have high trustworthiness and should be given a higher tolerance, while the fourth user whose identity information is not detailed and whose subsequent accountability is more difficult should be set separately. Therefore, when the user level of the fourth user can be obtained, the user level-adjustment factor determination library is introduced to determine the adjustment factor. Otherwise, the adjustment factor corresponding to the fourth user corresponding to the number of risk authentications is set, which improves the accuracy of the adjustment factor acquisition; the number of risk authentications and the corresponding adjustment factor are merged and taken as an integer value, and the number of times the fourth user can be authenticated for the corresponding authentication project can be obtained. When the target number is greater than the number of times that can be authenticated, it is determined to be a dangerous access, and the fourth user is directly prohibited from accessing the corresponding authentication project, which improves the security of the system.
在一个实施例中,若尝试获取失败,设置对应第四用户对应于风险认证次数的调整因子,包括:In one embodiment, if the acquisition attempt fails, setting an adjustment factor corresponding to the number of risk authentications corresponding to the fourth user includes:
尝试获取失败时,将第四用户作为第五用户;When the acquisition attempt fails, the fourth user is used as the fifth user;
获取可用依据捕捉模板;可用依据捕捉模板:限制捕捉行为只捕捉可用依据,不获取其他无关信息;Obtain available basis capture template; Available basis capture template: limit the capture behavior to only capture available basis, and do not obtain other irrelevant information;
通过可用依据捕捉模板捕捉用于设置第五用户的调整因子的可用依据;用于设置第五用户的调整因子的可用依据为,例如:用户在关联的大数据平台的恶意攻击记录、恶意篡改记录和用户管理等级信息等;The available basis for setting the adjustment factor of the fifth user is captured through the available basis capture template; the available basis for setting the adjustment factor of the fifth user is, for example: malicious attack records, malicious tampering records and user management level information of the user in the associated big data platform;
若可用依据捕捉成功,通过可用依据的依据类型对应预设的特征化规则,将可用依据特征化,获得对应于每一依据类型的可用依据的特征值;依据类型为,例如:用户管理等级信息;预设的特征化规则为:预先设置的用于将可用依据进行特征化的规则;特征值为,例如:第五用户在xx平台管理等级为:高级;If the available basis is captured successfully, the available basis is characterized by the basis type corresponding to the preset characterization rule of the available basis, and the characteristic value of the available basis corresponding to each basis type is obtained; the basis type is, for example: user management level information; the preset characterization rule is: a pre-set rule for characterizing the available basis; the characteristic value is, for example: the management level of the fifth user on the xx platform is: senior;
根据可用依据的特征值,构建调整因子;调整因子为:基于特征值构建的向量;According to the eigenvalues of the available basis, an adjustment factor is constructed; the adjustment factor is: a vector constructed based on the eigenvalues;
若可用依据捕捉失败,基于预设的调整因子初始化规则,确定初始化的调整因子。预设的调整因子初始化规则为,例如:初始化调整因子为:1。If the available basis capture fails, the initialization adjustment factor is determined based on the preset adjustment factor initialization rule. The preset adjustment factor initialization rule is, for example, the initialization adjustment factor is: 1.
上述技术方案的工作原理及有益效果为:The working principle and beneficial effects of the above technical solution are:
设置第五用户的调整因子时,不能盲目设置,大数据平台上可能存在第五用户的历史记录,因此,引入可用依据捕捉模板,获取第五用户的可用依据,提升了可用依据获取的合理性;可用依据捕捉成功后,引入特征化规则,将可用依据特征化,基于特征化获得特征值构建调整因子,提高了调整因子设置的精确度。When setting the adjustment factor for the fifth user, it cannot be set blindly. There may be historical records of the fifth user on the big data platform. Therefore, an available basis capture template is introduced to obtain the available basis for the fifth user, thereby improving the rationality of obtaining the available basis. After the available basis is successfully captured, a characterization rule is introduced to characterize the available basis, and the adjustment factor is constructed based on the characteristic value obtained by characterization, thereby improving the accuracy of the adjustment factor setting.
在一个实施例中,获取可用依据捕捉模板,包括:In one embodiment, obtaining an available basis capture template includes:
获取本地平台到预设的大数据平台的捕捉路径的路径信息和可用依据的第一形容特征;预设的大数据平台为:非煤矿山安全监测系统的历史合作平台;路径信息为;如何联系历史合作平台;第一形容特征为:可用依据的描述信息;Obtain the path information of the capture path from the local platform to the preset big data platform and the first descriptive feature of the available basis; the preset big data platform is: the historical cooperation platform of the non-coal mine safety monitoring system; the path information is; how to contact the historical cooperation platform; the first descriptive feature is: the description information of the available basis;
根据路径信息,建立本地平台到大数据平台的第一访问链路;第一访问链路为:本地平台到大数据平台的通讯链路;According to the path information, a first access link from the local platform to the big data platform is established; the first access link is: a communication link from the local platform to the big data platform;
根据捕捉贡献和捕捉成本确定第一访问链路对应的捕捉效益;其中,捕捉贡献由捕捉结果的价值和数量确定,捕捉成本由访问第一访问链路消耗的系统资源确定;捕捉效益的计算公式如下:The capture benefit corresponding to the first access link is determined according to the capture contribution and the capture cost; wherein the capture contribution is determined by the value and quantity of the capture result, and the capture cost is determined by the system resources consumed by accessing the first access link; the calculation formula of the capture benefit is as follows:
其中,prof为所述捕捉效益,为捕捉贡献的第t个贡献项的贡献值,μt为第t个贡献项的贡献值对应预设的关系系数,e为自然对数的底数,T为贡献项的总数目,s为捕捉成本;Wherein, prof is the capture benefit, is the contribution value of the t-th contribution item of the capture contribution, μt is the preset relationship coefficient corresponding to the contribution value of the t-th contribution item, e is the base of the natural logarithm, T is the total number of contribution items, and s is the capture cost;
获取捕捉效益大于等于预设的捕捉效益阈值的第二访问链路;捕捉效益阈值由人工预先设置;Acquire a second access link whose capture benefit is greater than or equal to a preset capture benefit threshold; the capture benefit threshold is manually preset;
基于预设的模板构建规则,根据第一形容特征和第二访问链路,构建可用依据捕捉模板;预设的模板构建规则为:将第二访问链路作为捕捉路径,形容特征作为捕捉依据,制作可用依据捕捉模板;Based on the preset template construction rule, according to the first descriptive feature and the second access link, an available basis capture template is constructed; the preset template construction rule is: taking the second access link as the capture path and the descriptive feature as the capture basis, and making an available basis capture template;
其中,根据第一形容特征和第二访问链路,构建可用依据捕捉模板,包括:According to the first descriptive feature and the second access link, constructing an available basis capture template includes:
获取第二访问链路对应访问的链路资源的资源属性;链路资源为第二访问链路对应访问的资源;资源属性为:资源类型信息;Obtaining resource attributes of a link resource accessed by the second access link; the link resource is a resource accessed by the second access link; the resource attribute is: resource type information;
将资源属性特征化,获得资源属性特征;资源属性特征为,例如:何种资源信息,例如:何种恶意篡改记录;Characterize resource attributes to obtain resource attribute characteristics; resource attribute characteristics are, for example, what kind of resource information, for example, what kind of malicious tampering record;
基于预设的关联构建必要性分析模型,根据第一形容特征和资源属性特征,分析根据第一形容特征和第二访问链路的关联构建必要性;关联构建必要性分析模型为预先设置的用于评估第一形容特征和第二访问链路的关联构建必要性的智能模型,关联构建必要性为:是否有必要构建通过第二访问链路,以第一形容特征为依据特征的模板,例如:第一形容特征和资源属性特征越不相关,则越没有关联构建必要性;Based on a preset association construction necessity analysis model, according to the first descriptive feature and the resource attribute feature, the necessity of association construction based on the first descriptive feature and the second access link is analyzed; the association construction necessity analysis model is a pre-set intelligent model for evaluating the necessity of association construction between the first descriptive feature and the second access link, and the necessity of association construction is: whether it is necessary to construct a template based on the first descriptive feature through the second access link, for example: the less relevant the first descriptive feature and the resource attribute feature are, the less necessity there is for association construction;
若关联构建必要性的分析结果为有必要进行关联构建,则将对应第二访问链路作为第三访问链路;If the analysis result of the necessity of association establishment is that it is necessary to establish association, the corresponding second access link is used as the third access link;
根据第一形容特征和第三访问链路,确定可用依据捕捉模板。An available basis capture template is determined according to the first descriptive feature and the third access link.
上述技术方案的工作原理及有益效果为:The working principle and beneficial effects of the above technical solution are:
基于获取的本地平台到预设的大数据平台的捕捉路径的路径信息确定本地平台到大数据平台的第一访问链路,引入第一访问链路的捕捉效益,确定捕捉效益大于等于预设的捕捉效益阈值的第二访问链路,提高了第二访问链路确定的适宜性;基于预设的模板构建规则,根据第一形容特征和第二访问链路,构建可用依据捕捉模板,提高了可用依据捕捉模板构建的合理性。另外,在根据第一形容特征和第二访问链路,构建可用依据捕捉模板时,引入关联构建必要性分析模型,根据第一形容特征和资源属性特征分析根据第一形容特征和第二访问链路的关联构建必要性,提高了模板构建效率。Based on the acquired path information of the capture path from the local platform to the preset big data platform, the first access link from the local platform to the big data platform is determined, the capture benefit of the first access link is introduced, and the second access link whose capture benefit is greater than or equal to the preset capture benefit threshold is determined, thereby improving the suitability of the second access link determination; based on the preset template construction rules, an available basis capture template is constructed according to the first descriptive feature and the second access link, thereby improving the rationality of the construction of the available basis capture template. In addition, when constructing the available basis capture template according to the first descriptive feature and the second access link, an associated construction necessity analysis model is introduced, and the necessity of the associated construction based on the first descriptive feature and the second access link is analyzed according to the first descriptive feature and the resource attribute feature, thereby improving the efficiency of template construction.
在一个实施例中,通过可用依据捕捉模板捕捉用于设置第五用户的调整因子的可用依据,包括:In one embodiment, the available basis for setting the adjustment factor of the fifth user is captured by the available basis capture template, including:
通过可用依据捕捉模板获取第四访问链路对应的大数据平台提供的资源列表,同时,确定用于设置第五用户的调整因子的可用依据的第二形容特征;第四访问链路为:可用依据捕捉模板中设置的用于第五用户的调整因子的可用依据的捕捉的访问平台的通讯链路;资源列表为:第四访问链路对应的大数据平台提供的可用依据的数据表;第二形容特征为:用于第五用户的调整因子的可用依据的描述信息;The resource list provided by the big data platform corresponding to the fourth access link is obtained through the available basis capture template, and at the same time, the second descriptive feature of the available basis for setting the adjustment factor of the fifth user is determined; the fourth access link is: the communication link of the access platform for capturing the available basis for the adjustment factor of the fifth user set in the available basis capture template; the resource list is: the data table of the available basis provided by the big data platform corresponding to the fourth access link; the second descriptive feature is: the description information of the available basis for the adjustment factor of the fifth user;
依次访问资源列表中的每一列表资源,每次访问时,提取列表资源的资源特征;资源特征为,例如:何种类型的记录;Each list resource in the resource list is accessed in sequence, and each time the resource feature of the list resource is extracted; the resource feature is, for example, what type of record;
匹配第二形容特征和资源特征,确定特征匹配符合的列表资源作为目标资源;匹配时,基于特征匹配技术实现;目标资源为:捕捉结果的部分结果;Match the second descriptive feature and the resource feature, and determine the list resource that matches the feature match as the target resource; when matching, it is implemented based on the feature matching technology; the target resource is: a partial result of the capture result;
整合所有目标资源,获得用于设置第五用户的调整因子的可用依据。All target resources are integrated to obtain a usable basis for setting the adjustment factor of the fifth user.
上述技术方案的工作原理及有益效果为:The working principle and beneficial effects of the above technical solution are:
引入资源列表,依次访问访问资源列表中的每一列表资源,访问时,提取列表资源的资源特征,确定第二形容特征和资源特征匹配符合的目标资源,整合获得用于设置第五用户的调整因子的可用依据,提高了捕捉的准确性。A resource list is introduced, and each list resource in the resource list is visited in turn. When visiting, the resource characteristics of the list resources are extracted, and the target resources that match the second descriptive characteristics and the resource characteristics are determined. The available basis for setting the adjustment factor of the fifth user is obtained through integration, thereby improving the accuracy of capture.
本发明实施例提供了非煤矿山安全监测系统的多用户安全认证系统,如图2所示,包括:The embodiment of the present invention provides a multi-user safety authentication system for a non-coal mine safety monitoring system, as shown in FIG2 , including:
登录数据获取模块1,用于获取登录非煤矿山安全监测系统的多个第一用户的登录数据;A login data acquisition module 1 is used to acquire login data of multiple first users who log in to the non-coal mine safety monitoring system;
第一安全认证模块2,用于根据登录数据的登录类型的不同,对第一用户进行相应第一安全认证;A first security authentication module 2, used for performing a corresponding first security authentication on the first user according to different login types of the login data;
确定模块3,用于确定第一用户中第一安全认证通过的第二用户;A determination module 3, used to determine a second user among the first users who has passed the first security authentication;
第二安全认证模块4,用于获取第二用户的操作数据,并基于操作数据,对第二用户进行第二安全认证;The second security authentication module 4 is used to obtain the operation data of the second user and perform a second security authentication on the second user based on the operation data;
认证限制模块5,用于输出认证结果,获取认证结果中为不通过的认证项目和认证结果中为不通过的第一用户的可认证次数并对第一用户进行相应认证限制。The authentication restriction module 5 is used to output the authentication result, obtain the authentication items that are not passed in the authentication result and the number of times the first user who is not passed in the authentication result can be authenticated, and impose corresponding authentication restrictions on the first user.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include these modifications and variations.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310994519.5ACN117034245B (en) | 2023-08-08 | 2023-08-08 | Multi-user safety authentication method and system for non-coal mine safety monitoring system |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310994519.5ACN117034245B (en) | 2023-08-08 | 2023-08-08 | Multi-user safety authentication method and system for non-coal mine safety monitoring system |
| Publication Number | Publication Date |
|---|---|
| CN117034245A CN117034245A (en) | 2023-11-10 |
| CN117034245Btrue CN117034245B (en) | 2024-11-05 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310994519.5AActiveCN117034245B (en) | 2023-08-08 | 2023-08-08 | Multi-user safety authentication method and system for non-coal mine safety monitoring system |
| Country | Link |
|---|---|
| CN (1) | CN117034245B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103593602A (en)* | 2012-08-14 | 2014-02-19 | 深圳中兴网信科技有限公司 | User authorization management method and system |
| CN113111319A (en)* | 2021-04-07 | 2021-07-13 | 珠海市鸿瑞信息技术股份有限公司 | Identity authentication system and method based on industrial control system |
| CN114490541A (en)* | 2021-12-24 | 2022-05-13 | 云南云电同方科技有限公司 | Method and system for storing file on block chain |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7685629B1 (en)* | 2009-08-05 | 2010-03-23 | Daon Holdings Limited | Methods and systems for authenticating users |
| CN115600236A (en)* | 2021-07-09 | 2023-01-13 | 华为技术有限公司(Cn) | Access control method and device, device, storage medium |
| CN114444051A (en)* | 2022-01-13 | 2022-05-06 | 盐城幼儿师范高等专科学校 | Computer security login system based on Internet of things |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103593602A (en)* | 2012-08-14 | 2014-02-19 | 深圳中兴网信科技有限公司 | User authorization management method and system |
| CN113111319A (en)* | 2021-04-07 | 2021-07-13 | 珠海市鸿瑞信息技术股份有限公司 | Identity authentication system and method based on industrial control system |
| CN114490541A (en)* | 2021-12-24 | 2022-05-13 | 云南云电同方科技有限公司 | Method and system for storing file on block chain |
| Publication number | Publication date |
|---|---|
| CN117034245A (en) | 2023-11-10 |
| Publication | Publication Date | Title |
|---|---|---|
| CN112182519B (en) | Computer storage system security access method and access system | |
| US10068076B1 (en) | Behavioral authentication system using a behavior server for authentication of multiple users based on their behavior | |
| CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
| US9301140B1 (en) | Behavioral authentication system using a secure element, a behaviometric server and cryptographic servers to authenticate users | |
| Bartłomiejczyk et al. | Multifactor authentication protocol in a mobile environment | |
| RU2718226C2 (en) | Biometric data safe handling systems and methods | |
| RU2320009C2 (en) | Systems and methods for protected biometric authentication | |
| US11716330B2 (en) | Mobile enrollment using a known biometric | |
| CN111131202A (en) | Identity authentication method and system based on multiple information authentication | |
| US11334658B2 (en) | Systems and methods for cloud-based continuous multifactor authentication | |
| Stokkenes et al. | Biometric authentication protocols on smartphones: An overview | |
| EP3684004A1 (en) | Offline interception-free interaction with a cryptocurrency network using a network-disabled device | |
| Insan et al. | Multi-factor authentication using a smart card and fingerprint (case study: Parking gate) | |
| US20190132312A1 (en) | Universal Identity Validation System and Method | |
| CN112257042A (en) | Access method and system for power grid core business system based on trusted identity authentication | |
| CN114297612B (en) | Authentication method, system and device based on improved cryptographic algorithm | |
| CN115690969A (en) | Non-contact fingerprint authentication method, terminal, access control equipment and storage medium | |
| CN109584421A (en) | A kind of intelligent door lock authentication administrative system based on domestic safety chip | |
| CN105262747A (en) | Polymorphic terminal identity verification system and method based on biological characteristic recognition | |
| CN109495500A (en) | A kind of double factor authentication method based on smart phone | |
| CN117034245B (en) | Multi-user safety authentication method and system for non-coal mine safety monitoring system | |
| CN118101335A (en) | A zero-trust edge-cloud collaborative security management and control system and method | |
| Mwema et al. | A study of approaches and measures aimed at securing biometric fingerprint templates in verification and identification systems | |
| CN113254901B (en) | Data security access method and device | |
| He et al. | Understanding mobile banking applications’ security risks through blog mining and the workflow technology |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |