FIELD: information technology.
SUBSTANCE: invention relates to methods of continuous (operational) session authentication of users in automated information systems (AIS) for access to information resources of limited access. For session authentication, a video image of a user’s face is used, which is cyclically obtained during a user session from a computer video camera, using a personal computer with a commercially available hardware and software information protection device (HSIPD) and a reader. HSIPD performs the role of a means of trusted loading in the system for distributing access to information resources of the AIS. A video camera must be connected to the computer for current authentication by image of faces. Process of image recognition using a neural network and training the neural network is proposed to be implemented on a separate server connected via a local area network, in background mode with respect to user session. Datasets of images of users' faces are also located on the server. Fundamental differences of the proposed technical solution from existing analogues are that rigid software and hardware binding to industrially produced HSIPD means and integration with access distribution system means are not provided; providing a session training procedure of a neural network using a database of session images of the user, obtained as a result of the procedure for collecting current pre-session images of the user’s face; authentication of users is carried out on a one-to-many basis, which enables to more accurately determine the type and nature of the unauthorized access to the AIS; for multiclass classification, in addition to images of AIS users, it is proposed to add classes "background" and "other" to detect absence of user and external offenders; formation of a dataset of user images is carried out immediately before a session of operation due to a procedure for collecting current pre-session images of the user’s face; by collecting statistics based on the results of session authentication, it is possible to dynamically update the database of images of the user's face and improve the quality of recognition; simultaneous authentication is provided using a session neural network and a basic neural network, which increases accuracy of authentication and reduces the number of errors of the first and second kind.
EFFECT: high efficiency of protecting information resources of restricted access in AIS from unauthorized access for the entire duration of a session of a legitimate user.
1 cl, 2 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| SYSTEM, METHOD AND DEVICE FOR CONTINUOUS USER AUTHENTICATION AND PROTECTION OF AUTOMATED WORKSTATION RESOURCES FROM UNAUTHORIZED ACCESS | 2018 |
|
RU2691201C1 |
| COMPUTER SYSTEM WITH REMOTE CONTROL BY SERVER AND DEVICE FOR CREATING TRUSTED ENVIRONMENT AND METHOD FOR IMPLEMENTATION OF REMOTE CONTROL | 2016 |
|
RU2633098C1 |
| METHOD AND DEVICE FOR TRUSTED COMPUTER BOOTING WITH CONTROL OF PERIPHERAL INTERFACES | 2020 |
|
RU2748575C1 |
| APPARATUS FOR CREATING TRUSTED ENVIRONMENT FOR COMPUTERS OF INFORMATION COMPUTER SYSTEMS | 2013 |
|
RU2538329C1 |
| TRUSTED BOOT TOOL WITH BUILT-IN BINARY TRANSLATOR OF OPERATING SYSTEM AND WIRELESS CONTROL CHANNEL | 2023 |
|
RU2820971C1 |
| METHOD FOR SECURE EXTENSION OF FUNCTIONS OF INFORMATION SECURITY HARDWARE | 2014 |
|
RU2574347C2 |
| DEVICE FOR PROTECTING INFORMATION FROM UNSANCTIONED ACCESS FOR COMPUTERS OF INFORMATIONAL AND COMPUTING SYSTEMS | 2006 |
|
RU2321055C2 |
| DEVICE TO CREATE TRUSTED EXECUTION ENVIRONMENT FOR SPECIAL PURPOSE COMPUTERS | 2014 |
|
RU2569577C1 |
| COMPUTER SYSTEM WITH REMOTE MANAGEMENT OF SERVER AND DEVICE FOR CREATING TRUSTED ENVIRONMENT | 2017 |
|
RU2690782C2 |
| TRUSTED COMPUTING SYSTEM WITH MULTILEVEL SECURITY SYSTEM | 2023 |
|
RU2816097C1 |
