早期的安全系统,存在易被盗用的风险;对用户操作的审核,是一种滞后被迫分析。针对早期安全系统中的不足,文中提出一种基于短信互动的实时安全审计模型。在该模型中,用户登录时系统自动产生动态密码,通过短信的方式发送给用户;通过对动态密码设置时间有效期(如60 s)确保用户认证的有效性;通过短信白名单和黑名单的访问控制列表方式实现对用户帐号的有效性管理;用户通过发送短信可实时禁用或启用帐号;通过对帐号状态的实时监控从而实现对用户行为的实时审计。 Early security systems were at risk of being misappropriated; auditing user actions was a lag forced analysis. In view of the shortcomings of early security system, this paper presents a real-time security audit model based on SMS interaction. In this model, when the user logs in, the system automatically generates a dynamic password and sends the dynamic password to the user through SMS. The validity of the user authentication is ensured by setting the validity period of the dynamic password (for example, 60 s). By means of short message whitelisting and black list access The control list realizes the validity management of the user account. The user can disable or enable the account in real time by sending the text message. Real-time auditing of the user behavior can be realized by real-time monitoring of the account status.