CN103294334B - Unlocking screen data access control method and safety control - Google Patents
Unlocking screen data access control method and safety control Download PDFInfo
- Publication number
- CN103294334B CN103294334B CN201210054969.8A CN201210054969A CN103294334B CN 103294334 B CN103294334 B CN 103294334B CN 201210054969 A CN201210054969 A CN 201210054969A CN 103294334 B CN103294334 B CN 103294334B
- Authority
- CN
- China
- Prior art keywords
- signature
- collection
- registration
- input
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Collating Specific Patterns (AREA)
- User Interface Of Digital Computer (AREA)
- Document Processing Apparatus (AREA)
Abstract
Unlocking screen method data access control method is provided in the present invention, including:Gather the signature character of user input in advance, the construction signature essential information corresponding with collection environment is preserved;When needing to carry out unlocking screen or access limited sensitive data or application, the signature character of the current input of collection user, and the signature essential information of preservation corresponding with this collection environment is extracted according to collection environment, the signature character of described current input is compared with the signature essential information extracted, compare consistent then solution lock screen, or allow access sensitive data or application;Otherwise, puzzled lock screen, or refusal permission access sensitive data or application.By means of the invention it is possible to realize the personalisation process of unlocking screen data access control, improve safety.
Description
Technical field
The present invention relates to the safe practice in communication system, particularly to unlocking screen data access control
Method and safety control.
Background technology
Handheld device has been deep into the various aspects of people's life, and the portability of its operation is popular
Known, during using equipment, had a lot of applications slowly add user
Property element, biological characteristic etc..The unblock of the modal handheld device of such as people, has had abundant many
The unlocking manner of sample, has pattern to unlock, track unlocks, the mode such as unlocked by fingerprint.Our unblock will make
Unlocked with the signature character of handheld device user.
, nothing more than hardware and software two class, can using of hardware mode is hand-held for the unlocking manner of prior art
Unlocking, software mode has figure, the mode of track to the various modes of equipment or peripheral hardware.
Existing technical scheme is not unlocked using the input person's handwriting of the user of handheld device
Also have now and propose unlocked by fingerprint, but due to being limited to screen characteristics, extensively do not made
With.Comparatively speaking, signature unblock can make Consumer's Experience individual character special compared with high-accuracy at lower cost
Levy convenience and the agility of unblock.
With respect to recognition of face unblock, signature unblock can undergo training, and user can input various
Symbol, unlike face, only one of which sampling specimen is it is easy to safety problem.
Content of the invention
The invention provides a kind of unlocking screen method, data access control method and safety control,
The unlocking manner data access control scheme of personalization can be set according to demand, improve safety.
For achieving the above object, the present invention adopts the following technical scheme that:
A kind of unlocking screen method, including:
The signature character of A, in advance collection user input, the construction registration signature corresponding with collection environment
Information is preserved;
B, when carrying out the unlocking screen of equipment, the signature character of the current input of collection user, and according to
Collection environment extracts the registration signing messages of preservation corresponding with this collection environment, by the label of described current input
Name feature and the registration signing messages extracting are compared, and compare consistent then solution lock screen, otherwise do not carry out
Unblock.
It is preferred that the signature character of collection includes:The shape of incoming symbol, the seriality of input, input
Speed, input acceleration, the weight started to write, the orientation of incoming symbol, three-dimensional depth
One of degree, script of input or combination in any.
It is preferred that the signature character of described collection includes the script inputting and except writing other label external
During name feature, in step B, the signature character of the current input of collection user is:Used according to collection environment collection
The current input in family write body characteristicses, further according to described in the current input of this script collection apparatus user its
His signature character.
It is preferred that collection environment is:Two dimension collection or three dimensions collection.
It is preferred that when collection environment gathers for three dimensions, the mode of collection is:Adopted by sensor
Collect or pass through video record.
It is preferred that the signature character gathering user input in step A is:The label that collection user repeatedly inputs
Name feature, described times of collection is by user input or equipment sets itself.
It is preferred that described signature enrolling information is preserved its that be connected in the apparatus or with described equipment
His equipment, or be saved in the either end of distributed environment.
It is preferred that when corresponding with collection environment registration signing messages in step A is preserved, entering one
Step is encrypted to the registration signing messages preserving;
Described in step B extract with collection environment corresponding preservation register signing messages as:To with collection ring
The corresponding registration signing messages preserving in border is decrypted process, then extracts the registration signing messages after deciphering.
It is preferred that the signature character of current input and the registration signing messages extracting are entered described in step B
Row comparison is:Calculate the dependency of the signature character of current input and the registration signing messages of extraction, when two
The dependency of person is prescribed a time limit more than or equal to coincidence gate, judges to compare unanimously, otherwise, it is determined that comparing inconsistent;
Described coincidence gate is limited to systemic presupposition or user input.
A kind of data access control method, including:
The signature character of A, in advance collection user input, the construction registration signature corresponding with collection environment
Information is preserved, for controlling the access to sensitive data or application;
B, access described sensitive data or application when, point out user input signature, and gather user work as
The signature character of front input, and the registration signature of preservation corresponding with this collection environment is extracted according to collection environment
Information, the signature character of described current input is compared with the registration signing messages extracting, and compares one
Cause then to allow to access described data or application, otherwise do not allow to access described data or application.
It is preferred that described sensitive data is encrypted data;
After judging to compare unanimously in described step B, the method further includes:To described sensitive data
It is decrypted.
It is preferred that the mode that described sensitive data is encrypted is:By the use of collection signature character as
Key is encrypted to described sensitive data.
It is preferred that the signature character of collection includes:The shape of incoming symbol, the seriality of input, input
Speed, input acceleration, the weight started to write, the orientation of incoming symbol, three-dimensional depth
One of degree, script of input or combination in any.
It is preferred that the signature character of described collection includes the script inputting and except writing other label external
During name feature, in step B, the signature character of the current input of collection user is:Used according to collection environment collection
The current input in family write body characteristicses, further according to described in the current input of this script collection apparatus user its
His signature character.
It is preferred that collection environment is:Two dimension collection or three dimensions collection.
It is preferred that when collection environment gathers for three dimensions, the mode of collection is:Adopted by sensor
Collect or pass through video record.
It is preferred that the signature character gathering user input in step A is:The label that collection user repeatedly inputs
Name feature, described times of collection is by user or default.
It is preferred that described signature enrolling information is preserved its that be connected in the apparatus or with described equipment
His equipment, or be saved in the either end of distributed environment.
It is preferred that when corresponding with collection environment registration signing messages in step A is preserved, entering one
Step is encrypted to the registration signing messages preserving;
Described in step B extract with collection environment corresponding preservation register signing messages as:To with collection ring
The corresponding registration signing messages preserving in border is decrypted process, then extracts the registration signing messages after deciphering.
It is preferred that the signature character of current input and the registration signing messages extracting are entered described in step B
Row comparison is:Calculate the dependency of the signature character of current input and the registration signing messages of extraction, when two
The dependency of person is prescribed a time limit more than or equal to coincidence gate, judges to compare unanimously, otherwise, it is determined that comparing inconsistent;
Described coincidence gate is limited to systemic presupposition or user input.
A kind of safety control, including registration signature acquisition module, compares signature acquisition module, signature
Engine modules, signature engine library module and operational control module;
Described registration signature acquisition module, the signature character gathering user input in advance is sent to described signature
Engine modules;
The described signature character comparing signature acquisition module, gathering the current input of user, and environment will be gathered
The signature character of information and collection is sent to described signature engine module;
Described signature engine module, receives the signature character of described registration signature acquisition module collection, construction
The registration signing messages corresponding with collection environment, and it is saved in described signature engine library module;It is additionally operable to
Receive the described signature character of active user's input comparing signature acquisition module collection and collection environment letter
Breath, extracts preserve in the described signature engine library module and collection corresponding registration of environment according to gathering environment
Signing messages, the signature character of described current input is compared with the registration signing messages extracting, and
Comparison result is sent to described operational control module;
Described operational control module, in the unlocking screen carrying out equipment or access sensitive data, application
When, trigger the described signature acquisition module that compares and carry out signature collection, and receive described signature engine module and send out
The comparison result sending, solution lock screen or permission when comparing consistent accesses described data, application, otherwise not
Solution lock screen or data, application described in denied access.
It is preferred that described registration signature acquisition module, further under the instruction of described operational control module
The operation of execution collection signature character;
Described comparison signature acquisition module, executes further under the direct triggering of described operational control module
The operation of collection signature character;
Described operational control module, is further used for indicating that described registration signature acquisition module gathers use in advance
The registration signature of family input.
It is preferred that described registration signature acquisition module, further under the instruction of described signature engine module
The operation of execution collection signature character;
Described comparison signature acquisition module, executes collection further under the instruction of described signature engine module
The operation of signature character;
Described operational control module, is further used for triggering signature engine module and carries out signature comparison, and lead to
Cross the described signature acquisition module that compares of described signature engine module triggering and carry out signature collection;
Signature engine module, indicates that described registration signature acquisition module gathers user input in advance further
Registration signature;It is additionally operable under the triggering of described operational control module, triggering is described to compare signature collection mould
Block carries out signature collection.
It is preferred that described registration signature acquisition module is located in described equipment or is connected with described equipment;
The described signature acquisition module that compares is located in described equipment or is connected with described equipment;
Described signature engine module, in the either end in distributed system or described equipment;
Described signature engine library module, in the either end in distributed system or described equipment;
Described operational control module, in described equipment.
It is preferred that during either end in distributed system for the described signature engine library module, described safety
Control device further includes encryption/decryption module, for the described note that will construct in described signature engine module
It is saved in described signature engine library module after volume signing messages encryption, be additionally operable to described signature engine mould
The described registration signing messages that block extracts is decrypted process, and the registration signing messages after deciphering is fed back
To described signature engine module.
It is preferred that described encryption/decryption module is located in described signature engine module, or draw with described signature
Hold up module each independent.
As seen from the above technical solution, the signature character of user input, construction in the present invention, are gathered in advance
The signature essential information corresponding with collection environment is preserved;It is subject to when needing to carry out unlocking screen or access
When the sensitive data of limit or application, the signature character of the current input of collection user, and carried according to collection environment
Take the signature essential information of preservation corresponding with this collection environment, by the signature character of described current input with carry
The signature essential information taking is compared, and compares consistent then solution lock screen, or allows access sensitive data
Or application;Otherwise, puzzled lock screen, or do not allow access sensitive data or application.By above-mentioned
The mode of invention, can carry out the unblock data access control of screen such that it is able to realize using signature
The personalisation process of unlocking screen data access control, improves safety.
Brief description
Fig. 1 is that the signature enrolling flow process in unlocking screen data access control method in the present invention is illustrated
Figure;
Fig. 2 is to carry out unlocking screen idiographic flow schematic diagram using the signing messages of registration in the present invention;
Fig. 3 is to be illustrated using the idiographic flow that the signing messages of registration carries out data access control in the present invention
Figure;
Fig. 4 gathers the example schematic diagram of signature character for three dimensions;
Fig. 5 uses handwriting input to gather the example schematic diagram of signature character for two-dimensional space;
Fig. 6 is the equipment schematic diagram for running the inventive method.
Specific embodiment
For making the purpose of the present invention, technological means and advantage become more apparent, below in conjunction with accompanying drawing to this
Invention is described in further details.
The basic thought of the present invention is:Carry out unlocking screen using the signing messages prestoring or data is visited
The control asked.
Specifically, in the present invention, the signature character that collection user pre-enters first, carries out signature note
Volume, controls for follow-up unlocking screen or data access;Then, when needing to carry out unlocking screen,
Prompting user input signature, and gather the signature character of the current input of user, enter with the signing messages of registration
Row compares, if comparison result is consistent, carries out unlocking screen or allows to carry out corresponding data access,
Otherwise, do not carry out unlocking screen or do not allow to carry out corresponding data access.From above-mentioned, the present invention
In when carrying out unlocking screen data access control, all include two parts:Signature enrolling and signature authentication.
Above-mentioned signature enrolling and signature authentication process are described separately by specific embodiment.
Fig. 1 is that the signature enrolling flow process in unlocking screen data access control method in the present invention is illustrated
Figure.The signature enrolling flow process of this two methods is identical, is therefore introduced in the lump here.As shown in figure 1,
This flow process includes:
Step 101, is ready for signature enrolling.
Ready login state can be entered in advance before electronic equipment typing user's signature, and should
User is allowed to learn that the signature character of oneself is collected, that is, prompting user carries out signature enrolling.Concrete label
Name registration is probably being initiated by the third-party institution or user oneself Active Registration signature.With
Family registration Chinese signature when it is provided that to user select input calligraphy characteristic, including but not limited to regular script,
Running hand, rapid style of writing etc..
Step 102, user input signature to be registered.
User starts the signature of typing in the electronic device.User's typing signature can be in two-dimentional or three-dimensional ring
Carry out in border.Specifically, can directly using the slip of finger, or by other equipment, including but
It is not limited to felt pen, shooting is first-class.In the three-dimensional acquisition environment, user can be using sliding in the air
Gesture carrys out typing handwriting Signature, at this moment not contact arrangement, but can obtain by other modes
Input feature vector.User input can also occur in non-display touch screen, but but can perceive user input
Equipment on.The Autograph Session of typing, because the different calligraphy of user input, has different input methods.
User input registration signature can carry out repeatedly, and repeatedly the input process of registration signature can be continuous
Property it is also possible to discrete.Specifically, the signature of user input registration, can be continuously defeated on equipment
Enter the data source several times as collection, for generating the signature character of user it is also possible on different devices
Signed with different time inputs, then equipment extracts the input generation user of user under corresponding scene
Signature character data.
In some cases, for security consideration, after collection user's signature, it is possible to use certain encryption
The input feature vector data of algorithm for encryption user.It is then passed to local device or pass in distributed system.
Step 103, the signature character of collection user input.
After step 102 completes, or during completing, equipment starts to gather the label of user
Name, the number of times of user's collection can be set by equipment, or can also be selected by user oneself.Collection
Feature can include but is not limited to user input person's handwriting, input speed, incoming symbol shape (for example
The word of input), script, the orientation of symbol, the depth in three dimensions, user start to write light
One of grade or combination in any again.
User can also use certain script under particular acquisition environment, and script here includes pattern
Book, running hand, rapid style of writing has the calligraphy body of feature with other.Can adopt according to collection environment when equipment collection
The feature of collection script, then other signatures according further to this script collection apparatus user input are special
Levy.
During user input registration signature, may carry out under multiple varying environments, therefore, correspondingly, adopt
During collection user input signature character, can carry out under different collection environment.The different collection ring of correspondence
Border, has corresponding acquisition means.When collection environment gathers for three dimensions, the mode of collection is permissible
By sensor acquisition or by video record etc.;When gathering environment is that two dimension gathers, the mode of collection
Touch screen or touch pad etc. can be passed through.
Can process as follows during concrete collection:Equipment bottom arranges data sampling frequency, in two-dimensional space,
User input is signed, and equipment is with this frequency collection data.During gathered data, the coordinate of record data, number
According to timestamp and eigenvalue (this feature value is in order to characterize the first stroke of a Chinese character and to start to write), in addition can also typing
Write body characteristicses, these data are stored in relief area, as the signature character of collection.In three dimensions,
User input data, equipment gathers the acceleration of user with characteristic frequency, and in this process, foundation adds
Speed, determines the direction of motion, logging timestamp, the steering of record acceleration and in the same direction feature, by data
It is stored in relief area, as the signature character of collection.
Step 104, according to the registration signature character of collection, the construction registration label corresponding with collection environment
Name information is preserved.
After collecting the signature character of registration, the signature character of multiple input can be carried out average etc.
Reason, it is possible to be combined to various signature characters as needed arranging, constructs adaptation different acquisition ring
The registration signing messages in border, and corresponding collection environment preserves corresponding registration signing messages, for follow-up
Unlocking screen data access control.
Specifically the above-mentioned registration operation that processed of signature character to collection can in local device or
Run on the adnexa being connected with equipment, or it is also possible to run in distributed environment.Ultimately constructed go out
Signature enrolling information can be saved on local device or the adnexa that is connected with equipment, or be saved in
Other ends of distributed environment.For security consideration, when preserving signature enrolling information, can be to this label
Name log-on message is encrypted, and when subsequently carrying out signature character comparison, needs first signature enrolling information to be entered
Row decryption processing, then extract the comparison that the registration signing messages after deciphering carries out signature character.
So far, signature enrolling process completes.By above-mentioned signature enrolling mode, personalized letter can be registered
Breath, for data access control of signing.Meanwhile, the typing of this signing messages can be carried out repeatedly, and
Multiple signature sample can be gathered, thus avoiding only one of which in recognition of face unblock to sample what specimen caused
Safe sexual obsession.
Next, respectively to the concrete place carrying out unlocking screen data access control using the signature of registration
Reason.
Fig. 2 is to carry out unlocking screen idiographic flow schematic diagram using the signing messages of registration in the present invention.As
Shown in Fig. 2, this flow process includes:
Step 201, points out user input signature unblock.
Electronic equipment enters unlock interface.Electronic equipment enters released state, before adaptable various
State.In the unlocked state, electronic equipment is triggered unblock, and this unlock interface can be various, can
To set through specific step as needed, equipment can make user start to input signature contents.
Step 202, user inputs signature under particular circumstances.
With the registration signature process shown in Fig. 1 similarly, the environment of user input signature and mode can be
Multifarious, directly can be touched using finger, could be used that felt pen is inputted or used gesture
Input, or directly use the movement locus input of equipment.The signature of input can be to be capable of identify that user is defeated
Enter any symbol of feature, including being not limited to Chinese, English, multiple symbol such as Korean.The input of user
Can be selected in various ways.Give an example, user is signed in one end of distributed system
Handwriting input can be selected during input, when the other end of this distributed system carries out signature input, permissible
Select gesture input.
Step 203, the signature character of collection user input.
Equipment gathers the signature character of user input, specifically can be gathered using specific according to collection environment
Mode.If user directly uses finger touch input, then directly gathered data from touch screen;If
Using gesture typing, equipment can gather the Data Enter of user with photographic head or induction apparatuss;If used
Family uses the movement locus input of equipment, and equipment can directly acquisition from the correlation modules such as the motion of equipment
Data.User can use multiple input modes in step 202., in this case, can be in this step
Polytype user input data is collected, concrete acquisition mode can be with step 103 in rapid.?
After collecting the signature character of user input, after the data of collection being anticipated again than
Right, specifically process in advance can be using identical during construction signature enrolling information with step 104 in Fig. 1
Processing mode.
Step 204, extracts the registration signing messages of preservation corresponding with this collection environment according to collection environment.
Extract the registration signing messages of preservation corresponding with this collection environment according to current collection environment.For example,
During corresponding three-dimensional collection, the signing messages of registration include three-dimensional depth, the shape of incoming symbol,
The putting in order of incoming symbol, then if currently collection environment is three-dimensional acquisition, extract corresponding
Registration signing messages.
If aforementioned carry out signature enrolling when, to preserve registration signing messages encrypted, then
When extracting this registration signing messages it is necessary first to utilize this registration signing messages of correct secret key decryption.
This process for the unlocking screen in distributed environment is very significant, and for example, user is signed
During name registration, one end in distributed environment has carried out the input of the signing messages for registration, and by structure
The registration signing messages made is saved in distributed environment;When user other ends in distributed environment need
When carrying out unlocking screen, this other end is firstly the need of the registration label extracting preservation in this distributed environment
Name information, and decipher this registration signing messages, then just can carry out follow-up unlocking screen.So, one
Aspect ensure that the safety registered during signing messages transmits in distributed environment, on the other hand can
Ensure that authorization location could be unlocked using the registration signing messages preserving in distributed environment.
Step 205, the registration signing messages that the signature character that step 203 is gathered is extracted with step 204
Compare, judge whether unanimously to compare, if unanimously, solve lock screen;If inconsistent, do not unlock
Screen.
After equipment collects the signature character of the current input of user by step 203, with the registration extracted
Signing messages is compared.
When specifically comparing, the registration that the signature character of step 203 collection is extracted with step 204 is signed
What degree is the similarity of information reach may be considered comparison unanimously, and this point can be adjusted,
Specifically can be compared with the consistent thresholding of setting by the result of calculation of the two dependency, if greater than
Or it is equal to consistent thresholding it is believed that comparing consistent.The setting of this consistent thresholding can be that equipment is default, or
Person's user input.For example, it is possible to feature during gathered data in foundation 203, by the tune of consistent thresholding
Section variable presents to user, and the mode presenting can be text, audio frequency, the various ways of video.Hand-written
In input, very common is one threshold value of user input, the comparison signed according to this threshold value.
After equipment judges that signature is eligible, enter unblock flow process.If ineligible, in equipment
In the number of attempt limiting, return to step 201 flow process.In certain embodiments, when exceeding certain trial
After number of times, equipment can enter unblock flow process and prevent from unlocking situation.
So far, terminated using the flow process that registration signature carries out unlocking screen.
Fig. 3 is the schematic flow sheet carrying out data access control using registration signature.As shown in figure 3, should
Flow process includes:
Step 301, equipment starts the access to sensitive data or application.
The application herein referring to includes but is not limited to local device and existing in a distributed way on network
Application.Can be contact person, note, browser, document reader, Photo Viewer etc. is applied.
Sensitive data content includes but is not limited to note, message registration, internet records, picture, video,
The data such as the content of audio frequency and other text properties.
Step 302, equipment detection application to be accessed or whether data is signed processed, if processing,
Then execution step 303, carry out signature authentication, otherwise, directly access this application or data.
Equipment inspection access application or data the need of signature authentication, if not needing signature authentication,
So direct access information content.If necessary to signature authentication, then execution step 303.
Step 303, user input is signed.
Step 304, the signature character of collection user input, extracts and this collection environment according to collection environment
The corresponding registration signing messages preserving, and whether consistent compare, if comparing consistent, allow to access, no
Then denied access.
Here process is identical with the process of step 202~205 in Fig. 2, simply after judging to compare unanimously
The operation taken is to allow to access data or application, judge to compare inconsistent after refuse absolute data or application
Access.
Can be using the access right of registration signing messages control data or application by the process of above-mentioned Fig. 3
Limit, this is relatively good for local IP access.But in some cases, the plaintext in distributed system
If information is directly transmitted, will result in user data and divulge a secret, therefore, for ensureing in data transmission procedure
Safety it is preferable that the sensitive data through system transfers can be encrypted, then in step
After judging in rapid 304 to compare unanimously, access after this sensitive data is decrypted.For example in distributed system
The encryption and decryption that sensitive data in system can be carried out as above is processed, and so can be further ensured that safety,
Prevent user data from divulging a secret.
Specifically when sensitive data is carried out with Encrypt and Decrypt process, it is possible to use the signature character conduct of collection
Key carries out Encrypt and Decrypt process.Wherein, the signature character for Encrypt and Decrypt can pre-save,
It can also be the signature character of the user input of current Real-time Collection.
So far, the schematic flow sheet that data access controls terminates.
In the flow process of above-mentioned Fig. 1 to Fig. 3, it is directed to gather the signature character of user input, below
Provide the specific example of two collection user's signature features.
Fig. 4 gathers the example of signature character for three dimensions.In the diagram, 401 represent equipment, this sets
Standby can be independent possessing the handheld device of display screen and processor etc. or can perceive fortune
The simple machine of dynamic feature.402 represent the track that equipment slides in the air.When implementing, permissible
Set 401 display screen display track 402, and be prompted to the feature of user's relative motion.Equipment gathers
Track 402 data, not only only font face and track, can also have speed and the acceleration of motion
The key elements such as degree.In this embodiment, employ equipment hold feature to obtain signed data, in some situations
Under, it is possible to use the input function of photographic head, to catch the movement locus of handss, also can carry spy on hand
The induction installation levied carrys out logging data perceiving movement locus.It is vertical at one that the example of Fig. 4 mainly illustrates
The signed data of user is gathered in the space of body.When user is in three dimensions gathered data, signature because
Element will be more added with individual character, and the direction character signed also can be added to the inside, improves input further
The uniqueness of data.
Fig. 5 gathers the example of signature character for two-dimensional space by handwriting input.501 represent electronic equipment,
This electronic equipment can include some or all of content mentioned in equipment 600.502 represent user exists
Using handwriting input in electronic equipment input screen.It is not limited only in the input of this part hand-written, can also make
Other peripheral hardwares, such as writing pencil etc., can cause input reflection in the touch screen of different qualities.503
Can be the touch screen that can show or the touch pad that can not show.504 represent user input
Signature.The signature of user can be one or more special symbol, and the arrangement of symbol can also be
Directive, such as from left and right to right or from right to left, then or from top to bottom, or from
Under to upper.
The method of the invention described above can be run on the safety control shown in Fig. 6.As shown in fig. 6,
This device includes registration signature acquisition module 601, compares signature acquisition module 602, signature engine module
603, signature engine library module 604, operational control module 605.Above-mentioned module can disperse to be located at and divide
It is also possible to be centrally located on a local device in cloth system.It is centrally located at one with all modules below
Illustrate as a example on individual local device 600.
Registration signature acquisition module 601, the signature character for gathering user input in advance is sent to signature
Engine modules 603.Compare signature acquisition module 602, for gathering the signature character of the current input of user,
It is sent to signature engine module 603.Wherein, registration signature acquisition module 601 and comparison signature collection mould
The user's signature unofficial biography of collection, this unofficial biography can be used specific encrypted tunnel by block 602,
Can be with clear-text way unofficial biography, this can depend on user;And, this two modules can pass through one
Or multiple sources gather the signed data of user, data source includes but is not limited to displayable screen, only
Not displayable screen, special data acquisition unit of network-side etc. can be touched;Meanwhile, registration signature collection
Module 601 and compare signature acquisition module 602 allow equipment 600 using based on the comprehensive method signed Lai
Inputted, such as handwritten signature adds sound input, or additional video input, and equipment 600 can be right
This mode is parsed, and gathers signature for information about.In addition, registration signature acquisition module 601 He
Compare the collection for user input signature character for the signature acquisition module 602, can be in operational control mould
Carry out under the instruction of block 605, or or carry out under the instruction of signature engine module 603.
When signature engine module 603 instruction compares signature acquisition module 602 and carries out signature collection, it is by operating
Control module 605 triggering signature engine module 603 carries out signature and compares, then by signature engine module 603
Triggering compares signature acquisition module 602 and carries out signature collection.
Signature engine module 603, for receiving the signature character of registration signature acquisition module 601 collection,
The construction registration signing messages corresponding with collection environment, and it is saved in signature engine library module 604;Also
Receive the signature character of the active user's input comparing signature acquisition module 602 collection, according to collection environment
Extract signature engine library module 604 in preserve with this collection environment corresponding registration signing messages, should
The signature character of current input and the registration signing messages extracting are compared, and comparison result is sent to
Operational control module 605 and display are on said device.Wherein, signature engine module 603 and 603 can
To depend on equipment 600, or and registration signature acquisition module 601 and comparison signature acquisition module 602
Mutually integrated, it is possible to use distributed method stores in far-end.Signature engine module 603 can dynamically more
The registration signing messages preserving in new signature engine library module 604.
Operational control module 605, in the unlocking screen carrying out equipment or access sensitive data, application
When, triggering signature engine module 603 carries out signature and compares, and receives the ratio that signature engine module 603 determines
To result, if comparison result is consistent, solves lock screen or allow access sensitive data, application, otherwise
Puzzled lock screen or denied access sensitive data, application.Comparison result therein can be to compare whether one
The final result causing or the similarity score of comparison, by operational control module according to this similarity
Score continues to judge, if the similarity comparing meets the setting value of equipment 600, then solution lock screen or
Allow access sensitive data, application, if the similarity comparing does not meet the setting value of equipment 600, that
Reenter screen locking pattern or denied access sensitive data, application.
As it was previously stated, the modules of above-mentioned safety control can be entirely located in local device, or
Person is it is also possible to be located in distributed system.Specifically, registration signature acquisition module may be located at and locally sets
It is connected in standby or with local device, for collection signature;Comparison signature acquisition module may be located at and locally sets
It is connected in standby or with local device, for collection signature;Signature engine module may be located at distributed system
In either end or local device in;Signature engine library module may be located at the either end in distributed system
Or in local device;Operational control module is usually located in local device.
Wherein, for further enhancing safety, when appointing that signature engine library module is located in distributed system
During one end, safety control may further include encryption/decryption module, for by signature engine module 603
It is saved in signature engine library module 604 after the registration signing messages encryption of middle construction, be additionally operable to sign
The registration signing messages that engine modules 603 are extracted is decrypted process, and by the registration A.L.S. after deciphering
Breath feeds back to signature engine module.This encryption/decryption module can be integrated in signature engine module 603, or
Person and the respective independence of signature engine module 603, in the either end in distributed system or local device.
In the above-mentioned as present invention, unlocking screen method data access control method implements.By upper
State visible, in the present invention, be unlocked using signature and access content with authentication data.Wherein, gather
The signature scheme of the user of data is multifarious, can include the handwriting input of two dimensional surface, felt pen
Input etc., also includes the movement locus input of three-dimensional equipment, and gesture-capture input etc..Collection
The equipment of signature is also multifarious, can make each in local device or distributed system
Terminal unit.After obtaining signed data, signature storehouse is used for unlocking, enriches the mode of unblock,
Also fully demonstrate the exclusive property of equipment and the personal relevance of unlocking manner.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all this
Within the spirit of invention and principle, any modification, equivalent substitution and improvement done etc., should be included in
Within the scope of protection of the invention.
Claims (26)
1. a kind of unlocking screen method is it is characterised in that the method includes:
The signature character of A, in advance collection user input, constructs the registration signature corresponding with different acquisition environment
Information is preserved;
B, when carrying out the unlocking screen of equipment, the signature character of the current input of collection user, and according to user
The current collection environment selecting extracts the registration signing messages of preservation corresponding with this collection environment, will be described current
The signature character of input is compared with the registration signing messages extracting, and compares consistent then solution lock screen, otherwise
It is not unlocked.
2. method according to claim 1 is it is characterised in that the signature character of collection includes:Input
The shape of symbol, the seriality of input, the speed of input, the acceleration of input, the weight started to write, input
One of the orientation of symbol, three-dimensional depth, the script of input or combination in any.
3. method according to claim 2 it is characterised in that the signature character of described collection include defeated
The script that enters and except when writing other external signature characters, the label of the current input of collection user in step B
Name is characterized as:Write body characteristicses according to what collection environment collection user currently inputted, special further according to this script
Levy other signature characters described of the current input of collection user.
4. method according to claim 1 is it is characterised in that collection environment is:Two dimension collection or three
Dimension space gathers.
5. method according to claim 1 is it is characterised in that be that three dimensions gather when gathering environment
When, the mode of collection is:By sensor acquisition or by video record.
6. method according to claim 1 is it is characterised in that gather the label of user input in step A
Name is characterized as:The signature character of the multiple input of collection user, described times of collection by user input or equipment from
Row sets.
7. method according to claim 1 is it is characterised in that be saved in described signature enrolling information
The other equipment being connected in described equipment or with described equipment, or be saved in the either end of distributed environment.
8. method according to claim 1 it is characterised in that in step A with collection environment corresponding
Registration signing messages when being preserved, further the registration signing messages preserving is encrypted;
Described in step B extract with collection environment corresponding preservation register signing messages as:To with collection environment
The corresponding registration signing messages preserving is decrypted process, then extracts the registration signing messages after deciphering.
9. method according to claim 1 is it is characterised in that by current input described in step B
Signature character with extract register signing messages compare as:Calculate signature character and the extraction of current input
Registration signing messages dependency, when the dependency of the two is prescribed a time limit more than or equal to coincidence gate, judge comparison
Unanimously, otherwise, it is determined that comparing inconsistent;Described coincidence gate is limited to systemic presupposition or user input.
10. a kind of data access control method is it is characterised in that the method includes:
The signature character of A, in advance collection user input, constructs the registration signature corresponding with different acquisition environment
Information is preserved, for controlling the access to sensitive data or application;
B, when accessing described sensitive data or application, point out user input signature, and it is currently defeated to gather user
The signature character entering, extracts the note of preservation corresponding with this collection environment according to the current collection environment that user selects
Volume signing messages, the signature character of described current input is compared with the registration signing messages extracting, than
Then allow to access described data or application, otherwise data described in denied access or application to consistent.
11. methods according to claim 10 are it is characterised in that described sensitive data is encrypted
Data;
After judging to compare unanimously in described step B, the method further includes:Described sensitive data is entered
Row deciphering.
12. methods according to claim 11 are it is characterised in that be encrypted to described sensitive data
Mode be:Signature character by the use of collection is encrypted as key to described sensitive data.
13. methods according to claim 10 are it is characterised in that the signature character of collection includes:Defeated
Enter the shape of the symbol, seriality of input, the speed of input, the acceleration of input, the weight started to write, defeated
Enter one of the orientation of symbol, three-dimensional depth, the script of input or combination in any.
14. methods according to claim 13 are it is characterised in that the signature character of described collection includes
The script of input and except when writing other external signature characters, the current input of collection user in step B
Signature character is:Write body characteristicses according to what collection environment collection user currently inputted, further according to this script
Other signature characters described of the current input of collection apparatus user.
15. methods according to claim 10 are it is characterised in that collection environment is:Two dimension collection or
Three dimensions gather.
16. methods according to claim 10 are it is characterised in that adopt for three dimensions when gathering environment
During collection, the mode of collection is:By sensor acquisition or by video record.
17. methods according to claim 10 are it is characterised in that gather user input in step A
Signature character is:The signature character that collection user repeatedly inputs, described times of collection is by user or default.
18. methods according to claim 10 are it is characterised in that preserve described signature enrolling information
In the other equipment being connected in local device or with described local device, or it is saved in appointing of distributed environment
In one end.
19. methods according to claim 10 it is characterised in that in step A with collection environment relative
When the registration signing messages answered is preserved, further the registration signing messages preserving is encrypted;
Described in step B extract with collection environment corresponding preservation register signing messages as:To with collection environment
The corresponding registration signing messages preserving is decrypted process, then extracts the registration signing messages after deciphering.
20. methods according to claim 10 will be it is characterised in that will currently input described in step B
Signature character with extract register signing messages compare as:Calculate the current signature character inputting and carry
The dependency of the registration signing messages taking, when the dependency of the two is prescribed a time limit more than or equal to coincidence gate, judges ratio
To consistent, otherwise, it is determined that comparing inconsistent;Described coincidence gate is limited to systemic presupposition or user input.
A kind of 21. safety controls are it is characterised in that this device includes registration signature acquisition module, comparison
Signature acquisition module, signature engine module, signature engine library module and operational control module;
Described registration signature acquisition module, the signature character gathering user input in advance is sent to described signature engine
Module;
Described compare signature acquisition module, the signature character of the current input of collection user, and by adopting that user selects
The signature character of collection environmental information and collection is sent to described signature engine module;
Described signature engine module, receive described registration signature acquisition module collection signature character, construction with not
With the corresponding registration signing messages of collection environment, and it is saved in described signature engine library module;It is additionally operable to connect
Receive the described signature character of active user's input comparing signature acquisition module collection and collection environmental information, root
Extract preserve in described signature engine library module and collection environment corresponding registration A.L.S. according to gathering environment
Breath, the signature character of described current input is compared with the registration signing messages extracting, and will compare knot
Fruit is sent to described operational control module;
Described operational control module, in the unlocking screen carrying out equipment or access sensitive data, application,
The described signature acquisition module that compares of triggering carries out signature collection, and receives the ratio that described signature engine module sends
To result, solution lock screen or permission when comparing consistent accesses described data, application, does not otherwise understand lock screen
Or data, application described in denied access.
22. devices according to claim 21 acquisition module it is characterised in that described registration is signed,
Under the instruction of described operational control module, execution gathers the operation of signature character further;
Described comparison signature acquisition module, executes collection further under the direct triggering of described operational control module
The operation of signature character;
Described operational control module, is further used for indicating that described registration signature acquisition module gathers user in advance defeated
The registration signature entering.
23. devices according to claim 21 acquisition module it is characterised in that described registration is signed,
Under the instruction of described signature engine module, execution gathers the operation of signature character further;
Described comparison signature acquisition module, execution collection signature under the instruction of described signature engine module further
The operation of feature;
Described operational control module, is further used for triggering signature engine module and carries out signature comparison, and pass through institute
State the described signature acquisition module that compares of signature engine module triggering and carry out signature collection;
Signature engine module, indicates that described registration signature acquisition module gathers the registration of user input in advance further
Signature;It is additionally operable under the triggering of described operational control module, the described signature acquisition module that compares of triggering is carried out
Signature collection.
24. devices according to claim 21 acquisition module position it is characterised in that described registration is signed
It is connected in described equipment or with described equipment;
The described signature acquisition module that compares is located in described equipment or is connected with described equipment;
Described signature engine module, in the either end in distributed system or described equipment;
Described signature engine library module, in the either end in distributed system or described equipment;
Described operational control module, in described equipment.
25. devices according to claim 24 are it is characterised in that described signature engine library module is located at
During either end in distributed system, described safety control further includes encryption/decryption module, for will
It is saved in described signature engine storehouse mould after the described registration signing messages encryption of construction in described signature engine module
In block, the described registration signing messages being additionally operable to extract described signature engine module is decrypted process, and
Registration signing messages after deciphering is fed back to described signature engine module.
26. devices according to claim 25 are it is characterised in that described encryption/decryption module is positioned at described
In signature engine module or each independent with described signature engine module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210054969.8A CN103294334B (en) | 2012-03-05 | 2012-03-05 | Unlocking screen data access control method and safety control |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210054969.8A CN103294334B (en) | 2012-03-05 | 2012-03-05 | Unlocking screen data access control method and safety control |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103294334A CN103294334A (en) | 2013-09-11 |
CN103294334B true CN103294334B (en) | 2017-03-01 |
Family
ID=49095322
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210054969.8A Active CN103294334B (en) | 2012-03-05 | 2012-03-05 | Unlocking screen data access control method and safety control |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103294334B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102332776B1 (en) * | 2017-11-30 | 2021-12-02 | 칩원 테크놀로지(베이징) 컴퍼니 리미티드 | Electronic device, display system and integrated control device thereof, safety certification method |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103532910B (en) * | 2012-07-03 | 2018-06-15 | 北京三星通信技术研究有限公司 | The signature authentication method and apparatus of a kind of electronic equipment |
CN104238950B (en) * | 2014-10-11 | 2017-05-31 | 广东欧珀移动通信有限公司 | A kind of unlocking method and device based on written handwriting |
CN104317512B (en) * | 2014-10-16 | 2017-10-13 | 广州三星通信技术研究有限公司 | Terminal unlock method and device |
CN105243304B (en) * | 2015-08-07 | 2018-09-14 | 厦门美图移动科技有限公司 | A kind of unlocking method and device of mobile terminal |
CN105608359A (en) * | 2015-10-30 | 2016-05-25 | 东莞酷派软件技术有限公司 | Unlocking verification method, unlocking verification apparatus and terminal |
CN105550559A (en) * | 2015-12-03 | 2016-05-04 | 深圳市汇顶科技股份有限公司 | Gesture unlocking method and apparatus and mobile terminal |
CN106919846B (en) * | 2015-12-25 | 2020-03-24 | 中国科学院上海高等研究院 | Message middleware processing method and system |
CN105681539B (en) * | 2015-12-28 | 2019-03-22 | 宇龙计算机通信科技(深圳)有限公司 | A kind of method, apparatus and terminal of unlock processing |
CN106980783A (en) * | 2016-01-18 | 2017-07-25 | 阿里巴巴集团控股有限公司 | unlocking method and device |
CN107276962B (en) * | 2016-04-07 | 2023-04-07 | 北京得意音通技术有限责任公司 | Dynamic password voice authentication system capable of combining any gesture |
CN106022085B (en) * | 2016-05-19 | 2019-05-14 | 深圳市金立通信设备有限公司 | A kind of terminal unlock method and its terminal |
CN106022076A (en) * | 2016-07-12 | 2016-10-12 | 北京华大领创智能科技有限公司 | Signature authentication method, signature authentication device and system |
CN106384146A (en) * | 2016-09-23 | 2017-02-08 | 北京华大智宝电子系统有限公司 | Financial IC card, payment system and payment method |
CN106650371B (en) * | 2016-11-30 | 2020-07-10 | 捷开通讯(深圳)有限公司 | Electronic device encrypted through signature and unlocking method thereof |
CN109409066A (en) * | 2018-10-17 | 2019-03-01 | 北京壹人壹本信息科技有限公司 | Signature unlocking method, mobile terminal and storage medium |
CN110008670A (en) * | 2019-04-10 | 2019-07-12 | 深圳市能信安技术有限公司 | Identity identifying method and device based on hand-written password |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201167364Y (en) * | 2008-01-30 | 2008-12-17 | 深圳市戴文科技有限公司 | Mobile terminal with identification verification function |
CN101490638A (en) * | 2006-07-21 | 2009-07-22 | 索尼爱产信移动通信股份有限公司 | Mobile electronic device with motion detection authentication |
US7886355B2 (en) * | 2006-06-30 | 2011-02-08 | Motorola Mobility, Inc. | Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9292731B2 (en) * | 2009-12-30 | 2016-03-22 | Intel Corporation | Gesture-based signature authentication |
-
2012
- 2012-03-05 CN CN201210054969.8A patent/CN103294334B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7886355B2 (en) * | 2006-06-30 | 2011-02-08 | Motorola Mobility, Inc. | Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof |
CN101490638A (en) * | 2006-07-21 | 2009-07-22 | 索尼爱产信移动通信股份有限公司 | Mobile electronic device with motion detection authentication |
CN201167364Y (en) * | 2008-01-30 | 2008-12-17 | 深圳市戴文科技有限公司 | Mobile terminal with identification verification function |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102332776B1 (en) * | 2017-11-30 | 2021-12-02 | 칩원 테크놀로지(베이징) 컴퍼니 리미티드 | Electronic device, display system and integrated control device thereof, safety certification method |
Also Published As
Publication number | Publication date |
---|---|
CN103294334A (en) | 2013-09-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103294334B (en) | Unlocking screen data access control method and safety control | |
Wang et al. | User authentication on mobile devices: Approaches, threats and trends | |
CN104765995B (en) | Smart machine identity identifying method and client based on contact action | |
Xu et al. | Towards continuous and passive authentication via touch biometrics: An experimental study on smartphones | |
Frank et al. | Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication | |
Tian et al. | KinWrite: Handwriting-Based Authentication Using Kinect. | |
KR101886608B1 (en) | Picture gesture authentication | |
Jain et al. | Exploring orientation and accelerometer sensor data for personal authentication in smartphones using touchscreen gestures | |
Zhou et al. | Harmonized authentication based on ThumbStroke dynamics on touch screen mobile phones | |
Clark et al. | Engineering gesture-based authentication systems | |
Ibrahim et al. | Recent advances in mobile touch screen security authentication methods: A systematic literature review | |
Rogowski et al. | User authentication for mobile devices | |
Nader et al. | Designing touch-based hybrid authentication method for smartphones | |
Gu et al. | Secure user authentication leveraging keystroke dynamics via wi-fi sensing | |
CN103297237A (en) | Identity registration method, identity authentication method, identity registration system, identity authentication system, personal authentication equipment and authentication server | |
Kroeze et al. | User authentication based on continuous touch biometrics | |
KR101435487B1 (en) | User device, method of using hidden page of the same and computer-readable recording medium | |
CN108292996B (en) | Method and system for authenticating identity using a variable keypad | |
Zaidan et al. | Factors affecting keystroke dynamics for verification data collecting and analysis | |
CN105787335A (en) | Switching control method and device for password input interface | |
Zhang et al. | Tracing one’s touches: Continuous mobile user authentication based on touch dynamics | |
Al-Showarah | The Effectiveness of Dynamic Features of Finger Based Gestures on Smartphones' Touchscreens for User Identification. | |
Bhatt et al. | A comprehensive survey on various security authentication schemes for mobile touch screen | |
KR20140036582A (en) | Log-in method, user device and computer-readable storage using fingerprint | |
CN203243360U (en) | Identity registration system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |