WO2023108635A1

WO2023108635A1 - Authentication method, apparatus, device and system

Info

Publication number: WO2023108635A1
Application number: PCT/CN2021/139267
Authority: WO
Inventors: 夏洪朴
Original assignee: 华为技术有限公司
Priority date: 2021-12-17
Filing date: 2021-12-17
Publication date: 2023-06-22

Abstract

The present application relates to an authentication method, apparatus, device and system. The method comprises: obtaining first information of a first time point and second information of the first time point, the first information being associated with first biometric information, the first biometric information being from a first controlled device, the second information being associated with second biometric information, and the second biometric information being from a first device to be authenticated and being associated with a user corresponding to said first device; matching the first information with the second information; and controlling a state of the first controlled device according to a matching result of the first information and the second information. By means of the present application, an authentication device can, without pre-storing biometric information of the user, implement identity authentication of the user corresponding to said first device; moreover, the leakage risk of pre-storing the biometric information is avoided, the information security is improved, and the privacy of the user is ensured.

Description

An authentication method, device, equipment and system

technical field

The present application relates to the technical field of intelligent unlocking, and in particular to an authentication method, device, equipment and system.

Background technique

With the development of intelligent technology, unmanned application scenarios are becoming more and more abundant, and the use of unmanned smart devices can effectively reduce costs and improve service efficiency. For example, the express cabinet decouples the sender and the picker, reducing the time cost of both parties; the unmanned vending machine can be installed in a variety of venues, which is convenient for consumers to shop; the smart charging car is not limited by the venue, which can make users more convenient ground charge.

The unmanned scenario involves the user's identity authentication. At present, the wearable device worn by the user is usually used for identity authentication. The general process is: the user wears the wearable device close to a smart device, and sends authentication information to the smart device. The smart device Match the received authentication information with the pre-stored authentication information, and unlock it after the matching is successful. There are risks such as information leakage in this authentication method, and the information security is low.

Contents of the invention

In view of this, the present application proposes an authentication method, an authentication device, an authentication system, an authentication device, a device to be authenticated, a storage medium, a chip, and a computer program product.

In a first aspect, an embodiment of the present application provides an authentication method, the method is applied to an authentication device, and the method includes: acquiring first information at a first moment and second information at the first moment, the The first information is associated with first biometric information from the first controlled device, and the second information is associated with second biometric information from the first The device to be authenticated is associated with the user corresponding to the first device to be authenticated; the first information is matched with the second information; according to the matching result of the first information and the second information, control The state of the first controlled device.

Based on the above technical solution, the authentication device does not need to pre-store the biometric information of the user corresponding to the first device to be authenticated. By matching the acquired first information and second information at the same time, and controlling the first controlled device according to the matching result The state of the device, so as to realize the user identity authentication corresponding to the first device to be authenticated, and at the same time avoid the leakage risk of pre-stored user biometric information, improve information security, and protect user privacy.

As an example, when the number of devices to be authenticated or controlled devices is more than one, the authentication device can acquire the biometric information from each device to be authenticated at the first moment, and for any device to be authenticated, the information from the device to be authenticated can be The biometric information of the authentication device is sequentially matched with the biometric information collected by each controlled device. If the matching is successful, the authentication device controls the corresponding controlled device to be in the open state when the matching is successful. The user corresponding to the authentication device performs identity authentication, and can control multiple controlled devices to be turned on at the same time, so as to provide services for multiple authenticated users at the same time, improve authentication efficiency, improve user experience, and save costs.

According to the first aspect, in a first possible implementation manner of the first aspect, the first controlled device includes a first smart lock; the matching of the first information and the second information As a result, controlling the state of the first controlled device includes: when the first information and the second information match successfully, sending first control information, the first control information is used to control the The first smart lock is in an open state.

Based on the above technical solution, the successful matching of the first information and the second information indicates that the user identity authentication corresponding to the first device to be authenticated has passed, and the authentication device can control the first smart lock to be in an open state so that the user corresponding to the first device to be authenticated can obtain Corresponding service.

According to the first aspect or the first possible implementation manner of the first aspect, in the second possible implementation manner of the first aspect, the method further includes: when controlling the first controlled device After the state of , clear the first information and the second information.

Based on the above technical solution, after the authentication device controls the state of the first controlled device, the user's identity authentication has been completed. Since the first information and the second information contain the user's biometric information, the authentication device does not need to store the first information and the second information. The second information, clear the first information and the second information in time, so as to avoid information leakage, protect user privacy, and save storage space at the same time.

According to the first aspect or the above-mentioned various possible implementation manners of the first aspect, in a third possible implementation manner of the first aspect, the method further includes: connecting the first controlled device and the When the distance between the first devices to be authenticated is less than the preset threshold, send second control information to the first controlled device, where the second control information is used to control the first controlled device to collect the First biometric information.

Based on the above technical solution, the function of the first controlled device to collect biometric information can be initially configured as off, so that when the distance between the first controlled device and the first device to be authenticated is less than a preset threshold, it indicates that The user corresponding to the first device to be authenticated has approached the first controlled device, and the authentication device controls the first controlled device to enable the biometric information collection function, so that when the user touches the first controlled device, the first controlled device can collect At the same time, the first controlled device only enables the biometric information collection function when needed, thereby reducing the energy consumption of the first controlled device and the data processing amount of the authentication device.

According to the first aspect or various possible implementations of the first aspect above, in a fourth possible implementation of the first aspect, the acquiring the first information at the first moment and the The second information includes: obtaining third information and fourth information, wherein the third information is associated with first service information, and the first service information is a service provided by the cloud server for the first controlled device information, the fourth information is associated with second business information, and the second business information is the business information provided by the cloud server for the first device to be authenticated; for the third information and the fourth information matching; if the third information and the fourth information are successfully matched, the first information and the second information are acquired.

Based on the above technical solution, the authentication device matches the third information with the fourth information to realize authorization authentication. If the third information and the fourth information match successfully, it indicates that the second business information and the first business information are the same business information, that is, The user corresponding to the first device to be authenticated is the authorized service object of the first controlled device; when the authorization authentication is passed, the authentication device obtains the first information and the second information and performs matching, and controls the first controlled device according to the matching result. The status of the device, the authentication device does not need to pre-store the biometric information of the user corresponding to the first device to be authenticated, and can realize the identity authentication of the user corresponding to the first device to be authenticated, so as to ensure that the user corresponding to the first device to be authenticated opens the The first controlled device avoids the leakage risk of pre-stored user biometric information, improves information security, and protects user privacy.

As an example, when the number of devices to be authenticated or controlled devices is more than one, at the same time, the authentication device can obtain business information from multiple devices to be authenticated, and for any device to be authenticated, the cloud server can be set as The service information provided by the device to be authenticated is sequentially matched with the service information provided by the cloud server for each controlled device, so as to simultaneously authorize and authenticate users corresponding to multiple devices to be authenticated. In addition, when the user authorization authentication corresponding to multiple devices to be authenticated passes, for any device to be authenticated, the authentication device obtains the biometric information collected by the device to be authenticated, and the biometric information collected by the corresponding target controlled device. If the matching is successful, the authentication device will control the target controlled device to be in the open state, otherwise, the target controlled device will remain in the closed state; thereby realizing simultaneous authentication of users corresponding to multiple devices to be authenticated Identity authentication, and ensure that the corresponding target controlled device is turned on by the corresponding user of the device to be authenticated; and, at the same time, the users corresponding to multiple devices to be authenticated can open their corresponding target controlled devices, so as to realize simultaneous access to multiple Provide services for each user, improve authentication efficiency, improve user experience, and save costs.

As an example, when the third information and the fourth information match successfully, the authentication device sends third control information to the first controlled device, and the third control information is used to control the first controlled device to collect the first biometric characteristic information. If the third information and the fourth information match successfully, it means that the first controlled device provides services for the user corresponding to the first device to be authenticated, and the authentication device controls the first controlled device to enable the biometric information collection function, so that When the user touches the first controlled device, the first controlled device can collect the biometric information of the user; at the same time, the first controlled device only turns on the biometric information collection function when needed, thus reducing the number of first controlled devices. The energy consumption of the control equipment and the data processing volume of the authentication equipment.

According to the fourth possible implementation of the first aspect, in the fifth possible implementation of the first aspect, the first service information includes identification information of the first controlled device; the The second service information includes identification information of the target controlled device. As an example, the target controlled device may be a device allocated by the cloud server to provide services for the user corresponding to the first device to be authenticated.

According to the first aspect or various possible implementations of the above-mentioned first aspect, in a sixth possible implementation of the first aspect, the first information includes The information obtained by encrypting the characteristic information, and/or, the second information includes the information obtained by encrypting the second biometric information through the first encryption algorithm; the method further includes: receiving the information from the cloud server The first encryption algorithm.

Based on the above technical solution, the authentication device receives the first encryption algorithm from the cloud server, so as to encrypt the biometric information collected by the first controlled device, and the first information and/or the second information include encrypted biometric information , further improving the security of information.

According to the sixth possible implementation manner of the first aspect, in the seventh possible implementation manner of the first aspect, the method further includes: after controlling the state of the first controlled device , clear the first encryption algorithm.

Based on the above technical solution, after the authentication device controls the state of the first controlled device, the identity authentication of the user corresponding to the first device to be authenticated has been completed, and the authentication device can clear the first encryption algorithm, thereby avoiding the leakage of the encryption algorithm and ensuring information security. Safe while saving storage space.

According to the first aspect or various possible implementations of the above-mentioned first aspect, in an eighth possible implementation of the first aspect, the first information includes the encryption of the first biological information through the second encryption algorithm The information obtained by encrypting the characteristic information, and/or, the second information includes the information obtained by encrypting the second biometric information through the second encryption algorithm; the method further includes: generating the second encryption algorithm ; Send the second encryption algorithm to the first device to be authenticated.

Based on the above technical solution, the authentication device generates and sends a second encryption algorithm to the first device to be authenticated, which is used to encrypt the biometric information collected by the first controlled device and the biometric information collected by the first device to be authenticated. Both the information and the second information include encrypted biometric information, which further improves the security of the information.

According to the eighth possible implementation manner of the first aspect above, in the ninth possible implementation manner of the first aspect, the method further includes: after controlling the state of the first controlled device , clear the second encryption algorithm.

Based on the above technical solution, after the authentication device controls the state of the first controlled device, the identity authentication of the user corresponding to the first device to be authenticated has been completed, and the authentication device can clear the second encryption algorithm, thereby avoiding the leakage of the encryption algorithm and ensuring information security. Safe while saving storage space.

According to the first aspect or various possible implementation manners of the first aspect above, in a tenth possible implementation manner of the first aspect, the first biometric information includes first electrocardiographic information; the first The second biometric information includes second ECG information.

Based on the above technical solution, since the ECG information is unique, that is, the ECG information of different users is different, the ECG information can be used to accurately distinguish different users, thereby ensuring the accuracy of identity authentication; at the same time, the user's ECG information The information is random and cannot be copied and simulated. It is safer and more reliable to use ECG information for identity authentication; in addition, compared with other biometric information that is greatly affected by the external environment, ECG information is not affected by the external environment and can be better applied. in various environments.

According to the first aspect or various possible implementation manners of the above-mentioned first aspect, in the eleventh possible implementation manner of the first aspect, the method further includes: when controlling the first controlled After confirming the state of the device, send the identification information of the first controlled device and the second information to the cloud server, where the identification information of the first controlled device and the second information are at least used to generate the first Settlement information corresponding to the device to be authenticated.

Based on the above technical solution, the authentication device sends the identification information of the first controlled device and the second information to the cloud server. As an example, the settlement information may represent information related to fees generated by the user for obtaining services provided by the first controlled device. The identification information of a controlled device can be used to determine the fee generated by the first controlled device for providing services, and the second information can be used to match the first information, so as to determine that the fee is the first Generated by the services provided by the controlled equipment.

In the second aspect, an embodiment of the present application provides an authentication system, including an authentication device and a cloud server, wherein the cloud server is configured to send the third information to the first controlled device, and send the third information to the first device to be authenticated. sending fourth information, wherein the third information is associated with first business information, and the first business information is business information provided by the cloud server for the first controlled device; the fourth information is associated with Associated with the second business information, the second business information is the business information provided by the cloud server for the first device to be authenticated; the authentication device is configured to receive the first device to be authenticated from the first device to be authenticated Four information; match the third information with the fourth information; if the third information and the fourth information are successfully matched, acquire the first information at the first moment and the first moment matching the first information and the second information; controlling the state of the first controlled device according to the matching result of the first information and the second information; wherein, the The first information is associated with first biological feature information, the first biological feature information is from the first controlled device, the second information is associated with second biological feature information, and the second biological feature information From the first device to be authenticated, and associated with the user corresponding to the first device to be authenticated.

Based on the above technical solution, the cloud server sends the third information to the first controlled device, and sends the fourth information to the first device to be authenticated, and the authentication device receives the fourth information from the first device to be authenticated, and compares the third information and The fourth information is matched to achieve authorization authentication. If the third information and the fourth information are successfully matched, it indicates that the second business information and the first business information are the same business information, that is, the user corresponding to the first device to be authenticated is the first subject. The authorized service object of the controlled device; when the authorized authentication is passed, the authentication device obtains the first information and the second information and performs matching, and controls the state of the first controlled device according to the matching result. The authentication device does not need to store the first information in advance. By authenticating the biometric information of the user corresponding to the device, the identity authentication of the user corresponding to the first device to be authenticated can be realized, thereby ensuring that the user corresponding to the first device to be authenticated turns on the first controlled device, while avoiding pre-stored The leakage risk of the user's biometric information improves the security of the information and protects the privacy of the user.

According to the second aspect, in a first possible implementation manner of the second aspect, the first controlled device includes a first smart lock; the authentication device is further configured to: If the matching with the second information is successful, first control information is sent, and the first control information is used to control the first smart lock to be in an open state.

According to the second aspect or the first possible implementation manner of the second aspect, in the second possible implementation manner of the second aspect, the authentication device is further configured to: After the status of a controlled device, clear the first information and the second information.

According to the second aspect or various possible implementations of the second aspect above, in a third possible implementation of the second aspect, the authentication device is further configured to: When the distance between the device and the first device to be authenticated is less than a preset threshold, send second control information to the first controlled device, where the second control information is used to control the first controlled device The device collects the first biometric information.

According to the second aspect or various possible implementations of the second aspect above, in a fourth possible implementation of the second aspect, the cloud server is further configured to: receive service request information; The service request information is generated to generate the third information and the fourth information.

Based on the above technical solution, the cloud server allocates existing available service resources according to the service request information, and generates third information and fourth information, so as to meet user needs.

According to the second aspect or various possible implementations of the second aspect above, in a fifth possible implementation of the second aspect, the first service information includes identification information of the first controlled device ; The second service information includes identification information of the target controlled device. As an example, the target controlled device may be a device allocated by the cloud server to provide services for the user corresponding to the first device to be authenticated.

According to the second aspect or various possible implementation manners of the second aspect above, in a sixth possible implementation manner of the second aspect, the first information includes The information obtained by encrypting the characteristic information, and/or, the second information includes the information obtained by encrypting the second biometric information through the first encryption algorithm; the cloud server is further configured to: send the The authentication device sends the first encryption algorithm, and sends the first encryption algorithm to the first device to be authenticated; the authentication device is further configured to: receive the first encryption algorithm.

Based on the above technical solution, the authentication device receives the first encryption algorithm from the cloud server, so as to encrypt the biometric information collected by the first controlled device, and the first information and/or the second information include encrypted biometric information , thereby further improving the security of information.

According to the sixth possible implementation manner of the second aspect above, in the seventh possible implementation manner of the second aspect, the authentication device is further configured to: control the first controlled After the state of the device is cleared, the first encryption algorithm is cleared.

According to the second aspect or various possible implementations of the above-mentioned second aspect, in an eighth possible implementation of the second aspect, the first information includes the encryption of the first biological information through the second encryption algorithm. The information obtained by encrypting the characteristic information, and/or, the second information includes the information obtained by encrypting the second biometric information by the second encryption algorithm; the authentication device is further configured to: generate the a second encryption algorithm; sending the second encryption algorithm to the first device to be authenticated.

According to the eighth possible implementation manner of the second aspect above, in the ninth possible implementation manner of the second aspect, the authentication device is further configured to: After the state of the device is cleared, the second encryption algorithm is cleared.

According to the second aspect or various possible implementation manners of the second aspect above, in a tenth possible implementation manner of the second aspect, the first biometric information includes first electrocardiographic information; the first The second biometric information includes second ECG information.

According to the second aspect or various possible implementation manners of the above-mentioned second aspect, in the eleventh possible implementation manner of the second aspect, the authentication device is further configured to: After checking the state of the first controlled device, sending the identification information of the first controlled device and the second information to the cloud server; the cloud server is also configured to: receive the identification of the first controlled device information and the second information; determine the first device to be authenticated according to the second information; generate the settlement corresponding to the first device to be authenticated according to the service information corresponding to the identification information of the first controlled device information; sending the settlement information to the first device to be authenticated.

As an example, the settlement information may represent information related to fees generated by the user's acquisition of services provided by the first controlled device, the authentication device sends the identification information of the first controlled device and the second information to the cloud server, and the cloud server receives the above information Afterwards, according to the identification information of the first controlled device, it is possible to determine the fee generated by the first controlled device for providing services, and match the second information with the first information, so as to determine that the fee is the fee for the user corresponding to the first device to be authenticated to obtain the second A fee generated by the service provided by the controlled device is sent to the first device to be authenticated, so that the user corresponding to the first device to be authenticated can make settlement.

In the third aspect, the embodiment of the present application provides an authentication method, the method is applied to the first device to be authenticated, and the method includes: collecting the second biometric information at the first moment, the second biometric information Associated with the user corresponding to the first device to be authenticated; sending second information, the second information is associated with the second biological feature information, the second information is at least used to match the first information, and the The first information is associated with the first biometric information at the first moment, and the first biometric information comes from the first controlled device.

Based on the above technical solution, the first device to be authenticated collects the second biometric information at the first moment, and sends the second information associated with the second biometric information, and the second information is used to match the first information at the same moment In this way, the identity authentication of the user corresponding to the first device to be authenticated can be realized without pre-storing the biometric information of the user corresponding to the first device to be authenticated, and at the same time, the risk of leakage of the pre-stored biometric information of the user is avoided. Improve the security of information and protect user privacy.

According to the third aspect, in the first possible implementation manner of the third aspect, the collecting the second biometric information at the first moment includes: When the distance between authentication devices is less than a preset threshold, the second biometric information is collected.

Based on the above technical solution, the function of the first device to be authenticated to collect biometric information can be initially configured as off, and when the distance between the first controlled device and the first device to be authenticated is less than a preset threshold, it indicates that the The user corresponding to the device to be authenticated has approached the first controlled device, and the first device to be authenticated turns on the biometric information collection function so as to collect the biometric information of the user; at the same time, the first device to be authenticated only turns on the biometric feature when needed The information collection function reduces the energy consumption of the first device to be certified and the data processing amount of the certified device.

According to the third aspect or the first possible implementation of the third aspect, in the second possible implementation of the third aspect, the method further includes: receiving fourth information from the cloud server, the The fourth information is associated with the second service information corresponding to the first device to be authenticated, the fourth information is at least used to match with the third information, the third information is related to the first controlled device associated with the first service information; and sending the fourth information.

According to the third aspect or the above-mentioned various possible implementations of the third aspect, in the third possible implementation of the third aspect, the method further includes: sending service request information to the cloud server, and the service The request information is at least used to request to acquire service information corresponding to the first device to be authenticated.

According to the second possible implementation of the third aspect above, in a fourth possible implementation of the third aspect, the first service information includes identification information of the first controlled device; the The second service information includes identification information of the target controlled device. As an example, the target controlled device may be a device allocated by the cloud server to provide services for the user corresponding to the first device to be authenticated.

According to the third aspect or the above-mentioned various possible implementation manners of the third aspect, in a fifth possible implementation manner of the third aspect, the second information includes encryption of the second biometric information through an encryption algorithm The obtained information is encrypted, and the method further includes: receiving the encryption algorithm.

Based on the above technical solution, the first device to be authenticated receives an encryption algorithm so as to encrypt the biometric information collected by it, thereby improving the security of the information.

According to the third aspect or the above-mentioned various possible implementation manners of the third aspect, in a sixth possible implementation manner of the third aspect, the first biometric information includes first electrocardiographic information; the first The second biometric information includes second ECG information.

According to the sixth possible implementation of the third aspect, in the seventh possible implementation of the third aspect, the first device to be authenticated is equipped with an electrocardiogram sensor, and the electrocardiogram sensor is used to collect The second ECG information.

According to the third aspect or the above-mentioned various possible implementation manners of the third aspect, in the eighth possible implementation manner of the third aspect, the method further includes: receiving the settlement corresponding to the first device to be authenticated information.

In some examples, the settlement information may represent information related to fees generated when the user obtains the service provided by the first controlled device, and the first device to be authenticated receives the corresponding settlement information so that the user corresponding to the first device to be authenticated can perform settlement.

In a fourth aspect, an embodiment of the present application provides an authentication system, including an authentication device and a device to be authenticated, wherein the authentication device is configured to implement the above-mentioned first aspect or various possible implementations of the first aspect An authentication method, the device to be authenticated is configured to execute the authentication method in the above third aspect or in various possible implementation manners of the third aspect.

In the fifth aspect, the embodiments of the present application provide an authentication system, including an authentication device, a device to be authenticated, and a controlled device, wherein the authentication device is configured to implement the above-mentioned first aspect or various possibilities of the first aspect The authentication method in the implementation manner of the third aspect, the device to be authenticated is configured to execute the authentication method in the above third aspect or in various possible implementation manners of the third aspect, and the controlled device is used to collect the first - biometric information.

In a sixth aspect, an embodiment of the present application provides an authentication device, including: a transceiver module, configured to obtain first information at a first moment and second information at the first moment, wherein the first information and The first biometric information is associated with the first controlled device, the second information is associated with the second biometric information, the second biometric information is from the first device to be authenticated, And associated with the user corresponding to the first device to be authenticated; a processing module, configured to match the first information with the second information; according to the matching result of the first information and the second information, and controlling the state of the first controlled device.

According to the sixth aspect, in a first possible implementation manner of the sixth aspect, the first controlled device includes a first smart lock; the processing module is further configured to: If the second information matches successfully, the first control information is sent, and the first control information is used to control the first smart lock to be in an open state.

According to the sixth aspect or the first possible implementation manner of the sixth aspect, in the second possible implementation manner of the sixth aspect, the processing module is further configured to: control the first After the state of the controlled device is cleared, the first biological feature information and the second biological feature information are cleared.

According to the sixth aspect or the above-mentioned various possible implementation manners of the sixth aspect, in a third possible implementation manner of the sixth aspect, the processing module is further configured to: in the first controlled device When the distance to the first device to be authenticated is less than a preset threshold, sending second control information to the first controlled device, where the second control information is used to control the first controlled device Collect the first biometric information.

According to the sixth aspect or various possible implementations of the sixth aspect above, in a fourth possible implementation of the sixth aspect, the transceiver module is further configured to: acquire third information and fourth information , wherein the third information is associated with the first business information, the first business information is the business information provided by the cloud server for the first controlled device, and the fourth information is associated with the second business information , the second business information is the business information provided by the cloud server for the first device to be authenticated; matching the third information with the fourth information; If the four pieces of information match successfully, the first information and the second information are acquired.

According to the fourth possible implementation of the sixth aspect, in the fifth possible implementation of the sixth aspect, the first service information includes identification information of the first controlled device; the The second service information includes identification information of the target controlled device.

According to the sixth aspect or various possible implementations of the sixth aspect above, in a sixth possible implementation of the sixth aspect, the first information includes the password of the first biological The information obtained by encrypting the characteristic information, and/or, the second information includes the information obtained by encrypting the second biometric information by the first encryption algorithm; The first encryption algorithm of .

According to the sixth possible implementation manner of the sixth aspect, in the seventh possible implementation manner of the sixth aspect, the processing module is further configured to: control the first controlled device After the status of , clear the first encryption algorithm.

According to the sixth aspect or various possible implementations of the sixth aspect above, in an eighth possible implementation of the sixth aspect, the first information includes the encryption of the first biological information through the second encryption algorithm. The information obtained by encrypting the characteristic information, and/or, the second information includes the information obtained by encrypting the second biometric information by the second encryption algorithm; the processing module is further configured to: generate the first A second encryption algorithm, sending the second encryption algorithm to the first device to be authenticated.

According to the eighth possible implementation manner of the sixth aspect, in the ninth possible implementation manner of the sixth aspect, the processing module is further configured to: control the first controlled device After the status of the second encryption algorithm is cleared.

According to the sixth aspect or various possible implementation manners of the sixth aspect above, in a tenth possible implementation manner of the sixth aspect, the first biometric information includes first electrocardiographic information; the first The second biometric information includes second ECG information.

According to the sixth aspect or various possible implementation manners of the above sixth aspect, in the eleventh possible implementation manner of the sixth aspect, the processing module is further configured to: After checking the state of a controlled device, send the identification information of the first controlled device and the second information to the cloud server, where the identification information of the first controlled device and the second information are at least used to generate the Settlement information corresponding to the first device to be authenticated.

In the seventh aspect, the embodiment of the present application provides a device to be authenticated, including: a processing module, configured to collect second biometric information at the first moment, the second biometric information is associated with the first device to be authenticated a user; a transceiver module, configured to send second information, the second information is associated with the second biometric information, the second information is at least used to match with the first information, and the first information is associated with the first information The first biological feature information at the first moment is associated, and the first biological feature information comes from the first controlled device.

According to the seventh aspect, in a first possible implementation manner of the seventh aspect, the processing module is further configured to: the distance between the first controlled device and the first device to be authenticated If it is less than the preset threshold, the second biometric information is collected.

According to the seventh aspect or the first possible implementation of the seventh aspect, in the second possible implementation of the seventh aspect, the transceiver module is further configured to: receive fourth information from the cloud server , the fourth information is associated with the second business information corresponding to the first device to be authenticated, the fourth information is at least used to match with the third information, and the third information is associated with the first service information corresponding to the first The first service information of the controlled device is associated; and the fourth information is sent to the authentication device.

According to the seventh aspect or the above-mentioned various possible implementation manners of the seventh aspect, in a third possible implementation manner of the seventh aspect, the transceiver module is further configured to: send service request information to the cloud server, The service request information is at least used to request to obtain service information corresponding to the first device to be authenticated.

According to the second possible implementation manner of the seventh aspect above, in the fourth possible implementation manner of the seventh aspect, the first service information includes identification information of the first controlled device; the The second service information includes identification information of the target controlled device.

According to the seventh aspect or the above-mentioned various possible implementation manners of the seventh aspect, in the fifth possible implementation manner of the seventh aspect, the second information includes encryption of the second biometric information through an encryption algorithm For the encrypted information, the transceiver module is further configured to: receive the encryption algorithm.

According to the seventh aspect or the above-mentioned various possible implementation manners of the seventh aspect, in a sixth possible implementation manner of the seventh aspect, the first biometric information includes first electrocardiographic information; the first The second biometric information includes second ECG information.

According to the sixth possible implementation of the seventh aspect, in the seventh possible implementation of the seventh aspect, the first device to be authenticated is equipped with an electrocardiogram sensor, and the electrocardiogram sensor is used to collect The second ECG information.

According to the seventh aspect or the above-mentioned various possible implementation manners of the seventh aspect, in an eighth possible implementation manner of the seventh aspect, the transceiver module is further configured to: receive the first controlled device corresponding billing information.

In an eighth aspect, an embodiment of the present application provides an authentication device, including: a processor; a memory for storing processor-executable instructions; wherein, the processor is configured to implement the above-mentioned first authentication when executing the instructions. Aspects or authentication methods in various possible implementation manners of the first aspect.

In a ninth aspect, an embodiment of the present application provides a device to be authenticated, including: a sensor for collecting biometric information; a processor; a memory for storing instructions executable by the processor; wherein the processor is configured To implement the above third aspect or the authentication method in various possible implementation manners of the third aspect when executing the instructions.

In the tenth aspect, the embodiments of the present application provide a chip, including a processor. When the processor executes instructions, the processor executes the above-mentioned first aspect or various possible implementations of the first aspect. The authentication method, or execute the above third aspect or the authentication method in various possible implementation manners of the third aspect.

In the eleventh aspect, the embodiments of the present application provide a computer-readable storage medium, on which computer program instructions are stored, and when the computer program instructions are executed by a processor, the above-mentioned first aspect or various aspects of the first aspect are implemented. An authentication method in a possible implementation manner, or an authentication method in various possible implementation manners for realizing the above third aspect or the third aspect.

In the twelfth aspect, the embodiments of the present application provide a computer program product, which, when the computer program product is run on a computer, causes the computer to execute the above-mentioned first aspect or various possible implementations of the first aspect The authentication method in , or execute the authentication method in the above third aspect or in various possible implementation manners of the third aspect.

For the technical effects of the above-mentioned fourth to twelfth aspects and various possible implementations, refer to the technical effects of the above-mentioned first aspect and various possible implementations of the first aspect, or the second aspect and the various technical effects of the second aspect. The technical effect of one possible implementation manner, or the third aspect and the technical effects of various possible implementation manners of the third aspect.

Description of drawings

FIG. 1 shows a schematic diagram of an authentication system architecture according to an embodiment of the present application;

Fig. 2 shows a schematic diagram of a mobile charging scene according to an embodiment of the present application;

Fig. 3 shows a schematic diagram of a smart express cabinet scene according to an embodiment of the present application;

Fig. 4 shows a schematic diagram of an unmanned vending machine scene according to an embodiment of the present application;

Fig. 5 shows a schematic diagram of an unlocking scene of a smart vehicle according to an embodiment of the present application;

FIG. 6 shows a flowchart of an authentication method according to an embodiment of the present application;

FIG. 7 shows a flow chart of another authentication method according to an embodiment of the present application;

FIG. 8 shows a flow chart of another authentication method according to an embodiment of the present application;

FIG. 9 shows a structural diagram of an authentication device according to an embodiment of the present application;

FIG. 10 shows a structural diagram of another authentication device according to an embodiment of the present application;

Fig. 11 shows a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed ways

Various exemplary embodiments, features, and aspects of the present application will be described in detail below with reference to the accompanying drawings. The same reference numbers in the figures indicate functionally identical or similar elements. While various aspects of the embodiments are shown in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.

The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration." Any embodiment described herein as "exemplary" is not necessarily to be construed as superior or better than other embodiments.

The authentication system architecture provided by the embodiment of the present application will be described with an example below. Fig. 1 shows a schematic diagram of an authentication system architecture according to an embodiment of the present application. As shown in FIG. 1 , the authentication system 10 may include an authentication device 101 , a device to be authenticated 102 , and a controlled device 104 ; It should be noted that the authentication system 10 in FIG. 1 is only shown as one authentication device, two devices to be authenticated, two controlled devices, and one server. It should be understood that this does not limit The authentication system 10 may also include more authentication devices, devices to be authenticated, controlled devices, servers, and other devices.

Wherein, the authentication device 101 may have a communication function and a data processing function, and may be realized by hardware, software, or a combination of software and hardware. For example, the authentication device 101 can be a general-purpose device or a dedicated device; for example, the authentication device 101 can be a desktop computer, a portable computer, a network server, a palm computer (personal digital assistant, PDA), a mobile phone, a tablet computer, Wireless terminal devices, embedded devices or other general-purpose devices with data processing functions and communication functions, or components in these general-purpose devices; authentication device 101 can also be intelligent vehicles (such as automobiles, bicycles, motorcycles, electric vehicles, etc. ), smart express cabinets, smart charging vehicles (piles), smart door locks, unmanned vending machines or other special equipment with data processing functions and communication functions, or components in these special equipment; the authentication device 101 can also be a Chips, processors, or servers that process functions. Exemplarily, the authentication device 101 can send an encryption algorithm to the device to be authenticated 102 (or the device to be authenticated 103); it can also control the controlled device 104 (or the controlled device 105) to be in different states such as open or closed; it can also receive The information sent by the authenticating device 102 , the controlled device 104 or the server 106 may be used to authenticate the identity of the user corresponding to the device to be authenticated 102 according to the received information.

The device to be authenticated 102 (or the device to be authenticated 103) can be a portable device, and the device to be authenticated 102 can have a communication function, a biometric information collection function, and a data processing function. For example, the device to be authenticated 102 can be a wearable device , for example, smart watches, smart bracelets, smart necklaces, smart headphones, smart glasses, smart clothing, etc.; the device 102 to be authenticated can also be a terminal device, such as mobile phones, laptops, tablet computers, virtual reality devices, etc. . Exemplarily, the device 102 to be authenticated may be equipped with a sensor for collecting biometric information, such as an electrocardiogram sensor, a fingerprint sensor, a temperature sensor, a blood oxygen sensor, etc., and may send the collected biometric information to the authentication device 101; The device 102 may send service request information to the server 106, and may also receive encryption algorithms, service information, etc. sent by the server 106 or the authentication device 101.

The controlled device 104 (or the controlled device 105) can be a smart lock with biometric information collection function, for example, it can be a car lock, door lock, express cabinet lock, charging gun lock, etc.; the controlled device 104 can be an independent The device can have a communication function; the controlled device 104 can also be integrated with the authentication device 101, and can transmit data with the authentication device 101 through a general-purpose input/output (GPIO). Exemplarily, the controlled device 104 may be configured with a sensor for collecting biometric information, such as an electrocardiogram sensor, a fingerprint sensor, a temperature sensor, a blood oxygen sensor, etc., and may send the collected biometric information to the authentication device 101; The control information of the authentication device 101 is received, and corresponding operations such as opening, closing, or biometric information collection are performed according to the control information.

The server 106 may be an entity with business scheduling, communication functions or settlement capabilities, for example, it may be a cloud server, and the cloud server may be a server or a server cluster composed of multiple servers. Exemplarily, the server 106 may provide service information for the device to be authenticated 102 (or the device to be authenticated 103), the controlled device 104 (or the controlled device 105), and may also send an encryption algorithm or Provide information forwarding services, etc.

Exemplarily, the above biometric information includes information that can represent the unique identity of the user, for example, it may include: one or more of ECG, body temperature, blood oxygen concentration, iris, fingerprint, voice, palm print or human face. As an example, the device to be authenticated 102 can be a smart bracelet equipped with an ECG sensor, which can collect the user's ECG information, and the controlled device 104 can be a smart door lock installed on the door handle, and the smart door lock is equipped with an ECG sensor. sensor, when the user holds the doorknob, the user's ECG information can be collected; as another example, the device to be authenticated 102 can be smart glasses equipped with an image sensor, and the controlled device 104 can be an express cabinet equipped with an image sensor lock, the user wears the smart glasses, since the glasses lenses are transparent, when the user looks directly at the express locker lock, both the smart glasses and the express locker can collect the user's iris information; as another example, the device to be authenticated 102 can A mobile phone equipped with a fingerprint sensor can collect user's fingerprint information. The controlled device 104 can be a car lock equipped with a fingerprint sensor. When the user touches the car lock, the user's fingerprint information can be collected. For the convenience of description, in the following embodiments, ECG information is used as biometric information as an example for illustration, which is not considered as limiting the protection scope of the application, and is also applicable to other types of biometric information mentioned above.

The above-mentioned authentication system 10 shown in Figure 1, or one or more devices in the authentication system 10, by implementing the technical solution provided by this application (see below for a detailed description), it is not necessary to pre-store the user's biometric information to realize user authentication. Identity authentication avoids the leakage risk of pre-stored biometric information, improves information security, and protects user privacy.

For ease of understanding, several application scenarios to which the authentication system 10 is applicable are listed below.

Scenario 1. Figure 2 shows a schematic diagram of a mobile charging scenario according to an embodiment of the present application. As shown in Figure 2, the smart charging vehicle (that is, the authentication device) is equipped with multiple charging guns, and the charging guns are different according to the charging type. It can be divided into fast charging charging guns, slow charging charging guns, etc.; each charging gun handle is equipped with a corresponding charging gun lock (that is, a controlled device), as shown in Figure 2. Charging gun lock 01, charging gun lock 02, charging gun Gun lock 03, etc. Each charging gun lock is equipped with an ECG sensor; the smart charging car can provide charging services for one or more users, and users who need to charge can send charging requests to the cloud server through wearable devices (that is, devices to be authenticated) information, wherein the charging request information may include one or more items of information such as the license plate number of the user's vehicle, charging address, or charging type, and the cloud server assigns a charging gun to the user according to the charging request information and generates corresponding charging service information. Among them, the charging service information can include one or more of the order number, license plate number of the vehicle to be charged, charging address, charging type, charging gun identification or charging gun lock identification; the cloud server sends the charging business information to the smart phone. The charging car and the user's wearable device; when the smart charging car drives to the user's location, the wearable device can send the charging service information and the user's ECG information to the smart charging car. When the user pulls out the charging gun, the smart charging car can To obtain the user's ECG information collected by the charging gun lock, the smart charging car matches the charging service information sent by the wearable device with the charging service information sent by the cloud server, and matches the ECG information collected by the charging gun lock with the charging service information from the wearable device. ECG information to complete the authentication of the user's identity, and control the corresponding charging gun lock to open after the authentication is passed, so that the user can charge; in this way, the smart charging car can realize the user's identity authentication without pre-stored user's ECG information .

Scenario 2. FIG. 3 shows a schematic diagram of a smart express cabinet scene according to an embodiment of the present application. As shown in FIG. The door handle of the box is equipped with a corresponding storage box lock (that is, a controlled device), as shown in Figure 3, the storage box lock 01, the storage box lock 02..., each storage box lock is equipped with an ECG sensor; Pickup business information can be generated according to the relevant information of the express delivery stored in each storage box, wherein the pickup business information can include: order number, picker information, locker logo or locker logo, etc. one or more of . The cloud server sends the pick-up business information to the smart express cabinet and the wearable device of the corresponding user. When the user arrives near the smart express cabinet, the wearable device can send the pick-up business information and the user's ECG information to the smart express cabinet; The door handle of the storage box, the smart express cabinet can obtain the user's ECG information collected by the locker lock, the smart express cabinet matches the pickup business information sent by the wearable device with the pickup business information issued by the cloud server, and Match the ECG information collected by the locker lock with the ECG information from the wearable device, complete the authentication of the user's identity, and control the corresponding locker to open after the authentication is passed, so that the user can pick up the package; in this way, the smart express The cabinet does not need to store the user's ECG information in advance to realize the user's identity authentication.

Scenario 3. FIG. 4 shows a schematic diagram of an unmanned vending machine scenario according to an embodiment of the present application. As shown in FIG. 4, the unmanned vending machine (that is, the authentication device) is provided with multiple shopping slots, each One type of commodity is stored inside, and the handle of each shopping slot is equipped with a corresponding shopping slot lock (that is, a controlled device), as shown in Figure 4, shopping slot lock 01, shopping slot lock 02..., each shopping slot lock is equipped with an ECG sensor. The wearable device worn by the user (that is, the device to be authenticated) and the unmanned vending machine can establish a communication connection with the cloud server; the wearable device collects the user's ECG information and sends it to the cloud server, and the cloud server forwards the ECG information To the unmanned vending machine; when the user purchases goods, hold the handle of the shopping trough, the unmanned vending machine can obtain the user's ECG information collected by the shopping trough lock, and the unmanned vending machine matches the ECG information collected by the shopping trough lock With the ECG information from the wearable device, the user's identity is authenticated, and the corresponding shopping slot lock is controlled to open after the authentication is passed, so that the user can take the goods in the shopping slot; after the user finishes purchasing the goods, the unmanned vending machine Send the ECG information collected by the shopping slot lock and the shopping slot lock identification to the cloud server, and the cloud server generates the settlement business information corresponding to the shopping slot lock identification according to the pre-stored information such as the commodity price corresponding to each shopping slot lock identification, wherein, The settlement service information may include: one or more of information such as shopping amount, commodity quantity, commodity type, shopping time or shopping location. The cloud server matches the ECG information collected by the shopping slot lock with the ECG information from the wearable device, thereby determining the corresponding wearable device, and sends the settlement business information to the wearable device, so that the user can check the selected Checkout for purchased items. In this way, the unmanned vending machine can realize the identity authentication of the user without pre-storing the user's ECG information.

Scenario 4. FIG. 5 shows a schematic diagram of a smart vehicle unlocking scenario according to an embodiment of the present application. As shown in FIG. Controlled device), as shown in Figure 5, car lock 01, car lock 02..., each car lock is equipped with an ECG sensor; the smart car can be initialized and paired with the wearable device worn by the user (that is, the device to be authenticated) in advance, That is, the user obtains authorization for the smart vehicle in advance, and the wearable device and the smart vehicle can be configured with the same encryption algorithm; when the user arrives near the smart vehicle, the wearable device collects the user's ECG information and encrypts it using the encryption algorithm, and the wearable The device sends the encrypted information to the smart vehicle, and the smart vehicle uses an encryption algorithm to decrypt the received information to obtain the ECG information collected by the wearable device; when the user touches the door handle, the smart vehicle can obtain the ECG information collected by the car lock. The smart vehicle authenticates the user's identity by matching the ECG information collected by the wearable device with the ECG information collected by the car lock, and controls the unlocking of the car lock after the authentication is passed, so that the user can use the car. In this way, the smart vehicle can realize the identity authentication of the user without storing the user's ECG information in advance.

Exemplarily, the above application scenarios can be divided into service scenarios (such as the above scenario 1, scenario 2, and scenario 3) and non-service scenarios (such as the above scenario 4), wherein, in a service scenario, the server provides service information to the controlled device and the device to be authenticated, so as to instruct the controlled device to provide services for the user corresponding to the device to be authenticated; the service information can be generated by the server according to the service to be processed , or the user initiates a service request to the server through the device to be authenticated, and the server generates the service request based on the user; further, according to the time sequence relationship between the generation of business information and the authentication of the authentication device, some business scenarios can be divided into prior Scenarios of authentication after business (such as scenario 1 and scenario 2 above) and scenarios of authentication before business (such as scenario 3 above). In a non-service scenario, the authentication device (or controlled device) and the device to be authenticated are initialized and paired in advance.

It should be noted that the above application scenarios described in the embodiments of the present application are for more clearly illustrating the technical solutions of the embodiments of the present application, and do not constitute limitations on the technical solutions provided by the embodiments of the present application. Those of ordinary skill in the art know that, For the emergence of other similar (for example, smart express cabinet storage scenarios) or new application scenarios, the technical solutions provided by the embodiments of the present application are also applicable to similar technical problems.

The authentication method provided by the embodiment of the present application will be described in detail below.

Fig. 6 shows a flowchart of an authentication method according to an embodiment of the present application. Exemplarily, the method may be executed by the authentication device 101 in Fig. 1 above; as shown in Fig. 6, the method may include the following steps:

Step 601. The authentication device acquires first information at the first moment and second information at the first moment. Wherein, the first information is associated with the first biometric information, the first biometric information is from the first controlled device, the second information is associated with the second biometric information, and the second biometric information is from the first device to be authenticated, And it is associated with the user corresponding to the first device to be authenticated.

Wherein, the second biometric information is associated with the user corresponding to the first device to be authenticated, it may indicate that the second biometric information is the biometric information of the user corresponding to the first device to be authenticated, for example, it may be the user wearing the first device to be authenticated biometric information.

Exemplarily, the user corresponding to the first device to be authenticated may include a user authorized to use the first device to be authenticated, for example, the owner of the first device to be authenticated.

Exemplarily, the authentication device can control the state of at least one controlled device, and the first controlled device may be any controlled device in the at least one controlled device, for example, it may be the controlled device 104 in FIG. 1 above. Or the controlled device 105, etc.; at the first moment, the authentication device can obtain information from at least one device to be authenticated, and the first device to be authenticated can be any device to be authenticated in the at least one device to be authenticated, for example, it can be The above-mentioned device to be authenticated 102 or device to be authenticated 103 in FIG. 1 .

Wherein, the first moment may be a certain point in time, for example, the authentication device may acquire the information associated with the first biometric information and the information associated with the second biometric information when the first controlled device collects the biometric information of the user. associated information. The first moment may also be a certain period of time; for example, the authentication device may acquire information related to the first biometric information during the period from when the user approaches the first controlled device to when the first controlled device collects the user's biometric information. associated information and information associated with the second biometric information.

Exemplarily, the authentication device may receive the second information sent by the first device to be authenticated, or receive the second information forwarded via the cloud server; Exemplarily, when the authentication device is integrated with the first controlled device , the authentication device may obtain the first biometric information collected by the first controlled device; for example, in the case where the first controlled device is set independently, the authentication device may receive the first information sent by the first controlled device, Or receive the first information forwarded by the cloud server.

In a possible implementation manner, when the distance between the first controlled device and the first device to be authenticated is smaller than a preset threshold, the authentication device may send the second control information to the first controlled device, wherein, The second control information is used to control the first controlled device to collect the first biological feature information. The preset threshold can be set according to actual needs, which is not limited here, for example, it can be 2m, 5m, 10m, etc.; for example, the distance between the first controlled device and the first device to be authenticated can be based on the global positioning system (Global Positioning System, GPS), laser radar ranging technology, ultra-wideband (Ultra-wideband, UWB) ranging technology, short-range communication technology, etc. to determine one or more. In the embodiment of the present application, the short-distance communication technology may include the technology supporting wireless short-distance communication. It can be called short-range wireless communication, including but not limited to Bluetooth (bluetooth) technology, wireless fidelity (wireless fidelity, Wi-Fi) technology, near field communication (near field communication, NFC) technology, Wi-Fi Aware technology, general Short-distance communication technology, short-distance communication technology standardized by Starlight Alliance, etc. For example, when the authentication device is integrated with the first controlled device, the authentication device can establish a communication connection with the first device to be authenticated through wifi, bluetooth, NFC, etc. Strength, to determine the distance between the authentication device and the first device to be authenticated, that is, the distance between the first controlled device and the first device to be authenticated. For another example, the authentication device may obtain GPS location information of the first controlled device and GPS location information of the first device to be authenticated, so as to determine the distance between the first controlled device and the first device to be authenticated.

Exemplarily, the function of the first controlled device to collect biometric information can be initially configured as off, so that when the distance between the first controlled device and the first device to be authenticated is less than a preset threshold, it indicates that the user Already approaching the first controlled device with the intention of unlocking, the authentication device controls the first controlled device to enable the biometric information collection function, so that when the user touches the first controlled device, the first controlled device can collect the user's biometrics information; at the same time, the first controlled device only enables the biometric information collection function when needed, thereby reducing the energy consumption of the first controlled device and the data processing amount of the authentication device.

In addition, when the user is close to the first controlled device, the user can trigger the first controlled device to start the biometric information collection function so as to collect the first biometric information, wherein the triggering method may include clicking a preset physical button, voice control etc. Alternatively, the user may trigger the first device to be authenticated to start the biometric information collection function, so as to collect the second biometric information.

In this step, the association of the first information with the first biological feature information may mean that: the first information includes the first biological feature information, or the first information includes information obtained after processing the first biological feature information, for example, the first biological feature information The information may include information obtained by encrypting the first biometric information through an encryption algorithm. The association of the second information with the second biometric information means that: the second information includes the second biometric information, or the second information includes information obtained after processing the second biometric information, for example, the second information may include The encryption algorithm encrypts the information obtained by encrypting the second biometric information. Wherein, the encryption algorithm can be an asymmetric encryption algorithm, for example, Rivest Shamir Adleman (Rivest Shamir Adleman, RSA) encryption algorithm, elliptic curve (Elliptic Curve Cryptography, ECC) encryption algorithm, etc.; It can be a symmetric encryption algorithm, that is, an algorithm using the same password for encryption and decryption. Exemplarily, the encryption algorithm may include a first encryption algorithm from the cloud server, and may also include a second encryption algorithm from the authentication device.

As an example, the first information may include first biometric information, and the second information may include second biometric information; in this example, the authentication device may obtain the first biometric information collected by the first controlled device, and the first The second biometric information collected by the device to be authenticated. Exemplarily, the first biometric information and the second biometric information may be the same type of biometric information, for example, the first biometric information may include first ECG information; the second biometric information may include second ECG information. information. Since the ECG information is unique, that is, the ECG information of different users is different, and the ECG information can be used to accurately distinguish different users, thereby ensuring the accuracy of identity authentication; at the same time, the user's ECG information is random at each moment. Simulation cannot be copied, and it is safer and more reliable to use ECG information for identity authentication; in addition, compared with other biometric information that is greatly affected by the external environment, such as facial feature information is affected by the intensity of external light, ECG information is not affected by the external environment , which can be better applied to various environments.

As another example, the first information may include information obtained by encrypting the first biometric feature information with an encryption algorithm, and the second information may include information obtained by encrypting the second biometric feature information with an encryption algorithm. For example, the first information may include information obtained by encrypting the first biometric information with a first encryption algorithm, and the second information may include information obtained by encrypting the second biometric information with a first encryption algorithm; for example, the authentication device The first encryption algorithm can be received; and the first biometric information collected by the first controlled device can be encrypted by the first encryption algorithm to obtain the first information; the authentication device can also receive the second information, the second information It is obtained by encrypting the second biometric information collected by the first device to be authenticated by using the first encryption algorithm. In this way, the authentication device receives the first encryption algorithm from the cloud server, so as to encrypt the biometric information collected by the first controlled device, and both the first information and the second information include the encrypted biometric information, which further improves the Information Security. For another example, the first information may include information obtained by encrypting the first biometric information with a second encryption algorithm, and the second information may include information obtained by encrypting the second biometric information with a second encryption algorithm; The device can generate a second encryption algorithm, and send the second encryption algorithm to the first device to be authenticated; the authentication device can use the second encryption algorithm to encrypt the first biometric information collected by the first controlled device, thereby obtaining First information; the authentication device may also receive second information, which is obtained by encrypting the second biometric information collected by the first device to be authenticated by using a second encryption algorithm. In this way, the authentication device generates and sends a second encryption algorithm to the first device to be authenticated. The second encryption algorithm is used to encrypt the biometric information collected by the first controlled device and the biometric information collected by the first device to be authenticated. Both the first information and the second information include encrypted biometric information, which further improves information security.

As another example, the first information may include information obtained by encrypting the first biological feature information by using an encryption algorithm, and the second information may include the second biological feature information. For example, the first information can be the information obtained by the authentication device encrypting the first biometric information through the first encryption algorithm, and the second information is the second biometric information; The information obtained by encrypting the first biometric feature information, and the second information is the second biometric feature information.

As another example, the first information may include first biometric information, and the second information may include information obtained by encrypting the second biometric information through an encryption algorithm; for example, the first information is the first biometric information, and the second information It is the information obtained by encrypting the second biometric information by the first device to be authenticated by the first encryption algorithm; for another example, the first information is the first biometric information, and the second information is the information obtained by the first device to be authenticated by the second encryption algorithm. Information obtained by encrypting the second biometric feature information.

Step 602, the authentication device matches the first information with the second information.

Exemplarily, the authentication device may determine a corresponding difference between the first information and the second information by using a least squares algorithm, and if the difference is smaller than a corresponding preset threshold, it may determine that the first information and the second information match successfully, Otherwise, it is determined that the matching between the first information and the second information fails. The authentication device can also perform Fourier transform on the first information and the second information respectively, and obtain the peak values of multiple frequencies corresponding to the first information, and the peak values of multiple frequencies corresponding to the second information, and obtain two peak values of the same frequency. peak value, if the difference is less than the corresponding preset threshold, it can be determined that the first information and the second information match successfully, otherwise, it can be determined that the first information and the second information have failed to match. The authentication device can also compare the first information with the second information to obtain the corresponding similarity. When the similarity is greater than the corresponding preset threshold, it can determine that the first information and the second information match successfully; otherwise, it can determine that the first information Failed to match with the second information; wherein, the above-mentioned preset thresholds can be set according to actual needs, which is not limited.

As an example, if the first information includes the first biometric information, and the second information includes the second biometric information; then the authentication device can compare the first biometric information with the second biometric information, and if the corresponding difference is less than the preset threshold, it is determined that the first information matches the second information successfully; otherwise, it is determined that the first information matches the second information failed.

As another example, if the first information includes information obtained by encrypting the first biometric information through an encryption algorithm, and the second information includes information obtained by encrypting the second biometric information through an encryption algorithm; then the authentication device can compare the first information and the second information, if the corresponding difference is less than the preset threshold, indicating that the first biometric information is consistent with the second biometric information, and the corresponding encryption algorithm is the same, it is determined that the first information and the second information are successfully matched; otherwise, It is determined that the matching between the first information and the second information fails. Alternatively, the authentication device may respectively decrypt the first information and the second information according to the encryption algorithm, and if the decryption is successful, compare the decrypted first biometric information with the decrypted second biometric information, and if the corresponding difference is less than If the threshold is preset, it is determined that the first information matches the second information successfully; otherwise, it is determined that the first information matches the second information failed.

As another example, if the first information includes the first biometric information, and the second information includes information obtained by encrypting the second biometric information through an encryption algorithm; then the authentication device can decrypt the second information according to the encryption algorithm, if the decryption If it succeeds, compare the first biometric information with the decrypted second biometric information, and if the corresponding difference is smaller than the preset threshold, it is determined that the first information and the second information match successfully; otherwise, it is determined that the first information and the second information Information matching failed. Similarly, if the first information includes information obtained by encrypting the first biometric information through an encryption algorithm, and the second information includes the second biometric information; then the authentication device can decrypt the first information and compare the second biometric information and the first biometric information obtained through decryption, so as to determine whether the matching between the first information and the second information succeeds or fails.

For example, the first biometric information List1 can be represented as: List1<[time1, value1]>, and the second biometric information List2 can be represented as: List2<[time1, value2]>; where time1 represents the first moment, value1 and value2 are respectively the biometric values collected by the first controlled device and the first device to be authenticated or a sequence of values with the same duration. The authentication device compares value1 and value2. For example, the authentication device can use the least square method to determine the difference between value1 and value2. If the difference is less than the preset threshold, it determines that value1 and value2 match successfully; otherwise, value1 and value2 fail to match. For another example, the authentication device can also perform Fourier transform on value1 to obtain the peak sequence [F11, F12, F13,...,F1n] corresponding to the first-order frequency to n-order frequency, and perform Fourier transform on value2 to obtain the first-order The peak sequence [F21, F22, F23,...,F2n] corresponding to the frequency to the n-order frequency; for the i-th order frequency (n>i>0), the authentication device calculates the difference between the peak value F1i and the peak value F2i, and calculates the difference value is compared with the corresponding preset threshold σi, if the difference is less than σi, it is determined that the difference is valid, otherwise it is determined that the difference is invalid; traversing the n-order frequency, if the difference between the two peaks corresponding to each order frequency is valid , it is determined that value1 and value2 match successfully, otherwise, it is determined that value1 and value2 fail to match. Similarly, the information List1_new obtained by encrypting the first biological feature information List1 through an encryption algorithm can be expressed as: List1_new<[time1, newValue1]>, and the information List2_new obtained by encrypting the second biological feature information List2 through an encryption algorithm can be expressed as : List2_new<[time1,newValue2]>, where newValue1 and newValue2 are the values or sequence of values after encrypting value1 and value2 respectively; you can refer to the above method to match newValue1 and newValue2, or you can match newValue1 and / or newValue2 is decrypted and then matched.

In a possible implementation manner, after the authentication device completes the above matching, it may send control information to the first controlled device to disable the biometric information collection function, so as to instruct the first controlled device to stop collecting biometric information, thereby saving the second The energy consumption of a controlled device.

Step 603, the authentication device controls the state of the first controlled device according to the matching result of the first information and the second information.

Wherein, the matching result may include matching success and matching failure; the state of the first controlled device may include an open state or an closed state.

In a possible implementation manner, when the first information matches the second information successfully, the authentication device may send first control information, where the first control information is used to control the first controlled device to be in an open state. Exemplarily, the first controlled device may be a first smart lock, and the authentication device may control the opening of the first smart lock when the first information and the second information match successfully. Wherein, the successful matching of the first information and the second information indicates that the identity authentication of the user corresponding to the first device to be authenticated has passed, and the user expects to be served by the device corresponding to the first smart lock, then the authentication device can control the first smart lock to be in the Open state, so that the user can get the corresponding service.

In a possible implementation, when the first information fails to match the second information, the state of the first controlled device remains unchanged, for example, the state of the first controlled device is initially configured as an off state , the first controlled device can be the first smart lock; the failure to match the first information and the second information indicates that the user identity authentication corresponding to the first device to be authenticated has not passed, and there is no right to obtain the corresponding service, and the state of the first smart lock remains closed state.

In a possible implementation manner, after controlling the state of the first controlled device, the authentication device sends the identification information of the first controlled device and the second information to the cloud server, and the identification information of the first controlled device and the second information The information is at least used to generate settlement information corresponding to the first device to be authenticated. Exemplarily, the settlement information indicates that the user obtains information related to fees generated by the service provided by the first controlled device, and the fees and first information corresponding to each controlled device can be pre-stored in the cloud server. For example, the settlement information can be the above-mentioned scenario 4 Billing business information in . In this way, the authentication device sends the identification information of the first controlled device and the second information to the cloud server, the identification information of the first controlled device is used to determine the service fee generated by the first controlled device, and the second information is used to communicate with the second information. The first information is matched, so that the fee is determined to be the fee generated by the user corresponding to the first device to be authenticated to obtain the service provided by the first controlled device. Exemplarily, if the user obtains services of multiple controlled devices, the authentication device may send the identification information and the second information of the multiple controlled devices to the cloud server, so as to uniformly generate settlement information corresponding to the first device to be authenticated.

In this way, by performing the above steps 601-603, the authentication device does not need to pre-store the user's biometric information, and matches the acquired first information and second information at the same time, and controls the first controlled device according to the matching result. state, thereby realizing the user identity authentication corresponding to the first device to be authenticated, and avoiding the leakage risk of pre-stored user biometric information, improving information security, and ensuring user privacy.

In addition, when the number of devices to be authenticated or controlled devices is more than one, as an example, the authentication device can obtain the biometric information from each device to be authenticated at the first moment, and for any device to be authenticated, the information from The biometric information of the device to be authenticated is sequentially matched with the biometric information collected by each controlled device. If the matching is successful, it indicates that the user has obtained the service authorization from the cloud server or the authentication device in advance. The controlled device is in the open state, so that the authentication device can simultaneously authenticate the users corresponding to multiple devices to be authenticated, and can control multiple controlled devices to be in the open state at the same time, so as to realize the simultaneous authentication of multiple identities. Users provide services. Compared with the one-to-one service form, that is, only one user can be provided with services at the same time, and multiple users need to queue up to obtain services sequentially. In the embodiment of this application, multiple user identities can be authenticated at the same time, and authentication Through multiple users to provide services, users do not need to queue up, which improves the authentication efficiency and improves the user experience. In addition, for an authentication method that requires multiple authentication devices, in the embodiment of the present application, one authentication device can simultaneously authenticate multiple user identities, which saves costs.

The implementation process of the authentication method shown in FIG. 6 above will be exemplarily described below in combination with the above-mentioned no-service scenario or the authentication-first and then-service scenario.

For example, in the above-mentioned scenario three, when user A is shopping at an unmanned vending machine, the wearable device a worn by user A can send the collected ECG information to the cloud server, and the cloud server forwards the ECG information to For an unmanned vending machine, user A is authorized to purchase goods. If the user holds the handle of the shopping trough corresponding to the shopping trough lock 03, the shopping trough lock 03 can collect user A’s ECG information, and the unmanned vending machine can obtain the shopping The user's ECG information collected by the slot lock 03; the unmanned vending machine can successfully match the ECG information collected by the shopping slot lock 03 with the ECG information from the wearable device a, indicating that user A is an authorized service object and is shopping For the goods in the shopping trough corresponding to the shopping trough lock 03, the unmanned vending machine controls the opening of the shopping trough lock 03, so that user A can take the goods in the shopping trough; the unmanned vending machine sends the heart rate collected by the shopping trough lock 03 to the cloud server Electronic information and shopping slot lock 03 logo, the cloud server generates settlement business information corresponding to shopping slot lock 03 according to the pre-stored information such as commodity prices corresponding to each shopping slot lock logo. The cloud server matches the ECG information collected by the shopping slot lock 03 with the ECG information from the wearable device a, thereby determining the corresponding wearable device a, and sends the settlement business information to the wearable device a, so that the user A makes the settlement. In this way, the unmanned vending machine can realize the user's identity authentication without storing the user's ECG information in advance, which improves the security of information. In addition, when multiple users who are authorized to purchase commodities purchase commodities in the unmanned vending machine at the same time, different users can touch different shopping trough handles. For any user, the unmanned vending machine can successfully match the handles touched by the user. The ECG information collected by the shopping trough lock and the ECG information from the user's wearable device can control the opening of multiple shopping trough locks, so that multiple users can purchase goods at the same time, and the user does not need to queue up, which saves the user's time and improves the user experience.

For example, in the above-mentioned scenario four, user B has obtained the authorization to use the smart vehicle in advance, and the wearable device b worn by user B is configured with the same encryption algorithm as the smart vehicle; when user B arrives near the smart vehicle, the wearable device b b collects the ECG information of user B and encrypts it using the above-mentioned encryption algorithm. The wearable device b sends the encrypted information to the smart vehicle, and the smart vehicle uses the encryption algorithm to decrypt the received information to obtain the information collected by the wearable device b. ECG information; when the distance between car lock 01 and wearable device b is less than 5m, the authentication device controls car lock 01 to enable the ECG information collection function, and when user B touches the door handle corresponding to car lock 01, the smart The vehicle can obtain the ECG information collected by the car lock 01, and the smart vehicle can successfully match the ECG information collected by the wearable device b with the ECG information collected by the car lock 01, indicating that user B is an authorized user, and the smart vehicle controls the car The lock 01 is opened for the user to use the vehicle. In this way, the smart vehicle can realize the identity authentication of the user without storing the user's ECG information in advance, which improves the security of information. In addition, when multiple authorized users open the door at the same time, different users can touch different door handles. For any user, the smart vehicle can successfully match the ECG information collected by the door lock touched by the user with the ECG information from the user. The ECG information of the wearable device can control the opening of multiple door locks, enabling multiple users to open and unlock the door at the same time. Furthermore, after each successful unlocking, the smart vehicle can also update the encryption algorithm to ensure the timeliness of the encryption algorithm, and send the updated encryption algorithm to the wearable device for use when unlocking next time.

Fig. 7 shows a flow chart of another authentication method according to an embodiment of the present application. Exemplarily, this method may be executed by the authentication device 101 in Fig. 1 above; as shown in Fig. 7, this method may include the following steps :

Step 701, the authentication device acquires third information and fourth information. Wherein, the third information is associated with the first business information, and the first business information is the business information provided by the cloud server for the first controlled device, and the fourth information is associated with the second business information, and the second business information is that the cloud server is Service information provided by the first device to be authenticated.

Wherein, the association of the third information with the first business information may indicate that: the third information includes the first business information, or the third information includes information obtained after processing the first business information, for example, the third information may include The encryption algorithm encrypts the first service information to obtain information. The association between the fourth information and the second business information means that: the fourth information includes the second business information, or the fourth information includes the information obtained after processing the second business information, for example, the fourth information may include Information obtained by encrypting the second service information.

Exemplarily, the encryption algorithm may include a first encryption algorithm from the cloud server, and may also include a second encryption algorithm from the authentication device.

As an example, the third information may include the first service information, and the fourth information may include the second service information; as another example, the third information may include information obtained by encrypting the first service information through an encryption algorithm, and the fourth information It may include the information obtained by encrypting the second business information through an encryption algorithm; as another example, the third information may include the information obtained by encrypting the first business information through an encryption algorithm, and the fourth information may include the second business information; as another In one example, the third information may include the first service information, and the fourth information may include information obtained by encrypting the second service information by using an encryption algorithm.

Wherein, the service information represents the service-related information pre-allocated by the cloud server to instruct the target controlled device to provide services for the user corresponding to the target device to be authenticated, that is, the user corresponding to the target device to be authenticated is the authorized service object of the target controlled device. For example, the service information may be the charging service information in the above-mentioned scenario 1, or the pickup service information in the above-mentioned scenario 2, and so on. It can be understood that, for any service information, the cloud server may provide the service information to the corresponding target device to be authenticated and the target controlled device in advance. The first service information may indicate that the first controlled device can provide a service for a user corresponding to the target device to be authenticated, and the second service information may indicate that the user corresponding to the first device to be authenticated can obtain the service of the corresponding target controlled device.

In a possible implementation manner, the authentication device may receive third information from the cloud server, and may also receive fourth information from the first device to be authenticated. As an example, the authentication device may receive the third information in advance before receiving the fourth information, and pre-save the third information locally, for example, the authentication device may store the third information in a white list. Exemplarily, the authentication device may pre-obtain service information provided by the cloud server for one or more controlled devices, and store each service information in a white list.

Step 702, the authentication device matches the third information with the fourth information.

Wherein, for a possible implementation manner of matching the third information and the fourth information in this step, reference may be made to the related expression of matching the first information and the second information in the above-mentioned step 602 .

Exemplarily, the authentication device may match the second service information with the first service information in the whitelist. It can be understood that when storing multiple pieces of business information in the white list, the second business information can be matched with each business information in sequence until the matching is successful, or all the business information in the white list can be traversed.

Exemplarily, the first service information may include identification information of the first controlled device; the second service information may include identification information of the target controlled device. It can be understood that if the identification information of the target controlled device is the same as the identification information of the first controlled device, it means that the first service information and the second service information are the same service information, and the first controlled device can be The first device to be authenticated corresponds to a target controlled device for the user to provide services.

In this step, the authentication device can determine whether the second service information and the first service information are the same service information by matching the third information and the fourth information, that is, determine whether the user corresponding to the first device to be authenticated is the first The authorized service object of the controlled device, so as to realize authorization authentication.

Step 703. If the third information and the fourth information match successfully, the authentication device acquires the first information and the second information.

In this step, for specific instructions on how the authentication device acquires the first information and the second information, reference may be made to relevant expressions in the above-mentioned step 601, which will not be repeated here.

Wherein, if the third information and the fourth information match successfully, it indicates that the second business information and the first business information are the same business information, that is, the user corresponding to the first device to be authenticated is the authorized service object of the first controlled device, and the second A controlled device is a target controlled device that provides services to users corresponding to the first device to be authenticated, and the authentication device may further obtain the first information and the second information.

In a possible implementation manner, when the third information and the fourth information match successfully, the authentication device may send third control information to the first controlled device, and the third control information is used to control the first controlled device Collect first biometric information. Exemplarily, the function of the first controlled device to collect biometric information is initially configured as off, so that if the third information and the fourth information match successfully, it indicates that the first controlled device is the first device to be authenticated The corresponding user provides services, and the user intends to unlock the first controlled device, and the authentication device controls the first controlled device to enable the biometric information collection function, so that when the user touches the first controlled device, the first controlled device The biometric information of the user can be collected; at the same time, the first controlled device only enables the biometric information collection function when needed, thereby reducing the energy consumption of the first controlled device and the data processing amount of the authentication device.

In a possible implementation, when the third information and the fourth information are successfully matched, the authentication device may feed back the information that the matching is successful to the first device to be authenticated, so as to obtain the second information from the first device to be authenticated .

It can be understood that, in the case where the matching of the third information and the fourth information fails, it indicates that the second business information is not the same business information as the first business information, that is, the user corresponding to the first device to be authenticated is not the user of the first controlled device. If the service object is authorized, the authentication device may not process the second information from the first device to be authenticated, thereby reducing the amount of data processing.

Step 704, the authentication device matches the first information with the second information.

For a specific description of this step, reference may be made to the relevant expression of the above-mentioned step 602, which will not be repeated here.

Step 705, the authentication device controls the state of the controlled device according to the matching result between the first information and the second information.

For a specific description of this step, reference may be made to the relevant expression of the above-mentioned step 603, which will not be repeated here.

In this way, the authentication device matches the third information with the fourth information by performing the above steps 701-705, thereby realizing authorization authentication. If the third information and the fourth information are successfully matched, it indicates that the second business information is equal to the first business information. The same business information, that is, the user corresponding to the first device to be authenticated is the authorized service object of the first controlled device; then, if the authorization authentication passes, the authentication device obtains the first information and the second information and performs matching, and according to the matching As a result, the state of the first controlled device is controlled, and the authentication device can realize the identity authentication of the user corresponding to the first device to be authenticated without storing the user's biometric information in advance, thereby ensuring that the user corresponding to the first device to be authenticated opens the The first controlled device avoids the leakage risk of pre-stored user biometric information, improves information security, and protects user privacy.

In addition, when the number of devices to be authenticated or controlled devices is more than one, as an example, at the same time, the authentication device can obtain business information from multiple devices to be authenticated, and for any device to be authenticated, the cloud The service information provided by the server for the device to be authenticated is sequentially matched with the service information provided by the cloud server for each controlled device, so as to simultaneously authorize and authenticate users corresponding to multiple devices to be authenticated. In addition, when the user authorization authentication corresponding to multiple devices to be authenticated passes, for any device to be authenticated, the authentication device obtains the biometric information collected by the device to be authenticated, and the biometric information collected by the corresponding target controlled device. If the matching is successful, the authentication device will control the target controlled device to be in the open state, otherwise, the target controlled device will remain in the closed state; thereby realizing simultaneous authentication of users corresponding to multiple devices to be authenticated Identity authentication, and ensure that the corresponding target controlled device is opened by the user corresponding to the device to be authenticated; and, at the same time, users corresponding to multiple devices to be authenticated can open their corresponding target controlled devices, so as to realize simultaneous Multiple users provide services. Compared with the one-to-one service form, in the embodiment of the present application, authorization authentication and identity authentication of multiple users can be performed at the same time, and services can be provided to multiple authenticated users at the same time, which improves authentication efficiency and user experience. In addition, for an authentication method that requires multiple authentication devices, in the embodiment of the present application, one authentication device can simultaneously authenticate multiple user identities, which saves costs.

The implementation process of the authentication method shown in FIG. 7 is described below in combination with the above authentication scenario after the existing service.

For example, in the above scenario 1, when the vehicle driven by user C needs to be charged, user C can send charging request information to the cloud server through the wearable device c worn by user C, and the cloud server will allocate a smart charging car according to the charging request information of the user. The charging gun corresponding to charging gun lock 01 provides charging service for user C and generates corresponding charging service information. The charging service information includes the identification of charging gun lock 01; Wearable device c; the smart charging car stores the charging service information in the white list, the smart charging car drives to the location indicated in the charging service information, and the wearable device c sends the charging service information and collected user C's information to the smart charging car. ECG information. The smart charging car matches the charging service information sent by the received wearable device c with the charging service information in the white list, and the charging service information including the charging gun lock 01 logo is successfully matched with the charging service information sent by the charging gun lock 01 , so that the smart charging car can confirm that user C is the authorized service object of the smart charging car, and the charging gun corresponding to the charging gun lock 01 provides charging service for user C, and then the smart charging car sends control information to the charging gun lock 01 to control charging Gunlock 01 enables the ECG information collection function. User C can pull out the charging gun equipped with the smart charging car to charge his own vehicle; if user C pulls out the charging gun corresponding to the charging gun lock 01, the charging gun lock 01 can collect the ECG information of user C and send it to the smart charging car, and the smart charging The car can successfully match the ECG information collected by the charging gun lock 01 with the received ECG information from the wearable device c, indicating that user C is pulling out the charging gun corresponding to the charging gun lock 01, and the smart charging car controls the charging gun lock 01 is turned on for user C to charge. If other users pull out the charging gun corresponding to charging gun lock 01, the ECG information collected by charging gun lock 01 fails to match the ECG information from wearable device c, indicating that user C is not pulling out the charging gun corresponding to charging gun lock 01. Charging gun lock 01 remains closed. In this way, the smart charging car can realize the user's identity authentication without pre-storing the user's ECG information, which improves the security of information. In addition, when the smart charging car needs to provide charging services for multiple users at the same time, different users can pull out different charging guns. For any user, only when the user pulls out the charging gun assigned to him by the cloud server, can open the corresponding Charging gun lock, and other users cannot open the charging gun lock, preventing other users from pulling out the charging gun assigned to the user by the cloud server to charge another vehicle, so as to ensure that each user can pull out the corresponding charging gun assigned by the cloud server Charging to meet the charging needs of each user; and, at the same time, when multiple users pull out the charging guns allocated by the cloud server for each user, the smart charging car can control the opening of multiple charging gun locks to realize multi-user synchronous charging .

For example, in the above scenario 2, the locker corresponding to the locker 02 stores the courier of user D, and the cloud server generates the corresponding pickup service information and encryption algorithm. The pickup service information includes the locker lock 02, the cloud server sends the pickup service information and encryption algorithm to the smart express cabinet and user D’s wearable device d, and the smart express cabinet stores the pickup service information in the white list. After user D arrives near the smart express cabinet, wearable device d collects user D's ECG information and encrypts it using the above encryption algorithm, and wearable device d sends the pick-up business information and encrypted information to the smart express cabinet. The smart express cabinet matches the pickup service information received from the wearable device d with the pickup service information in the whitelist, including the pickup service information identified by locker 02 and the pickup service information sent by the wearable device d. The business information of the package is successfully matched, so that the smart express cabinet can confirm that user D is the authorized service object of the smart express cabinet, and the storage box corresponding to the storage box lock 02 contains the express delivery of user D, and then the smart express cabinet can send The box lock 02 sends control information to control the storage box lock 02 to enable the ECG information collection function. User D touches the door handle of the storage box. If user D touches the door handle of the storage box corresponding to the storage box lock 02, the storage box lock 02 can collect the ECG information of user D and send it to the smart express cabinet. Use the above encryption algorithm to encrypt the ECG information collected by the locker lock 02, and match the encrypted information with the encrypted information sent by the wearable device d. The information indicates that the user D is touching the door handle of the storage box corresponding to the storage box lock 02, and the smart express cabinet controls the storage box lock 02 to open so that the user D can take the express delivery. If another user touches the door handle of the storage box corresponding to the storage box lock 02, the smart express cabinet encrypts the ECG information collected by the storage box lock 02, and the encrypted information and the encrypted information from the wearable device d If the matching fails, it means that the user D is not touching the handle of the storage box door corresponding to the storage box lock 02, and the storage box lock 02 remains closed. In this way, the smart express cabinet can realize the user's identity authentication without pre-storing the user's ECG information, which improves the security of information. In addition, when multiple users pick up items in the smart express cabinet at the same time, different users can touch different locker door handles. Open the corresponding storage box lock, and other users cannot open the storage box lock, so as to prevent other users from taking the user's courier, thereby ensuring that each user can take his own courier; and, at the same time, multiple When the user touches the door handle of the locker that stores their respective couriers, the smart express cabinet can control the locks of multiple lockers to open, realizing the simultaneous pick-up of multiple users.

Further, after the authentication device controls the state of the first controlled device, the authentication device may clear the acquired information (such as one or more of biometric information, encryption algorithm, or business information, etc.), so that Avoid information leakage and ensure information security. Exemplarily, the authentication device may clear relevant information after performing the above step 603 or step 705 .

As an example, the authentication device may clear the first information and the second information after controlling the state of the first controlled device. It can be understood that after the authentication device controls the state of the first controlled device, the user's identity authentication has been completed. Since the first information and the second information include the user's biometric information, the authentication device does not need to store the first information and the second information. The second information, clear the first information and the second information in time, so as to avoid information leakage, protect user privacy, and save storage space at the same time.

As an example, after the authentication device controls the state of the first controlled device, the authentication device may clear the encryption algorithm. Wherein, the encryption algorithm may include the first encryption algorithm or the second encryption algorithm. Exemplarily, the encryption algorithm used by the authentication device in each authentication process can be different. After the authentication device controls the state of the first controlled device, the user's identity authentication has been completed, and the authentication device can clear the encryption algorithm to avoid encryption. Algorithm leakage ensures information security and saves storage space.

As an example, after the authentication device controls the state of the first controlled device, the authentication device can clear the business information; for example, the authentication device can clear the business information provided by the cloud server for the first controlled device, and can also clear the received The service information from the first device to be authenticated. After the authentication device controls the state of the first controlled device, the user's authorization authentication has been completed. Since the business information may include the user's personal information, the authentication device clears the business information; thereby avoiding information leakage, protecting user privacy, and saving storage space.

For example, in the above scenario 1, after user C successfully pulls out the charging gun corresponding to the charging gun lock 01, the smart charging car can clear the charging service information provided by the cloud server for the charging gun lock 01, or the charging service information from the wearable device c. Charging business information. In the above scenario 2, after user D takes the courier from the storage box corresponding to the storage box lock 02, the smart express cabinet can clear the encryption algorithm, and can also clear the pickup business information provided by the cloud server for the storage box lock 02 Or pickup business information from wearable device d. In the above scenario three, after user A takes away the goods in the shopping slot corresponding to the shopping slot lock 03 or completes the settlement, the unmanned vending machine can clear the ECG information collected by the shopping slot lock 03 or the ECG information from the wearable device a. ECG information. In the above scenario four, after user B successfully opens the door corresponding to car lock 01, the smart vehicle can clear the encryption algorithm, and also clear the ECG information collected by car lock 01 or the ECG information from wearable device b.

Fig. 8 shows a flowchart of another authentication method according to an embodiment of the present application. Exemplarily, the method may be executed by the device to be authenticated (such as the device to be authenticated 102) in Fig. 1 above, as shown in Fig. 8 , the method may include the following steps:

Step 801, the first device to be authenticated collects second biometric information at the first moment, and the second biometric information is associated with a user corresponding to the first device to be authenticated.

Exemplarily, the second biometric information may include second electrocardiographic information, the first device to be authenticated is configured with an electrocardiographic sensor, and the electrocardiographic sensor is used to collect the second electrocardiographic information. Since the ECG information is unique, that is, the ECG information of different users is different, the ECG information can be used to accurately distinguish different users, thereby ensuring the accuracy of user identity authentication; at the same time, the user's ECG information is random at each moment , can not replicate the simulation, using ECG information for identity authentication is more secure and reliable; in addition, compared with other biometric information that is greatly affected by the external environment, ECG information is not affected by the external environment and can be better applicable to various environments .

In a possible implementation manner, when the distance between the first controlled device and the first device to be authenticated is smaller than a preset threshold, the first device to be authenticated collects the second biometric feature information. Wherein, the manner in which the first device to be authenticated determines that the distance between the first controlled device and the first device to be authenticated is smaller than the preset threshold may refer to the relevant expressions in the above step 601.

Exemplarily, the function of the first device to be authenticated to collect biometric information can be initially configured as off, so that when the distance between the first controlled device and the first device to be authenticated is less than a preset threshold, it indicates that the user already close to the first controlled device and has the intention of unlocking, the first device to be authenticated starts the biometric information collection function in order to collect the biometric information; at the same time, the first device to be authenticated only starts the biometric information collection function when needed, thereby reducing The energy consumption of the first device to be certified and the data processing capacity of the certified device are calculated. In addition, when the user is close to the first controlled device, the user may trigger the first device to be authenticated to start the biometric information collection function.

As an example, before performing step 801, the first device to be authenticated may receive fourth information from the cloud server, the fourth information is associated with the second service information corresponding to the first device to be authenticated, and the fourth information is at least used for Matching with the third information, the third information is associated with the first service information corresponding to the first controlled device. Exemplarily, the first service information may include identification information of the first controlled device; the second service information may include identification information of the target controlled device. Further, the first device to be authenticated may send the fourth information; for example, the first device to be authenticated may send the fourth information to the authentication device, or send the fourth information to the cloud server, and forward the fourth information to the authentication device through the cloud server; exemplary Specifically, when the distance between the first controlled device and the first device to be authenticated is smaller than a preset threshold, the first device to be authenticated may send fourth information.

In a possible implementation manner, the first device to be authenticated may send service request information to the cloud server, where the service request information is at least used to request acquisition of service information corresponding to the first device to be authenticated. For example, in the above scenario 1, the user can send charging request information to the cloud server through the wearable device, so as to obtain the charging service information assigned by the cloud server to the wearable device.

Exemplarily, in the case that the third information and the fourth information are successfully matched, the first device to be authenticated may receive the information of the successful matching fed back by the authentication device, so that the biometric information collection function may be enabled, and according to the collected second The biometric information generates second information. The function of the first device to be authenticated to collect biometric information can be initially configured to be off. In this way, if the third information and the fourth information match successfully, it indicates that the first controlled device is the first device to be authenticated. The user provides services, and the user has the intention to unlock the first controlled device, the first device to be authenticated starts the biometric information collection function, so as to collect the user's biometric information; at the same time, the first device to be authenticated only turns on the biometric The feature information collection function reduces the energy consumption of the first device to be certified and the data processing amount of the certified device.

Step 802, the first device to be authenticated sends second information, the second information is associated with the second biological feature information, the second information is at least used to match the first information, and the first information is related to the first biological feature at the first moment The information is associated, and the first biometric information comes from the first controlled device.

Exemplarily, the first device to be authenticated may send the second information to the authentication device, or send the second information to the cloud server, and forward the second information to the authentication device through the cloud server. As an example, the first device to be authenticated may send the second information and the fourth information at the same time.

In a possible implementation manner, the first device to be authenticated may receive an encryption algorithm; and then use the encryption algorithm to encrypt the collected second biometric information to obtain the second information, and send the second information to the authentication equipment. Exemplarily, the device to be authenticated may receive the first encryption algorithm from the cloud server, or the second encryption algorithm from the authentication device. In this way, the first authentication device receives the encryption algorithm, so as to encrypt the collected biometric information, thereby improving the security of the information.

In a possible implementation manner, the first device to be authenticated may receive settlement information corresponding to the first device to be authenticated. Exemplarily, the first device to be authenticated may receive settlement information sent from the cloud server, so that the user corresponding to the first device to be authenticated can perform settlement.

Exemplarily, the first device to be authenticated can also receive feedback information from the authentication device, for example, the feedback information of successful matching; further, the first device to be authenticated can clear the second information, the fourth information or encryption algorithm, so as to avoid information leakage, ensure information security, and save storage space at the same time.

In the embodiment of the present application, the first device to be authenticated collects the second biometric information at the first moment, and sends the second information associated with the second biometric information, and the second information is used to perform authentication with the first information at the same moment. In this way, the user identity authentication corresponding to the first device to be authenticated can be realized without pre-storing the user's biometric information, and at the same time, the risk of leakage of the pre-stored user's biometric information is avoided, and the security of information is improved. , protecting user privacy.

For technical effects and specific descriptions of the authentication method and various possible implementation methods described above in FIG. 8 , refer to the above authentication method, and details are not repeated here.

The embodiment of the present application also provides another authentication system, which may include an authentication device and a cloud server, wherein the cloud server is configured to send the third information to the first controlled device, and send the third information to the first device to be authenticated. Sending fourth information, wherein, the third information is associated with the first business information, and the first business information is the business information provided by the cloud server for the first controlled device; the fourth information is associated with the second business information, and the second business information The information is service information provided by the cloud server for the first device to be authenticated. The authentication device is configured to receive fourth information from the first device to be authenticated; match the third information with the fourth information; and obtain the first information and the second information at the first moment; match the first information with the second information; control the state of the first controlled device according to the matching result of the first information and the second information; wherein, the first information and the first Biometric information is associated, the first biometric information comes from the first controlled device, the second information is associated with the second biometric information, the second biometric information comes from the first device to be authenticated, and is associated with the first device to be authenticated the corresponding user.

In the embodiment of this application, the cloud server sends the third information to the first controlled device, and sends the fourth information to the first device to be authenticated, and the authentication device receives the fourth information from the first device to be authenticated, and the third information Match with the fourth information to realize authorization authentication. If the third information and the fourth information match successfully, it indicates that the second business information and the first business information are the same business information, that is, the user corresponding to the first device to be authenticated is the first The authorized service object of the controlled device; when the authorization authentication is passed, the authentication device obtains the first information and the second information and performs matching, and controls the state of the first controlled device according to the matching result. The authentication device does not need to pre-store the user's Biometric information can realize the identity authentication of the user corresponding to the first device to be authenticated, thereby ensuring that the user corresponding to the first device to be authenticated turns on the first controlled device, and at the same time avoids the existence of pre-stored user's biometric information The risk of leakage is reduced, the security of information is improved, and the privacy of users is guaranteed.

As an example, the above authentication system may further include a first device to be authenticated, and the first device to be authenticated is configured to execute the steps of the above authentication method shown in FIG. 8 .

Exemplarily, the first biometric information may include first electrocardiographic information; the second biometric information may include second electrocardiographic information. Since the ECG information is unique, that is, the ECG information of different users is different, and the ECG information can be used to accurately distinguish different users, thereby ensuring the accuracy of identity authentication; at the same time, the user's ECG information is random at each moment. Simulation cannot be copied, and it is safer and more reliable to use ECG information for identity authentication; in addition, compared with other biometric information that is greatly affected by the external environment, ECG information is not affected by the external environment and can be better applied to various environments.

Exemplarily, the first service information may include identification information of the first controlled device; the second service information may include identification information of the target controlled device. Wherein, the target controlled device may be a device allocated by the cloud server to provide services for the user corresponding to the first device to be authenticated.

Exemplarily, the first controlled device may include a first smart lock; the authentication device is further configured to: when the first information and the second information match successfully, send first control information, and the first control information is used to Control the first smart lock to be in the open state. Wherein, the successful matching of the first information and the second information indicates that the identity authentication of the user corresponding to the first device to be authenticated has passed, and the user expects to be served by the device corresponding to the first smart lock, then the authentication device can control the first smart lock to be in the Open state, so that the user can get the corresponding service.

In a possible implementation, the authentication device is further configured to: when the distance between the first controlled device and the first device to be authenticated is smaller than a preset threshold, send the second Control information, the second control information is used to control the first controlled device to collect the first biological feature information. Exemplarily, the function of the first controlled device to collect biometric information can be initially configured as off, so that when the distance between the first controlled device and the first device to be authenticated is less than a preset threshold, it indicates that the user has approached the first controlled device and has the intention to unlock, the authentication device controls the first controlled device to enable the biometric information collection function, so that when the user touches the first controlled device, the first controlled device can collect the user's first Biological feature information; at the same time, the first controlled device only enables the biometric information collection function when needed, thereby reducing the energy consumption of the first controlled device and the data processing amount of the authentication device.

In a possible implementation manner, the cloud server is further configured to: receive service request information; and generate third information and fourth information according to the service request information. Wherein, the service request information may come from the first device to be authenticated, and the cloud server allocates existing available service resources according to the service request information, and generates third information and fourth information, so as to meet user needs. For example, in the above scenario 1, after receiving the charging request information sent by the wearable device worn by the user, the cloud server allocates a suitable charging gun for the user according to the user's charging request and available charging gun resources, and generates corresponding service Information, and then the business information can be sent to the smart charging car and the wearable device worn by the user respectively.

In a possible implementation, the cloud server is further configured to: generate the third information and the fourth information according to the business to be processed; for example, in the second scenario above, the cloud server may Store the relevant information of the express delivery, generate the pick-up business information, and then send the pick-up business information to the smart express cabinet and the wearable device of the corresponding picker respectively.

In a possible implementation manner, the first information may include information obtained by encrypting the first biological feature information through the first encryption algorithm, and/or the second information may include information obtained by encrypting the second biological feature information through the first encryption algorithm. The obtained information; the cloud server is further configured to: send the first encryption algorithm to the authentication device, and send the first encryption algorithm to the first device to be authenticated; the authentication device is also configured to: receive the first encryption algorithm. In this way, the cloud server can generate an encryption algorithm and send the encryption algorithm to the authentication device and the device to be authenticated, so as to encrypt the biometric information collected by the device to be authenticated or the controlled device; the first information and/or the second information both include The information after encrypting the biometric information further improves the security of the information. For example, in a business scenario, the cloud server can generate an encryption algorithm and send the encryption algorithm to the authentication device and the device to be authenticated.

Exemplarily, business information may correspond to an encryption algorithm, that is, different business information corresponds to a different encryption algorithm; when the cloud server generates business information, it may generate a corresponding encryption algorithm, and the business information and the encryption algorithm may be , respectively sent to the corresponding authentication device and the device to be authenticated. After the authentication device receives the business information provided by the cloud server for multiple controlled devices and the corresponding multiple encryption algorithms, for the biometric information collected by any controlled device, the authentication device can use the business information related to the controlled device The corresponding encryption algorithm is used for encryption.

In a possible implementation manner, the first information may include information obtained by encrypting the first biometric information with a second encryption algorithm, and/or the second information may include information obtained by encrypting the second biometric information with a second encryption algorithm. Encrypt the obtained information; the authentication device is further configured to: generate a second encryption algorithm; send the second encryption algorithm to the first device to be authenticated. The second encryption algorithm is used to encrypt the biometric information collected by the first controlled device and the biometric information collected by the first device to be authenticated, the first information and the second information both include encrypted biometric information, and further Improved information security. For example, in a no-service scenario, the authentication device may generate an encryption algorithm and send the encryption algorithm to the device to be authenticated for initial pairing. Exemplarily, the second encryption algorithm is time-sensitive, and the authentication device may update the encryption algorithm after each authentication, thereby improving the security of encrypted information during each authentication process.

In a possible implementation, the authentication device is further configured to: send the identification information and the second information of the first controlled device to the cloud server after controlling the state of the first controlled device; the cloud server is further configured It is used to: receive the identification information of the first controlled device and the second information; determine the first device to be authenticated according to the second information; generate the corresponding service information of the first device to be authenticated according to the service information corresponding to the identification information of the first controlled device. Settlement information; send the settlement information to the first device to be authenticated. Wherein, the settlement information may represent the cost-related information generated by the user to obtain the service provided by the first controlled device, and the cloud server may pre-store the cost-related information generated by the service provided by each controlled device and the information forwarded by the cloud server. It can be understood that Notably, the information forwarded via the cloud server may include the first information. Exemplarily, the authentication device sends the identification information of the first controlled device and the second information to the cloud server. After receiving the above information, the cloud server may determine according to the identification information of the first controlled device that the first controlled device provides a service. and match the second information with the information forwarded by the cloud server. The second information is successfully matched with the first information, so it is determined that the fee is what the user corresponding to the first device to be authenticated obtains from the service provided by the first controlled device. The generated fee is then sent to the first device to be authenticated, so that the user corresponding to the first device to be authenticated can make settlement.

As an example, if the user corresponding to the first device to be authenticated obtains the services of multiple controlled devices, the authentication device may send the identification information and the second information of the multiple controlled devices to the cloud server, and the cloud server uniformly generates the first to-be-authenticated device. The settlement information corresponding to the authentication device is sent to the first device to be authenticated, so that the user can perform unified settlement. As another example, after the cloud server generates the settlement information corresponding to the first device to be authenticated, it can send the settlement information to the first device to be authenticated after a preset time interval, thereby realizing shopping first and then settlement, and improving the user experience. experience.

In a possible implementation manner, the authentication device is further configured to: clear the first information and the second information after controlling the state of the first controlled device. It can be understood that after the authentication device controls the state of the first controlled device, the user's identity authentication has been completed. Since the first information and the second information include the user's biometric information, the authentication device does not need to store the first information and the second information. The second information, clear the first information and the second information in time, so as to avoid information leakage, protect user privacy, and save storage space at the same time.

In a possible implementation manner, the authentication device is further configured to: clear the encryption algorithm after controlling the state of the first controlled device. Wherein, the encryption algorithm may include the first encryption algorithm or the second encryption algorithm. After the authentication device controls the state of the first controlled device, the user's identity authentication has been completed, and the authentication device can clear the encryption algorithm, thereby avoiding the leakage of the encryption algorithm, ensuring information security, and saving storage space.

In a possible implementation manner, the authentication device is further configured to: clear the service information after controlling the state of the first controlled device. After the authentication device controls the state of the first controlled device, the user's authorization authentication has been completed. Since the business information may include the user's personal information, the authentication device clears the business information; thereby avoiding information leakage, protecting user privacy, and saving storage space.

The embodiment of the present application also provides another authentication system, which may include an authentication device and a device to be authenticated, wherein the authentication device is configured to execute the steps of the authentication method shown in FIG. 6 or FIG. 7 above, The device to be authenticated is configured to execute the steps of the above authentication method shown in FIG. 8 .

The embodiment of the present application also provides another authentication system, which may include an authentication device, a device to be authenticated, and a controlled device, wherein the authentication device is configured to execute the above-mentioned authentication method shown in FIG. 6 or FIG. 7 The device to be authenticated is configured to execute the steps of the authentication method shown in FIG. 8 above, and the controlled device is used to collect the first biometric information at the first moment.

For technical effects and specific descriptions of the above-mentioned authentication systems and various possible implementations in each authentication system, please refer to the above-mentioned authentication methods, which will not be repeated here.

Based on the same idea of the above-mentioned method embodiments, the embodiments of the present application further provide an authentication device, which is configured to implement the technical solution described in the above-mentioned method embodiments. For example, each step of the above method shown in FIG. 6 or FIG. 7 may be executed.

Fig. 9 shows a structural diagram of an authentication device according to an embodiment of the present application. As shown in Fig. 9, the authentication device may include: a first transceiver module 901, configured to obtain first information and The second information at the first moment, wherein the first information is associated with the first biometric information, the first biometric information comes from the first controlled device, and the second information is associated with the second biometric information Associated, the second biometric information comes from the first device to be authenticated, and is associated with the user corresponding to the first device to be authenticated; the first processing module 902 is configured to compare the first information and the second information matching; according to the matching result of the first information and the second information, the state of the first controlled device is controlled.

In a possible implementation manner, the first controlled device includes a first smart lock; the first processing module is further configured to: if the first information and the second information match successfully , sending first control information, where the first control information is used to control the first smart lock to be in an unlocked state.

In a possible implementation manner, the first processing module 902 is further configured to: clear the first biometric feature information and the second biometric information after the state of the first controlled device is controlled. characteristic information.

In a possible implementation manner, the first processing module 902 is further configured to: when the distance between the first controlled device and the first device to be authenticated is less than a preset threshold, send The first controlled device sends second control information, where the second control information is used to control the first controlled device to collect the first biological feature information.

In a possible implementation manner, the first transceiving module 902 is further configured to: acquire third information and fourth information, where the third information is associated with first service information, and the first service The information is service information provided by the cloud server for the first controlled device, the fourth information is associated with second service information, and the second service information is provided by the cloud server for the first device to be authenticated matching the third information with the fourth information; and acquiring the first information and the second information if the third information and the fourth information are successfully matched.

In a possible implementation manner, the first service information includes identification information of the first controlled device; the second service information includes identification information of a target controlled device.

In a possible implementation manner, the first information includes information obtained by encrypting the first biometric information with a first encryption algorithm, and/or, the second information includes information obtained by encrypting the first biometric information with the first encryption algorithm. The information obtained by encrypting the second biological feature information; the first transceiving module 901 is further configured to: receive the first encryption algorithm from the cloud server.

In a possible implementation manner, the first processing module 902 is further configured to: clear the first encryption algorithm after the state of the first controlled device is controlled.

In a possible implementation manner, the first information includes information obtained by encrypting the first biometric information through a second encryption algorithm, and/or the second information includes information obtained by encrypting the first biometric information through the second encryption algorithm. The information obtained by encrypting the second biometric feature information; the first processing module 902 is further configured to: generate the second encryption algorithm, and send the second encryption algorithm to the first device to be authenticated.

In a possible implementation manner, the first processing module 902 is further configured to: clear the second encryption algorithm after the state of the first controlled device is controlled.

In a possible implementation manner, the first biometric information includes first electrocardiographic information; the second biometric information includes second electrocardiographic information.

In a possible implementation manner, the first processing module 902 is further configured to: after controlling the state of the first controlled device, send the identification information of the first controlled device to a cloud server and the second information, the identification information of the first controlled device and the second information are at least used to generate settlement information corresponding to the first device to be authenticated.

Embodiments of the present application also provide another authentication device, which is used to implement the technical solutions described in the above method embodiments. For example, each step of the above-mentioned method shown in FIG. 8 may be executed.

Fig. 10 shows a structural diagram of another authentication device according to an embodiment of the present application. As shown in Fig. 10, the authentication device may include: a second processing module 1001, configured to collect a second biometric feature at the first moment information, the second biometric information is associated with the user corresponding to the first device to be authenticated; the second transceiver module 1002 is configured to send second information, the second information is associated with the second biometric information, and the The second information is at least used to match with the first information, the first information is associated with the first biological feature information at the first moment, and the first biological feature information comes from the first controlled device.

In a possible implementation manner, the second processing module 1001 is further configured to: collect The second biometric information.

In a possible implementation manner, the second transceiver module 1002 is further configured to: receive fourth information from the cloud server, the fourth information is related to the second business information corresponding to the first device to be authenticated Associating, the fourth information is at least used to match with third information, the third information is associated with the first service information corresponding to the first controlled device; sending the fourth information to the authentication device.

In a possible implementation manner, the second transceiver module 1002 is further configured to: send service request information to the cloud server, where the service request information is at least used to request to obtain a service corresponding to the first device to be authenticated information.

In a possible implementation manner, the second information includes information obtained by encrypting the second biometric information with an encryption algorithm, and the second transceiver module 1002 is further configured to: receive the encryption algorithm.

In a possible implementation manner, the first device to be authenticated is configured with an electrocardiographic sensor, and the electrocardiographic sensor is configured to collect the second electrocardiographic information.

In a possible implementation manner, the second transceiving module 1002 is further configured to: receive settlement information corresponding to the first controlled device.

For technical effects and specific descriptions of the authentication device shown in FIG. 9 and FIG. 10 and various possible implementations thereof, reference may be made to the above authentication method, and details are not repeated here.

It should be noted that it should be understood that the division of the modules in the above device is only a division of logical functions, which may be fully or partially integrated into one physical entity or physically separated during actual implementation. In addition, the modules in the device can be implemented in the form of a processor calling software; for example, the device includes a processor, the processor is connected to a memory, instructions are stored in the memory, and the processor calls the instructions stored in the memory to implement any of the above methods Or realize the function of each module of the device, wherein the processor is, for example, a general-purpose processor, such as a central processing unit (Central Processing Unit, CPU) or a microprocessor, and the memory is a memory in the device or a memory outside the device. Alternatively, the modules in the device may be implemented in the form of hardware circuits, and part or all of the functions of the modules may be realized by designing the hardware circuits. The hardware circuits may be understood as one or more processors; for example, in one implementation, The hardware circuit is an application-specific integrated circuit (ASIC), through the design of the logical relationship between the components in the circuit, the functions of some or all of the above modules are realized; for another example, in another implementation, the hardware circuit is It can be realized by programmable logic device (programmable logic device, PLD). Taking field programmable gate array (Field Programmable Gate Array, FPGA) as an example, it can include a large number of logic gate circuits, and configure the logic gate circuits through configuration files. connection relationship, so as to realize the functions of some or all of the above modules. All the modules of the above device can be realized in the form of calling software by the processor, or in the form of hardware circuit, or partially realized in the form of calling software by the processor, and the rest can be realized in the form of hardware circuit.

In the embodiment of the present application, the processor is a circuit with signal processing capabilities. In one implementation, the processor may be a circuit with instruction reading and execution capabilities, such as CPU, microprocessor, graphics processor (graphics processing unit, GPU) (can be understood as a microprocessor), or digital signal processor (digital signal processor, DSP), etc.; in another implementation, the processor can realize a certain Function, the logical relationship of the hardware circuit is fixed or reconfigurable, for example, the processor is a hardware circuit implemented by ASIC or PLD, such as FPGA. In a reconfigurable hardware circuit, the process of the processor loading the configuration file to realize the configuration of the hardware circuit can be understood as the process of the processor loading instructions to realize the functions of some or all of the above modules. In addition, it can also be a hardware circuit designed for artificial intelligence, which can be understood as an ASIC, such as a neural network processing unit (Neural Network Processing Unit, NPU) tensor processing unit (Tensor Processing Unit, TPU), a deep learning processing unit (Deep learning Processing Unit, DPU), etc.

It can be seen that each module in the above device can be one or more processors (or processing circuits) configured to implement the above method, for example: CPU, GPU, NPU, TPU, DPU, microprocessor, DSP, ASIC, FPGA , or a combination of at least two of these processor forms.

In addition, all or part of the modules in the above devices can be integrated together, or can be implemented independently. In one implementation, these modules are integrated together and implemented in the form of a system-on-a-chip (SOC). The SOC may include at least one processor for implementing any of the above methods or realizing the functions of each module of the device. The at least one processor may be of different types, such as including CPU and FPGA, CPU and artificial intelligence processor, CPUs and GPUs, etc.

The embodiment of the present application also provides an authentication device, and the embodiment of the present application does not limit the type of the authentication device. The authentication device can be implemented in hardware, software or a combination of software and hardware. As an example, the authentication device may include: a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to implement the above authentication method when executing the instructions. Exemplarily, the above-mentioned methods shown in FIG. 6 and FIG. 7 may be implemented. As another example, the authentication device may include a hardware module or a software module, for example, may include one or more modules described above in FIG. 9 .

The embodiment of the present application also provides a device to be authenticated, and the embodiment of the present application does not limit the type of the device to be authenticated. The device to be authenticated can be realized by hardware, software or a combination of software and hardware. As an example, the device to be authenticated may include: a sensor for collecting biometric information; a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to implement the above-mentioned authentication method. Exemplarily, the above method shown in FIG. 8 may be implemented. As another example, the device to be authenticated may include a hardware module or a software module, for example, may include one or more modules described above in FIG. 10 .

Fig. 11 shows a schematic structural diagram of an electronic device according to an embodiment of the present application. Exemplarily, the electronic device may be an authentication device or a device to be authenticated. As shown in Fig. 11, the authentication device may include: at least one processor 1101 , a communication line 1102 , a memory 1103 and at least one communication interface 1104 .

The processor 1101 may be a CPU, a microprocessor, an application-specific integrated circuit ASIC, or one or more integrated circuits used to control the program execution of the program of this application.

Communications link 1102 may include a pathway for communicating information between the components described above.

Communication interface 1104, using any device such as a transceiver for communicating with other devices or communication networks, such as Ethernet, radio access networks (radio access networks, RAN), wireless local area networks (wireless local area networks, WLAN), etc. .

Memory 1103 may be read-only memory (read-only memory, ROM) or other types of static storage devices that can store static information and instructions, random access memory (random access memory, RAM) or other types that can store information and instructions It can also be an electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or can be used to carry or store desired program code in the form of instructions or data structures and can be programmed by a computer Any other medium accessed, but not limited to. The memory may exist independently and be connected to the processor through the communication line 1102 . Memory can also be integrated with the processor. The memory provided by the embodiment of the present application may generally be non-volatile. Wherein, the memory 1103 is used to store computer-executed instructions for implementing the solutions of the present application, and the processor 1101 controls the execution. The processor 1101 is configured to execute computer-executed instructions stored in the memory 1103, so as to implement the methods provided in the above-mentioned embodiments of the present application. Exemplarily, the above steps shown in FIG. 6 or FIG. 7 or FIG. 8 may be implemented.

Optionally, the computer-executed instructions in the embodiments of the present application may also be referred to as application program codes, which is not specifically limited in the embodiments of the present application.

Exemplarily, the processor 1101 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 11 .

Exemplarily, the authentication device may include multiple processors, such as processor 1101 and processor 1107 in FIG. 11 . Each of these processors may be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (eg, computer program instructions).

In a specific implementation, as an example, the authentication apparatus may further include an output device 1105 and an input device 1106 . Output device 1105 is in communication with processor 1101 and can display information in a variety of ways. For example, the output device 1105 may be a liquid crystal display (liquid crystal display, LCD), a light emitting diode (light emitting diode, LED) display device, a cathode ray tube (cathode ray tube, CRT) display device, or a projector (projector) wait. The input device 1106 communicates with the processor 1101 and can receive user input in various ways. For example, the input device 1106 may be a mouse, a keyboard, a touch screen device, or a sensing device, among others.

As an example, in combination with the electronic device shown in FIG. 11, the first transceiver module 901 in FIG. 9 above can be realized by the communication interface 1104 in FIG. 11; the first processing module 902 in FIG. The processor 1101 is implemented.

As another example, in combination with the electronic device shown in FIG. 11, the second processing module 1001 in FIG. 10 above can be implemented by the processor 1101 in FIG. 11; the second transceiver module 1002 in FIG. In the communication interface 1104 to achieve.

Embodiments of the present application provide a chip, including a processor, and when the processor executes an instruction, the processor executes the method in the foregoing embodiments. Exemplarily, the authentication method shown in FIG. 6 , FIG. 7 or FIG. 8 above may be implemented.

Embodiments of the present application provide a computer-readable storage medium on which computer program instructions are stored, and when the computer program instructions are executed by a processor, the methods in the foregoing embodiments are implemented. Exemplarily, the authentication method shown in FIG. 6 , FIG. 7 or FIG. 8 above may be implemented.

An embodiment of the present application provides a computer program product, including computer-readable codes, or a non-volatile computer-readable storage medium bearing computer-readable codes, when the computer-readable codes are stored in a processor of an electronic device When running in the electronic device, the processor in the electronic device executes the method in the foregoing embodiment. Exemplarily, the authentication method shown in FIG. 6 , FIG. 7 or FIG. 8 above may be implemented.

A computer readable storage medium may be a tangible device that can retain and store instructions for use by an instruction execution device. A computer readable storage medium may be, for example, but is not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of computer-readable storage media include: portable computer discs, hard drives, RAM, ROM, Electrically Programmable Read-Only-Memory (EPROM), or flash memory , Static Random-Access Memory (SRAM), Portable Compact Disc Read-Only Memory (CD-ROM), Digital Video Disc (DVD), Memory Stick, Floppy disks, mechanically encoded devices, such as punched cards or raised structures in grooves with instructions stored thereon, and any suitable combination of the foregoing.

Computer readable program instructions or codes described herein may be downloaded from a computer readable storage medium to a respective computing/processing device, or downloaded to an external computer or external storage device over a network, such as the Internet, local area network, wide area network, and/or wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers, and/or edge servers. A network adapter card or a network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in each computing/processing device .

Computer program instructions for performing the operations of the present application may be assembly instructions, instruction set architecture (Instruction Set Architecture, ISA) instructions, machine instructions, machine-related instructions, microcode, firmware instructions, state setting data, or in one or more source or object code written in any combination of programming languages, including object-oriented programming languages—such as Smalltalk, C++, etc., and conventional procedural programming languages—such as the “C” language or similar programming languages. Computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer, or entirely on the remote computer or server implement. In cases involving a remote computer, the remote computer can be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or it can be connected to an external computer such as use an Internet service provider to connect via the Internet). In some embodiments, by using state information of computer-readable program instructions to personalize and customize electronic circuits, such as programmable logic circuits, FPGAs, or programmable logic arrays (Programmable Logic Array, PLA), the electronic circuits can execute computer-readable Program instructions are read, thereby implementing various aspects of the present application.

Aspects of the present application are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It should be understood that each block of the flowcharts and/or block diagrams, and combinations of blocks in the flowcharts and/or block diagrams, can be implemented by computer-readable program instructions.

These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine such that when executed by the processor of the computer or other programmable data processing apparatus , producing an apparatus for realizing the functions/actions specified in one or more blocks in the flowchart and/or block diagram. These computer-readable program instructions can also be stored in a computer-readable storage medium, and these instructions cause computers, programmable data processing devices and/or other devices to work in a specific way, so that the computer-readable medium storing instructions includes An article of manufacture comprising instructions for implementing various aspects of the functions/acts specified in one or more blocks in flowcharts and/or block diagrams.

It is also possible to load computer-readable program instructions into a computer, other programmable data processing device, or other equipment, so that a series of operational steps are performed on the computer, other programmable data processing device, or other equipment to produce a computer-implemented process , so that instructions executed on computers, other programmable data processing devices, or other devices implement the functions/actions specified in one or more blocks in the flowcharts and/or block diagrams.

The flowchart and block diagrams in the figures show the architecture, functions and operations of possible implementations of apparatuses, systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in a flowchart or block diagram may represent a module, a portion of a program segment, or an instruction that includes one or more Executable instructions. In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks in succession may, in fact, be executed substantially concurrently, or they may sometimes be executed in the reverse order, depending upon the functionality involved.

It should also be noted that each block in the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts, can be implemented with hardware (such as circuits or ASIC (Application Specific Integrated Circuit, application-specific integrated circuit)), or it can be realized by a combination of hardware and software, such as firmware.

It should be noted that the prefixes such as "first" and "second" used in the embodiments of the present application are only to distinguish different description objects, and have no reference to the position, order, priority, quantity or content of the described objects. Limitation.

Although the present application has been described in conjunction with various embodiments here, however, in the process of implementing the claimed application, those skilled in the art can understand and Other variations of the disclosed embodiments are implemented. In the claims, the word "comprising" does not exclude other components or steps, and "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that these measures cannot be combined to advantage.

In each embodiment of the present application, if there is no special explanation and logical conflict, the terms and/or descriptions between the various embodiments are consistent and can be referred to each other. The technical features in different embodiments are based on their inherent logic Relationships can be combined to form new embodiments.

The above is only a specific implementation of the application, but the scope of protection of the application is not limited thereto. Anyone familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the application. Should be covered within the protection scope of this application. Therefore, the protection scope of the present application should be determined by the protection scope of the claims.

Claims

An authentication method, characterized in that the method is applied to an authentication device, and the method includes:

Acquiring the first information at the first moment and the second information at the first moment, the first information is associated with the first biological feature information, the first biological feature information comes from the first controlled device, and the first biological feature information is The second information is associated with second biometric information, the second biometric information comes from the first device to be authenticated, and is associated with the user corresponding to the first device to be authenticated;

matching the first information with the second information;

The state of the first controlled device is controlled according to a matching result of the first information and the second information.
The method according to claim 1, wherein the first controlled device comprises a first smart lock;

The controlling the state of the first controlled device according to the matching result of the first information and the second information includes:

If the first information and the second information match successfully, first control information is sent, and the first control information is used to control the first smart lock to be in an open state.
The method according to claim 1 or 2, further comprising: after the state of the first controlled device is controlled, clearing the first information and the second information.
The method according to any one of claims 1-3, further comprising: when the distance between the first controlled device and the first device to be authenticated is less than a preset threshold, In this case, second control information is sent to the first controlled device, where the second control information is used to control the first controlled device to collect the first biological feature information.
The method according to any one of claims 1-4, wherein the acquiring the first information at the first moment and the second information at the first moment comprises:

Acquiring third information and fourth information, wherein the third information is associated with first business information, the first business information is business information provided by the cloud server for the first controlled device, and the fourth The information is associated with second business information, and the second business information is business information provided by the cloud server for the first device to be authenticated;

matching the third information with the fourth information;

If the third information and the fourth information match successfully, the first information and the second information are acquired.
The method according to claim 5, wherein the first service information includes identification information of the first controlled device; and the second service information includes identification information of a target controlled device.
The method according to any one of claims 1-6, wherein the first information includes information obtained by encrypting the first biometric information with a first encryption algorithm, and/or, the first The second information includes information obtained by encrypting the second biometric information through the first encryption algorithm;

The method further includes: receiving the first encryption algorithm from a cloud server.
The method according to claim 7, further comprising: after the state of the first controlled device is controlled, clearing the first encryption algorithm.
The method according to any one of claims 1-6, wherein the first information includes information obtained by encrypting the first biometric information with a second encryption algorithm, and/or, the first The second information includes information obtained by encrypting the second biometric information through the second encryption algorithm;

The method also includes: generating the second encryption algorithm;

Send the second encryption algorithm to the first device to be authenticated.
The method according to claim 9, further comprising: after the state of the first controlled device is controlled, clearing the second encryption algorithm.
The method according to any one of claims 1-10, wherein the first biometric information includes first electrocardiographic information; and the second biometric information includes second electrocardiographic information.
The method according to any one of claims 1-11, further comprising: after controlling the state of the first controlled device, sending the first controlled device to a cloud server The identification information of the device and the second information, the identification information of the first controlled device and the second information are at least used to generate settlement information corresponding to the first device to be authenticated.
An authentication system, characterized by comprising an authentication device and a cloud server, wherein the cloud server is configured to send third information to a first controlled device and send fourth information to a first device to be authenticated, wherein, The third information is associated with first service information, and the first service information is service information provided by the cloud server for the first controlled device; the fourth information is associated with second service information, The second service information is service information provided by the cloud server for the first device to be authenticated;

The authentication device is configured to receive fourth information from the first device to be authenticated; match the third information with the fourth information; and match the third information with the fourth information If successful, acquire the first information at the first moment and the second information at the first moment; match the first information with the second information; A matching result of the information controls the state of the first controlled device; wherein, the first information is associated with first biological feature information, the first biological feature information comes from the first controlled device, and the The second information is associated with second biological feature information, the second biological feature information is from the first device to be authenticated, and is associated with a user corresponding to the first device to be authenticated.
The system according to claim 13, wherein the first controlled device comprises a first smart lock; and the authentication device is further configured to: when the first information and the second information match successfully In the case of , the first control information is sent, and the first control information is used to control the first smart lock to be in an open state.
The system according to claim 13 or 14, wherein the authentication device is further configured to: clear the first information and the second information after the state of the first controlled device is controlled. Two information.
The system according to any one of claims 13-15, wherein the authentication device is further configured to: the distance between the first controlled device and the first device to be authenticated is less than In the case of a preset threshold, sending second control information to the first controlled device, where the second control information is used to control the first controlled device to collect the first biological feature information.
The system according to any one of claims 13-16, wherein the cloud server is further configured to: receive service request information; generate the third information and the Fourth information.
The system according to any one of claims 13-17, wherein the first information includes information obtained by encrypting the first biometric information with a first encryption algorithm, and/or, the first The second information includes information obtained by encrypting the second biometric information through the first encryption algorithm;

The cloud server is further configured to: send the first encryption algorithm to the authentication device, and send the first encryption algorithm to the first device to be authenticated;

The authentication device is further configured to: receive the first encryption algorithm.
The system according to any one of claims 13-18, wherein the authentication device is further configured to: after the state of the first controlled device is controlled, send the identification information of the first controlled device and the second information;

The cloud server is further configured to: receive the identification information of the first controlled device and the second information; determine the first device to be authenticated according to the second information; The service information corresponding to the identification information of the device generates the settlement information corresponding to the first device to be authenticated; and sends the settlement information to the first device to be authenticated.
An authentication method, characterized in that the method is applied to a first device to be authenticated, and the method includes:

Collecting second biometric information at the first moment, where the second biometric information is associated with the user corresponding to the first device to be authenticated;

sending second information, the second information is associated with the second biometric information, the second information is at least used to match with the first information, the first information is related to the first The biometric information is associated with the biometric information, and the first biometric information comes from the first controlled device.
The method according to claim 20, wherein the collecting the second biometric information at the first moment comprises: the distance between the first controlled device and the first device to be authenticated is less than a preset If the threshold is set, the second biometric information is collected.
An authentication system, characterized by comprising an authentication device and a device to be authenticated, wherein the authentication device is configured to execute the method according to any one of claims 1-12, and the device to be authenticated is configured to Carrying out the method as claimed in claim 20 or 21 above.
An authentication system, characterized by comprising an authentication device, a device to be authenticated, and a controlled device, wherein the authentication device is configured to perform the method described in any one of claims 1-12 above, and the device to be authenticated The device is configured to execute the method described in claim 20 or 21 above, and the controlled device is used to collect the first biometric information at the first moment.
An authentication device, characterized in that it comprises:

A transceiver module, configured to acquire first information at the first moment and second information at the first moment, wherein the first information is associated with first biometric information, and the first biometric information comes from the first In the controlled device, the second information is associated with second biometric information, the second biometric information comes from the first device to be authenticated, and is associated with a user corresponding to the first device to be authenticated;

A processing module, configured to match the first information with the second information; and control the state of the first controlled device according to a matching result between the first information and the second information.
A device to be authenticated, characterized in that it comprises:

A processing module, configured to collect second biometric information at the first moment, the second biometric information being associated with the user corresponding to the first device to be authenticated;

A transceiver module, configured to send second information, the second information is associated with the second biometric information, the second information is at least used to match with the first information, and the first information is associated with the first information The first biological feature information at a moment is associated, and the first biological feature information comes from the first controlled device.
An authentication device, characterized in that it includes:

processor;

memory for storing processor-executable instructions;

Wherein, the processor is configured to implement the method according to any one of claims 1-12 when executing the instructions.
A device to be certified, characterized in that it includes:

Sensors for collecting biometric information;

processor;

memory for storing processor-executable instructions;

Wherein, the processor is configured to implement the method of claim 20 or 21 when executing the instructions.
A chip, characterized by comprising a processor, when the processor executes instructions, the processor executes the method according to any one of claims 1-12, or executes the method according to claim 20 or 21 described method.
A computer-readable storage medium, on which computer program instructions are stored, characterized in that, when the computer program instructions are executed by a processor, the method according to any one of claims 1-12 is implemented, or claim 20 is implemented. or the method described in 21.
A computer program product, characterized in that, when the computer program product is run on a computer, the computer is made to execute the method described in any one of claims 1-12, or to execute the method described in claim 20 or 21. Methods.