CN103294334A - Screen unlocking method, data access control method and security control device - Google Patents
Screen unlocking method, data access control method and security control device Download PDFInfo
- Publication number
- CN103294334A CN103294334A CN2012100549698A CN201210054969A CN103294334A CN 103294334 A CN103294334 A CN 103294334A CN 2012100549698 A CN2012100549698 A CN 2012100549698A CN 201210054969 A CN201210054969 A CN 201210054969A CN 103294334 A CN103294334 A CN 103294334A
- Authority
- CN
- China
- Prior art keywords
- signature
- registration
- gathering
- user
- input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Collating Specific Patterns (AREA)
- User Interface Of Digital Computer (AREA)
- Document Processing Apparatus (AREA)
Abstract
The invention provides a screen unlocking method and a data access control method. The data access control method comprises the following steps: collecting signature characteristics input by a user in advance, structuring signature essential information corresponding to a collection environment and storing the information; and when screening unlocking or access of limited sensitive data or application is required, collecting a current signature characteristic input by the user, extracting stored signature essential information correspondingly to a current collection environment according to the collection environment, comparing the current input signature characteristic with the extracted signature essential information to perform screen unlocking or allow the sensitive data or the application to be accessed if the comparison is identical, and otherwise, not performing screen unlocking or refusing accessing the sensitive data or the application. According to the invention, screen unlocking is realized, and personalized treatment on control of the data access is achieved, and the safety is improved.
Description
Technical field
The present invention relates to the safety technique in the communication system, particularly screen release and data access control method and safety control.
Background technology
Handheld device has been deep into the various aspects of people life, and the portability of its operation is known by masses, in the process of the equipment of use, and a lot of application adding has slowly been arranged user's personality elements, biological characteristic etc.Such as the release of the modal handheld device of people, rich and varied release mode has been arranged, the pattern release is arranged, track release, modes such as fingerprint release.Our release will use handheld device user's signature character to come release.
The release mode of prior art is nothing more than hardware and software two classes, and the variety of way that can use handheld device or peripheral hardware of hardware mode is come release, and software mode has figure, the mode of track.
Existing technical scheme does not use the user's of handheld device input person's handwriting to carry out release
Also have now to propose the fingerprint release, but owing to be subject to the screen characteristic, be not widely used.Comparatively speaking, the signature release can make the user experience convenience and the agility of personal characteristics release than high-accuracy at lower cost.
With respect to the recognition of face release, the signature release can be undergone training, and the user can import various symbols, has only a sampling sample unlike people's face, is easy to occur safety problem.
Summary of the invention
The invention provides a kind of screen unlock method, data access control method and safety control, personalized release mode and data access control mode can be set according to demand, improve security.
For achieving the above object, the present invention adopts following technical scheme:
A kind of screen unlock method comprises:
A, gather the signature character of user input in advance, the registration signing messages that structure is corresponding with the collection environmental facies is preserved;
B, when the screen release of carrying out equipment, gather the signature character of the current input of user, and according to gathering the registration signing messages of environment extraction with the corresponding preservation of this collection environment, the signature character of described current input and the registration signing messages of extraction are compared, the comparison unanimity is unlock screen then, otherwise does not carry out release.
Preferably, the signature character of collection comprises: a kind of or combination in any in the clerical type of the speed of the shape of incoming symbol, the continuity of input, input, the acceleration of input, the weight of starting to write, the orientation of incoming symbol, the three-dimensional degree of depth, input.
Preferably, when the signature character of described collection comprises the clerical type of input and other signature characters except clerical type, the signature character of gathering the current input of user among the step B is: gather the clerical type feature of the current input of user according to gathering environment, again according to described other signature characters of the current input of this clerical type collection apparatus user.
Preferably, gathering environment is: two dimension is gathered or the three dimensions collection.
Preferably, be three dimensions when gathering when gathering environment, the mode of collection is: by the sensor collection or pass through video record.
Preferably, the signature character of gathering user's input in the steps A is: gather the signature character that the user repeatedly imports, described times of collection is set up on their own by user's input or equipment.
Preferably, be kept in the described equipment described signature enrolling information or other equipment that link to each other with described equipment, or be kept in arbitrary end of distributed environment.
Preferably, when the registration signing messages corresponding with gathering environmental facies preserved in the steps A, further the registration signing messages of preserving is encrypted processing;
Extract described in the step B with the registration signing messages of gathering the corresponding preservation of environment and be: to being decrypted processing with the registration signing messages of gathering the corresponding preservation of environment, extract the registration signing messages after deciphering again.
Preferably, described in the step B registration signing messages of the signature character of current input and extraction compared and be the correlativity of calculating the registration signing messages of the signature character of current input and extraction, when the correlativity of the two is prescribed a time limit more than or equal to coincidence gate, judge that comparison is consistent, otherwise, judge that comparison is inconsistent; That described coincidence gate is limited to systemic presupposition or user's input.
A kind of data access control method comprises:
A, gather the signature character of user input in advance, the registration signing messages that structure is corresponding with gathering environmental facies is preserved, and is used for controlling the visit to sensitive data or application;
B, at the described sensitive data of visit or when using, the prompting user imports signature, and the signature character of the current input of collection user, and according to gathering the registration signing messages of environment extraction with the corresponding preservation of this collection environment, the signature character of described current input and the registration signing messages of extraction are compared, the comparison unanimity then allows to visit described data or application, otherwise does not allow to visit described data or application.
Preferably, described sensitive data is the data of encrypting;
Judge the comparison unanimity in described step B after, this method further comprises: described sensitive data is decrypted.
Preferably, the mode that described sensitive data is encrypted is: utilize the signature character of gathering as key described sensitive data to be encrypted.
Preferably, the signature character of collection comprises: a kind of or combination in any in the clerical type of the speed of the shape of incoming symbol, the continuity of input, input, the acceleration of input, the weight of starting to write, the orientation of incoming symbol, the three-dimensional degree of depth, input.
Preferably, when the signature character of described collection comprises the clerical type of input and other signature characters except clerical type, the signature character of gathering the current input of user among the step B is: gather the clerical type feature of the current input of user according to gathering environment, again according to described other signature characters of the current input of this clerical type collection apparatus user.
Preferably, gathering environment is: two dimension is gathered or the three dimensions collection.
Preferably, be three dimensions when gathering when gathering environment, the mode of collection is: by the sensor collection or pass through video record.
Preferably, the signature character of collection user input is in the steps A: gather the signature character that the user repeatedly imports, described times of collection is by user or default.
Preferably, be kept in the described equipment described signature enrolling information or other equipment that link to each other with described equipment, or be kept in arbitrary end of distributed environment.
Preferably, when the registration signing messages corresponding with gathering environmental facies preserved in the steps A, further the registration signing messages of preserving is encrypted processing;
Extract described in the step B with the registration signing messages of gathering the corresponding preservation of environment and be: to being decrypted processing with the registration signing messages of gathering the corresponding preservation of environment, extract the registration signing messages after deciphering again.
Preferably, described in the step B registration signing messages of the signature character of current input and extraction compared and be the correlativity of calculating the registration signing messages of the signature character of current input and extraction, when the correlativity of the two is prescribed a time limit more than or equal to coincidence gate, judge that comparison is consistent, otherwise, judge that comparison is inconsistent; That described coincidence gate is limited to systemic presupposition or user's input.
A kind of safety control comprises registration signature acquisition module, comparison signature acquisition module, signature engine module, signature engine library module and operation control module;
Described registration signature acquisition module, the signature character of gathering user's input in advance sends to described signature engine module;
Described comparison signature acquisition module is gathered the signature character of the current input of user, and the signature character that will gather environmental information and collection sends to described signature engine module;
Described signature engine module receives the signature character that described registration signature acquisition module is gathered, the registration signing messages that structure is corresponding with gathering environmental facies, and be kept at described signature engine library module; The signature character and the collection environmental information that also are used for active user's input of the described comparison signature of reception acquisition module collection, extract the registration signing messages of preserving in the described signature engine library module corresponding with gathering environment according to gathering environment, the signature character of described current input and the registration signing messages of extraction are compared, and comparison result is sent to described operation control module;
Described operation control module, be used for when the screen release of carrying out equipment or access sensitive data, application, trigger the collection of signing of described comparison signature acquisition module, and receive the comparison result that described signature engine module sends, unlock screen or allow the described data of visit, application when comparison is consistent, otherwise not unlock screen or the described data of denied access, application.
Preferably, described registration signature acquisition module is further carried out the operation of gathering signature character under the indication of described operation control module;
Described comparison signature acquisition module is further carried out the operation of gathering signature character under the direct triggering of described operation control module;
Described operation control module is further used for indicating described registration signature acquisition module to gather the registration signature of user's input in advance.
Preferably, described registration signature acquisition module is further carried out the operation of gathering signature character under the indication of described signature engine module;
Described comparison signature acquisition module is further carried out the operation of gathering signature character under the indication of described signature engine module;
Described operation control module is further used for triggering the comparison of signing of signature engine module, and triggers the collection of signing of described comparison signature acquisition module by described signature engine module;
The signature engine module further indicates described registration signature acquisition module to gather the registration signature of user's input in advance; Also be used under the triggering of described operation control module, trigger the collection of signing of described comparison signature acquisition module.
Preferably, described registration signature acquisition module is arranged in described equipment or links to each other with described equipment;
Described comparison signature acquisition module is arranged in described equipment or links to each other with described equipment;
Described signature engine module is arranged in arbitrary end or the described equipment of distributed system;
Described signature engine library module is arranged in arbitrary end or the described equipment of distributed system;
Described operation control module is arranged in described equipment.
Preferably, when described signature engine library module is arranged in the arbitrary end of distributed system, described safety control further comprises the encryption and decryption module, be kept in the described signature engine library module after the described registration signing messages encryption that is used for described signature engine module is constructed, also be used for the described registration signing messages that described signature engine module is extracted is decrypted processing, and the registration signing messages after will deciphering feeds back to described signature engine module.
Preferably, described encryption and decryption module is arranged in described signature engine module, and is perhaps independent separately with described signature engine module.
As seen from the above technical solution, among the present invention, gather the signature character of user's input in advance, the signature essential information that structure is corresponding with gathering environmental facies is preserved; When needs carry out the screen release or visit limited sensitive data or when using, gather the signature character of the current input of user, and according to gathering the signature essential information of environment extraction with the corresponding preservation of this collection environment, the signature character of described current input and the signature essential information of extraction are compared, the comparison unanimity is unlock screen then, perhaps allows access sensitive data or application; Otherwise unlock screen does not perhaps allow access sensitive data or application.By the mode of the invention described above, can utilize signature to carry out release and the data access control of screen, thereby can realize the personalisation process of screen release and data access control, improved security.
Description of drawings
Fig. 1 is the signature enrolling schematic flow sheet in screen release among the present invention and the data access control method;
Fig. 2 carries out screen release idiographic flow synoptic diagram for utilizing the signing messages of registration among the present invention;
The idiographic flow synoptic diagram that Fig. 3 carries out data access control for the signing messages that utilizes registration among the present invention;
Fig. 4 gathers the example synoptic diagram of signature character for three dimensions;
Fig. 5 gathers the example synoptic diagram of signature character for two-dimensional space uses handwriting input;
Fig. 6 is for being used for the equipment synoptic diagram of operation the inventive method.
Embodiment
For making purpose of the present invention, technological means and advantage clearer, below in conjunction with accompanying drawing the present invention is described in further details.
Basic thought of the present invention is: utilize the signing messages of storage in advance to carry out the control of screen release or data access.
Particularly, in the present invention, at first gather the signature character that the user imports in advance, carry out signature enrolling, be used for the control of follow-up screen release or data access; Then, when needs carry out the screen release, the prompting user imports signature, and the signature character of the current input of collection user, compare with the signing messages of registration, if the comparison result unanimity is then carried out the screen release or allowed to carry out corresponding data access, otherwise, do not carry out the screen release or do not allow to carry out corresponding data access.By as seen above-mentioned, when carrying out the control of screen release and data access among the present invention, include two parts: signature enrolling and signature authentication.
By specific embodiment above-mentioned signature enrolling and signature authentication process are described respectively.
Fig. 1 is the signature enrolling schematic flow sheet in screen release among the present invention and the data access control method.The signature enrolling flow process of these two kinds of methods is identical, therefore is introduced in the lump here.As shown in Figure 1, this flow process comprises:
Step 101 prepares to carry out signature enrolling.
Before electronic equipment typing user's signature, can enter ready login state in advance, and should allow the user learn that the signature character of oneself is gathered, namely point out the user to carry out signature enrolling.Concrete signature enrolling may be initiated by the third-party institution, also can be initiatively registration signature of user oneself.When the user registers the Chinese signature, can offer the user and select to import calligraphy characteristic, include but not limited to regular script, running hand, rapid style of writing etc.
The user begins typing signature in electronic equipment.User's typing signature can carry out in two-dimentional or three-dimensional environment.Particularly, can directly use the slip of finger, perhaps by other equipment, include but not limited to felt pen, it is first-class to make a video recording.In the three-dimensional acquisition environment, the user can use the gesture of sliding to come typing person's handwriting signature aloft, does not at this moment have contact arrangement, but can obtain input feature vector by other modes.User input also can occur in the touch-screen of non-demonstration, but on but can the equipment of perception user input.The Autograph Session of typing has different input methods because the user imports different calligraphies.
The user imports the registration signature and can carry out repeatedly, and repeatedly the input process of registration signature can be successional, also can disperse.Particularly, the user imports the signature of registration, can on equipment, import continuously several times as the data source of gathering, be used for generating user's signature character, also can be with different time input signatures on distinct device, equipment extracts user's input generation user's signature character data under corresponding scene then.
In some cases, for security consideration, gather after the user's signature, can use the input feature vector data of certain cryptographic algorithm encrypting user.Pass to local device then or pass in the distributed system.
Step 103 is gathered the signature character of user's input.
After step 102 was finished, in the process of perhaps finishing, equipment began to gather user's signature, and the number of times that the user gathers can perhaps also can be selected by user oneself by apparatus settings.The feature of gathering can include but not limited to that the user imports a kind of or combination in any in the weight that the speed of person's handwriting, input, the shape of incoming symbol (for example Shu Ru word), clerical type, the orientation of symbol, the degree of depth in the three dimensions, user starts to write etc.
The user can also use certain clerical type under the particular acquisition environment, the clerical type here comprises regular script, running hand, rapid style of writing and other characteristic calligraphy bodies.Can gather the feature of clerical type according to gathering environment in the time of the equipment collection, then other signature characters of further importing according to this clerical type collection apparatus user.
When the user imports the registration signature, may under multiple varying environment, carry out, therefore, correspondingly, when the collection user imports signature character, can under different collection environment, carry out.Corresponding different collection environment has corresponding acquisition means.Be three dimensions when gathering when gathering environment, the mode of collection can be by the sensor collection or by video record etc.; When the collection environment was the two dimension collection, the mode of collection can be by touch-screen or touch pad etc.
Can followingly handle during concrete the collection: the equipment bottom arranges the data sampling frequency, and at two-dimensional space, the user imports signature, and equipment is with these frequency collection data.During image data, the coordinate of record data, the timestamp of data and eigenwert (this eigenwert in order to characterize the first stroke of a Chinese character and start to write) in addition also can typing clerical type features, deposit these data in buffer zone, as the signature character of gathering.At three dimensions, user input data, equipment is gathered user's acceleration with characteristic frequency, in this process, according to acceleration, determine direction of motion, logging timestamp, turning to and feature in the same way of record acceleration deposits data in buffer zone, as the signature character of gathering.
After collecting the signature character of registration, can average etc. processing to the signature character of repeatedly input, and can carry out assembled arrangement to various signature characters as required, construct the registration signing messages that adapts to the different acquisition environment, and the corresponding corresponding registration of the environment preservation signing messages of gathering, be used for the control of follow-up screen release and data access.
The concrete above-mentioned operation that the registration signature character of gathering is handled can move at local device or the annex that links to each other with equipment, perhaps, also can move in distributed environment.The signature enrolling information that finally constructs can be kept at local device or with annex that equipment links to each other on, perhaps be kept at other ends of distributed environment.For security consideration, when preserving signature enrolling information, can be encrypted this signature enrolling information, follow-up when carrying out the signature character comparison, need earlier signature enrolling information to be decrypted processing, the registration signing messages that extracts after deciphering carries out the comparison of signature character again.
So far, the signature enrolling process is finished.By above-mentioned signature enrolling mode, can register customized information, be used for the control of signature and data access.Simultaneously, the typing of this signing messages can be carried out repeatedly, and can gather multiple signature sample, thereby the security of avoiding having only a sampling sample to cause in the recognition of face release is perplexed.
Next, respectively the signature that utilizes registration is carried out the concrete processing of screen release and data access control.
Fig. 2 carries out screen release idiographic flow synoptic diagram for utilizing the signing messages of registration among the present invention.As shown in Figure 2, this flow process comprises:
Electronic equipment enters the release interface.Electronic equipment enters released state, before adaptable various state.Under released state, the electronic equipment release that is triggered, this release interface can be various, can set as required through specific step, equipment can make the user begin to import signature contents.
With registration signature process shown in Figure 1 similarly, environment and mode that the user imports signature can be multifarious, can directly use finger touch, also can use felt pen to import or make the input that uses gesture, perhaps directly with the movement locus input of equipment.The signature of input can be any symbol that can identify user's input feature vector, comprises being not limited to Chinese English, multiple symbol such as Korean.User's input can be selected in multiple mode.Give an example, the user can select handwriting input when an end of distributed system is signed input, when the other end of this distributed system is signed input, can select the gesture input.
Step 203 is gathered the signature character of user's input.
Equipment is gathered the signature character of user's input, specifically can adopt specific acquisition mode according to gathering environment.If the user is directly with finger touch input, so direct image data from the touch-screen; If make the typing that uses gesture, equipment can be gathered user's information typing with camera or inductor; If the user uses the movement locus input of equipment, equipment can directly obtain data from the correlation modules such as motion of equipment.The user can use multiple input mode in step 202, in this case, can collect polytype user input data in this step, and concrete acquisition mode can be with step 103.After collecting the signature character of user input, compare again after the data of gathering can being anticipated, concrete processing in advance can adopt with Fig. 1 in identical processing mode during structure signature enrolling information in the step 104.
Step 204 is extracted the registration signing messages of gathering the corresponding preservation of environment with this according to gathering environment.
Extract the registration signing messages of gathering the corresponding preservation of environment with this according to current collection environment.For example, when corresponding three-dimensional was gathered, the signing messages of registration comprised the putting in order etc. of shape, incoming symbol of the three-dimensional degree of depth, incoming symbol, if so current collection environment is three-dimensional acquisition, then extracts corresponding registration signing messages.
If, the registration signing messages of preserving is encrypted when carrying out signature enrolling aforementioned, when extracting this registration signing messages, at first need to utilize this registration signing messages of correct secret key decryption so.This processing is very significant for the screen release in the distributed environment, for example, the end when user carries out signature enrolling in distributed environment has carried out being used for the input of the signing messages of registration, and the registration signing messages that will construct is kept in the distributed environment; When user's other ends in distributed environment need carry out the screen release, these other ends at first need extract the registration signing messages of preserving in this distributed environment, and decipher this registration signing messages, just can carry out follow-up screen release then.Like this, can guarantee on the one hand the security during registering signing messages transmit in distributed environment, can guarantee on the other hand that in distributed environment authorization location could utilize the registration signing messages of preservation to carry out release.
Step 205 is compared the signature character of step 203 collection and the registration signing messages of step 204 extraction, judges whether comparison is consistent, as if unanimity, then unlock screen; If inconsistent, unlock screen not then.
Equipment collects by step 203 after the signature character of the current input of user, compares with the registration signing messages that extracts.
When specifically comparing, what degree the signature character that step 203 is gathered reaches with the similarity of the registration signing messages of step 204 extraction can think that comparison is consistent, this point can be regulated, specifically can compare with the consistent thresholding of setting by the result of calculation of the two correlativity, if more than or equal to consistent thresholding, think that comparison is consistent.Arranging of this unanimity thresholding can be that equipment is default, and perhaps the user imports.For example, can the regulated variable of consistent thresholding be presented to the user according to the feature during image data in 203, the mode that presents can be text, audio frequency, the multiple mode of video.In the handwriting input, very commonly the user imports a threshold value, the comparison of signing according to this threshold value.
Equipment enters the release flow process after judging that signature is eligible.If ineligible, in the number of attempt that equipment limits, return step 201 flow process.In certain embodiments, after surpassing certain number of attempt, equipment can enter that the release flow process prevents can not the release situation.
So far, the flow process of utilizing the registration signature to carry out the screen release finishes.
The schematic flow sheet of Fig. 3 for utilizing the registration signature to carry out data access control.As shown in Figure 3, this flow process comprises:
Here the application that refers to include but not limited to local device with network on the application that exists with distributed way.Can be the contact person, note, browser, document reader, application such as picture reader.
The sensitive data content includes, but are not limited to note, message registration, internet records, picture, video, the data such as content of audio frequency and other text character.
Whether step 302, the application that Equipment Inspection will be visited or data signed the processing, if handled, then execution in step 303, carry out signature authentication, otherwise, directly visit this application or data.
Whether application or the data of equipment inspection visit need signature authentication, if do not need signature authentication, and so direct visit information content.Signature authentication if desired, execution in step 303 so.
Step 304 is gathered the signature character of user's input, extracts the registration signing messages of gathering the corresponding preservation of environment with this according to gathering environment, and whether comparison is consistent, if comparison is consistent, then allows visit, otherwise denied access.
The processing here is identical with the processing of step 202~205 among Fig. 2, is just judging that the operation of taking after the comparison unanimity is to allow visit data or application, judges that the inconsistent back of comparison refusal is to the visit of data or application.
Processing by above-mentioned Fig. 3 can utilize the registration signing messages to control the access rights of data or application, and this is relatively good for this accessing.But in some cases, if the cleartext information on the distributed system directly transmits, will cause user data to divulge a secret, therefore, for guaranteeing the security in the data transmission procedure, preferably, the sensitive data of process system transmissions can be encrypted processing, after in step 304, judging the comparison unanimity then, this sensitive data is decrypted the back visit.For example the encryption and decryption that can carry out as above of the sensitive data in distributed system is handled, and can further guarantee security like this, prevents that user data from divulging a secret.
Specifically sensitive data is added, during decryption processing, the signature character that can utilize collection as key add, decryption processing.Wherein, the signature character that is used for adding, deciphering can be preserved in advance, also can be the signature character of user's input of current real-time collection.
So far, the schematic flow sheet of data access control finishes.
In the flow process of Fig. 3, all relate to the signature character of gathering user's input at above-mentioned Fig. 1, provide two object lessons of gathering the user's signature feature below.
Fig. 4 gathers the example of signature character for three dimensions.In Fig. 4,401 representative equipment, this equipment can be the handheld devices that possesses display screen and processor etc. of a platform independent, also can be the simple machines of energy perceive motion feature.The track that 402 representative equipment aloft slide.When specific implementation, can set 401 display screen demonstration track 402, and be prompted to the relevant motion characteristics of user.The data of the track 402 that equipment is gathered not only have font shape and track, and key elements such as the speed of motion and acceleration can also be arranged.In this embodiment, use the feature of holding of equipment to obtain signed data, in some cases, also can use the input function of camera to catch the movement locus of hand, also can come the perceive motion track to come logging data at the induction installation that has feature on hand.It is the signed data of gathering the user in the space of a solid that the example of Fig. 4 is mainly set forth.As user during in the three dimensions image data, the factor of signature will more be added with individual character, and the direction character of signature also can be added to the inside, further improve the uniqueness of input data.
Fig. 5 is two-dimensional space is gathered signature character by handwriting input example.501 represent electronic equipment, and this electronic equipment can comprise the some or all of content of mentioning in the equipment 600.502 representative of consumer are used handwriting input in the electronic equipment input screen.Be not limited only to hand-writtenly in the input of this part, can also make other peripheral hardware, such as writing pencil etc., can cause the input reflection at the touch-screen of different qualities.503 can be the touch-screen that can show, also can be the touch pad that can not show.The signature of 504 representative of consumer input.User's signature can be one or more special symbol, and the arrangement of symbol also can be directive, such as from about to right or from right to left, again or from top to bottom, or from top to bottom.
The method of the invention described above can be moved at safety control shown in Figure 6.As shown in Figure 6, this device comprises registration signature acquisition module 601, comparison signature acquisition module 602, signature engine module 603, signature engine library module 604, operation control module 605.Above-mentioned module can disperse to be arranged in distributed system, also can concentrate to be positioned on the local device.Be that example describes with concentrated being positioned on the local device 600 of all modules below.
Registration signature acquisition module 601 sends to signature engine module 603 for the signature character of gathering user's input in advance.Comparison signature acquisition module 602 is used for gathering the signature character of the current input of user, sends to signature engine module 603.Wherein, registration signature acquisition module 601 and comparison signature acquisition module 602 can be with the user's signature unofficial biography of gathering, and this unofficial biography can be used specific encrypted tunnel, also can be with the clear-text way unofficial biography, and this can both depend on the user; And these two modules can be gathered user's signed data by one or more source, and data source includes but not limited to displayable screen, can only touch the screen that can not show, the data acquisition unit of network-side special use etc.; Simultaneously, registration signature acquisition module 601 and comparison signature acquisition module 602 permission equipment 600 use based on the comprehensive method of signature to be imported, and adds the sound input such as handwritten signature, perhaps adds the video input, equipment 600 can be resolved this mode, and gathers signature for information about.In addition, registration signature acquisition module 601 and comparison signature acquisition module 602 are imported the collection of signature character for the user, can be to carry out under the indication of operation control module 605, perhaps, also can be to carry out under the indication of signature engine module 603.When signature engine module 603 indication comparison signature acquisition modules 602 are signed collection, be to trigger signature engine modules 603 comparison of signing by operation control module 605, trigger comparison acquisition modules 602 collection of signing of signing by signature engine module 603 again.
Signature engine module 603 is used for receiving the signature character that registration signature acquisition module 601 is gathered, the registration signing messages that structure is corresponding with gathering environmental facies, and be kept at signature engine library module 604; Also receive the signature character of active user's input of comparison signature acquisition module 602 collections, extract the registration signing messages of preserving in the signature engine library module 604 corresponding with this collection environment according to gathering environment, the signature character of this current input and the registration signing messages of extraction are compared, and comparison result is sent to operation control module 605 and being presented on the described equipment.Wherein, signature engine module 603 and 603 can depend on the equipment 600, and is perhaps mutually integrated with registration signature acquisition module 601 and comparison signature acquisition module 602, also can use distributed method to store at far-end.Signature engine module 603 can dynamically update the registration signing messages of preserving in the signature engine library module 604.
Operation control module 605, be used for when the screen release of carrying out equipment or access sensitive data, application, trigger signature engine module 603 comparison of signing, receive the comparison result that signature engine module 603 is determined, if comparison result unanimity, unlock screen or allow access sensitive data, application then, otherwise not unlock screen or denied access sensitive data, application.Whether consistent comparison result wherein can be to compare net result, it also can be the similarity score of comparison, continued to judge according to this similarity score by the operation control module, if the similarity of comparison meets the setting value of equipment 600, unlock screen or permission access sensitive data, application so, if the similarity of comparison does not meet the setting value of equipment 600, reenter screen locking pattern or denied access sensitive data, application so.
As previously mentioned, each module of above-mentioned safety control can all be arranged in local device, perhaps, also can be arranged in distributed system.Particularly, registration signature acquisition module can be arranged in local device or link to each other with local device, is used for gathering signature; Comparison signature acquisition module can be arranged in local device or link to each other with local device, is used for gathering signature; The signature engine module can be arranged in arbitrary end or the local device of distributed system; The signature engine library module can be arranged in arbitrary end or the local device of distributed system; The operation control module is usually located in the local device.
Wherein, for further strengthening security, when the signature engine library module is arranged in arbitrary end of distributed system, safety control may further include the encryption and decryption module, be used for being kept in the signature engine library module 604 after the registration signing messages encryption with signature engine module 603 structures, also be used for the registration signing messages that signature engine module 603 is extracted is decrypted processing, and the registration signing messages after will deciphering feeds back to the signature engine module.This encryption and decryption module can be integrated in the signature engine module 603, and is perhaps independent separately with signature engine module 603, is arranged in arbitrary end or the local device of distributed system.
The above-mentioned specific implementation that is screen unlock method and data access control method among the present invention.By as seen above-mentioned, in the present invention, use signature to carry out release and verify data accessed content.Wherein, the user's of image data signature mode is multifarious, can comprise the handwriting input of two dimensional surface, and felt pen input etc. comprise that also movement locus input and the gesture of three-dimensional equipment catches input etc.The equipment of gathering signature also is multifarious, can make local device, also can be each terminal device in the distributed system.After obtaining signed data, the storehouse of will signing is used for release, has enriched the mode of release, also demonstrates fully the exclusive property of equipment and the personal relevance of release mode.
The above only is preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, is equal to replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (26)
1. a screen unlock method is characterized in that, this method comprises:
A, gather the signature character of user input in advance, the registration signing messages that structure is corresponding with the collection environmental facies is preserved;
B, when the screen release of carrying out equipment, gather the signature character of the current input of user, and according to gathering the registration signing messages of environment extraction with the corresponding preservation of this collection environment, the signature character of described current input and the registration signing messages of extraction are compared, the comparison unanimity is unlock screen then, otherwise does not carry out release.
2. method according to claim 1, it is characterized in that the signature character of collection comprises: a kind of or combination in any in the clerical type of the speed of the shape of incoming symbol, the continuity of input, input, the acceleration of input, the weight of starting to write, the orientation of incoming symbol, the three-dimensional degree of depth, input.
3. method according to claim 2, it is characterized in that, when the signature character of described collection comprises the clerical type of input and other signature characters except clerical type, the signature character of gathering the current input of user among the step B is: gather the clerical type feature of the current input of user according to gathering environment, again according to described other signature characters of the current input of this clerical type collection apparatus user.
4. method according to claim 1 is characterized in that, gathers environment to be: two dimension is gathered or the three dimensions collection.
5. method according to claim 1 is characterized in that, is three dimensions when gathering when gathering environment, and the mode of collection is: by the sensor collection or pass through video record.
6. method according to claim 1 is characterized in that, the signature character of gathering user's input in the steps A is: gather the signature character that the user repeatedly imports, described times of collection is set up on their own by user's input or equipment.
7. method according to claim 1 is characterized in that, is kept in the described equipment described signature enrolling information or other equipment that link to each other with described equipment, or is kept in arbitrary end of distributed environment.
8. method according to claim 1 is characterized in that, when the registration signing messages corresponding with gathering environmental facies preserved in the steps A, further the registration signing messages of preserving is encrypted processing;
Extract described in the step B with the registration signing messages of gathering the corresponding preservation of environment and be: to being decrypted processing with the registration signing messages of gathering the corresponding preservation of environment, extract the registration signing messages after deciphering again.
9. method according to claim 1, it is characterized in that, described in the step B registration signing messages of the signature character of current input and extraction compared and be the correlativity of calculating the registration signing messages of the signature character of current input and extraction, when the correlativity of the two is prescribed a time limit more than or equal to coincidence gate, judge that comparison is consistent, otherwise, judge that comparison is inconsistent; That described coincidence gate is limited to systemic presupposition or user's input.
10. a data access control method is characterized in that, this method comprises:
A, gather the signature character of user input in advance, the registration signing messages that structure is corresponding with gathering environmental facies is preserved, and is used for controlling the visit to sensitive data or application;
B, at the described sensitive data of visit or when using, the prompting user imports signature, and the signature character of the current input of collection user, extract the registration signing messages of gathering the corresponding preservation of environment with this according to gathering environment, the signature character of described current input and the registration signing messages of extraction are compared, the comparison unanimity then allows to visit described data or application, otherwise the described data of denied access or application.
11. method according to claim 10 is characterized in that, described sensitive data is the data of encrypting;
Judge the comparison unanimity in described step B after, this method further comprises: described sensitive data is decrypted.
12. method according to claim 11 is characterized in that, the mode that described sensitive data is encrypted is: utilize the signature character of gathering as key described sensitive data to be encrypted.
13. method according to claim 10, it is characterized in that the signature character of collection comprises: a kind of or combination in any in the clerical type of the speed of the shape of incoming symbol, the continuity of input, input, the acceleration of input, the weight of starting to write, the orientation of incoming symbol, the three-dimensional degree of depth, input.
14. method according to claim 13, it is characterized in that, when the signature character of described collection comprises the clerical type of input and other signature characters except clerical type, the signature character of gathering the current input of user among the step B is: gather the clerical type feature of the current input of user according to gathering environment, again according to described other signature characters of the current input of this clerical type collection apparatus user.
15. method according to claim 10 is characterized in that, gathers environment to be: two dimension is gathered or the three dimensions collection.
16. method according to claim 10 is characterized in that, is three dimensions when gathering when gathering environment, the mode of collection is: by the sensor collection or pass through video record.
17. method according to claim 10 is characterized in that, the signature character of gathering user's input in the steps A is: gather the signature character that the user repeatedly imports, described times of collection is by user or default.
18. method according to claim 10 is characterized in that, is kept in the described equipment described signature enrolling information or other equipment that link to each other with described equipment, or is kept in arbitrary end of distributed environment.
19. method according to claim 10 is characterized in that, when the registration signing messages corresponding with gathering environmental facies preserved in the steps A, further the registration signing messages of preserving is encrypted processing;
Extract described in the step B with the registration signing messages of gathering the corresponding preservation of environment and be: to being decrypted processing with the registration signing messages of gathering the corresponding preservation of environment, extract the registration signing messages after deciphering again.
20. method according to claim 10, it is characterized in that, described in the step B registration signing messages of the signature character of current input and extraction compared and be the correlativity of calculating the registration signing messages of the signature character of current input and extraction, when the correlativity of the two is prescribed a time limit more than or equal to coincidence gate, judge that comparison is consistent, otherwise, judge that comparison is inconsistent; That described coincidence gate is limited to systemic presupposition or user's input.
21. a safety control is characterized in that, this device comprises registration signature acquisition module, comparison signature acquisition module, signature engine module, signature engine library module and operation control module;
Described registration signature acquisition module, the signature character of gathering user's input in advance sends to described signature engine module;
Described comparison signature acquisition module is gathered the signature character of the current input of user, and the signature character that will gather environmental information and collection sends to described signature engine module;
Described signature engine module receives the signature character that described registration signature acquisition module is gathered, the registration signing messages that structure is corresponding with gathering environmental facies, and be kept at described signature engine library module; The signature character and the collection environmental information that also are used for active user's input of the described comparison signature of reception acquisition module collection, extract the registration signing messages of preserving in the described signature engine library module corresponding with gathering environment according to gathering environment, the signature character of described current input and the registration signing messages of extraction are compared, and comparison result is sent to described operation control module;
Described operation control module, be used for when the screen release of carrying out equipment or access sensitive data, application, trigger the collection of signing of described comparison signature acquisition module, and receive the comparison result that described signature engine module sends, unlock screen or allow the described data of visit, application when comparison is consistent, otherwise not unlock screen or the described data of denied access, application.
22. device according to claim 21 is characterized in that, described registration signature acquisition module is further carried out the operation of gathering signature character under the indication of described operation control module;
Described comparison signature acquisition module is further carried out the operation of gathering signature character under the direct triggering of described operation control module;
Described operation control module is further used for indicating described registration signature acquisition module to gather the registration signature of user's input in advance.
23. device according to claim 21 is characterized in that, described registration signature acquisition module is further carried out the operation of gathering signature character under the indication of described signature engine module;
Described comparison signature acquisition module is further carried out the operation of gathering signature character under the indication of described signature engine module;
Described operation control module is further used for triggering the comparison of signing of signature engine module, and triggers the collection of signing of described comparison signature acquisition module by described signature engine module;
The signature engine module further indicates described registration signature acquisition module to gather the registration signature of user's input in advance; Also be used under the triggering of described operation control module, trigger the collection of signing of described comparison signature acquisition module.
24. device according to claim 21 is characterized in that, described registration signature acquisition module is arranged in described equipment or links to each other with described equipment;
Described comparison signature acquisition module is arranged in described equipment or links to each other with described equipment;
Described signature engine module is arranged in arbitrary end or the described equipment of distributed system;
Described signature engine library module is arranged in arbitrary end or the described equipment of distributed system;
Described operation control module is arranged in described equipment.
25. device according to claim 24, it is characterized in that, when described signature engine library module is arranged in the arbitrary end of distributed system, described safety control further comprises the encryption and decryption module, be kept in the described signature engine library module after the described registration signing messages encryption that is used for described signature engine module is constructed, also be used for the described registration signing messages that described signature engine module is extracted is decrypted processing, and the registration signing messages after will deciphering feeds back to described signature engine module.
26. device according to claim 25 is characterized in that, described encryption and decryption module is arranged in described signature engine module, and is perhaps independent separately with described signature engine module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210054969.8A CN103294334B (en) | 2012-03-05 | 2012-03-05 | Unlocking screen data access control method and safety control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210054969.8A CN103294334B (en) | 2012-03-05 | 2012-03-05 | Unlocking screen data access control method and safety control |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103294334A true CN103294334A (en) | 2013-09-11 |
| CN103294334B CN103294334B (en) | 2017-03-01 |
Family
ID=49095322
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210054969.8A Active CN103294334B (en) | 2012-03-05 | 2012-03-05 | Unlocking screen data access control method and safety control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103294334B (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532910A (en) * | 2012-07-03 | 2014-01-22 | 北京三星通信技术研究有限公司 | Signature authentication method and apparatus of electronic device |
| CN104238950A (en) * | 2014-10-11 | 2014-12-24 | 广东欧珀移动通信有限公司 | Unlocking method and device based on handwriting |
| CN104317512A (en) * | 2014-10-16 | 2015-01-28 | 广州三星通信技术研究有限公司 | Terminal unlocking method and terminal unlocking device |
| CN105243304A (en) * | 2015-08-07 | 2016-01-13 | 厦门美图移动科技有限公司 | Mobile terminal unlocking method and apparatus |
| CN105550559A (en) * | 2015-12-03 | 2016-05-04 | 深圳市汇顶科技股份有限公司 | Gesture unlocking method and apparatus and mobile terminal |
| CN105608359A (en) * | 2015-10-30 | 2016-05-25 | 东莞酷派软件技术有限公司 | Unlocking verification method, unlocking verification apparatus and terminal |
| CN106022085A (en) * | 2016-05-19 | 2016-10-12 | 深圳市金立通信设备有限公司 | Terminal unlocking method and terminal |
| CN106022076A (en) * | 2016-07-12 | 2016-10-12 | 北京华大领创智能科技有限公司 | Signature authentication method, signature authentication device and system |
| CN106384146A (en) * | 2016-09-23 | 2017-02-08 | 北京华大智宝电子系统有限公司 | Financial IC card, payment system and payment method |
| CN106650371A (en) * | 2016-11-30 | 2017-05-10 | 捷开通讯(深圳)有限公司 | Electronic equipment encrypted through signature and unlocking method thereof |
| CN106919846A (en) * | 2015-12-25 | 2017-07-04 | 中国科学院上海高等研究院 | A kind of message-oriented middleware processing method and system |
| CN106980783A (en) * | 2016-01-18 | 2017-07-25 | 阿里巴巴集团控股有限公司 | unlocking method and device |
| CN107276962A (en) * | 2016-04-07 | 2017-10-20 | 北京得意音通技术有限责任公司 | A kind of dynamic password voice Verification System and method with reference to any gesture |
| CN107831945A (en) * | 2017-11-30 | 2018-03-23 | 北京集创北方科技股份有限公司 | Electronic equipment, display system and its integrated control device, safe verification method |
| CN109409066A (en) * | 2018-10-17 | 2019-03-01 | 北京壹人壹本信息科技有限公司 | Signature unlocking method, mobile terminal and storage medium |
| CN105681539B (en) * | 2015-12-28 | 2019-03-22 | 宇龙计算机通信科技(深圳)有限公司 | A kind of method, apparatus and terminal of unlock processing |
| CN110008670A (en) * | 2019-04-10 | 2019-07-12 | 深圳市能信安技术有限公司 | Identity identifying method and device based on hand-written password |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201167364Y (en) * | 2008-01-30 | 2008-12-17 | 深圳市戴文科技有限公司 | Mobile terminal with identification verification function |
| CN101490638A (en) * | 2006-07-21 | 2009-07-22 | 索尼爱产信移动通信股份有限公司 | Mobile electronic device with motion detection authentication |
| US7886355B2 (en) * | 2006-06-30 | 2011-02-08 | Motorola Mobility, Inc. | Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof |
| CN102117392A (en) * | 2009-12-30 | 2011-07-06 | 英特尔公司 | Gesture-based signature authentication |
-
2012
- 2012-03-05 CN CN201210054969.8A patent/CN103294334B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7886355B2 (en) * | 2006-06-30 | 2011-02-08 | Motorola Mobility, Inc. | Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof |
| CN101490638A (en) * | 2006-07-21 | 2009-07-22 | 索尼爱产信移动通信股份有限公司 | Mobile electronic device with motion detection authentication |
| CN201167364Y (en) * | 2008-01-30 | 2008-12-17 | 深圳市戴文科技有限公司 | Mobile terminal with identification verification function |
| CN102117392A (en) * | 2009-12-30 | 2011-07-06 | 英特尔公司 | Gesture-based signature authentication |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532910A (en) * | 2012-07-03 | 2014-01-22 | 北京三星通信技术研究有限公司 | Signature authentication method and apparatus of electronic device |
| CN104238950A (en) * | 2014-10-11 | 2014-12-24 | 广东欧珀移动通信有限公司 | Unlocking method and device based on handwriting |
| CN104238950B (en) * | 2014-10-11 | 2017-05-31 | 广东欧珀移动通信有限公司 | A kind of unlocking method and device based on written handwriting |
| CN104317512A (en) * | 2014-10-16 | 2015-01-28 | 广州三星通信技术研究有限公司 | Terminal unlocking method and terminal unlocking device |
| CN104317512B (en) * | 2014-10-16 | 2017-10-13 | 广州三星通信技术研究有限公司 | Terminal unlock method and device |
| CN105243304A (en) * | 2015-08-07 | 2016-01-13 | 厦门美图移动科技有限公司 | Mobile terminal unlocking method and apparatus |
| CN105243304B (en) * | 2015-08-07 | 2018-09-14 | 厦门美图移动科技有限公司 | A kind of unlocking method and device of mobile terminal |
| CN105608359A (en) * | 2015-10-30 | 2016-05-25 | 东莞酷派软件技术有限公司 | Unlocking verification method, unlocking verification apparatus and terminal |
| CN105550559A (en) * | 2015-12-03 | 2016-05-04 | 深圳市汇顶科技股份有限公司 | Gesture unlocking method and apparatus and mobile terminal |
| CN106919846B (en) * | 2015-12-25 | 2020-03-24 | 中国科学院上海高等研究院 | Message middleware processing method and system |
| CN106919846A (en) * | 2015-12-25 | 2017-07-04 | 中国科学院上海高等研究院 | A kind of message-oriented middleware processing method and system |
| CN105681539B (en) * | 2015-12-28 | 2019-03-22 | 宇龙计算机通信科技(深圳)有限公司 | A kind of method, apparatus and terminal of unlock processing |
| CN106980783A (en) * | 2016-01-18 | 2017-07-25 | 阿里巴巴集团控股有限公司 | unlocking method and device |
| CN107276962A (en) * | 2016-04-07 | 2017-10-20 | 北京得意音通技术有限责任公司 | A kind of dynamic password voice Verification System and method with reference to any gesture |
| CN107276962B (en) * | 2016-04-07 | 2023-04-07 | 北京得意音通技术有限责任公司 | Dynamic password voice authentication system capable of combining any gesture |
| CN106022085A (en) * | 2016-05-19 | 2016-10-12 | 深圳市金立通信设备有限公司 | Terminal unlocking method and terminal |
| CN106022076A (en) * | 2016-07-12 | 2016-10-12 | 北京华大领创智能科技有限公司 | Signature authentication method, signature authentication device and system |
| CN106384146A (en) * | 2016-09-23 | 2017-02-08 | 北京华大智宝电子系统有限公司 | Financial IC card, payment system and payment method |
| CN106650371A (en) * | 2016-11-30 | 2017-05-10 | 捷开通讯(深圳)有限公司 | Electronic equipment encrypted through signature and unlocking method thereof |
| CN107831945A (en) * | 2017-11-30 | 2018-03-23 | 北京集创北方科技股份有限公司 | Electronic equipment, display system and its integrated control device, safe verification method |
| WO2019104920A1 (en) * | 2017-11-30 | 2019-06-06 | 北京集创北方科技股份有限公司 | Electronic device, display system, integrated control device thereof, and security verification method |
| KR20200080300A (en) * | 2017-11-30 | 2020-07-06 | 칩원 테크놀로지(베이징) 컴퍼니 리미티드 | Electronic device, display system and integrated control device thereof, safety authentication method |
| CN109409066A (en) * | 2018-10-17 | 2019-03-01 | 北京壹人壹本信息科技有限公司 | Signature unlocking method, mobile terminal and storage medium |
| CN110008670A (en) * | 2019-04-10 | 2019-07-12 | 深圳市能信安技术有限公司 | Identity identifying method and device based on hand-written password |
| WO2020206734A1 (en) * | 2019-04-10 | 2020-10-15 | 深圳市能信安技术有限公司 | Handwritten password-based identity authentication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103294334B (en) | 2017-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103294334A (en) | Screen unlocking method, data access control method and security control device | |
| US11223619B2 (en) | Device, system, and method of user authentication based on user-specific characteristics of task performance | |
| US10558792B2 (en) | Touch-screen user key-press behavior pattern construction and analysis system and identity recognition method thereof | |
| US10476873B2 (en) | Device, system, and method of password-less user authentication and password-less detection of user identity | |
| Weiss et al. | PassShapes: utilizing stroke based authentication to increase password memorability | |
| US20130047236A1 (en) | Authentication system and method thereof | |
| Lewis et al. | Real time motion-based authentication for smartwatch | |
| Clark et al. | Engineering gesture-based authentication systems | |
| CN103677644A (en) | Unlocking method and system for smart mobile terminal | |
| CN104700007A (en) | Gesture impression password setting and application method | |
| Nader et al. | Designing touch-based hybrid authentication method for smartphones | |
| Agrawal et al. | Smart Authentication for smart phones | |
| CN107426397A (en) | Model training method and auth method based on user behavior feature | |
| Progonov et al. | Behavior-based user authentication on mobile devices in various usage contexts | |
| Chao et al. | Swipe gestures for user authentication in smartphones | |
| KR101435487B1 (en) | User device, method of using hidden page of the same and computer-readable recording medium | |
| Farmand et al. | Improving graphical password resistant to shoulder-surfing using 4-way recognition-based sequence reproduction (RBSR4) | |
| KR101453031B1 (en) | Log-in method, user device and computer-readable storage using fingerprint | |
| Tolosana et al. | MobileTouchDB: Mobile touch character database in the wild and biometric benchmark | |
| Gao et al. | Usability and security of the recall-based graphical password schemes | |
| Shinde et al. | PassMatrix-An authentication system to resist shoulder surfing attacks | |
| Mohamed et al. | Challenge-response behavioral mobile authentication: A comparative study of graphical patterns and cognitive games | |
| Li et al. | CDAS: a continuous dynamic authentication system | |
| Doja et al. | User authentication schemes for mobile and handheld devices | |
| Van Balen | Enhancing usability and security through alternative authentication methods |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |