CN107277046B - Anti-coercion password control method and device based on face recognition - Google Patents
Anti-coercion password control method and device based on face recognition Download PDFInfo
- Publication number
- CN107277046B CN107277046B CN201710610218.2A CN201710610218A CN107277046B CN 107277046 B CN107277046 B CN 107277046B CN 201710610218 A CN201710610218 A CN 201710610218A CN 107277046 B CN107277046 B CN 107277046B
- Authority
- CN
- China
- Prior art keywords
- user
- password
- feature data
- facial feature
- legal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention provides a method and a device for managing and controlling an anti-duress password based on face recognition; wherein the method is performed by a password administrator; the method comprises the following steps: receiving a duress signal sent by a legal user; the duress signal comprises a trigger signal sent by a legal user through a password controller, or a facial feature signal of the legal user acquired through a camera device; the binding relationship between the user password and the face feature data of the legal user is released, and the access authority of the user password is opened; monitoring the behavior information of the current user in the process of opening the access authority; the behavior information comprises a service provider in a running state on a terminal triggered by a current user, an extracted user password corresponding to the service provider, and image data of the current user acquired by a camera device; and recording the monitoring result. The invention improves the coercion resistance of the password management mode, thereby improving the security of password management.
Description
Technical Field
The invention relates to the technical field of password management and control, in particular to a method and a device for managing and controlling an anti-duress password based on face recognition.
Background
With the rapid development of information technology, more and more websites or application software bring great convenience to the life and work of people, however, password management and memory of each website or application software become a tedious task; in order to facilitate memory, part of users set different websites or application software into the same password, which undoubtedly causes certain hidden danger to the property safety of the users.
The existing password management mode mainly uses a recording mode, for example, the password of each website or application software is recorded on a paper file, or the password of each website or application software is recorded in a terminal and stored in a local or remote server; these password management approaches described above result in poor security due to lack of anti-duress when the user is stressed by a lawbreaker.
Aiming at the problem of poor safety of the password management mode, an effective solution is not provided yet.
Disclosure of Invention
In view of the above, the present invention provides a method and an apparatus for managing and controlling a duress password based on face recognition, so as to improve the duress of a password management manner and further improve the security of the password management.
In a first aspect, an embodiment of the present invention provides a method for managing and controlling an anti-duress password based on face recognition, where the method is executed by a password manager, and the password manager pre-stores facial feature data of a legitimate user and user passwords of one or more service providers bound to the facial feature data; the password management controller is in communication connection with an external terminal; the method comprises the following steps: receiving a duress signal sent by a legal user; the duress signal comprises a trigger signal sent by a legal user through a password controller, or a facial feature signal of the legal user acquired through a camera device; the binding relationship between the user password and the face feature data of the legal user is released, and the access authority of the user password is opened; monitoring the behavior information of the current user in the process of opening the access authority; the behavior information comprises a service provider in a running state on a terminal triggered by a current user, an extracted user password corresponding to the service provider, and image data of the current user acquired by a camera device; the service provider includes an application and/or a website; and recording the monitoring result.
With reference to the first aspect, an embodiment of the present invention provides a first possible implementation manner of the first aspect, where the method further includes: and sending the monitoring result to a remote server to trigger the server to generate alarm information.
With reference to the first aspect, an embodiment of the present invention provides a second possible implementation manner of the first aspect, where the step of monitoring the behavior information of the current user includes: collecting a reflection signal of the face of a current user; performing feature extraction on the reflected signal to generate face feature data of the current user; judging whether the facial feature data of the current user is matched with the facial feature data of the legal user; and if not, recording the image data of the current user.
With reference to the second possible implementation manner of the first aspect, an embodiment of the present invention provides a third possible implementation manner of the first aspect, where the step of monitoring the behavior information of the current user further includes: when a service provider in an operating state is monitored to exist on a terminal, extracting a user password corresponding to the service provider; a tag service provider and a user password.
With reference to the first aspect, an embodiment of the present invention provides a fourth possible implementation manner of the first aspect, where before receiving the duress signal sent by the legitimate user, the method further includes: when a starting instruction is received, acquiring a reflection signal of the face of a current user; judging whether the reflected signal is matched with the facial feature data of a legal user or not; if so, determining the identity information of the current user as a legal user; if not, the password controller is locked.
With reference to the fourth possible implementation manner of the first aspect, an embodiment of the present invention provides a fifth possible implementation manner of the first aspect, where the determining whether the reflected signal matches with facial feature data of a legitimate user includes: carrying out feature extraction processing on the reflection signal to generate face feature data of the current user; comparing the facial feature data of the current user with the facial feature data of the legal user to obtain a comparison result; judging whether the comparison result reaches a preset matching threshold value or not; if yes, determining that the reflected signal is matched with the pre-stored characteristic data of the legal user; if not, the reflected signal is determined not to match the pre-stored characteristic data of the legitimate user.
In a second aspect, an embodiment of the present invention provides a duress-prevention password management and control device based on face recognition, where the duress-prevention password management and control device is disposed on a password management and control device, and facial feature data of a legal user and user passwords of one or more service providers bound to the facial feature data are stored in advance on the password management and control device; the password management controller is in communication connection with an external terminal; the device includes: the signal receiving module is used for receiving a duress signal sent by a legal user; the duress signal comprises a trigger signal sent by a legal user through a password controller, or a facial feature signal of the legal user acquired through a camera device; the releasing module is used for releasing the binding relationship between the user password and the face characteristic data of the legal user and opening the access authority of the user password; the monitoring module is used for monitoring the behavior information of the current user in the process of opening the access authority; the behavior information comprises a service provider in a running state on a terminal triggered by a current user, an extracted user password corresponding to the service provider, and image data of the current user acquired by a camera device; the service provider includes an application and/or a website; and the recording module is used for recording the monitoring result.
With reference to the second aspect, an embodiment of the present invention provides a first possible implementation manner of the second aspect, where the apparatus further includes a sending module, configured to send the monitoring result to a remote server, so as to trigger the server to generate alarm information.
With reference to the second aspect, an embodiment of the present invention provides a second possible implementation manner of the second aspect, where the monitoring module includes: the signal acquisition unit is used for acquiring a reflection signal of the face of the current user; the feature extraction unit is used for extracting features of the reflected signals and generating face feature data of the current user; the interpretation unit is used for judging whether the facial feature data of the current user is matched with the facial feature data of the legal user; and the recording unit is used for recording the image data of the current user if the facial feature data of the current user is not matched with the facial feature data of the legal user.
With reference to the second possible implementation manner of the second aspect, an embodiment of the present invention provides a third possible implementation manner of the second aspect, where the monitoring module further includes: the password extraction module is used for extracting a user password corresponding to a service provider when the service provider in the running state is monitored to exist on the terminal; and the marking module is used for marking the service provider and the user password.
The embodiment of the invention has the following beneficial effects:
the embodiment of the invention provides an anti-stress password control method and device based on face recognition, wherein the method is executed by a password controller, and the password controller is pre-stored with face characteristic data of a legal user and user passwords of one or more service providers bound with the face characteristic data; when a duress signal triggered by a legal user through a password controller or acquired by a camera device is received, the binding relationship between a user password and facial feature data of the legal user is released, the access authority of the user password is opened, the behavior information of the current user is monitored, and the monitoring result is recorded; the method can ensure that the user can record the password information involved in the duress process while ensuring personal safety under the duress condition, thereby improving the duress resistance of the password management mode and further improving the security of the password management.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a first duress password management and control method based on face recognition according to an embodiment of the present invention;
fig. 2 is a flowchart of a second duress password management and control method based on face recognition according to an embodiment of the present invention;
fig. 3 is a flowchart of a third duress password management and control method based on face recognition according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an anti-duress password management and control device based on face recognition according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a password manager according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a password manager according to an embodiment of the present invention.
Icon: 500-a password management device; 502-a camera device; 504-display screen; 506-a communication device; 600-a main body housing; 602-start button; 604-password confirmation button; 606-support frame.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In consideration of the problem of poor security of the existing password management mode, the embodiment of the invention provides a method and a device for managing and controlling an anti-duress password based on face recognition; the technology can be applied to unified storage, extraction and management of various applications or website passwords; the techniques may be implemented in associated software and hardware, as described by way of example below.
The first embodiment is as follows:
referring to a flowchart of a first coercion-prevention password management and control method based on face recognition shown in fig. 1, the method is executed by a password manager, and facial feature data of a legal user and user passwords of one or more service providers bound with the facial feature data are stored on the password manager in advance; the password management controller is in communication connection with an external terminal; the method comprises the following steps:
step S102, receiving a duress signal sent by a legal user; the duress signal comprises a trigger signal sent by a legal user through a password controller, or a facial feature signal of the legal user acquired through a camera device;
specifically, when a legal user is forced by an illegal molecule to use the password manager to extract a password, a signal that the legal user is forced can be obtained in the following two ways:
the first method is as follows: a hidden or disguised key is arranged on the password controller, and when a user presses the key, the password controller receives the stress signal; the user can press the key in various preset forms, such as long pressing, several continuous short pressing, or the long pressing and the short pressing alternate according to a certain rule; the method can obtain a stress signal which is stable and accurate;
the second method comprises the following steps: acquiring a reflection signal of the face of a legal user through a password management controller or a camera device connected with a terminal, and processing the reflection signal to obtain a corresponding face characteristic signal; the facial feature signal contains preset static or dynamic expression information; for example, static facial expression information may be a single closed-eye and closed-mouth expression, and dynamic facial expression information may be continuous lip movements, regular blinking, and the like; the method can rapidly acquire the duress signal without additional hand operation.
Step S104, removing the binding relation between the user password and the face feature data of the legal user, and opening the access authority of the user password;
when a legal user is stressed by an illegal molecule, on one hand, the requirement of the illegal molecule is matched to ensure the personal safety of the legal user to the maximum extent, on the other hand, the process that the legal user is stressed is recorded as much as possible, and meanwhile, relevant evidence is collected to enable follow-up help police to solve the case and recover the loss of the legal user. Based on the reason, the binding relationship between the user password and the face feature data of the legal user is released, so that the personal safety of the legal user is prevented from being threatened after the password controller is locked when the face feature data of the legal user cannot be acquired.
Step S106, monitoring the behavior information of the current user in the process of opening the access authority; the behavior information comprises a service provider in a running state on a terminal triggered by a current user, an extracted user password corresponding to the service provider, and image data of the current user acquired by a camera device; the service provider includes an application and/or a website;
and step S108, recording the monitoring result.
The embodiment of the invention provides a coercion-preventing password control method based on face recognition, which is executed by a password controller, wherein the password controller is pre-stored with face characteristic data of a legal user and user passwords of one or more service providers bound with the face characteristic data; when a duress signal triggered by a legal user through a password controller or acquired by a camera device is received, the binding relationship between a user password and facial feature data of the legal user is released, the access authority of the user password is opened, the behavior information of the current user is monitored, and the monitoring result is recorded; the method can ensure that the user can record the password information involved in the duress process while ensuring personal safety under the duress condition, thereby improving the duress resistance of the password management mode and further improving the security of the password management.
Example two:
referring to a flowchart of a second duress password management and control method based on face recognition shown in fig. 2, the method is implemented on the basis of the duress password management and control method based on face recognition provided in the first embodiment, and the method includes the following steps:
step S202, receiving a duress signal sent by a legal user;
step S204, removing the binding relation between the user password and the face feature data of the legal user, and opening the access authority of the user password;
when the password manager opens the access right of the user password due to the duress signal, the password manager generally needs to collect all operations (including operations on the password manager and operations on the terminal) of the current user (including duress legal users and illegal users) and image data of the illegal users; in this embodiment, an example of determining whether to acquire image data of an illegal user, and then acquiring a service provider triggered to operate by a current user and a corresponding password is described.
Step S206, in the process of opening the access authority, collecting a reflection signal of the face of the current user;
step S208, extracting the characteristics of the reflected signals to generate the facial characteristic data of the current user;
step S210, judging whether the facial feature data of the current user is matched with the facial feature data of the legal user; if yes, go to step S214; if not, executing step S212;
step S212, recording the image data of the current user and saving the image data to the monitoring result.
In practical implementation, the face of an illegal user may or may not appear in the shooting range of the shooting device; preferably, the password controller can be provided with a bidirectional camera to acquire image data in a wider environment range, and particularly, the possibility of acquiring face data of an illegal user can be increased.
Step S214, when the service provider in the running state is monitored to exist on the terminal, extracting a user password corresponding to the service provider;
in step S214, there are two cases, including that a service provider in an operating state exists on the monitoring terminal: monitoring that an application program in a foreground activation state or a background running state exists in a terminal; or; monitoring whether a browser in the terminal is in a foreground activation state or a background running state, and identifying a website in an open state in the browser.
Step S216, marking the service provider and the user password, and storing the service provider and the user password into a monitoring result.
Taking an example that an illegal molecule forces a legal user to log in a bank website for transferring money, when a password controller monitors that a browser on a terminal is in an activated state and the website in the browser in an opened state is an online bank of an A bank, the password controller extracts a user password corresponding to the online bank and marks the online bank and the user password to confirm that the user password is revealed.
And step S218, sending the monitoring result to a remote server to trigger the server to generate alarm information.
According to the coercion-preventing password control method based on the face recognition, when the password controller opens the access right of the user password due to the coercion signal, the image data of illegal molecules can be obtained by collecting and extracting the reflection signal of the face of the current user; the method comprises the steps that a service provider in an operating state on a terminal is monitored, and the service provider and a corresponding user password are marked, so that the leaked relevant password information can be confirmed; the method can ensure that the user can record the password information involved in the duress process while ensuring personal safety under the duress condition, thereby improving the duress resistance of the password management mode and further improving the security of the password management.
Example three:
referring to a flowchart of a third duress password management and control method based on face recognition shown in fig. 3, the method is implemented on the basis of the duress password management and control method based on face recognition provided in the first embodiment, and the method includes the following steps:
step S302, when a starting instruction is received, a reflection signal of the face of the current user is obtained;
specifically, the starting instruction may be an instruction for starting the password controller, and after the password controller is started, the reflected signal of the face of the current user is actively acquired; the starting instruction may also be an instruction for starting the authentication identity input by the user, for example, the user starts the instruction through a key set on the password manager, and after receiving the instruction, obtains a reflected signal of the current face of the user.
After obtaining the reflection signal of the face of the current user, whether the reflection signal is matched with the face feature data of a legal user needs to be judged, and the method specifically comprises the following steps:
step S304, carrying out feature extraction processing on the reflection signal to generate face feature data of the current user;
step S306, comparing the facial feature data of the current user with the facial feature data of the legal user to obtain a comparison result;
step S308, judging whether the comparison result reaches a preset matching threshold value; if yes, go to step S312; if not, executing step S310;
usually, the facial feature data includes feature data obtained by a plurality of feature extraction methods or extraction algorithms, and also includes feature data of a plurality of facial angles of the same legal user; in the actual matching process, the actual facial features of the legal user may change to a certain extent due to the reasons of makeup, wearing glasses, expression change, facing the distance, distance and the like of the camera device, and therefore, the actually acquired reflection signals may not be all the same as the pre-stored feature data of the legal user; for this reason, a matching threshold is set in this embodiment, and when the comparison result between the facial feature data of the current user and the facial feature data of the valid user is greater than the matching threshold, it is determined that the current user is the valid user.
Furthermore, different threshold values can be set for different feature data in consideration of different capabilities of the feature data obtained by multiple feature extraction modes or extraction algorithms to reflect facial features; for example, a higher threshold is set for important feature data, and only when the matching degree of the important feature data is higher, the current user can be determined to be a valid user; for another example, a higher threshold is set for the feature data corresponding to the front angle, and the current user can be determined to be a valid user only when the matching degree of the feature data corresponding to the front angle is higher.
Through the steps S304 to S308, the current user can be quickly and accurately identified, and the safety of the password controller is further guaranteed.
Step S310, determining that the reflected signal is not matched with the pre-stored feature data of the legal user; and locking the password controller.
Step S312, determining that the reflected signal is matched with the pre-stored feature data of the legal user; determining the identity information of the current user as a legal user;
for example, the password controller is usually disposed in front of the current user, and when the password controller receives an external trigger or a start instruction sent from the outside, the signal acquisition device acquires a reflected signal of the face of the current user; the reflection signal of the face can be an optical signal or an ultrasonic signal; the password controller judges whether the reflection signal is matched with facial feature data of a legal user, and if the reflection signal is matched with the facial feature data of the legal user, a user password corresponding to the facial feature data is extracted and output; if not, the password controller is locked.
In actual implementation, when the reflected signal is not matched with the facial feature data of a legal user, the current user is judged to be an illegal user, and in order to ensure the safety of the data in the password management and control device, the password management and control device is locked; the locked password manager does not receive or send any instruction or data within a certain time period.
If the legitimate user is forced to open the password controller, the duress signal sent by the legitimate user may be received during the execution of the above steps S302 to S312, and in this case, the password controller may not be locked no matter whether the reflected signal matches the pre-stored feature data of the legitimate user. In this embodiment, an example of receiving a duress signal sent by a valid user after determining that the identity information of the current user is the valid user is described.
Step S314, receiving a duress signal sent by a legal user;
step S316, the binding relationship between the user password and the face feature data of the legal user is released, and the access authority of the user password is opened;
step S318, monitoring the behavior information of the current user in the process of opening the access authority;
step S320, recording the monitoring result.
In addition, the face feature data of the legal user and the user passwords of one or more service providers bound with the face feature data, which are stored in the password manager in advance, can be obtained by the following modes:
step (1), collecting an identity of an appointed user and a reflection signal of the face of the appointed user;
the designated user may be a user or holder of the password manager; the number of the designated users can be one or more; the identity of the designated user may be identity information of the designated user, or account information corresponding to the designated user.
Step (2), extracting the characteristics of the reflected signals to generate face characteristic data corresponding to the identity of the designated user;
in actual implementation, multiple feature extraction modes can be adopted to obtain actual feature data of the target recognition object; specifically, when the reflection signal is an optical signal, the feature extraction method may include a statistical feature recognition method, a geometric feature recognition method, a connection mechanism-based recognition method, or the like; when the reflected signal is an ultrasonic signal, the feature extraction method includes calculating the BIN number of the reflected echo, the total energy of the echo, the distance from the starting point to the first peak, the amplitude of the first peak, the average sound area, and the like.
And (3) setting the designated user as a legal user, and storing the identity of the designated user and the facial feature data corresponding to the identity.
And (4) in the steps (1) to (3), the password manager acquires the facial feature data of the legal user in advance, and a data basis is provided for the subsequent matching of the facial feature data.
Step (4), receiving a password input by a legal user;
in actual implementation, a legal user can input a password to the password controller in various forms; for example, a button or a keyboard is arranged outside the password controller, or the password controller may be externally connected with the keyboard, and then a password is input into the password controller through the button or the keyboard; as another example, the password manager may be connected to an external processing device, such as a computer, in a wireless or wired manner, and the password may be input to the password manager through the external processing device.
Step (5), the face characteristic data of the legal user is used as an encryption key to encrypt the password;
the basic process of data encryption is to process the original plaintext file or data according to some algorithm to make it become an unreadable segment of code, usually called "ciphertext", so that it can only display the original content after inputting the corresponding key, and the purpose of protecting the data from being stolen and read by the illegal person is achieved through such a way. The reverse of this process is decryption, i.e., the process of converting the encoded information into its original data.
Therefore, in order to improve the security of the stored password in the actual implementation of the step (5), the password may be encrypted by using all or part of the facial feature data of the legitimate user or all or part of the processed facial feature data of the legitimate user as an encryption key.
And (6) binding and storing the encrypted password and the identity of the legal user.
When the password management and control device is shared by two or more legal users, the storage space in the password management and control device can be divided according to the identity of the legal user to form relatively independent storage space, and the storage space is identified through the identity.
In the steps (4) to (6), the face feature data of the legal user is used as the encryption key, so that the encryption key has uniqueness and better privacy, and compared with encryption by using an externally provided or randomly generated key, the security of the password is further improved.
In order to further improve the security of the password management and control device, the storage device in the password management and control device can be realized by encrypting a U disk; the encrypted USB flash disk is a USB flash disk with encryption and decryption protection functions on the content of the USB flash disk; the encryption U disk is embedded with overrun locking and overrun destroying functions, and as long as the face recognition of the current user within preset times is wrong, the U disk immediately enters a locking state and uploads a face photo of the current user, and then the encryption U disk destroys stored data; when the encrypted USB flash disk is formatted or destroyed (including mass production), a new sensitive data encryption key is automatically and randomly created by using a chip, so that the USB flash disk cannot be recovered to obtain important data before formatting or destruction; the encrypted U disk adopts an independent special file system (realized by a safety container principle), can effectively prevent malicious codes such as viruses and trojans from attacking, and fundamentally cuts off the way of infection and propagation of the viruses through the U disk. The encryption U disk adopts an advanced process, can perform safety protection on physical attacks such as SPA/DPA, probe/FIB (focused ion beam) detection, section, critical low voltage and the like, and prevents sensitive data from being leaked from the safety U disk. The data in the encrypted USB flash disk is encrypted through a hardware encryption chip which accords with the national password qualification and is stored on the USB flash disk in a ciphertext mode, high-strength protection is carried out on the data, the USB flash disk can be automatically locked when a non-holder accesses the USB flash disk, a data self-destruction function is provided, and password attempt and brute force cracking can be effectively prevented.
Example four:
corresponding to the above method embodiment, referring to fig. 4, a schematic structural diagram of an anti-duress password management and control device based on face recognition is shown, where the device is disposed in a password management and control device, and the password management and control device stores face feature data of a legal user and user passwords of one or more service providers bound to the face feature data in advance; the password management controller is in communication connection with an external terminal; the device includes:
the signal receiving module 40 is used for receiving a duress signal sent by a legal user; the duress signal comprises a trigger signal sent by a legal user through a password controller, or a facial feature signal of the legal user acquired through a camera device;
the releasing module 41 is used for releasing the binding relationship between the user password and the face feature data of the legal user and opening the access authority of the user password;
the monitoring module 42 is configured to monitor behavior information of a current user in an access right opening process; the behavior information comprises a service provider in a running state on a terminal triggered by a current user, an extracted user password corresponding to the service provider, and image data of the current user acquired by a camera device; the service provider includes an application and/or a website;
and a recording module 43, configured to record a monitoring result.
Further, the device further comprises a sending module, which is used for sending the monitoring result to a remote server so as to trigger the server to generate alarm information.
Further, the monitoring module includes: the signal acquisition unit is used for acquiring a reflection signal of the face of the current user; the feature extraction unit is used for extracting features of the reflected signals and generating face feature data of the current user; the interpretation unit is used for judging whether the facial feature data of the current user is matched with the facial feature data of the legal user; and the recording unit is used for recording the image data of the current user if the facial feature data of the current user is not matched with the facial feature data of the legal user.
Further, the monitoring module further includes: the password extraction module is used for extracting a user password corresponding to a service provider when the service provider in the running state is monitored to exist on the terminal; and the marking module is used for marking the service provider and the user password.
The invention provides a coercion-proof password control device based on face recognition, which is arranged on a password management and control device, wherein the password management and control device is pre-stored with face characteristic data of a legal user and user passwords of one or more service providers bound with the face characteristic data; when a duress signal triggered by a legal user through a password controller or acquired by a camera device is received, the binding relationship between a user password and facial feature data of the legal user is released, the access authority of the user password is opened, the behavior information of the current user is monitored, and the monitoring result is recorded; the method can ensure that the user can record the password information involved in the duress process while ensuring personal safety under the duress condition, thereby improving the duress resistance of the password management mode and further improving the security of the password management.
Example five:
referring to fig. 5, a schematic structural diagram of a password controller is shown; the password manager comprises the password management device 500, and further comprises an image pickup device 502, a display 504 and a communication device 506 which are respectively connected with the password management device.
In practical implementation, the communication device 506 may be used for the password controller to communicate with an external password requirement terminal, or may be used for the password controller to communicate with a remote server; it can be understood that the password management controller is also internally provided with a storage device connected with the password management device.
Referring to fig. 6, a specific structural diagram of a password controller is shown; the password pipe controller further comprises a main body case 600; the camera 502 and the display 504 are arranged on the main body casing; a start button 602 and a password confirmation button 604 are further arranged outside the main body casing 600; a support 606 is also provided on the rear surface of the main body case 600.
The camera 502 can be implemented by two near-infrared cameras.
The computer program product of the duress-proof password management and control method and device based on face recognition provided by the embodiment of the invention comprises a computer readable storage medium storing a program code, wherein instructions included in the program code can be used for executing the method described in the previous method embodiment, and specific implementation can be referred to the method embodiment, and is not described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and/or the apparatus described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In addition, in the description of the embodiments of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. An anti-stress password control method based on face recognition is characterized in that the method is executed by a password controller, wherein facial feature data of a legal user and user passwords of one or more service providers bound with the facial feature data are stored in the password controller in advance; the password management controller is in communication connection with an external terminal; the method comprises the following steps:
receiving a duress signal sent by the legal user; the duress signal comprises a trigger signal sent by the legal user through the password controller, or a facial feature signal of the legal user acquired through a camera device;
releasing the binding relationship between the user password and the facial feature data of the legal user, and opening the access authority of the user password;
monitoring the behavior information of the current user in the process of opening the access authority; the behavior information comprises a service provider in a running state on the terminal triggered by the current user, an extracted user password corresponding to the service provider, and image data of the current user acquired by the camera device; the service provider comprises an application and/or a website;
and recording the monitoring result.
2. The method of claim 1, further comprising: and sending the monitoring result to a remote server to trigger the server to generate alarm information.
3. The method of claim 1, wherein the step of monitoring the behavior information of the current user comprises:
collecting a reflection signal of the face of a current user;
performing feature extraction on the reflection signal to generate face feature data of the current user;
judging whether the facial feature data of the current user is matched with the facial feature data of the legal user;
and if not, recording the image data of the current user.
4. The method of claim 3, wherein the step of monitoring the behavior information of the current user further comprises:
when a service provider in an operating state is monitored to exist on the terminal, extracting a user password corresponding to the service provider;
tagging the service provider and the user password.
5. The method of claim 1, wherein before receiving the duress signal issued by the legitimate user, the method further comprises:
when a starting instruction is received, acquiring a reflection signal of the face of a current user;
judging whether the reflected signal is matched with the facial feature data of a legal user;
if so, determining the identity information of the current user as a legal user;
if not, the password controller is locked.
6. The method of claim 5, wherein said determining whether said reflected signal matches said facial feature data of a legitimate user comprises:
performing feature extraction processing on the reflection signal to generate facial feature data of the current user;
comparing the facial feature data of the current user with the facial feature data of a legal user to obtain a comparison result;
judging whether the comparison result reaches a preset matching threshold value or not;
if yes, determining that the reflected signal is matched with the pre-stored characteristic data of the legal user;
if not, the reflected signal is determined not to be matched with the pre-stored characteristic data of the legal user.
7. An anti-stress password control device based on face recognition is characterized in that the device is arranged on a password controller, and facial feature data of a legal user and user passwords of one or more service providers bound with the facial feature data are stored in the password controller in advance; the password management controller is in communication connection with an external terminal; the device comprises:
the signal receiving module is used for receiving the duress signal sent by the legal user; the duress signal comprises a trigger signal sent by the legal user through the password controller, or a facial feature signal of the legal user acquired through a camera device;
the releasing module is used for releasing the binding relationship between the user password and the facial feature data of the legal user and opening the access authority of the user password;
the monitoring module is used for monitoring the behavior information of the current user in the process of opening the access authority; the behavior information comprises a service provider in a running state on the terminal triggered by the current user, an extracted user password corresponding to the service provider, and image data of the current user acquired by the camera device; the service provider comprises an application and/or a website;
and the recording module is used for recording the monitoring result.
8. The apparatus according to claim 7, further comprising a sending module, configured to send the monitoring result to a remote server to trigger the server to generate alarm information.
9. The apparatus of claim 7, wherein the listening module comprises:
the signal acquisition unit is used for acquiring a reflection signal of the face of the current user;
the feature extraction unit is used for performing feature extraction on the reflection signal to generate face feature data of the current user;
the interpretation unit is used for judging whether the facial feature data of the current user is matched with the facial feature data of the legal user;
and the recording unit is used for recording the image data of the current user if the facial feature data of the current user is not matched with the facial feature data of the legal user.
10. The apparatus of claim 9, wherein the listening module further comprises:
the password extraction module is used for extracting a user password corresponding to a service provider when the service provider in the running state is monitored to exist on the terminal;
and the marking module is used for marking the service provider and the user password.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710610218.2A CN107277046B (en) | 2017-07-25 | 2017-07-25 | Anti-coercion password control method and device based on face recognition |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710610218.2A CN107277046B (en) | 2017-07-25 | 2017-07-25 | Anti-coercion password control method and device based on face recognition |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107277046A CN107277046A (en) | 2017-10-20 |
| CN107277046B true CN107277046B (en) | 2020-08-28 |
Family
ID=60079143
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710610218.2A Active CN107277046B (en) | 2017-07-25 | 2017-07-25 | Anti-coercion password control method and device based on face recognition |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107277046B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107743131A (en) * | 2017-11-20 | 2018-02-27 | 张博 | A kind of identity identifying method and device based on a variety of different types input composite sequence |
| CN107808151A (en) * | 2017-11-22 | 2018-03-16 | 维沃移动通信有限公司 | Bio-identification resume module method, device and mobile terminal |
| CN107944242B (en) * | 2017-11-22 | 2024-01-16 | 维沃移动通信有限公司 | Biological identification function disabling method and mobile terminal |
| CN107862194B (en) * | 2017-11-22 | 2019-10-18 | 维沃移动通信有限公司 | A kind of method, device and mobile terminal of safety verification |
| CN111882418A (en) * | 2020-04-16 | 2020-11-03 | 马上消费金融股份有限公司 | Identification method and device for financial behavior validity |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWM483471U (en) * | 2014-03-07 | 2014-08-01 | Univ Nat Taiwan Normal | An authorization system based on eye movement behavior |
| CN105120122A (en) * | 2015-06-29 | 2015-12-02 | 小米科技有限责任公司 | Alarm method and device |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102110320A (en) * | 2010-12-23 | 2011-06-29 | 汉王科技股份有限公司 | Coerce alarm method and entrance guard control equipment in entrance guard system |
| TWI523476B (en) * | 2011-10-19 | 2016-02-21 | 致伸科技股份有限公司 | Method for building up and authenticating account |
| CN102624699B (en) * | 2012-01-19 | 2015-07-08 | 歌尔声学股份有限公司 | Method and system for protecting data |
| CN202503545U (en) * | 2012-03-26 | 2012-10-24 | 广州商景网络科技有限公司 | Account security application system |
| CN102883049A (en) * | 2012-09-06 | 2013-01-16 | 广东欧珀移动通信有限公司 | Hidden alarm unlocking method for mobile terminal, and mobile terminal |
| US9734380B2 (en) * | 2015-09-30 | 2017-08-15 | Apple Inc. | Finger biometric sensor including capacitance change sensing pressure sensing circuit and related methods |
| CN105389493A (en) * | 2015-10-28 | 2016-03-09 | 广东欧珀移动通信有限公司 | Password management method and password management system |
| CN107066847A (en) * | 2015-12-07 | 2017-08-18 | 由田新技股份有限公司 | Identity verification method, device and system |
| CN106600786A (en) * | 2016-12-22 | 2017-04-26 | 林海 | Entrance guard passage management method combining biological recognition and password recognition |
| CN106603563A (en) * | 2016-12-30 | 2017-04-26 | 厦门市美亚柏科信息股份有限公司 | Information safety realization method and system based on biometric features identification |
-
2017
- 2017-07-25 CN CN201710610218.2A patent/CN107277046B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWM483471U (en) * | 2014-03-07 | 2014-08-01 | Univ Nat Taiwan Normal | An authorization system based on eye movement behavior |
| CN105120122A (en) * | 2015-06-29 | 2015-12-02 | 小米科技有限责任公司 | Alarm method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107277046A (en) | 2017-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107277046B (en) | Anti-coercion password control method and device based on face recognition | |
| KR102543623B1 (en) | Mobile security countermeasures | |
| US10693880B2 (en) | Multi-stage authentication of an electronic communication | |
| EP3005202B1 (en) | System and method for biometric authentication with device attestation | |
| US20100058479A1 (en) | Method and system for combating malware with keystroke logging functionality | |
| CN105554026A (en) | Electronic record information security management system | |
| DK2767922T3 (en) | Password Verification System | |
| CN105447357A (en) | Application processing method and terminal | |
| US8825728B2 (en) | Entering confidential information on an untrusted machine | |
| CN111800405A (en) | Detection method, detection device and storage medium | |
| CN112257007B (en) | Enterprise financial information management system | |
| CN111901567A (en) | Privacy protection method, device, equipment and computer readable storage medium | |
| CN113965419B (en) | Method and device for judging attack success through reverse connection | |
| CN107358084A (en) | The cloud storage method and apparatus of data | |
| CN117932583A (en) | Self-service terminal operation detection method and system based on data monitoring | |
| CN113965418A (en) | Attack success judgment method and device | |
| CN114553528A (en) | Internal and external network data safety transmission system and transmission method thereof | |
| CN112671700B (en) | Enterprise economic management information security system | |
| WO2007001237A2 (en) | Encryption system for confidential data transmission | |
| CN107249006A (en) | The authentication method and device of password use environment | |
| CN107094079B (en) | Method, device and equipment for opening terminal function | |
| CN107181766A (en) | The management-control method and device of log-on message | |
| CN107277047A (en) | Log-on message generation method and device | |
| CN107241197A (en) | Password management-control method, device and password management and control device | |
| CN101123506B (en) | Sensitive information monitoring and automatic recovery system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |