CN112204933B - Electronic device for authenticating user and operating method thereof - Google Patents

Electronic device for authenticating user and operating method thereof Download PDF

Info

Publication number
CN112204933B
CN112204933B CN201980036723.8A CN201980036723A CN112204933B CN 112204933 B CN112204933 B CN 112204933B CN 201980036723 A CN201980036723 A CN 201980036723A CN 112204933 B CN112204933 B CN 112204933B
Authority
CN
China
Prior art keywords
electronic device
information
biometric information
biometric
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201980036723.8A
Other languages
Chinese (zh)
Other versions
CN112204933A (en
Inventor
张闻秀
金炯奭
李达姆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Priority claimed from PCT/KR2019/006490 external-priority patent/WO2019231252A1/en
Publication of CN112204933A publication Critical patent/CN112204933A/en
Application granted granted Critical
Publication of CN112204933B publication Critical patent/CN112204933B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0609Buyer or seller confidence or verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Biomedical Technology (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Development Economics (AREA)
  • User Interface Of Digital Computer (AREA)
  • Collating Specific Patterns (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
  • Telephone Function (AREA)

Abstract

Some embodiments of the present disclosure relate to an electronic device for authenticating a user using biometric information of the user and an operating method thereof. For example, an electronic device according to an embodiment may include a communication circuit, a biometric sensor, and a processor operatively connected to the communication circuit and the biometric sensor, the processor configured to: acquiring first biometric information of a user by using a biometric sensor; generating second biometric information for authenticating the user based on the concatenation of the first biometric information and the unique information corresponding to the user; and transmitting the second biometric information to an authentication server through a communication circuit, wherein the authentication server authenticates the fourth biometric information by comparing the fourth biometric information with the second biometric information, and wherein the fourth biometric information is generated based on a concatenation of the third biometric information and the unique information of the user.

Description

Electronic device for authenticating user and operating method thereof
Technical Field
Some embodiments of the present disclosure generally relate to an electronic device for authenticating a user by using biometric information of the user and an operating method thereof.
Background
Portable electronic devices such as smartphones are no longer limited to basic services such as calling or sending messages, but can now provide a variety of complex financial services, such as purchase and payment of products, recharging, withdrawal or remittance, etc.
In providing these financial services, an authentication method is often required to verify the identity of the user. The authentication method has evolved from passwords and passcodes to using biometric information of the user (e.g., fingerprints, etc.). Biometric information is more secure than traditional authentication methods (e.g., passwords) because it is almost impossible for others to steal biometric information.
In order to provide authentication using biometric information of a user, user authentication may be performed in a portable electronic device or a server. When the server is used, the server may receive biometric information of the user from the portable electronic device.
The above information is provided merely as background information to aid in the understanding of the present disclosure. No determination is made, nor is any assertion made, as to whether any of the above may be prior art to the present disclosure.
Disclosure of Invention
Solution to the problem
In the conventional biometric information-based authentication method without using a server, there is a disadvantage in that when a user uses a plurality of electronic devices, each electronic device must individually manage biometric information.
However, when using a server, another disadvantage is that a hacker may intercept biometric information when transmitting the biometric information between the server and the electronic device. This potential interception may present a significant security risk because biometric information cannot be modified or altered like a password. Thus, to prevent the user's biometric information from being intercepted by a hacker, the electronic device may send encrypted or otherwise converted biometric information to the server. However, even when the same user inputs own biometric information in the same electronic device, the biometric information acquired at different times may be slightly different due to, for example, subtle changes in the user's fingertip or the characteristics of the electronic device. Due to these subtle differences in the biometric information, the biometric information may be converted to an entirely different value when encrypted (e.g., when the biometric information is hashed). Thus, false negatives may be generated so that access may be denied even when the user inputs real biometric information.
According to an embodiment of the present disclosure, an electronic device may include a communication circuit, a biometric sensor, and a processor operatively connected to the communication circuit and the biometric sensor, the processor may be configured to: acquiring first biometric information of a user by using a biometric sensor; generating second biometric information for authenticating the user based on the concatenation of the first biometric information and the unique information corresponding to the user; and transmitting, by the communication circuit, the second biometric information to the authentication server, wherein the authentication server authenticates the fourth biometric information by comparing the fourth biometric information with the second biometric information, and wherein the fourth biometric information is generated based on a concatenation of the third biometric information and the unique information of the user.
According to an embodiment of the present disclosure, an electronic device may include a communication circuit, a biometric sensor, and a processor operably connected with the communication circuit and the biometric sensor, the processor may be configured to: receiving a request for performing a function requiring biometric information of a user; acquiring first biometric information by using a biometric sensor; generating second biometric information for authenticating the user based on the concatenation of the first biometric information and the unique information corresponding to the user; transmitting the second biometric information to an authentication server; receiving a signal from the authentication server indicating that the second biometric information is authenticated for a fourth biometric information, the fourth biometric information being generated based on a concatenation of the third biometric information and the unique information of the user; and performing the function in response to the signal being received.
Additional aspects of the disclosure will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the presented embodiments.
Drawings
The foregoing and other aspects, features, and advantages of certain embodiments of the disclosure will be more apparent from the following description, taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a block diagram of an electronic device in a network environment according to some embodiments of the present disclosure;
FIG. 2 is a schematic diagram illustrating a user authentication system utilizing biometric information according to an embodiment of the present disclosure;
FIG. 3 is a block diagram of an electronic device according to an embodiment of the present disclosure;
FIG. 4 is a block diagram of a processor according to an embodiment of the present disclosure;
fig. 5 is a block diagram illustrating data flow between a first electronic device, a second electronic device, and an authentication server according to an embodiment of the present disclosure;
fig. 6 is a flowchart illustrating a method of registering biometric information at an authentication server by a first electronic device according to an embodiment of the present disclosure;
FIG. 7 is a flowchart illustrating a method of acquiring, by a first electronic device, first biometric information as device-independent biometric information in accordance with an embodiment of the present disclosure;
Fig. 8 is a flowchart illustrating a method for obtaining second biometric information to be sent by a first electronic device to an authentication server, according to an embodiment of the present disclosure;
fig. 9 is a flowchart illustrating a method for obtaining second biometric information to be sent by a first electronic device to an authentication server, according to an embodiment of the present disclosure;
fig. 10 is a flowchart illustrating a method for obtaining second biometric information to be sent by a first electronic device to an authentication server, according to an embodiment of the present disclosure;
FIG. 11 is a flowchart illustrating a method of receiving, by a second electronic device, authentication of biometric information through an authentication server, according to an embodiment of the present disclosure;
fig. 12A and 12B are views illustrating different cascade (establishment) ratios according to attributes of functions to be performed by a second electronic device according to an embodiment of the present disclosure;
fig. 13 is a flowchart illustrating a method for obtaining fourth biometric information to be transmitted by a second electronic device to an authentication server, according to an embodiment of the present disclosure;
fig. 14 is a signal diagram illustrating signaling between a first electronic device and a plurality of external servers including an authentication server according to an embodiment of the present disclosure;
Fig. 15 is a signal diagram illustrating signaling between a second electronic device and a plurality of external servers including an authentication server according to an embodiment of the present disclosure;
FIG. 16A is a table showing a scenario when biometric information and unique information are cascaded with the same user using different devices according to a first cascade ratio, according to an embodiment of the present disclosure;
FIG. 16B is a table illustrating another scenario when biometric information and unique information are cascaded with the same user using different devices according to a first cascade ratio, according to an embodiment of the disclosure;
FIG. 16C is a table illustrating yet another scenario when biometric information and unique information are cascaded with the same user using different devices according to a first cascade ratio, according to an embodiment of the disclosure;
FIG. 16D is a table illustrating yet another scenario when biometric information and unique information are cascaded with the same user using different devices according to a first cascade ratio, according to an embodiment of the disclosure;
FIG. 17A is a table showing a scenario when biometric information and unique information are cascaded with the same user using different devices according to a second cascade ratio, according to an embodiment of the present disclosure;
FIG. 17B is a table illustrating another scenario when biometric information and unique information are cascaded with the same user using a different device according to a second cascade ratio, according to an embodiment of the disclosure;
FIG. 17C is a table illustrating yet another scenario when biometric information and unique information are cascaded with the same user using a different device according to a second cascade ratio, according to an embodiment of the disclosure;
FIG. 17D is a table illustrating yet another scenario when biometric information and unique information are cascaded with the same user using a different device according to a second cascade ratio, according to an embodiment of the disclosure;
FIG. 18 is a table showing a case where authentication fails when biometric information and unique information are concatenated with a user-free user using a different device according to a first cascade ratio according to an embodiment of the present disclosure;
fig. 19 is a schematic diagram illustrating a user authentication system using biometric information according to an embodiment of the present disclosure;
fig. 20 is a flowchart illustrating an operation of a first electronic device registering a reference image at an authentication server according to an embodiment of the present disclosure;
fig. 21 is a flowchart illustrating an operation of a second electronic device registering biometric information at an authentication server according to an embodiment of the present disclosure;
fig. 22A is a diagram illustrating a user interface of a first electronic device 1910 according to an embodiment of the present disclosure;
fig. 22B is a view illustrating a user interface of the first electronic device 1910 according to an embodiment of the present disclosure;
Fig. 22C is a diagram illustrating a user interface of a first electronic device 1910 according to an embodiment of the present disclosure;
fig. 22D is a view illustrating a user interface of the first electronic device 1910 according to an embodiment of the present disclosure;
fig. 23A is a diagram illustrating a user interface of a second electronic device 1920 according to an embodiment of the disclosure;
fig. 23B is a diagram illustrating a user interface of a second electronic device 1920 according to an embodiment of the disclosure; and
fig. 23C is a diagram illustrating a user interface of a second electronic device 1920 according to an embodiment of the disclosure.
For the drawings, the same or similar reference numerals are used for the same or similar elements.
Detailed Description
Some embodiments of the present disclosure relate to generating biometric information that is independent of features of a respective electronic device, and converting the biometric information by concatenating the biometric information that is independent of features of the electronic device with user identification information in order to reduce the likelihood that false negatives may occur during biometric authentication. Since false negatives are caused by entropy of input biometric information, entropy of the biometric information can be increased by concatenating the input biometric information with user information that is not affected by external factors. In this way, the likelihood of false negatives occurring during user authentication may be reduced.
Technical objects to be achieved by the present disclosure are not limited to the above objects, and other technical objects not mentioned may be clearly understood by those skilled in the art based on the following description.
Hereinafter, various embodiments herein will be described with reference to the accompanying drawings.
Fig. 1 is a block diagram illustrating an electronic device 101 in a network environment 100 according to various embodiments.
Referring to fig. 1, in a network environment 100, an electronic device 101 may communicate with an electronic device 102 via a first network 198 (e.g., a short-range wireless communication network) or with an electronic device 104 or server 108 via a second network 199 (e.g., a long-range wireless communication network). According to one embodiment, the electronic device 101 may communicate with the electronic device 104 via a server 108. According to one embodiment, the electronic device 101 may include a processor 120, a memory 130, an input device 150, a sound output device 155, a display device 160, an audio module 170, a sensor module 176, an interface 177, a haptic module 179, a camera module 180, a power management module 188, a battery 189, a communication module 190, a user identification module 196, or an antenna module 197. In some embodiments, at least one of these components (e.g., display device 160 or camera module 180) may be omitted, or one or more other components may be added to electronic device 101. In some embodiments, some of these components may be configured as integrated circuits. For example, the sensor module 176 (e.g., a fingerprint sensor, an iris sensor, or an illuminance sensor) may be embedded in the display device 160 (e.g., a display).
The processor 120 may run, for example, software (e.g., program 140) to control at least one other component (e.g., a hardware component or a software component) of the electronic device 101 that is connected to the processor 120, and may perform various data processing or arithmetic operations. According to one embodiment, as at least part of the data processing or operation, the processor 120 may load commands or data received from another component (e.g., the sensor module 176 or the communication module 190) into the volatile memory 132, may process the commands or data stored in the volatile memory 132, and may store the resulting data in the non-volatile memory 134. According to an embodiment, the processor 120 may include a main processor 121 (e.g., a central processor or an application processor) and an auxiliary processor 123 (e.g., a graphics processing unit, an image signal processor, a sensor hub processor, or a communication processor) that is operatively independent of or in combination with the main processor 121. Additionally or alternatively, the auxiliary processor 123 may be configured to use lower power than the main processor 121 or be dedicated to specified functions. The auxiliary processor 123 may operate separately from or as part of the main processor 121.
The auxiliary processor 123 may control at least some of the functions or states associated with at least one of the components of the electronic device 101 (e.g., the display device 160, the sensor module 176, or the communication module 190) when the main processor 121 is in an inactive (e.g., sleep) state, or the auxiliary processor 123 may control at least some of the functions or states associated with at least one of the components of the electronic device 101 (e.g., the display device 160, the sensor module 176, or the communication module 190) with the main processor 121 when the main processor 121 is in an active state (e.g., running an application). According to an embodiment, the auxiliary processor 123 (e.g., an image signal processor or a communication processor) may be configured as part of another component (e.g., the camera module 180 or the communication module 190) that is functionally related.
The memory 130 may store various data used by at least one component of the electronic device 101 (e.g., the processor 120 or the sensor module 176). The data may include, for example, software (e.g., program 140) and input data or output data regarding commands associated with the software. Memory 130 may include volatile memory 132 or nonvolatile memory 134.
The program 140 may be stored as software in the memory 130 and the program 140 may include, for example, an operating system 142, middleware 144, or applications 146.
The input device 150 may receive commands or data from outside the electronic device 101 (e.g., a user) to be used for components of the electronic device 101 (e.g., the processor 120). The input device 150 may include, for example, a microphone, a mouse, or a keyboard.
The sound output device 155 may output a sound signal to the outside of the electronic device 101. The sound output device 155 may include, for example, a speaker or a receiver. The speaker may be used for general purposes, such as for multimedia playback or audio playback, and the receiver may be used to receive incoming calls. According to one embodiment, the receiver may be configured separate from the speaker or as part of the speaker.
Display device 160 may visually provide information to an exterior (e.g., a user) of electronic device 101. The display device 160 may comprise, for example, a display, a holographic device or a projector, and a control circuit for controlling the respective devices. According to one embodiment, display device 160 may include touch circuitry configured to detect touches or sensor circuitry (e.g., pressure sensors) configured to measure the strength of forces generated by touches.
The audio module 170 may convert sound into electrical signals or, conversely, electrical signals into sound. According to one embodiment, the audio module 170 may obtain sound through the input device 150, or may output sound through the sound output device 155 or an external electronic device (e.g., the electronic device 102 (e.g., a speaker or earphone)) that is directly or wirelessly connected to the electronic device 101.
The sensor module 176 may detect an operational state (e.g., power or temperature) or an external environmental condition (e.g., a user's condition) of the electronic device 101 and may generate an electrical signal or data value corresponding to the detected state or condition. According to an embodiment, the sensor module 176 may include, for example, a gesture sensor, a gyroscope sensor, an atmospheric pressure sensor, a magnetic sensor, an acceleration sensor, a grip sensor, a proximity sensor, a color sensor, an Infrared (IR) sensor, a biometric sensor, a temperature sensor, a humidity sensor, or an illuminance sensor.
Interface 177 can support one or more specified protocols that can be used for electronic device 101 to connect directly or wirelessly to an external electronic device (e.g., electronic device 102). According to one embodiment, interface 177 may include, for example, a High Definition Multimedia Interface (HDMI), a Universal Serial Bus (USB) interface, an SD card interface, or an audio interface.
Connection end 178 may include a connector via which electronic device 101 may be physically connected with an external electronic device (e.g., electronic device 102). According to one embodiment, the connection end 178 may include, for example, an HDMI connector, a USB connector, an SD card connector, or an audio connector (e.g., a headphone connector).
The haptic module 179 may convert an electrical signal into a mechanical stimulus (e.g., vibration or motion) or an electrical stimulus that a user may perceive through a haptic or motor sensation. According to one embodiment, haptic module 179 may include, for example, a motor, a piezoelectric element, or an electronic stimulation device.
The camera module 180 may capture still images or moving images. According to one embodiment, the camera module 180 may include one or more lenses, an image sensor, an image signal processor, or a flash.
The power management module 188 may manage power supply to the electronic device 101. According to one embodiment, the power management module 188 may be configured as at least a portion of, for example, a Power Management Integrated Circuit (PMIC).
Battery 189 may power at least one component of electronic device 101. According to one embodiment, battery 189 may include, for example, a primary non-rechargeable battery, a secondary rechargeable battery, or a fuel cell.
The communication module 190 may support establishing a direct (e.g., wired) communication channel or a wireless communication channel between the electronic device 101 and an external electronic device (e.g., the electronic device 102, the electronic device 104, or the server 108) and performing communication via the established communication channel. The communication module 190 may include one or more communication processors capable of operating independently of the processor 120 (e.g., an application processor) and supporting direct (e.g., wired) or wireless communication. According to one embodiment, the communication module 190 may include a wireless communication module 192 (e.g., a cellular communication module, a short-range wireless communication module, or a Global Navigation Satellite System (GNSS) communication module) or a wired communication module 194 (e.g., a Local Area Network (LAN) communication module or a power line communication module). Among these communication modules, the corresponding communication module may communicate with external electronic devices through a first network 198 (e.g., a short-range wireless communication network including a Bluetooth, wi-Fi direct, or infrared data Association (IrDA) network) or a second network 199 (e.g., a long-range wireless communication network including a cellular network, the Internet, or a computer network (e.g., LAN or WAN)). These various types of communication modules may be integrated into one component (e.g., a single chip) or may be configured as multiple separate components (e.g., multiple chips). The wireless communication module 192 may use the user information (e.g., international Mobile Subscriber Identity (IMSI)) stored in the user identification module 196 to identify and authenticate the electronic device 101 within a communication network, such as the first network 198 or the second network 199.
The antenna module 197 may transmit a signal or power to the outside (e.g., an external electronic device), or may receive a signal or power from the outside. According to one embodiment, the antenna module 197 may include one or more antennas from which at least one antenna suitable for a communication scheme used in a communication network, such as by the communication module 190, may be selected, such as the first network 198 or the second network 199. Signals or power may be transmitted or received between the communication module 190 and the external electronic device via at least one selected antenna.
At least some of the components may be interconnected by a communication mode between peripheral devices (e.g., bus, general Purpose Input and Output (GPIO), serial Peripheral Interface (SPI), or Mobile Industrial Processor Interface (MIPI)), and may exchange signals (e.g., commands or data) with each other.
According to one embodiment, commands or data may be sent or received between the electronic device 101 and the external electronic device 104 via a server 108 connected to the second network 199. Each of the electronic devices 102 and 104 may be the same kind of device or a different kind of device than the electronic device 101. According to one embodiment, all or some of the operations performed by electronic device 101 may be performed by one or more of external electronic devices 102 or 104. For example, when the electronic device 101 needs to automatically perform a function or service, or upon request of a user or another device, the electronic device 101 may request at least one or more external electronic devices to perform at least a portion of the function or service in place of or in addition to autonomously performing the function or service. Upon receiving such a request, one or more external electronic devices may execute at least a portion of the requested function or service or additional functions or services associated with the request and may transmit the execution results thereof to the electronic device 101. The electronic device 101 may provide the results as at least part of the response to the request without any processing or via additional processing. For this purpose, cloud computing technology, distributed computing technology, or client-server computing technology, for example, may be used.
Fig. 2 is a schematic diagram illustrating a user authentication system using biometric information according to an embodiment of the present disclosure.
Referring to fig. 2, a user authentication system 200 using biometric information may include a first electronic device 210, a second electronic device 220, and an authentication server 230 (e.g., server 108 of fig. 1).
In an embodiment, the first electronic device 210 and the second electronic device 220 may be the electronic device 101 disclosed in fig. 1, respectively.
In an embodiment, the first electronic device 210 and the second electronic device 220 may be electronic devices used by the same user 240.
In an embodiment, the first electronic device 210 and the second electronic device 220 may be electronic devices owned by the same user at a given point in time. For example, the first electronic device 210 may be a smart phone owned by the user 240, and the second electronic device 220 may be a tablet computer owned by the user 240.
In another embodiment, the first electronic device 210 and the second electronic device 220 may be sequentially owned by the same user. For example, the user may replace the first electronic device 210 with the second electronic device 220 as his/her portable terminal (e.g., as his/her smartphone). User 240 may then discard first electronic device 210 or sell first electronic device 210 to another user.
In an embodiment, the first electronic device 210 may register biometric information of the user at the authentication server 230 to authenticate the user using the biometric information. In an embodiment, the first electronic device 210 can associate the biometric authentication with one or more functions that can be performed by the first electronic device 210. That is, the first electronic device 210 may be configured to first perform user authentication when requested to perform a specific function, and to perform the specific function only when the biometric authentication is successfully completed. In another embodiment, the first electronic device 210 may first perform user authentication after another electronic device (e.g., the second electronic device 220) receives a request to perform a specific function, and may request the authentication server 230 to perform the specific function only when the biometric authentication is successfully completed.
In an embodiment, the second electronic device 220 may transmit biometric information of the user to the authentication server 230, and may request authentication of the transmitted biometric information. That is, the first electronic device 210 may be a device that transmits reference biometric information to be used for authenticating biometric information transmitted by another electronic device (e.g., the second electronic device 220) to the authentication server 230, and the second electronic device 220 may be a device that requests the authentication server 230 to authenticate biometric information transmitted by the second electronic device 220 based on the reference biometric information transmitted by the other electronic device (e.g., the first electronic device 210) to the authentication server 230.
In an embodiment, the biometric information of the user registered by the first electronic device 210 on the authentication server 230 may be different from the biometric information of the user to be authenticated by the second electronic device 220. This may be due to normal and minor variations in the characteristics of the biometric information. However, since the received biometric information itself is not transmitted to the authentication server 230, but information processed based on the received biometric information (e.g., feature information extracted from the received biometric information) is transmitted, the same biometric information may be transmitted from the first electronic device 210 and the second electronic device 220 to the authentication server 230.
Hereinafter, the biometric information transmitted from the first electronic device 210 to the authentication server 230 is referred to as second biometric information, and the biometric information transmitted from the second electronic device 220 to the authentication server 230 is referred to as fourth biometric information. In a later part of the disclosure, the first biometric information will be described as the biometric information used in generating the second biometric information, and the third biometric information will be described as the biometric information used in generating the fourth biometric information.
In an embodiment, the biometric information of the user may include at least one of a fingerprint image, a facial image, an iris image, and voice data.
In an embodiment, the authentication server 230 may be a device that authenticates fourth biometric information received from the second electronic device 220 based on the second biometric information received from the first electronic device 210. The authentication server 230 may store the second biometric information received from the first electronic device 210 in a storage device of the authentication server 230. The authentication server may map the second characteristic statistical information received from the first electronic device 210 to the unique information of the user (or information paired with the unique information of the user) or the account information of the user, and may store the mapped information in a storage device of the authentication server 230. After storing the second biometric information, the authentication server 230 may receive the fourth biometric information, and may authenticate the fourth biometric information by comparing the received fourth biometric information with the second biometric information. The authentication server 230 may authenticate the fourth biometric information based on a result of comparing the fourth biometric information and the second biometric information. The authentication server 230 may determine that the fourth biometric information is successfully authenticated only when the fourth biometric information and the second biometric information have the same value, or may determine that the fourth biometric information is successfully authenticated only when a difference between the fourth biometric information and the second biometric information is within a predetermined range. The authentication server 230 may transmit a result of authenticating the fourth biometric information to the second electronic device 220.
In an embodiment, authentication server 230 may respond to a particular function. The specific function may refer to a function of a specific application. For example, when biometric authentication for executing a message application is required, the first electronic device 210 may transmit the second biometric information to a first authentication server corresponding to the message application. In another example, when biometric authentication is required for executing the financial application, the first electronic device 210 may send the second biometric information to a second authentication server corresponding to the financial application.
In another embodiment, a particular function may refer to a command of a particular application. For example, when biometric authentication is required for logging into a banking application, the first electronic device 210 may transmit second biometric information for logging into the first authentication server, which occurs when logging into the banking application. In another example, when biometric authentication is required for a money transfer in a banking application, the first electronic device 210 may send second biometric information for the money transfer to a second authentication server, which occurs when the money transfer occurs in the banking application. Since both login and money transfer are functions in the same banking application, the first electronic device 210 may transmit the second biometric information for login and the second biometric information for money transfer to an authentication server corresponding to the banking application.
Fig. 3 is a block diagram of an electronic device according to an embodiment of the present disclosure.
In an embodiment, the electronic device 300 may be the first electronic device 210 of fig. 2 or the second electronic device 220 of fig. 2.
In an embodiment, the electronic device 300 may include the wireless communication circuit 310, the biometric sensor 320 (e.g., the sensor module 176 of fig. 1), the memory 330 (e.g., the memory 130 of fig. 1), the camera 340 (e.g., the camera module 180 of fig. 1), the display 350 (e.g., the display device 160 of fig. 1), or the processor 120.
In an embodiment, the wireless communication circuit 310 may be used to send and receive data between the electronic device 300 and an external device (e.g., the authentication server 230 of fig. 2). For example, the wireless communication circuit 310 may include a communication module (e.g., the communication module 190 of fig. 1), or may be at least a portion of the communication module 190. In an embodiment, the electronic device 300 may transmit data generated or stored in the electronic device 300 to an external device by using the wireless communication circuit 310, and may receive commands or data from the external device. For example, the first electronic device 210 may generate second biometric information to be transmitted to an authentication server (e.g., the authentication server 230 of fig. 2), and may transmit the generated second biometric information to the authentication server 230 by using the wireless communication circuit 310. In another example, the second electronic device 220 may send fourth biometric information to the authentication server 230 to be sent to the authentication server 230, and may then receive a message from the authentication server 230 indicating that the fourth biometric information has been successfully authenticated by utilizing the wireless communication circuit 310.
In an embodiment, the biometric sensor 320 may sense (or acquire) biometric information of the user. In an embodiment, the biometric sensor 320 may include at least one of a fingerprint sensor, a facial recognition sensor, an iris sensor, and a microphone. For example, a fingerprint sensor may acquire or detect a fingerprint image of a user and capture it as biometric information of the user.
In an embodiment, the camera 340 may acquire an image of an external environment of the electronic device 300. For example, based on user manipulation, the camera 340 may acquire an image of a user's Identification (ID) card including user's unique identification information.
In an embodiment, the display 350 may visually provide information that is visible from outside the electronic device. For example, when the second electronic device 220 receives information indicating that authentication of the fourth biometric information is successfully completed from the authentication server 230, the second electronic device 220 may display a message indicating that authentication of the fourth biometric information is successfully completed through the display 350.
In an embodiment, the memory 330 may store commands regarding operations or functions performed by the electronic device 300, data generated in the electronic device, and/or data to be displayed (e.g., to a user) or transmitted to an external device (e.g., the authentication server 230). For example, the memory 330 may store biometric information of the user acquired through the biometric sensor 320, process the biometric information into first biometric information or second biometric information, and/or store the first biometric information or the second biometric information.
In an embodiment, the processor 120 may control the overall operation of the electronic device 300. For example, the processor 120 may generate or acquire first biometric information as device-independent biometric information based on the biometric information of the user acquired through the biometric sensor 320. In another example, as described below, the processor 120 may generate or obtain the second biometric information based on a concatenation of the first biometric information and the unique information corresponding to the user.
Fig. 4 is a block diagram of a processor according to an embodiment of the present disclosure.
Referring to fig. 4, the processor 120 may include a device-independent biometric information generator 410, a unique information concatenator 420, and a converter 430. Processor 120 may include a microprocessor or any suitable type of processing circuit, such as one or more general purpose processors (e.g., ARM-based processors), digital Signal Processors (DSPs), programmable Logic Devices (PLDs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs), graphics Processing Units (GPUs), video card controllers, etc. Further, it will be appreciated that when a general purpose computer accesses code to implement the processes illustrated herein, execution of the code converts the general purpose computer into a special purpose computer to perform the processes illustrated herein. Any of the functions and steps provided in the figures may be implemented in hardware, software, or a combination of hardware and software, and may be executed in whole or in part within programmed instructions of a computer. Unless an element of a claim herein is explicitly recited using the word "means for … …," the element will not be explained under the provision of 35u.s.c.112 (f). Furthermore, those skilled in the art will understand and appreciate that a "processor" or "microprocessor" may be the hardware in the claimed disclosure. In its broadest reasonable interpretation, the appended claims are subject matter consistent with 35u.s.c. ≡101.
The device-independent biometric information generator 410 may generate device-independent biometric information based on biometric information of the user received through a biometric sensor (e.g., the biometric sensor 320 of fig. 3). The device-independent biometric information may be biometric information in which information deviation caused by hardware or software specifications of the biometric sensor 320 included in an electronic device (e.g., the electronic device 300 of fig. 3) is removed. Hereinafter, the device-independent biometric information may be referred to as first biometric information or third biometric information.
In an embodiment, the device-independent biometric information generator may communicate with an external server to remove deviations in the user's biometric information from the biometric sensor 320. For example, the device-independent biometric information generator may receive data from a device-independent (DI) server for removing bias from the biometric sensor 320.
In another embodiment, the device-independent biometric information generator may receive data from the memory for removing bias from the biometric sensor 320.
The unique information concatenator 420 may concatenate the first biometric information (or the third biometric information) with unique information (identity information) corresponding to the user. In an embodiment, the unique information corresponding to the user may be the name or sex of the user, or may be information capable of identifying the user (e.g., korean resident registration number or u.s. Social security number). In an embodiment, the unique information corresponding to the user may be information of an image acquired by photographing a physical object (e.g., korean resident registration certificate or united states driver license) containing information for identifying the user. The unique information corresponding to the user may be referred to as a digital ID.
In an embodiment, the unique information cascade 420 may communicate with an external server to obtain unique information corresponding to a user. For example, the unique information cascade 420 may acquire unique information corresponding to a user from an Identification (ID) server. The unique information concatenator may transmit information of a Subscriber Identity Module (SIM) card installed in the electronic device 300 to the ID server, and may receive unique information of a user corresponding to the SIM card from the ID server.
In an embodiment, the unique information concatenator 420 may concatenate the information acquired from the ID server with the first biometric information (or the third biometric information). For this, the unique information concatenator 420 may extract the feature value from the information acquired by the ID server, and may combine the extracted feature value with the first biometric information. In another embodiment, the unique information concatenator 420 may receive the feature value extracted from the unique information of the user from the ID server.
The converter 430 may generate information that the first electronic device (e.g., the first electronic device 210 of fig. 2) is to send to an authentication server (e.g., the authentication server 230 of fig. 2). To this end, the converter 430 may convert information of a cascade of the first biometric information and unique information corresponding to the user. The information that the first electronic device 210 will send to the authentication server 230 may be referred to as second biometric information. The converter 430 may also generate information that the second electronic device (e.g., the second electronic device 220 of fig. 2) is to send to the authentication server 230 by transforming the information of the concatenation of the third biometric information and the unique information corresponding to the user. The information that the second electronic device 220 will send to the authentication server 230 may be referred to as fourth biometric information.
In an embodiment, the converter 430 may generate the second biometric information by performing a one-way transformation on the concatenated information. For example, the one-way transformation may include a biometric or key extraction method.
In an embodiment, the converter 430 may generate a biometric unique feature value or unique key as the second biometric information by performing a one-way transformation with respect to the concatenated information. When generating a unique key as the second biometric information, a public key/unique key algorithm may be used.
Fig. 5 is a block diagram illustrating data flow between a first electronic device, a second electronic device, and an authentication server according to an embodiment of the present disclosure.
Referring to fig. 5, a user authentication method using biometric information according to an embodiment of the present disclosure may be divided into a registration process and an authentication process. A registration process may be performed between a first electronic device (e.g., first electronic device 210 of fig. 2) and an authentication server (e.g., authentication server 230 of fig. 3), and an authentication process may be performed between a second electronic device (e.g., second electronic device 220 of fig. 2) and authentication server 230. As described above, the registration process and the authentication process may be performed by a unified user but using different devices (e.g., the first electronic device 210 and the second electronic device 220). Hereinafter, a registration process and an authentication process will be described, respectively. In the description related to fig. 5, index 1 and index 2 are added to reference numerals of respective elements included in the first electronic device 210 and the second electronic device 220 to distinguish the elements. For example, reference numeral 320-1 may be assigned to a biometric sensor of the first electronic device 210, and reference numeral 320-2 may be assigned to a biometric sensor of the second electronic device 220.
The registration process may be initiated or triggered by an input from a user of the first electronic device 210. The user's input may be associated with a particular function of the first electronic device 210. For example, the first electronic device 210 may receive a user input requesting to perform a particular function. In another example, the first electronic device 210 may receive user input to set biometric authentication with a particular function. That is, the first electronic device 210 may request biometric authentication when requesting to perform a specific function, and may perform the specific function only when the biometric authentication is successfully completed.
In an embodiment, the biometric information of the user registered in the registration process may correspond to a specific function. For example, biometric information registered at the authentication server 230 in response to the first function may be different from biometric information registered at the authentication server 230 in response to the second function. That is, the biometric information may be generated in different ways or based on different cascade proportions. In another example, biometric information for a first function may be stored in a first authentication server corresponding to the first function, and biometric information for a second function may be stored in a second authentication server corresponding to the second function.
In embodiments, the execution of a particular function may refer to the execution of a single application (e.g., shopping application, cloud application, etc.) installed in an electronic device, or may refer to the execution of one command (e.g., payment in shopping application) of a particular executing application installed in an electronic device. For example, when the electronic device is in a locked mode (e.g., a sleep mode including a power saving mode, a display locked mode, etc.), the first electronic device 210 may initiate a registration process of biometric information in response to receiving a user input to unlock the electronic device. In another example, the first electronic device 210 can initiate a registration process of biometric information in response to receiving user input requesting execution of the shopping application.
In an embodiment, the first electronic device 210 may receive user input for determining an attribute (or characteristic) of biometric authentication of a particular function. As described below, the attribute of the biometric authentication may be changed according to the cascade ratio of the first biometric information and the unique information corresponding to the user. For example, biometric authentication may depend largely on biometric information when the relative proportion of the first biometric information increases. In another example, biometric authentication may depend largely on the unique information of the user as the relative proportion of the unique information corresponding to the user increases. The first electronic device 210 may receive a user input indicating which of the biometric information and the unique information is to be more dependent. For example, the first electronic device 210 may receive a user input requesting a payment function for a shopping application, setting up a biometric authentication to take into account only 100% biometric information. In another example, the first electronic device 210 can receive a user input for setting up a biometric authentication for execution of a shopping application by reflecting biometric information about 80% and unique information corresponding to the user about 20%. In another embodiment, the first electronic device 210 may concatenate the first biometric information and the unique information corresponding to the user according to a default concatenation ratio (e.g., 5:5) regardless of user input.
In an embodiment, the registration process may be initiated by the first electronic device 210 as part of a setup process for the electronic device. For example, the registration process may be initiated when the user initially sets the first electronic device 210 out of the box.
In an embodiment, in response to receiving a user input associated with a particular function, the first electronic device 210 may receive biometric information of the user through the biometric sensor 320-1. The first electronic device 210 may activate the biometric sensor 320-1 (which biometric sensor 320-1 may also be deactivated at that time) and may output a message informing the first electronic device 210 that the biometric information of the user is ready to be acquired.
In an embodiment, the biometric information of the user received through the biometric sensor 320-1 may be sent to the processor 120-1 or the device-independent biometric information generator 410-1 (which is part of the processor 120-1). Processor 120-1 or device-independent biometric information generator 410-1 may receive data from DI server 510 for removing changes in biometric information caused by biometric sensor 320-1.
In an embodiment, DI server 510 may be connected to a plurality of client devices. DI server 510 may receive a data request from at least one client device for calibrating biometric information and may provide the requested data in response to receiving the data request. In this context, calibrating biometric information may refer to removing deviations caused by device-specific characteristics of biometric sensors included in a client device. DI server 510 may include a database that stores data mapped onto a plurality of client devices or biometric sensors included in a plurality of client devices. The data may include parametric data for eliminating deviations caused by device-specific characteristics (i.e., hardware or software specifications) of each biometric sensor.
In an embodiment, the device-independent biometric information generator 410-1 may generate the first biometric information as the device-independent biometric information by using the biometric information of the user received from the biometric sensor 320-1 and the data received from the DI server 510. The device-independent biometric information generator 410-1 may generate the first biometric information by applying the data received from the DI server 510 to the biometric information of the user received from the biometric sensor 320-1. The first biometric information generated in the device-independent biometric information generator 410-1 may be transmitted to the unique information concatenator 420-1.
In an embodiment, the unique information concatenator 420-1 may concatenate the first biometric information with the unique information corresponding to the user. The unique information cascade 420-1 may acquire unique information corresponding to the user from the ID server 520. In an embodiment, the unique information cascade 420-1 may acquire unique information corresponding to the user itself from the ID server 520 and/or may receive a feature value extracted from the unique information corresponding to the user from the ID server 520. For example, the unique information concatenator 420-1 may acquire random bit (or random number) information generated by using unique information corresponding to the user as a seed from the ID server 520. When unique information corresponding to the user itself is acquired from the ID server 520, the unique information cascade 420-1 may extract a feature value from the acquired information.
The unique information cascade 420-1 may transmit a signal for requesting unique information from the ID server 520 before acquiring the unique information. The signal for requesting the unique information may include at least one of information related to a user identification module installed in the first electronic device 210 and an image (e.g., an image of a physical ID card) stored in the memory 330-1.
The unique information cascade 420-1 may transmit the first biometric information and cascade information of the unique information to the converter 430-1.
In an embodiment, the ID server 520 may be connected to a plurality of client devices. The ID server 520 may receive a request for unique information corresponding to a user of the client device from at least one client device, and may provide the requested information in response to the request. In an embodiment, the request for unique information may include information of a SIM card installed on the client device. For example, the ID server 520 may be a communication service operator server managed by a telecommunication service operator.
In an embodiment, the reason for concatenating the first biometric information with the unique information corresponding to the user is that the misrecognition in the biometric authentication is substantially dependent on the entropy of the biometric information entered by the biometric authentication. As the entropy of the biometric information input for biometric authentication decreases, the false recognition rate of biometric authentication may increase. Therefore, when information that is not affected by the outside (for example, unique information corresponding to the user) is concatenated with the biometric information for biometric authentication, entropy of the biometric information can be increased, and as a result thereof, the false recognition rate of the biometric authentication can be reduced.
In an embodiment, the converter 430-1 may generate the second biometric information to be transmitted to the authentication server 230 by converting information of a concatenation of the first biometric information and the unique information corresponding to the user. The converter 430 may generate a biometric unique feature value or unique key by performing a one-way transformation with respect to the concatenated information. In an embodiment, hint data may be generated simultaneously when converter 430-1 generates a unique key. In an embodiment, hint data generated during registration may be used as the underlying data when recovering the same key during authentication.
In an embodiment, the second biometric information generated by the converter 430-1 may be transmitted to the authentication server 230. The hint data may be additionally transmitted to the authentication server 230 according to the generation method of the second biometric information. In an embodiment, the account information of the user may be additionally transmitted to the authentication server 230. The user's account information may be transmitted to the authentication server 230 separately from the second biometric information (or hint data). For example, the user's account information may be transmitted to the authentication server 230 before the biometric information is received through the biometric sensor.
In an embodiment, the second biometric information may be stored in the storage device 530 of the authentication server 230. The second biometric information may be mapped to unique information of the user (or information corresponding to the unique information of the user) or account information of the user, and may be stored in the storage device 530 of the authentication server 230. In addition to the unique information of the user, the second biometric information may be mapped onto a specific function associated with the enrollment process and may be stored in the storage device 530 of the authentication server 230. In addition to the unique information of the user, the second biometric information may be mapped to information about a cascade scale (e.g., a scale used in generating the second biometric information) related to the second biometric information, and may be stored in the storage device 530 of the authentication server 230. The second biometric information stored in the storage device 530 may be provided to the matching unit 540 to determine whether the fourth biometric information transmitted from the second electronic device 220 is authenticated.
The authentication process may be initiated or triggered by user input using the second electronic device 220. The second electronic device 220 may be initiated or triggered by user input associated with a particular function. For example, the second electronic device 220 may receive user input for executing a shopping application or a cloud-based application. More specifically, the second electronic device 220 may receive user input requesting payment for a particular product in an executing shopping application, or may receive user input requesting downloading of data stored in a cloud server in an executing cloud application.
In an embodiment, the second electronic device 220 receiving the user input may attempt to connect to an external server (e.g., authentication server 230) corresponding to a particular function. The second electronic device 220 may send user account information corresponding to the user of the second electronic device 220 to the authentication server 230. For example, the second electronic device 220 receiving user input for executing the shopping application may attempt to connect to the authentication server 230 corresponding to execution of the shopping application in order to display an initial screen or initial user interface of the shopping application.
In an embodiment, the second electronic device 220 receiving the user input may attempt to connect to an external server (or authentication server 230) corresponding to a specific function, and may be requested by the external server (or authentication server 230) to perform biometric authentication first. For example, the authentication server 230 may recognize from the first electronic device 210 that the biometric authentication required to perform a specific function is set, and may transmit a message requesting the second electronic device 220 to first perform biometric information.
In an embodiment, the message sent by the authentication server 230 to the second electronic device 220 may include information about the cascade ratio between the biometric information and the unique information corresponding to the user. For example, the authentication server 230 may identify information about the cascading ratio corresponding to the specific function and the user account information from the storage device 530 of the authentication server 230, and may transmit the identified information to the second electronic device 220.
In an embodiment, a cascade ratio between the biometric information and the unique information corresponding to the user may be determined during the enrollment process. The cascade ratio between the biometric information and the unique information corresponding to the user may be determined based on user input in the registration process, or may be determined based on the attributes of the specific function.
In an embodiment, the second electronic device 220 may receive biometric information of the user through the biometric sensor 320-2 in response to a message for requesting to perform biometric authentication received from the authentication server 230. In another embodiment, the second electronic device 220 may retrieve biometric information of the user from the memory 330-2. For example, the information stored in the memory 330-2 may include biometric information for internal authentication of the second electronic device 220 (e.g., authentication for unlocking the second electronic device 220, etc.). Alternatively, the second electronic device 220 may compare the biometric information of the user received through the biometric sensor with the biometric information stored in the memory 330-2, and when the difference between the information falls within a specified range, the second electronic device 220 may provide the information stored in the memory 330-2 (i.e., the biometric information for internal authentication of the second electronic device 220) to the device-independent biometric information generator 410-2.
In an embodiment, the device-independent biometric information generator 410-2 may generate third biometric information as device-independent biometric information by using the biometric information of the user received from the biometric sensor 320-2 and the data received from the DI server 510.
In an embodiment, the unique information cascade 420-2 may cascade the third biometric information with the unique information corresponding to the user.
In an embodiment, the converter 430-2 may generate fourth biometric information to be transmitted to the authentication server 230 by converting information of a concatenation of the third biometric information and unique information corresponding to the user. The converter 430-2 may generate a biometric unique feature value or unique key by performing a one-way transformation with respect to the concatenated information. In an embodiment, the converter 430-2 may receive hint data corresponding to the user from the authentication server 230 before generating the fourth general information. The converter 430-2 may generate fourth biometric information to be more quickly transmitted to the authentication server 230 by using the received hint data.
In an embodiment, the converter 430-2 may send fourth biometric information to the authentication server 230. For example, when the converter 430-2 generates the biometric unique feature value as the fourth biometric information, the converter 430-2 may transmit the biometric unique feature value to the authentication server 230. In another example, the converter 430-2 may derive the public key and the unique key from the biometric unique feature value and may send information to the authentication server 230 that is electronically signed by using the unique key.
In an embodiment, the authentication server 230 receiving the fourth biometric information may determine whether the fourth biometric information is authenticated by using the second biometric information. Accordingly, the authentication server 230 may authenticate the fourth biometric information with respect to the second biometric information. In an embodiment, the authentication server 230 may authenticate the fourth biometric information based on a result of comparing the second biometric information and the fourth biometric information. For example, the authentication server 230 may determine that the fourth biometric information is successfully authenticated with respect to the second biometric information only when the fourth biometric information is identical to the second biometric information. In another example, the authentication server 230 may determine that the fourth biometric information is successfully authenticated for the second biometric information only when the difference between the fourth biometric information and the second biometric information falls within a specified range.
Fig. 6 is a flowchart illustrating a method of registering biometric information at an authentication server by a first electronic device according to an embodiment of the present disclosure.
The operations disclosed in fig. 6 may be performed by a first electronic device (e.g., first electronic device 210) or a processor of a first electronic device (e.g., processor 120-1). Hereinafter, the operation disclosed in fig. 6 is described as being performed by the first electronic device 210.
The operations disclosed in fig. 6 may be performed on a designated area of a processor dedicated to software security.
In operation 610, the first electronic device 210 may obtain first biometric information of the user by using a biometric sensor (e.g., the biometric sensor 320-1 of fig. 3). In an embodiment, the first biometric information may be biometric information of the user received by the biometric sensor 320-1 and from which the sensor-induced bias is removed.
The first electronic device 210 may receive user input associated with a particular function prior to acquiring the first biometric information. For example, when a request to perform a specific function is received, the first electronic device 210 may request biometric authentication, and may perform the specific function only when the biometric authentication is successfully completed. To accept the biometric information, the first electronic device 210 may activate the biometric sensor 320-1 (if it has been disabled at this time) and may output a message on the display stating "put thumb on fingerprint sensor".
At operation 620, the first electronic device 210 may obtain unique information corresponding to the user. In an embodiment, the first electronic device 210 may provide information of the SIM card installed on the first electronic device 210 to the ID server, and may acquire unique information of the user corresponding to the SIM card from the ID server (e.g., the ID server 520 of fig. 5). For example, the unique information may be a name, resident registration number, sex, age, etc. of the user corresponding to the SIM card. In another embodiment, the first electronic device may acquire unique information corresponding to the user based on information acquired by using the sensor. For example, the first electronic device may photograph a physical ID card including unique identification information of the user with a camera, and may acquire the unique information of the user by using the photographed image. For example, the first electronic device may acquire unique information corresponding to the user from the photographed image by using an Optical Character Recognition (OCR) technique. In yet another embodiment, the first electronic device may obtain the unique information corresponding to the user by using information about the IP address of the first electronic device.
In operation 630, the first electronic device 210 may acquire second biometric information for authenticating the user based on the concatenation of the first biometric information and the unique information (or the feature value extracted from the unique information). In an embodiment, the first electronic device 210 may concatenate the first biometric information and the unique information in a specified ratio, and may acquire the second biometric information by performing a one-way transformation on the concatenated information.
In an embodiment, the first electronic device 210 may concatenate the first biometric information and the unique information in a specified ratio, and may acquire a piece of second biometric information by performing a one-way transformation on the concatenated information.
In another embodiment, the first electronic device 210 may concatenate the first biometric information and the unique information in a plurality of specified proportions, and may acquire a plurality of pieces of second biometric information by performing a one-way transformation on the concatenated information. For example, the first electronic device 210 may be configured to provide a plurality of predetermined cascading ratios (e.g., 0:10, 1:99:1, 10:0) to concatenate the first biometric information and the unique information, and may obtain a plurality of pieces of second biometric information by performing a one-way transformation on the concatenated information.
At operation 640, the first electronic device 210 may send the second biometric information to an authentication server (e.g., authentication server 230 of fig. 2). In operation 640, the first electronic device 210 may transmit the second biometric information to the authentication server 230 so that the authentication server 230 authenticates the fourth biometric information of the user acquired from another electronic device. The fourth biometric information may be information generated based on a concatenation of biometric information of the user received from a biometric sensor of the other electronic device and unique information of the user. That is, the first electronic device 210 may transmit the second biometric information to the authentication server 230 such that the second biometric information is used as a reference for authentication of the fourth biometric information.
In an embodiment, the first electronic device 210 may additionally transmit information indicating a cascade ratio between the first biometric information and the unique information to the authentication server 230. That is, the first electronic device 210 may transmit information indicating what cascade ratio is used to generate the second biometric information to the authentication server 230.
In an embodiment, the first electronic device 210 may additionally send account information of the user to the authentication server 230.
In an embodiment, the first electronic device 210 may receive a signal from the authentication server 230 indicating that the second biometric information is registered on the authentication server 230. For example, the first electronic device 210 may receive information from the authentication server 230 indicating that the authentication server 230 has associated the second biometric information with account information (or with a particular function) of the user, and has stored the information.
Fig. 7 is a flowchart illustrating a method of acquiring, by a first electronic device, first biometric information as device-independent biometric information in accordance with an embodiment of the present disclosure.
Fig. 7 is a detailed flowchart of operation 610 of fig. 6.
In operation 710, the first electronic device 210 may receive input of biometric information of the user through the biometric sensor 320-1. For example, the first electronic device 210 may acquire a digital image of a user's fingerprint through a fingerprint sensor.
In operation 720, the first electronic device 210 may receive information for removing the deviation caused by the biometric sensor 320-1 from the input biometric information from a DI server (e.g., DI server 510 of fig. 5). For example, the first electronic device 210 may transmit identification information (e.g., international Mobile Equipment Identification (IMEI) information) of the first electronic device 210 or information (e.g., model name, manufacturer, manufacturing version, etc.) of the biometric sensor 320-1 for receiving input of the biometric information of the user in operation 710 to the DI server 510, and may then receive information for removing the deviation from the DI server 510.
In operation 730, the first electronic device 210 may acquire the first biometric information as device-independent biometric information based on the received information. For example, the first electronic device 210 may acquire the first biometric information as device-independent biometric information by applying the data received from the DI server 510 to the biometric information of the user received from the biometric sensor 320-1.
Fig. 8 is a flowchart illustrating a method for acquiring second biometric information to be transmitted by a first electronic device to an authentication server according to an embodiment of the present disclosure.
Fig. 8 is a detailed flowchart of operation 630 of fig. 6.
At operation 810, the first electronic device 210 can concatenate the first biometric information and the unique information corresponding to the user in a specified ratio. In an embodiment, the specified ratio may refer to a relative ratio between the length of the first biometric information and the length of the unique information.
In an embodiment, the first electronic device 210 may adjust the length of the unique information to concatenate the first biometric information and the unique information in a specified ratio. Unlike identification information (e.g., IMEI information) of a device having a fixed length, the length of unique information corresponding to a user can be adjusted.
In an embodiment, the specified ratio may be determined based on user input. The first electronic device 210 may receive a user input indicating a setting of which of the biometric information and the unique information is more prominent for biometric authentication for a specific function. For example, the first electronic device 210 may receive a user input requesting that the biometric authentication be set considering only about 100% of the biometric information, regardless of the unique information corresponding to the user. In another example, the first electronic device 210 may receive a user input for setting biometric authentication by reflecting biometric information by about 80% and unique information corresponding to the user by about 20%.
In an embodiment, the specified ratio may vary depending on the properties of the application or the specified function that may be performed in one application. In this case, the ratio may not depend on user input.
In an embodiment, the attribute of the specific function may be at least one of content (or category) and importance of the specific function, frequency of use, and a predetermined security level.
For example, when the user sets biometric authentication for executing a messaging application, the cascade ratio between the first biometric information and the unique information may be 5:5. In another example, when the user sets up biometric authentication for executing a banking application, the cascade ratio between the first biometric information and the unique information may be 8:2. The messaging application may correspond to the category "living" and the banking application may correspond to the category "finance". Since the financial category requires relatively greater security than the life category, the proportion of biometric information may be increased.
In another example, when the user sets biometric authentication for a particular function that can be performed in the shopping application, the cascade ratio between the first biometric information and the unique information for the function in the shopping application that changes the number of ordered items may be 5:5. In another example, the cascade ratio between the first biometric information and the unique information for the function of paying for the ordered item may be 8:2. The function of changing the number of ordered items may correspond to an intermediate stage of "purchase goods", and the function of paying for ordered goods may correspond to a final stage of "purchase goods". Accordingly, the function of paying for ordered goods has a relatively high importance, and thus the proportion of biometric information for the function can be increased.
At operation 820, the first electronic device 210 may acquire second biometric information converted from the concatenated information. For example, the first electronic device 210 may obtain the second biometric information by performing a one-way transformation on the concatenated information.
The reason why the first electronic device 210 adjusts the ratio between the body-based information (e.g., the first biometric information) and the personal-information-based information (e.g., the unique information corresponding to the user) is that the ratio corresponds to a false recognition rate (FAR) and an authentication rate of the same user.
In an extreme example, if the first electronic device 210 concatenates the first biometric information and the unique information in a ratio of 0:10, false negatives may be improved because authentication is successful (independent of biometric information) when the same personal information is identified. However, in this case, since it cannot be guaranteed 100% that the same user is being identified as using the same personal information (for example, this may occur when a son uses a parent's smart phone), the authentication rate of the same user is inevitably reduced.
In another extreme example, if the first electronic device 210 is at 10:0 concatenates the first biometric information and the unique information, authentication can be successfully performed on any terminal (i.e., even if the user of the SIM of the terminal is different from the user corresponding to the SIM of the first electronic device) as long as the same biometric information is identified. In this case, since only the biometric information is considered, authentication of the same user can be ensured. But since the biometric information may have a minute difference due to the characteristics of the biometric information, false negatives may increase. Thus, biometric information from the same user that should be authenticated may be rejected instead.
As a result, the improvement of the false negative and the authentication of the same user have a trade-off relationship with each other, and the relationship can be realized according to the cascade ratio between the first biometric information and the unique information of the user. Thus, the cascade ratio between the first biometric information and the unique information of the user can be changed according to various policies as described above. Since the cascade ratio between the first biometric information and the unique information is a problem of selecting which of FAR improvement and authentication of the same user is given a greater weight, the cascade ratio can be determined according to the attribute of the specific function requesting the biometric authentication. In addition, the cascade ratio may be determined according to user input.
Fig. 9 is a flowchart illustrating a method for acquiring second biometric information to be transmitted by a first electronic device to an authentication server according to an embodiment of the present disclosure.
Fig. 9 is a detailed flowchart of operation 810 of fig. 8.
At operation 910, the first electronic device 210 may determine a cascading ratio between the first biometric information and the unique information based on the attribute of the function requesting biometric authentication.
In an embodiment, the function requesting biometric authentication may refer to a function associated with the user input received at the first electronic device 210 in operation 610. For example, when biometric authentication is required for executing a messaging application, the function of requesting biometric authentication may refer to the execution of the messaging application.
In an embodiment, the attribute of the function requesting biometric authentication may be at least one of content (or category) and importance of the function requesting biometric authentication, frequency of use, and a predetermined security level. The first electronic device 210 may determine at least one of the plurality of cascading ratios based on an attribute of the function requesting biometric authentication. For example, with respect to executing the functionality of the shopping application, the first electronic device 210 may determine that the category of the shopping application is shopping (or financial), and thus may be scaled from multiple cascades (e.g., 0:10, 1:9,9:1, 10:1) to determine the cascade ratio of 5:5. In another example, regarding the function of executing the setting application (the setting of the first electronic device 210 may be changed), the first electronic device 210 may recognize that the security level for executing the setting application is set to be highest, and thus, the cascade ratio 9:1 may be determined from a plurality of cascade ratios.
At operation 920, the first electronic device 210 may obtain second biometric information based on the determined cascade ratio. The first electronic device 210 may concatenate the first biometric information and the unique information at the determined concatenation proportion, and may acquire the second biometric information by unidirectional transformation of the concatenated information.
Fig. 10 is a flowchart illustrating a method for acquiring second biometric information to be transmitted by a first electronic device to an authentication server according to an embodiment of the present disclosure.
Fig. 10 is a detailed flowchart of operation 820 of fig. 8.
In operation 1010, the first electronic device 210 may acquire a biometric unique feature value or a unique key as the second biometric information by using the concatenated information.
In an embodiment, the first electronic device 210 may extract the biometric unique feature value from the concatenated information. In another embodiment, the first electronic device 210 may extract the unique key from the concatenated information by, for example, a fuzzy extraction method. In yet another embodiment, the first electronic device 210 may extract the biometric unique feature value from the concatenated information and may extract the unique key from the biometric unique feature value by, for example, a fuzzy extraction method.
In operation 1020, the first electronic device 210 may identify whether a unique key is obtained. When the acquisition of the unique key is identified, the first electronic device 210 may acquire hint data in operation 1030. The hint data may be used as the basis for recovering the same key during authentication. That is, the second electronic device 220 may recover the same key by using the hint data.
In operation 1030, when it is recognized that the unique key is not acquired, the first electronic device 210 does not acquire hint data and may proceed to the next step. That is, the hint data may be acquired only when the unique key is acquired.
Fig. 11 is a flowchart illustrating a method for authenticating biometric information by a second electronic device through an authentication server according to an embodiment of the present disclosure.
The operations disclosed in fig. 11 may be performed by a second electronic device (e.g., second electronic device 220) or a processor of a second electronic device (e.g., processor 120-2). Hereinafter, the operation illustrated in fig. 11 performed by the second electronic device 220 will be described.
The operations disclosed in fig. 11 may be performed on a specific area of the processor 120-2 dedicated to software security.
In operation 1110, the second electronic device 220 may be requested to perform a function that requires biometric authentication of the user. For example, the second electronic device 220 may receive user input for performing a function requiring biometric authentication of the user. In another example, the second electronic device 220 may be requested to perform a function requiring biometric authentication of the user according to a pre-stored command. In yet another example, the second electronic device 220 may be requested to perform a function requiring biometric authentication of the user by receiving data (e.g., a text message, a call, an update notification related to an application installed on the second electronic device, etc.) from an external device.
It may be predetermined whether biometric authentication of the user is required to perform a specific function. For example, the user may be preset to execute the message application only when the biometric authentication of the user is successfully completed. In another example, the user may be preset to approve payment via the user's account in the shopping application only when the user's biometric authentication is successfully completed.
In operation 1120, the second electronic device 220 may obtain third biometric information of the user by using a biometric sensor (e.g., the biometric sensor 320-2 of fig. 5). In an embodiment, the third biometric information may be the biometric information of the user received by the biometric sensor 320-2 and from which the deviation caused by the biometric sensor 320-2 is removed.
In operation 1130, the second electronic device 220 may acquire unique information corresponding to the user. In an embodiment, the second electronic device 220 may provide information about the SIM card installed on the second electronic device 220 to the ID server 520, and may acquire unique information of the user corresponding to the SIM card from the ID server 520. In another embodiment, the second electronic device 220 may acquire unique information corresponding to the user based on information acquired by using the sensor. For example, the second electronic device may photograph a physical ID card including unique identification information of the user with a camera, and may acquire the unique information of the user by using the photographed image. For example, the second electronic device 220 may acquire unique information corresponding to the user from the photographed image by using OCR technology.
In operation 1140, the second electronic device 220 may acquire fourth biometric information for authenticating the user based on the concatenation of the third biometric information and the unique information corresponding to the user. In an embodiment, the second electronic device 220 may concatenate the third biometric information and the unique information corresponding to the user in a specified ratio, and may acquire the fourth biometric information by performing unidirectional transformation on the concatenated information. In an embodiment, the second electronic device 220 may receive information on a specific cascade ratio for generating the fourth biometric information from the authentication server 230, and then may cascade the third biometric information and the unique information corresponding to the user at the specific cascade ratio.
In operation 1150, the second electronic device 220 may transmit fourth biometric information to the authentication server 230. In an embodiment, the second electronic device 220 may send the biometric unique feature value obtained by unidirectional transformation of the concatenated information to the authentication server 230. In another embodiment, the second electronic device 220 may derive the public key and the unique key from the biometric unique feature value and may send information to the authentication server 230 that is electronically signed by using the unique key.
In an embodiment, the second electronic device 220 may additionally transmit information about the cascade ratio related to the fourth biometric information (i.e., information about the cascade ratio on which the fourth biometric information is based) to the authentication server 230.
In operation 1160, the second electronic device 220 may receive information from the authentication server 230 indicating that the fourth biometric information is authenticated with respect to the second biometric information acquired from the other electronic device. In an embodiment, the second biometric information may be information sent from the first electronic device 210 to the authentication server 230. For example, when the fourth biometric information and the second biometric information are both the biometric unique feature values, the second electronic device 220 may receive information indicating that the fourth biometric information is identical to the second biometric information and that the fourth biometric information is successfully authenticated with respect to the second biometric information from the authentication server 230. In another example, when the second biometric information is information electronically signed with a public key and the fourth biometric information is information electronically signed with a corresponding private key, the second electronic device 220 may receive information from the authentication server 230 indicating that the fourth biometric information was successfully authenticated with respect to the second biometric information.
In operation 1170, the second electronic device 220 may perform the function. In an embodiment, the second electronic device 220 may perform the function in response to receiving information from the authentication server 230 indicating that the fourth biometric information was successfully authenticated for the second biometric information. For example, the second electronic device 220 may execute a messaging application or may approve payment in a shopping application. In another example, the second electronic device 220 may download data corresponding to a user account in the second electronic device in a cloud application.
Fig. 12A and 12B are views illustrating different cascade ratios according to attributes of functions to be performed by the second electronic device according to an embodiment of the present disclosure.
Referring to fig. 12A, the second electronic device 220 may receive a user input for requesting execution of a specific function (hereinafter, first function) requiring biometric authentication. For example, the second electronic device 220 may receive a user input for selecting an execution icon of the shopping application.
In an embodiment, the second electronic device 220 may identify that biometric authentication is required to perform the first function and may provide a message directing the user to perform the biometric authentication. For example, the second electronic device 220 may display a message 1210 stating "try biometric authentication to execute a shopping application". The message may be displayed through a pop-up window. The message may be provided in the form of a voice message. If biometric sensor 320-2 is deactivated at this time, second electronic device 220 may activate biometric sensor 320-2.
In an embodiment, the second electronic device 220 may generate fourth biometric information to be transmitted to the authentication server 230 by using the biometric information of the user received via the activated biometric sensor 320-2. The second electronic device 220 may generate fourth biometric information by utilizing the first cascade ratio. That is, the second electronic device 220 may generate third biometric information (which is device-independent biometric information) by using the biometric information of the user received via the activated biometric sensor, may concatenate the third biometric information and unique information corresponding to the user in a first cascade ratio, and may generate fourth biometric information by converting the concatenated information.
In an embodiment, the second electronic device 220 may send the fourth biometric information 0 to the authentication server 230 and may execute the shopping application in response to receiving information from the authentication server 230 indicating that the fourth biometric information is authenticated for the second biometric acquired from the other electronic device.
Referring to fig. 12B, the second electronic device 220 may receive a user input for requesting execution of a specific function (hereinafter, second function) requiring biometric authentication. For example, the second electronic device 220 may receive user input requesting payment for a particular product in an executing shopping application.
In an embodiment, the second electronic device 220 may identify that biometric authentication is required to perform the second function and may provide a message requesting the user to perform biometric authentication. For example, the second electronic device 220 may display a message 1220 stating "if you want to pay, please try biometric authentication". The message may be displayed through a pop-up window. The message may be provided in the form of a voice message. The second electronic device may activate the biometric sensor if the sensor is deactivated at this time.
In an embodiment, the second electronic device 220 may generate fourth biometric information to be transmitted to the authentication server 230 by using the biometric information of the user received via the activated biometric sensor 320-2. The second electronic device 220 may generate fourth biometric information by utilizing the second cascade ratio. That is, the second electronic device 220 may generate third biometric information (which is device-independent biometric information) by using the biometric information of the user received via the activated biometric sensor, may concatenate the third biometric information and unique information corresponding to the user in a second concatenation proportion, and may generate fourth biometric information by converting the concatenated information.
In an embodiment, in the second cascade proportion, the proportion of the unique information corresponding to the user to the entire information may be smaller than that in the first cascade proportion. That is, the ratio of the third biometric information to the entire information may be greater. In an embodiment, the first cascade ratio and the second cascade ratio may be determined based on the first function and the second function. The reason why the proportion of the unique information in the second cascade proportion is set smaller than the proportion of the unique information in the first cascade proportion is that the second function (payment function in the shopping application) requires a higher security level than the first function (execution function of the shopping application). That is, the user can provide information about the cascade ratio in the setting process; the second electronic device may determine a cascade proportion based on an attribute of the function to be performed, and may generate fourth biometric information at the determined cascade proportion.
The second electronic device 220 may generate fourth biometric information at a different cascading ratio in order to perform different functions (or different applications) corresponding to the same category (e.g., shopping or finance). The second electronic device 220 may determine the cascade proportion for generating the fourth biometric information by retrieving metadata of an application installed in the second electronic device 220. The second electronic device 220 may determine a cascade ratio for generating fourth biometric information based on data received from an external device (e.g., a server) related to a function (or service) to be performed by the second electronic device 220.
Fig. 13 is a flowchart illustrating a method for acquiring fourth biometric information to be transmitted by a second electronic device to an authentication server according to an embodiment of the present disclosure.
Fig. 13 is a detailed flowchart of operation 1140 of fig. 11.
In operation 1310, the second electronic device 220 may concatenate the third biometric information and the unique information corresponding to the user in a specified ratio.
In an embodiment, the second electronic device 220 may receive information corresponding to the requested function from the authentication server 230, the information relating to a concatenation ratio for concatenating the third biometric information and the unique information corresponding to the user, in operation 1310. The second electronic device 220 may concatenate the third biometric information and the unique information based on the received information.
In another embodiment, the second electronic device 220 may not receive information on the cascade ratio from the authentication server 230, or may cascade the third biometric information and the unique information at the cascade ratio (different from the cascade ratio included in the information received from the authentication server). For example, the first electronic device 210 may concatenate the first biometric information and the unique information at a predetermined plurality of concatenation ratios, and may acquire a plurality of pieces of second biometric information by performing unidirectional transformation on the concatenated information, and may register it at the authentication server 230. Even when information about the first cascade ratio is received from the authentication server 230, the second electronic device 220 can cascade the third biometric information and the unique information at a second cascade ratio (e.g., 3:7) different from the first cascade ratio (e.g., 2:8) according to the current condition of the second electronic device. The current status of the second electronic device 220 may be related to the nature of the radio access technology of the communication network connected between the second electronic device 220 and the authentication server 230 and to whether the network is open WiFi or not. For example, when the second electronic device 220 connects to the authentication server 230 through open WiFi, which is more vulnerable to security threats than LTE, the second electronic device 220 may concatenate the third biometric information and the unique information at a second concatenation ratio (compared to the first concatenation ratio, where the ratio of biometric information is increased).
At operation 1320, the second electronic device 220 may receive hint data for extracting a unique biometric value from the concatenated information. The hint data may be used as the basis for recovering the same key during authentication. When the account information input from the second electronic device 220 is not stored in the database of the authentication server 230, although this operation is not shown, the authentication server 230 may not provide the hint data to the second electronic device 220.
At operation 1330, the second electronic device 220 may acquire fourth biometric information converted from the concatenated information. In an embodiment, the second electronic device 220 may convert the concatenated information into fourth biometric information by utilizing the hint data. In an embodiment, the fourth biometric information may be the same as the second biometric information transmitted to the authentication server 230 during the enrollment process. In another embodiment, the difference between the fourth biometric information and the second biometric information may fall within a predetermined value.
Fig. 14 is a signal diagram illustrating signaling between a first electronic device and a plurality of external servers including an authentication server according to an embodiment of the present disclosure.
Referring to fig. 14, the plurality of external servers may include a DI server 510, an ID server 520, and an authentication server 230.
In operation 1410, the first electronic device 210 may receive input of biometric information of the user through the biometric sensor. Although this operation is not shown, the first electronic device 210 may receive a user input for biometric authentication required for a specific function before receiving biometric information of the user through the biometric sensor 320-1. In addition, the first electronic device 210 can receive user input associating an attribute (or characteristic) of the biometric authentication with a particular function.
In operation 1420, the first electronic device 210 may transmit device information (or identification information) of the first electronic device 210 to the DI server 510. For example, the first electronic device 210 may send the IMEI information of the first electronic device 210 to the DI server 510.
In operation 1430, the DI server 510 may transmit DI data to the first electronic device 210. In an embodiment, the DI data may be data for removing deviations caused by hardware and/or software of the biometric sensor 320-1 from biometric information of the user received through the biometric sensor 320-1.
In an embodiment, operation 1420 and/or operation 1430 may be performed prior to operation 1410.
At operation 1440, the first electronic device 210 can obtain first biometric information. In an embodiment, the first biometric information may be device-independent biometric information generated by the first electronic device 210 using DI data. In an embodiment, the first electronic device 210 may obtain the first biometric information by applying the DI data to the biometric information received through the biometric sensor 320-1.
In operation 1450, the first electronic device 210 may transmit a signal to the ID server 520, the signal requesting unique information of the user. For example, the first electronic device 210 may provide information about a SIM card installed in the first electronic device 210 to the ID server 520.
In operation 1460, the first electronic device 210 may receive user unique information from the ID server 520. In an embodiment, the first electronic device 210 may receive unique information of the user corresponding to the SIM card from the ID server 520.
At operation 1470, the first electronic device 210 may obtain the second biometric information. In an embodiment, the first electronic device 210 may concatenate the first biometric information and the unique information of the user in a specified ratio, and may acquire the second biometric information by performing a one-way transformation on the concatenated information. In an embodiment, the first electronic device 210 may generate the biometric unique feature value by performing a one-way transformation on the concatenated information.
At operation 1480, the first electronic device 210 may generate alert data. In an embodiment, the hint data may be base data that is used to recover the biometric unique feature value at another electronic device (e.g., second electronic device 220) when biometric authentication is attempted on the other electronic device.
In operation 1490, the first electronic device 210 may send the second biometric information and the hint data to the authentication server 230.
In operation 1495, the authentication server 230 may store the second biometric information and the hint data received from the first electronic device 210. In an embodiment, the authentication server 230 may map the second biometric information and the hint data received from the first electronic device 210 onto the user account information and may store the mapped information. In another embodiment, the authentication server 230 may map the second biometric information and the hint data received from the first electronic device 210 onto a specific function corresponding to the registration process, and may store the mapped information.
In operation 1497, the authentication server 230 may send the registration result to the first electronic device 210. In an embodiment, the authentication server 230 may send a signal to the first electronic device 210 indicating that the second biometric information has been successfully registered with the authentication server 230. In another embodiment, the authentication server 230 may send a signal to the first electronic device 210 indicating that the registration of the second biometric information failed.
Fig. 15 is a signal diagram illustrating signaling between a second electronic device and a plurality of external servers including an authentication server according to an embodiment of the present disclosure.
Referring to fig. 15, the plurality of servers may include a DI server 510, an ID server 520, and an authentication server 230.
In the case of operations 1510 to 1560 similar to operations 1410 to 1460 disclosed in fig. 14, detailed descriptions thereof are omitted.
However, in the operation shown in fig. 15, information acquired by applying DI data received from the DI server 510 to biometric information received through the biometric sensor 320-2 may be third biometric information. The third biometric information may be acquired in the same manner as the first biometric information, but using different hardware (e.g., the first electronic device and the second electronic device) to acquire the first biometric information and the third biometric information.
In operation 1570, the authentication server 230 may transmit hint data to the second electronic device 220. In an embodiment, the hint data sent by the authentication server 230 to the second electronic device 220 may be the same hint data sent by the first electronic device 210 during registration.
Although this operation is not shown, the second electronic device 220 may request the hint data from the authentication server 230 before the authentication server 230 sends the hint data to the second electronic device 220. In an embodiment, when the second electronic device 220 requests the hint data from the authentication server 230, the second electronic device 220 may additionally transmit information about a user account corresponding to the user of the second electronic device 220. In another embodiment, the second electronic device 220 may have transmitted information about a user account corresponding to the user of the second electronic device 220 prior to operation 1510.
In an embodiment, the authentication server 230 may send hint data to the second electronic device 220 when the received user account matches a pre-stored account. In contrast, when the received user account does not match the pre-stored account, the authentication server 230 does not send hint data to the second electronic device 220 and may cancel the authentication operation. In this case, the second electronic device 220 may provide the relevant information to the user in the form of a pop-up message. For example, the second electronic device 220 may display a pop-up message on the display stating that "the entered account does not match the registered user account".
In operation 1575, the second electronic device 220 may acquire fourth biometric information. In an embodiment, the second electronic device 220 may concatenate the third biometric information and the unique information of the user in a specified ratio, and may acquire the fourth biometric information by performing unidirectional transformation on the concatenated information. In an embodiment, the fourth biometric information may be at least one of a biometric unique feature value or a unique key. The second electronic device 220 may obtain the fourth biometric information by using the received reminder data.
In operation 1580, the second electronic device 220 may transmit fourth biometric information to the authentication server 230. For example, the second electronic device 220 may send the biometric unique feature value to the authentication server 230.
In operation 1585, the authentication server 230 may match the fourth biometric information with the pre-stored biometric information. In an embodiment, the pre-stored biometric information may be second biometric information received from the first electronic device 210. The authentication server 230 may determine that the fourth biometric information is successfully authenticated only when the fourth biometric information and the second biometric information have the same value. In another embodiment, the authentication server 230 may determine that the fourth biometric information is successfully authenticated only when the difference between the fourth biometric information and the second biometric information falls within a predetermined range.
In operation 1590, the authentication server 230 may transmit the matching result to the second electronic device 220. In an embodiment, the authentication server 230 may send a message to the second electronic device 220 indicating that the fourth biometric information was successfully authenticated for the second biometric information, or a message indicating that the fourth biometric information was not successfully authenticated for the second biometric information.
Fig. 16A is a table illustrating a scenario when biometric information and unique information are cascaded with the same user using different devices according to a first cascade ratio according to an embodiment of the present disclosure. Fig. 16B is a table illustrating another scenario when biometric information and unique information are cascaded with the same user using different devices according to a first cascade ratio, according to an embodiment of the present disclosure. Fig. 16C is a table illustrating yet another scenario when biometric information and unique information are cascaded with the same user using different devices according to a first cascade ratio, according to an embodiment of the present disclosure. Fig. 16D is a table illustrating yet another scenario when biometric information and unique information are cascaded with the same user using different devices according to a first cascade ratio, according to an embodiment of the present disclosure.
Referring to fig. 16A, 16B, 16C, and 16D, four cases corresponding to the first cascade ratio are disclosed. In each case, the first electronic device 210 may register the processed biometric information (e.g., the second biometric information) of the user at the authentication server 230, and the second electronic device 220 may attempt to authenticate (e.g., request the authentication server to authenticate) the processed biometric information (e.g., the fourth biometric information) of the user.
In an embodiment, the first cascade ratio for cascading the first biometric information (or the third biometric information) with the unique information corresponding to the user may be a ratio of 1:1. The length of the first biometric information (or the third biometric information) and the length of the unique information corresponding to the user are identical to each other in a ratio of 1:1.
In an embodiment, the first biometric information generated by the first electronic device 210 and the third biometric information generated by the second electronic device 220 may be different from each other. Both the first biometric information and the third biometric information may be device-independent biometric information (where deviations caused by the sensor have been removed), but the first biometric information and the third biometric information may still be different from each other since the characteristics of the biometric information input at different times may be different. This may be due to biological differences. For example, the first biometric information may be ABC, and the third biometric information generated by the second electronic device may be ABD (fig. 16A, 16B, and 16C). In another example, the first biometric information may be ABC and the third biometric information may be ABZ (fig. 16D).
In an embodiment, the first electronic device 210 may determine unique information corresponding to the user based on information of the SIM card installed in the first electronic device 210. In addition, the second electronic device 220 may determine unique information corresponding to the user based on information of the SIM card installed in the second electronic device 220. When a user takes out a SIM card installed in the first electronic device 210 and installs it on the second electronic device 220, or the SIM card installed in the first electronic device 210 and the SIM card installed in the second electronic device 220 correspond to the same user, unique information corresponding to the user acquired by the first electronic device 210 and the second electronic device may be the same.
Fig. 16A shows a case where the second biometric information is the same as the fourth biometric information and authentication is successful.
According to an embodiment, the first electronic device 210 and the second electronic device 220 may concatenate the first biometric information and the unique information corresponding to the user (or the feature value extracted from the unique information corresponding to the user) in a first concatenation ratio. For example, the information concatenated at the first electronic device 210 may be ABC123 and the information concatenated at the second electronic device 220 may be ABD123.
The first electronic device 210 and the second electronic device 220 may generate the second biometric information or the fourth biometric information by performing a single transformation on the concatenated information. In an embodiment, the first electronic device 210 may extract the biometric unique feature value az39 from the concatenated information ABC123 as the second biometric information. In addition, the second electronic device 220 may extract the biometric unique feature value az39 from the concatenated information ABD123 as the fourth biometric information. That is, even when the information of the cascade of the second electronic device 220 is different from the information of the cascade of the first electronic device 210 (ABC 123 versus ABD 123), the second electronic device 220 can generate the same biometric unique feature value az39 as the first electronic device 210. In an embodiment, the second electronic device 220 may receive hint data from the authentication server 230 before generating the biometric unique feature value, and may generate the same biometric unique feature value as the first electronic device 210 by using the received hint data.
In an embodiment, the authentication server may authenticate the fourth biometric information for the second biometric information based on a result of comparing the second biometric information and the fourth biometric information. Since the fourth biometric information az39 is the same as the second biometric information az39, the authentication server may determine that the fourth biometric information was successfully authenticated with respect to the second biometric information, and may send a message indicating that the fourth biometric information was successfully authenticated to the second electronic device.
Fig. 16B shows a case where a public key algorithm is additionally used.
According to an embodiment, the first electronic device 210 may obtain the public key and the unique key from the second biometric information az39, and may send the obtained public key to the authentication server 230. For example, the second electronic device 220 may obtain the public key and the unique key from the fourth biometric information az39, and may transmit information electronically signed by using the obtained unique key to the authentication server 230.
When the electronically signed information transmitted from the second electronic device 220 is decoded by the public key transmitted from the first electronic device 210, the authentication server 230 may determine that the fourth biometric information is successfully authenticated with respect to the second biometric information, and may transmit a message indicating that the fourth biometric information is successfully authenticated to the second electronic device 220.
Fig. 16C and 16D show a case where authentication succeeds or fails when the difference between the second biometric information and the fourth biometric information falls or is not within a specified range when the second biometric information and the fourth biometric information are not identical.
Since the process of concatenating the first biometric information and the unique information corresponding to the user is the same as that in fig. 16A, a detailed description thereof is omitted.
According to an embodiment, in fig. 16C, the first electronic device 210 may generate the biometric unique feature value xyz986 as the second biometric information by performing a one-way transformation on the concatenated information ABC 123. In addition, the second electronic device 220 may also generate the biometric unique feature value xyz987 as fourth biometric information by performing unidirectional transformation on the concatenated information ABD 123.
When the difference between the second biometric information xyz986 and the fourth biometric information xyz987 falls within the specified range, the authentication server 230 may determine that the fourth biometric information is successfully authenticated with respect to the second biometric information even though the second biometric information and the fourth biometric information are not identical.
The same information difference (or error) can be maintained before and after the transformation (ABC/ABD before transformation, xyz986/xyz987 after transformation). However, since the total amount of information after conversion has been increased, the ratio of the difference (or error) of information to the whole can be reduced. Therefore, the false negative rate can be improved when compared with simply using the biometric information without using the unique information corresponding to the user.
According to an embodiment, in fig. 16D, the first electronic device 210 may generate the biometric unique feature value xyz986 as the second biometric information by performing a one-way transformation on the concatenated information ABC 123. In addition, the second electronic device 220 may generate the biometric unique feature value xyz912 as fourth biometric information by performing unidirectional transformation on the concatenated information ABZ 123.
The authentication server 230 may recognize that the difference between the second biometric information xyz986 and the fourth biometric information xyz912 is not within a specified range, and may determine that the fourth biometric information is not authenticated for the second biometric information.
Fig. 17A is a table illustrating a scenario when biometric information and unique information are cascaded with the same user using different devices according to a second cascade ratio according to an embodiment of the present disclosure. Fig. 17B is a table illustrating another scenario when biometric information and unique information are cascaded with the same user using a different device according to a second cascade ratio, according to an embodiment of the present disclosure. Fig. 17C is a table illustrating yet another scenario when biometric information and unique information are cascaded with the same user using a different device according to a second cascade ratio, according to an embodiment of the present disclosure. Fig. 17D is a table illustrating yet another scenario when biometric information and unique information are cascaded with the same user using a different device according to a second cascade ratio, according to an embodiment of the present disclosure.
Referring to fig. 17A, 17B, 17C, and 17D, four cases corresponding to the second cascade ratio are disclosed. In each case, the first electronic device 210 may register the processed biometric information (e.g., the second biometric information) of the user at the authentication server 230, and the second electronic device 220 may attempt to authenticate (e.g., request the authentication server to authenticate) the processed biometric information (e.g., the fourth biometric information) of the user.
In an embodiment, the second cascade ratio for cascading the first biometric information (or the third biometric information) with the unique information corresponding to the user may be a ratio of 3:7. The ratio of the length of the first biometric information (or the third biometric information) to the length of the unique information corresponding to the user is 3:7 in a ratio of 3:7.
For example, referring to fig. 17A, the first electronic device 210 may concatenate the first biometric information ABC and the user unique information 1234567 (ABC 1234567), and the second electronic device 220 may concatenate the third biometric information ABD and the user unique information 1234567 (ABD 1234567).
The first electronic device 210 and the second electronic device 220 may generate the second biometric information or the fourth biometric information by performing a single transformation on the concatenated information. In an embodiment, the first electronic device 210 may extract the biometric unique feature value 8zs5 from the concatenated information ABC1234567 as the second biometric information. The second electronic device 220 may extract the biometric unique feature value 8zs5 (same as the biometric unique feature value of the first electronic device) from the concatenated information ABD1234567 as the fourth biometric information. The first electronic device 210 and the second electronic device 220 may transmit the second biometric information and the fourth biometric information, respectively, to the authentication server 230, and since the fourth biometric information is identical to the second biometric information, the authentication server 230 may determine that the fourth biometric information has been successfully authenticated with respect to the second biometric information.
The case in fig. 17B is the same as that in fig. 16B except for the cascade ratio, and thus a detailed description thereof is omitted.
Fig. 17C shows a case where the fourth biometric information is successfully authenticated for the second biometric information even when the difference between the first biometric information and the third biometric information is relatively large, as compared with the case shown in fig. 16C.
In an embodiment, the first electronic device 210 may concatenate the first biometric information ABC and the unique information 1234567 corresponding to the user, and may generate the second biometric information xysan 02 by performing unidirectional conversion on the concatenated information. In addition, the second electronic device 220 may concatenate the third biometric information ABZ and the unique information 1234567 corresponding to the user, and may generate the fourth biometric information xysan 25 by performing a one-way transformation on the concatenated information.
In fig. 16D, since the difference between the second biometric information and the fourth biometric information does not fall within the specified range, the authentication server 230 determines that the fourth biometric information is not authenticated for the second biometric information. However, in fig. 17C, since the difference between the second biometric information and the fourth biometric information falls within the specified range, the authentication server 230 may determine that the fourth biometric information is successfully authenticated with respect to the second biometric information. This is because, although there is the same difference (or error) between the first biometric information and the third biometric information, the ratio of the biometric information with respect to the entire information is reduced in fig. 17C as compared with the case of fig. 16D. Thus, the ratio of the difference (or error) to the whole is reduced. Thus, unlike the case of fig. 16D, in fig. 17C, the authentication server 230 may determine that the fourth biometric information is successfully authenticated with respect to the second biometric information.
Fig. 17D shows a case where the difference between the first biometric information and the third biometric information is greater than that shown in fig. 17C. In the case of fig. 17A, 17B, 17C, and 17D, the proportion of biometric information is small as compared with the case of fig. 16A, 16B, 16C, and 16D. Therefore, even when the difference between the first biometric information ABC and the third biometric information ADZ is large, the biometric information can be successfully authenticated as described with reference to fig. 16D and 17C. However, in fig. 17D, even for the embodiment shown in fig. 17, the difference between the first biometric information ABC and the third biometric information ADZ is too large, and thus the difference between the second biometric information xytzm51 and the fourth biometric information xytzm17 does not fall within the specified range. The authentication server 230 may determine that the fourth biometric information is not authenticated with respect to the second biometric information and may transmit a message indicating authentication failure of the fourth biometric information to the second electronic device 220.
However, when the first biometric information is ABC and the third biometric information is ADZ, and the third cascade ratio (e.g., 1:9) is used as the cascade ratio, although this is not shown, the authentication server 230 may determine that the fourth biometric information is successfully authenticated with respect to the second biometric information.
Fig. 18 is a table illustrating authentication failure cases when biometric information and unique information are concatenated with a non-user using a different device according to a first cascade ratio according to an embodiment of the present disclosure.
In an embodiment, the first cascade ratio may be 1:1, in which the first biometric information (or the third biometric information) and the unique information corresponding to the user are concatenated.
Unlike the embodiment shown in fig. 16A to 17D, fig. 18 shows a case where unique information corresponding to a user is different in the first electronic device 210 and the second electronic device 220. For example, the SIM card of the first electronic device 210 may correspond to user a, the SIM card of the second electronic device 220 may correspond to user B, and user a and user B may be different. For example, user a and user B may be related such that unique information 123 corresponding to user a and unique information 124 corresponding to user B may be similar, but not identical.
In an embodiment, the first electronic device 210 may concatenate the first biometric information ABC with the unique information 123 corresponding to user a (ABC 123). In addition, the second electronic device 220 may concatenate the third biometric information ABD with the unique information 124 corresponding to the user (ABD 124).
In an embodiment, the first electronic device 210 may generate the second biometric information az39 by unidirectional transforming the concatenated information ABC123, and the second electronic device 220 may generate the fourth biometric information bx71 by unidirectional transforming the concatenated information ABD 124. Unlike the case of cascading the same unique information of the user with the biometric information shown in fig. 16A to 17D, in the case of fig. 18, different information is cascaded with the biometric information. Therefore, the difference between the second biometric information az39 and the fourth biometric information bx71 may be larger than the difference in the biometric information (the difference between the first biometric information ABC and the third biometric information ABD). The authentication server 230 may recognize that the difference between the second biometric information and the fourth biometric information is not within a specified range, and may transmit a message indicating authentication failure to the second electronic device.
Fig. 19 is a schematic diagram illustrating a user authentication system using biometric information according to an embodiment of the present disclosure.
Referring to fig. 19, a user authentication system 1900 using biometric information may include a first electronic device 1910, a second electronic device 1920, and an authentication server 1930.
In an embodiment, the first electronic device 1910 and the second electronic device 1920 may be the electronic device 101 disclosed in fig. 1.
In an embodiment, the first electronic device 1910 and the second electronic device 1920 may be used by different users. For example, the first electronic device 1910 may register information (hereinafter referred to as "reference image") to be used for authenticating biometric information input later in the authentication server 1930 according to the input of the first user. The second electronic device 1920 may receive authentication of the biometric information from the authentication server 1930 according to an input of a second user different from the first user.
In another embodiment, the first electronic device 1910 and the second electronic device 1920 may be electronic devices used by the same user. For example, the first electronic device 1910 and the second electronic device 1920 may be electronic devices owned by the same user at a given point in time. For example, the first electronic device may be a smart phone and the second electronic device may be a tablet computer. For example, the first electronic device 1910 may be the first electronic device 210 disclosed in fig. 2. In another example, the second electronic device 1920 may be the second electronic device 220 disclosed in fig. 2.
In an embodiment, the first electronic device 1910 and the second electronic device 1920 may be the same electronic device. For example, the first electronic device 1910 and the second electronic device 1920 may be separate components of the same electronic device. For example, the first electronic device 1910 may be an electronic device that transmits biometric information and a reference image to the authentication server 1930 and registers the reference image with the authentication server 1930, and the second electronic device 1920 may be an electronic device that transmits biometric information to the authentication server 1930 and receives authentication of the biometric information from the authentication server 1930.
In an embodiment, the biometric information sent by the first electronic device 1910 to the authentication server 1930 may correspond to the first biometric information described in connection with fig. 2-19, and the biometric information authenticated by the authentication server 1930 for the second electronic device 1920 may be the third biometric information described in connection with fig. 2-18. For example, the biometric information transmitted by the first electronic device 1910 to the authentication server 1930 may be first biometric information or biometric information generated by conversion of the first biometric information.
In an embodiment, the authentication server 1930 may authenticate biometric information received from a plurality of client devices (e.g., the first electronic device 1910, the second electronic device 1920) and may perform various specified functions corresponding to the authentication results. For example, the authentication server 1930 may be the ID server 520 disclosed in fig. 5.
In an embodiment, the authentication server 1930 may authenticate the first biometric information received from the first electronic device 1910. When the first biometric information is successfully authenticated, the authentication server 1930 may register the reference image received together with the first biometric information by mapping the reference image onto account information or identification information of the electronic device and storing the mapped information in a memory of the authentication server 1930. In addition, the authentication server 1930 may transmit unique information corresponding to the first user (or feature information extracted from the unique information) to the first electronic device 1910 such that the first electronic device 1910 may concatenate the unique information with the first biometric information.
In an embodiment, the authentication server 1930 may authenticate the third biometric information received from the second electronic device 1920. When the third biometric information is successfully authenticated, the authentication server 1930 may transmit unique information corresponding to the second user to the second electronic device 1920 such that the second electronic device 1920 may concatenate the unique information and the third biometric information.
In an embodiment, the first electronic device 1910 may send the reference image and biometric information (e.g., first biometric information) together to the authentication server 1930. In an embodiment, the first biometric information may be biometric information for identifying the first user, such as fingerprint information, iris images, facial images, etc. In an embodiment, the reference image may be an image for authenticating whether the first user corresponding to the first biometric information (or the second user corresponding to the third biometric image, which may be received later) is the first user or the second user. For example, the reference image may be an image obtained by photographing a physical object (e.g., a passport, a korean resident registration certificate, or a united states driver's license) containing identification information of the user. The identification information of the user included in the reference image may include biometric identification information and non-biometric identification information. For example, the reference image may include non-biometric information such as a korean resident registration number or a american social security number. In another example, the reference image may include biometric information, such as fingerprint information or facial information.
In an embodiment, the second electronic device 1920 may send the third biometric information to the authentication server 1930 to receive authentication of the biometric information from the authentication server 1930. In an embodiment, similar to the first biometric information, the third biometric information may be biometric information for identifying the user, such as fingerprint information, iris images, facial images, and the like.
The user authentication system 1900 of fig. 19 may include two authentication processes. The user authentication system 1900 may include a first authentication procedure performed at the electronic device side and a second authentication procedure performed at the server side (or server side).
In an embodiment, the first electronic device 1910 that registers the reference image with the reference authentication server 1930 by transmitting the first biometric information and the reference image to the authentication server 1930 may authenticate the first biometric information by itself (first authentication process) before transmitting the first biometric information and the reference image to the authentication server 1930. The first electronic device 1910 may extract biometric information (e.g., facial information) included in the reference image and may compare the extracted biometric information with first biometric information (e.g., a self-captured image). When the biometric information extracted from the reference image is similar to the first biometric information within a predetermined value, the first electronic device 1910 may send the first biometric information and the reference image to the authentication server 1930. The authentication server 1930 may authenticate the first biometric information after receiving the first biometric information and the reference image from the first electronic device 1910 (second authentication procedure). The authentication server 1930 may extract biometric information from the received reference image and may compare the extracted biometric information with the first biometric information. When the extracted biometric information is similar to the first biometric information within a predetermined value, the authentication server 1930 may store the reference image in memory and may send a message to the first electronic device 1910 indicating that registration of the reference image was successfully completed.
In another embodiment, the second electronic device 1920 attempting to authenticate the biometric information through the authentication server 1930 may authenticate the third biometric information with itself (a first authentication process) before sending the third biometric information to the authentication server 1930. The second electronic device 1920 may compare the third biometric information with biometric information stored in a memory of the second electronic device 1920 (e.g., the memory 130 disclosed in fig. 1). The biometric information stored in the memory may be a reference image used in the enrollment process. For example, when the second electronic device 1920 and the first electronic device 1910 are the same electronic device, the biometric information stored in memory may be a reference image used in the registration process. Alternatively, the biometric information stored in memory may be different from the reference image used in the enrollment process. For example, the biometric information stored in the memory may be the biometric information of the second user and may be independent of the reference image corresponding to the first user used in the registration process. Authentication server 1930 may compare the received third biometric information with the reference image stored in the memory of authentication server 1930. The reference image stored in the memory of the authentication server 1930 may correspond to the reference image transmitted from the first electronic device 1910. When the third biometric information received by the authentication server 1930 is similar to the reference image stored in the memory of the authentication server 1930 within a predetermined value, the authentication server 1930 can transmit a message indicating that authentication of the biometric information is successfully completed to the second electronic device 1920. In addition, the authentication server 1930 may send the unique information corresponding to the second user (or the feature information extracted from the unique information) to the second electronic device 1920, such that the second electronic device 1920 may concatenate the unique information with the third biometric information.
With the embodiment disclosed in fig. 19, whether the user (second user) currently using the second electronic device 1920 corresponds to the user (first user) corresponding to the reference image registered by the first electronic device 1910 can be authenticated by the authentication server 1930. For example, when the user corresponding to the reference image registered by the first electronic device 1910 is a first user and the user currently using the second electronic device 1920 is a second user different from the first user, the authentication server 1930 may compare the third biometric information of the second user with the reference image corresponding to the first user. Based on the result of the comparison, the authentication server 1930 may determine that the user currently using the second electronic device 1920 does not correspond to the user corresponding to the reference image registered by the first electronic device 1910.
Fig. 20 is a flowchart illustrating an operation of a first electronic device registering a reference image at an authentication server according to an embodiment of the present disclosure.
The operations disclosed in fig. 20 may be performed by a first electronic device (e.g., first electronic device 1910 of fig. 19) or a processor of a first electronic device (e.g., processor 120 of fig. 3). Hereinafter, the operations disclosed in fig. 20 performed by the first electronic device 1910 will be described.
The operations disclosed in fig. 20 may correspond to operation 620 of fig. 6.
In operation 2010, the first electronic device 1910 may obtain first biometric information. In an embodiment, the first electronic device 1910 may obtain first biometric information in response to an input by a first user that requires biometric authentication for executing a shopping application. For example, the first electronic device 1910 may obtain a self-captured image as the first biometric information by using a camera module (e.g., camera module 180 of fig. 1).
At operation 2020, the first electronic device 1910 may acquire a reference image. In an embodiment, the first electronic device 1910 may acquire the reference image in response to acquiring the first biometric information. In an embodiment, the reference image may be an image acquired by photographing a physical object containing identification information of the user. The identification information of the user included in the reference image may include biometric information (e.g., fingerprint information, face information) and non-biometric information (e.g., text information). One reference image may correspond to one user. For example, the first electronic device 1910 may obtain a reference image corresponding to a first user that is the owner of the first electronic device 1910 (e.g., a user corresponding to a SIM card installed at the first electronic device 1910). For example, the first electronic device 1910 may acquire a reference image corresponding to the first user by photographing the ID card of the first user.
At operation 2030, the first electronic device 1910 may send the first biometric information and the reference image. In an embodiment, the first electronic device 1910 may send the first biometric information and the reference image to an authentication server (e.g., authentication server 1930 disclosed in fig. 19) through a communication interface (e.g., wireless communication circuit 310 of fig. 3).
In an embodiment, the first electronic device 1910 may send the first biometric information and the reference image in response to the first biometric information and the reference image being acquired and may authenticate the first biometric information by itself and may then send the first biometric information and the reference image in response to identifying a successful completion of authentication.
In an embodiment, instead of transmitting the reference image, the first electronic device 1910 may transmit information to the authentication server 1930 that can perform the same function as the reference image in the authentication server 1930. For example, the first electronic device 1910 may transmit information about a user identification module installed at the first electronic device 1910 to the authentication server 1930, and the authentication server 1930 may acquire identification information (e.g., text information, face information, fingerprint information) of the first user by using the information about the user identification module. For example, the authentication server 1930 may acquire identification information of the user from an external server (e.g., a server included in a government network) by using information about the user identification module.
In an embodiment, the first electronic device 1910 may send the first biometric information to the authentication server 1930 after sending the reference image, or may send the first biometric information and the reference image together to the authentication server 1930. Although not shown, the first electronic device 1910 may transmit the reference image to the authentication server 1930 after transmitting the first biometric information.
In operation 2040, the first electronic device 1910 may receive a message from the authentication server 1930 indicating whether the first biometric information corresponds to a reference image. In an embodiment, the authentication server 1930 may compare the received first biometric information with biometric information extracted from the received reference image. For example, when the first biometric information is a self-captured image of the first user, the authentication server 1930 may compare the self-captured image with the user image extracted from the received reference image. In another example, when the first biometric information is fingerprint information of the first user, the authentication server 1930 may compare the fingerprint information with fingerprint information extracted from the received reference image. When the first biometric information is similar to the extracted biometric information within a predetermined value, the first electronic device may receive a message from the authentication server 1930 indicating that registration of the reference image is successfully completed. In addition, the authentication server 1930 may store the reference image in a memory of the authentication server 1930. The authentication server 1930 may map the reference image onto account information of the user or identification information of the first electronic device 1910, and may store the mapped information in a memory of the authentication server 1930.
When registration of the reference image is successfully completed, although this operation is not illustrated, the first electronic device 1910 may receive information to be concatenated with the first biometric information from the authentication server 1930 or another server connected to the authentication server 1930. For example, the first electronic device 1910 may receive feature information extracted from unique information of a first user (e.g., unique information of the first user corresponding to a SIM card) and may concatenate the first biometric information and the feature information.
Fig. 21 is a flowchart illustrating an operation of a second electronic device to register biometric information at an authentication server according to an embodiment of the present disclosure.
The operations disclosed in fig. 21 may be performed by a second electronic device (e.g., second electronic device 1920 of fig. 19) or a processor of a second electronic device (e.g., processor 120 of fig. 3). Hereinafter, the operation disclosed in fig. 21 will be described as being performed by the second electronic device 1920.
The operations disclosed in fig. 21 may correspond to operation 1103 of fig. 11.
In operation 2110, the second electronic device 1920 may send the third biometric information to an authentication server (e.g., authentication server 1930 of fig. 19). In an embodiment, the second electronic device 1920 may send the third biometric information acquired by utilizing the biometric sensor (e.g., the biometric sensor 320 of fig. 3) to the authentication server 1930. In another embodiment, the second electronic device 1920 may send the third biometric information acquired through use of a camera module (e.g., the camera module 180 of fig. 1) to the authentication server 1930. For example, the second electronic device 1920 may send the self-captured image of the second user acquired by using the camera module 180 to the authentication server 1930.
In operation 2120, the second electronic device 1920 may receive a message indicating whether the third biometric information corresponds to the reference image stored in the authentication server 1940.
In an embodiment, the second electronic device 1920 may receive a message indicating that the third biometric information corresponds to the reference image stored in the authentication server 1930. For example, when the third biometric information is a self-captured image of the second user, the authentication server 1930 may compare the third biometric information with the user image extracted from the reference image. When the self-captured image and the user image extracted from the reference image are similar within both predetermined values, the second electronic device 1920 may receive a message indicating that the third biometric information corresponds to the reference image. In another example, when the third biometric information is fingerprint information of the user, the authentication server 1930 may compare the third biometric information with fingerprint information extracted from the reference image. When the fingerprint information included in the third biometric information is similar to the fingerprint information extracted from the reference image within a predetermined value, the second electronic device 1920 may receive a message indicating that the third biometric information corresponds to the reference image.
In another example, the second electronic device 1920 may receive a message (authentication failure message) indicating that the third biometric information does not correspond to the reference image stored in the authentication server 1930. For example, the reference image stored in the authentication server 1930 may correspond to the first user, and the second electronic device 1920 may receive the identity authentication failure message when the second electronic device 1920 transmits third biometric information corresponding to the second user (different from the first user).
Fig. 22A is a diagram illustrating a user interface of a first electronic device 1910 according to an embodiment of the present disclosure. Fig. 22B is a view illustrating a user interface of the first electronic device 1910 according to an embodiment of the present disclosure. Fig. 22C is a diagram illustrating a user interface of the first electronic device 1910 according to an embodiment of the present disclosure. Fig. 22D is a view illustrating a user interface of the first electronic device 1910 according to an embodiment of the present disclosure.
Referring to fig. 22A, the first electronic device 1910 may display a user interface for acquiring first biometric information according to input of a user (e.g., a first user). In an embodiment, the first electronic device 1910 may display a user interface for obtaining first biometric information in response to input by a first user that requires biometric authentication for executing a shopping application. For example, the first electronic device 1910 may display an indication message "facial authentication will begin, please get close to the camera".
Referring to fig. 22B, the first electronic device 1910 may obtain first biometric information. In an embodiment, the first electronic device 1910 may obtain a self-captured image of the first user as the first biometric information. The first electronic device 1910 may obtain a self-captured image of the first user as device-independent biometric information.
Referring to fig. 22C, the first electronic device 1910 may display a user interface for acquiring a reference image. For example, the reference image may be an image for authenticating whether the first user corresponding to the first biometric information (or the second user corresponding to the third biometric information, which may be registered later) is the first user or the second user. For example, the reference image may be an image acquired by photographing a physical object containing identification information of a user. For example, the first electronic device 1910 may display a guide message "to register an ID card, please bring the ID card closer to the camera".
Referring to fig. 22D, the first electronic device 1910 may acquire a reference image. For example, the first electronic device 1910 may acquire a reference image including biometric information 2210 (e.g., facial information) of the first user and non-biometric information 2220 (e.g., registration number) of the first user. In an embodiment, the acquired reference image may be sent to an authentication server (e.g., authentication server 1930 of fig. 19).
In an embodiment, the order of the various interfaces shown in fig. 22A, 22B, 22C, and 22D may be changed. For example, after the reference image is acquired, first biometric information (e.g., a self-captured image) may be acquired. In this case, after acquiring the reference image, the first electronic device 1910 may display a guide message indicating that the first biometric information is required in order to register the acquired reference image with the authentication server 1930.
Fig. 23A is a diagram illustrating a user interface of a second electronic device 1920 according to an embodiment of the disclosure. Fig. 23B is a diagram illustrating a user interface of a second electronic device 1920 according to an embodiment of the disclosure. Fig. 23C is a diagram illustrating a user interface of a second electronic device 1920 according to an embodiment of the disclosure.
Referring to fig. 23A, the second electronic device 1920 may display a user interface for acquiring third biometric information based on input from a user (e.g., a second user). In an embodiment, the second electronic device 1920 may display a user interface for obtaining third biometric information in response to an input by the second user for executing the shopping application. For example, the second electronic device 1920 may display a guide message "facial authentication is required if a shopping application is to be executed.
Referring to fig. 23B, the second electronic device 1920 may acquire third biometric information. In an embodiment, the second electronic device 1920 may acquire a self-captured image of the second user as the third biometric information. The second electronic device 1920 may acquire a self-captured image of the second user as device-independent biometric information.
Referring to fig. 23C, the second electronic device 1920 may display the result of the facial authentication. In an embodiment, the second electronic device 1920 may send the third biometric information to an authentication server (e.g., authentication server 1930 of fig. 19), and may then display the result of the facial authentication received from authentication server 1930. For example, when the second user and the first user are the same user, the authentication server 1930 compares the third biometric information with the reference image stored in the authentication server 1930, and can send a message indicating that facial authentication was successfully completed to the second electronic device 1920. In another example, when the second user and the first user are different, the authentication server 1930 may send a message to the second electronic device 1920 indicating that facial authentication failed.
According to an embodiment of the present disclosure, an electronic device may include a communication circuit, a biometric sensor, and a processor operatively connected to the communication circuit and the biometric sensor, the processor may be configured to: acquiring first biometric information of a user by using a biometric sensor; generating second biometric information for authenticating the user based on the concatenation of the first biometric information and the unique information corresponding to the user; and transmitting, by the communication circuit, the second biometric information to the authentication server, wherein the authentication server authenticates the fourth biometric information by comparing the fourth biometric information with the second biometric information, and wherein the fourth biometric information is generated based on a concatenation of the third biometric information and the unique information of the user.
According to an embodiment, the third biometric information may be acquired at another electronic device.
According to an embodiment, the third biometric information may be at least partially different from the first biometric information.
According to an embodiment, to obtain the first biometric information, the processor may be further configured to: the method includes receiving, by a biometric sensor, input of biometric information from a user, and acquiring first biometric information by applying calibration information corresponding to the biometric sensor to the biometric information.
According to an embodiment, the electronic device may further comprise a memory, and the processor may be further configured to: calibration information corresponding to the biometric sensor is received from an external electronic device, or the calibration information is retrieved from a memory based at least on information about the biometric sensor or the electronic device.
According to an embodiment, the processor may be further configured to: the unique information is acquired by using information about a subscriber identity module installed on the electronic device.
According to an embodiment, the processor may be further configured to: the unique information is acquired based on information acquired by using at least one sensor of the electronic device.
According to an embodiment, wherein the processor may be further configured to: the unique information is acquired by using image information related to the user.
According to an embodiment, the image information related to the user may be generated from an image of the physical object photographed with the camera, and may include biometric information of the user; the processor may be further configured to: the method includes transmitting first biometric information and graphic information related to a user to an authentication server, and receiving unique information corresponding to the user from the authentication server.
According to an embodiment, as part of receiving the unique information, the processor may be further configured to receive a message from the authentication server indicating that the first biometric information corresponds to image information related to the user.
According to an embodiment, to generate the second biometric information, the processor may be further configured to: concatenating the first biometric information and the unique information at a specified concatenation ratio, and generating second biometric information by unidirectional transformation of the concatenated information.
According to an embodiment, the processor may be further configured to determine the specified cascade ratio based on a user input for setting a feature of the biometric authentication.
According to an embodiment, the processor may be further configured to determine the specified cascade proportion based on at least one of a category related to biometric authentication, content, and a preset security level of the function.
According to an embodiment, an electronic device may include a communication circuit, a biometric sensor, and a processor operatively connected to the communication circuit and the biometric sensor, the processor may be configured to: receiving a request for performing a function requiring biometric information of a user; acquiring first biometric information by using a biometric sensor; generating second biometric information for authenticating the user based on the concatenation of the first biometric information and the unique information corresponding to the user; transmitting the second biometric information to an authentication server; receiving a signal from the authentication server indicating that the second biometric information is authenticated for a fourth biometric information, the fourth biometric information being generated based on a concatenation of the third biometric information and the unique information of the user; and performing the function in response to the signal being received.
According to an embodiment, the third biometric information may be acquired at another electronic device.
According to an embodiment, the processor may be further configured to, in response to a request to perform the function being received, send a signal to the authentication server requesting a service required to perform the function from the authentication server; the signal requesting the service required to perform the function may include account information of the user.
According to an embodiment, the processor may be further configured to receive a signal indicating that biometric authentication needs to be performed before providing the service from the authentication server after transmitting a signal requesting the service required to perform the function.
According to an embodiment, to obtain the first biometric information, the processor may be further configured to: the method includes receiving, by a biometric sensor, input of biometric information from a user, and acquiring first biometric information by applying calibration information corresponding to the biometric sensor to the biometric information.
According to an embodiment, the processor may be further configured to: the unique information is acquired by using information about a subscriber identity module installed on the electronic device.
According to an embodiment, the processor may be further configured to: acquiring unique information by using image information related to a user, which may be generated from an image of a physical object photographed by a camera and may include biometric information of the user; transmitting the first biometric information and the image information related to the user to an authentication server; and receiving unique information corresponding to the user from the authentication server.
According to an embodiment, as part of receiving the unique information, the processor may be further configured to receive a message indicating that the first biometric information corresponds to image information related to the user.
According to an embodiment, the processor may be further configured to: the unique information is acquired by using information about the IP address of the electronic device.
According to an embodiment, to generate the second biometric information, the processor may be further configured to: concatenating the first biometric information and the unique information at a specified concatenation ratio, and generating second biometric information by unidirectional transformation of the concatenated information.
According to an embodiment, the processor may be further configured to: receiving information on a cascade ratio corresponding to the function from an authentication server; cascading the first biometric information and the unique information in a cascading ratio corresponding to the function based on the received information; and generating second biometric information by performing a one-way transformation on the concatenated information.
According to an embodiment, the processor may be further configured to determine the specified cascade ratio based on an attribute of a communication network currently connected to the electronic device.
The computer readable recording medium may include a hard disk, a floppy disk, a magnetic medium (e.g., magnetic tape), an optical medium (e.g., compact disk read-only memory (CD-ROM) and Digital Versatile Disk (DVD)), a magneto-optical medium (e.g., optical floppy disk), or an internal memory. Additionally, the instructions may include code generated by a compiler or code executable by an interpreter. A module or program module according to various embodiments may include one or more of the above-described elements, may omit some elements, or may further include other elements. According to various embodiments, operations performed by a module, a program, or another component may be performed sequentially, in parallel, repeatedly, or in a heuristic manner, or one or more of the operations may be performed in a different order or omitted, or one or more other operations may be added.
In addition, the embodiments disclosed in the present disclosure and the drawings are suggested to facilitate easy explanation and understanding of technical features disclosed and are not intended to limit the scope of the present disclosure. Therefore, the scope of the present disclosure should be construed to include all changes or modifications based on the technical ideas of the present disclosure, except for the embodiments disclosed herein.
Certain aspects of the above-described embodiments of the present disclosure may be implemented in hardware, firmware, or via execution of software or computer code that may be stored on a recording medium such as a CD ROM, digital Versatile Disk (DVD), magnetic tape, RAM, floppy disk, hard disk, or magneto-optical disk, or computer code initially stored on a remote recording medium or a non-transitory machine-readable medium that is downloaded over a network to be stored on a local recording medium, such that the methods described herein may be presented via software stored on the recording medium using a general purpose computer, special purpose processor, or programmable or special purpose hardware such as an ASIC or FPGA. As will be appreciated in the art, a computer, processor, microprocessor controller or programmable hardware contains memory components, such as RAM, ROM, flash memory, etc., which can store or receive software or computer code that is accessed and executed when the computer, processor or hardware performs the processing methods described herein.
By concatenating the biometric information of the user with unique information based on personal information, the false recognition rate (FAR) of the biometric authentication of the user can be reduced. In addition, by adjusting the cascade ratio between the biometric information of the user and the unique information of the user, the authentication rate of the FAR and the user can be adjusted.

Claims (13)

1. An electronic device, the electronic device comprising:
a communication circuit;
a biometric sensor; and
a processor operably connected with the communication circuit and the biometric sensor and configured to:
acquiring first biological characteristic information of a user by using the biological characteristic sensor;
concatenating the first biometric information and unique information corresponding to the user at a specified concatenation proportion determined based on a preset security level of a function related to biometric authentication;
generating second biometric information for authenticating the user by performing a one-way transformation on the concatenated information; and
the second biometric information is transmitted to an authentication server through the communication circuit so that the authentication server authenticates fourth biometric information received from another electronic device for the second biometric information, the fourth biometric information being generated by the another electronic device based on a concatenation of third biometric information of the user and the unique information corresponding to the user according to the designated concatenation proportion transmitted from the authentication server to the another electronic device.
2. The electronic device of claim 1, wherein the third biometric information is at least partially different from the first biometric information.
3. The electronic device of claim 1, wherein to obtain the first biometric information, the processor is further configured to:
receiving input of biometric information from the user via the biometric sensor; and
the first biometric information is obtained by applying calibration information corresponding to the biometric sensor to the biometric information.
4. The electronic device of claim 3, further comprising a memory,
wherein the processor is further configured to:
receiving the calibration information corresponding to the biometric sensor from an external electronic device based at least on information related to the biometric sensor or the electronic device; or alternatively
The calibration information is retrieved from the memory based at least on information related to the biometric sensor or the electronic device.
5. The electronic device of claim 1, wherein the processor is further configured to: the unique information is acquired using information about a subscriber identity module installed in the electronic device.
6. The electronic device of claim 1, wherein the processor is further configured to: the unique information is acquired based on information acquired with at least one sensor of the electronic device.
7. The electronic device of claim 1, wherein the processor is further configured to: the unique information is acquired using image information related to the user.
8. The electronic device of claim 7, wherein the image information related to the user is generated from an image of a physical object captured with a camera, the image information including biometric information of the user, and
wherein the processor is further configured to:
transmitting the first biometric information and the image information related to the user to an authentication server; and
the unique information corresponding to the user is received from the authentication server.
9. The electronic device of claim 8, wherein, as part of receiving the unique information, the processor is further configured to receive a message indicating that the first biometric information corresponds to the image information related to the user.
10. The electronic device of claim 1, wherein the processor is further configured to: the specified cascade proportion is determined based on a user input for setting a characteristic of biometric authentication.
11. The electronic device of claim 1, wherein the processor is further configured to: the specified cascade proportion is determined based on the category and/or content of the function related to biometric authentication.
12. The electronic device of claim 1, wherein the processor is further configured to: the unique information is obtained using information related to the IP address of the electronic device.
13. An electronic device, the electronic device comprising:
a communication circuit;
a biometric sensor; and
a processor operably connected with the communication circuit and the biometric sensor and configured to:
receiving a request for execution of a function requiring biometric authentication of a user;
acquiring first biometric information of the user by using the biometric sensor;
concatenating the first biometric information and unique information corresponding to the user at a specified concatenation proportion determined based on a preset security level of a function related to biometric authentication;
Generating second biometric information for authenticating the user by performing a one-way transformation on the concatenated information;
transmitting the second biometric information to an authentication server;
receiving a signal from the authentication server, the signal indicating that the second biometric information is authenticated for a fourth biometric signal received from another electronic device, the fourth biometric signal generated by the other electronic device based on a concatenation of third biometric information of the user and the unique information corresponding to the user according to the specified concatenation proportion transmitted from the authentication server to the other electronic device; and performing the function in response to the signal being received.
CN201980036723.8A 2018-05-31 2019-05-30 Electronic device for authenticating user and operating method thereof Active CN112204933B (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
KR20180062962 2018-05-31
KR10-2018-0062962 2018-05-31
KR1020180105984A KR102495238B1 (en) 2018-05-31 2018-09-05 Electronic device for authenticating user and operating method thereof
KR10-2018-0105984 2018-09-05
PCT/KR2019/006490 WO2019231252A1 (en) 2018-05-31 2019-05-30 Electronic device for authenticating user and operating method thereof

Publications (2)

Publication Number Publication Date
CN112204933A CN112204933A (en) 2021-01-08
CN112204933B true CN112204933B (en) 2023-10-24

Family

ID=69003069

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201980036723.8A Active CN112204933B (en) 2018-05-31 2019-05-30 Electronic device for authenticating user and operating method thereof

Country Status (3)

Country Link
EP (1) EP3766229A4 (en)
KR (1) KR102495238B1 (en)
CN (1) CN112204933B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102646190A (en) * 2012-03-19 2012-08-22 腾讯科技(深圳)有限公司 Authentication method, device and system based on biological characteristics
CN105407100A (en) * 2010-09-24 2016-03-16 维萨国际服务协会 Method And System Using Universal Id And Biometrics
CN106357599A (en) * 2015-07-14 2017-01-25 三星电子株式会社 Electronic device, certification agency server, and payment system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030046237A1 (en) * 2000-05-09 2003-03-06 James Uberti Method and system for enabling the issuance of biometrically secured online credit or other online payment transactions without tokens
KR20030083273A (en) * 2002-04-20 2003-10-30 주식회사 디젠트 A system for making/retrieving secure documents using on-line fingerprint authentication and a method therefor
JP5147673B2 (en) * 2008-12-18 2013-02-20 株式会社日立製作所 Biometric authentication system and method
KR101052936B1 (en) * 2009-05-18 2011-07-29 이숙희 A network-based biometric authentication system using a biometric authentication medium having a biometric information storage unit and a method for preventing forgery of biometric information
KR101860314B1 (en) * 2017-04-26 2018-05-23 은호 한 Method and system for user authentication using supplementary system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105407100A (en) * 2010-09-24 2016-03-16 维萨国际服务协会 Method And System Using Universal Id And Biometrics
CN102646190A (en) * 2012-03-19 2012-08-22 腾讯科技(深圳)有限公司 Authentication method, device and system based on biological characteristics
CN106357599A (en) * 2015-07-14 2017-01-25 三星电子株式会社 Electronic device, certification agency server, and payment system

Also Published As

Publication number Publication date
EP3766229A1 (en) 2021-01-20
EP3766229A4 (en) 2021-04-28
KR20190136884A (en) 2019-12-10
KR102495238B1 (en) 2023-02-03
CN112204933A (en) 2021-01-08

Similar Documents

Publication Publication Date Title
US11405386B2 (en) Electronic device for authenticating user and operating method thereof
US20230325538A1 (en) Method and apparatus for processing biometric information in electronic device
US11783018B2 (en) Biometric authentication
US9712524B2 (en) Method and apparatus for user authentication
US10044708B2 (en) Method and apparatus for controlling authentication state of electronic device
US20160173492A1 (en) Authentication method using biometric information and electronic device therefor
US10341339B2 (en) Techniques for hearable authentication
US11496900B2 (en) Electronic device and method for storing user identification information
US20190005276A1 (en) Security Adjustments in Mobile Devices
JP2019527868A (en) Biological feature identification apparatus and method, and biological feature template registration method
KR20200050813A (en) Payment method using biometric authentication and electronic device thereof
EP3884407B1 (en) Electronic device for authenticating biometric information and operating method thereof
CN111757314A (en) Method for installing user configuration file and electronic device thereof
KR102453161B1 (en) Apparatus and method for transmitting private information to automatic response system
CN112204933B (en) Electronic device for authenticating user and operating method thereof
KR102010764B1 (en) Computer security system and method using authentication function in smart phone
US11645373B2 (en) Electronic device for biometrics and method thereof
US11570602B2 (en) Method for communicating with external electronic apparatus and electronic apparatus thereof
KR102404421B1 (en) Method and device for recognizing external electronic device
CN111868721A (en) Electronic device and operation method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant