CN113111318A

CN113111318A - Authentication method, equipment for realizing authentication and intelligent lock

Info

Publication number: CN113111318A
Application number: CN202110334858.1A
Authority: CN
Inventors: 柳顺兵; 盛林妹; 魏婷
Original assignee: Individual
Current assignee: Individual
Priority date: 2021-03-29
Filing date: 2021-03-29
Publication date: 2021-07-13

Abstract

The embodiment of the application restrains the validity of a first characteristic value representing a password by setting a second characteristic value, updates the corresponding relation between the first characteristic value and the second characteristic value and inserts a false-false password invalid based on the second characteristic value, avoids the risk of unlocking by copying any password, and well protects the privacy of a user input password. Even if the password input by the user is exposed or leaked during the password input process of the user, the security and the privacy of the real password are still ensured.

Description

Authentication method, equipment for realizing authentication and intelligent lock

Technical Field

The present application relates to, but not limited to, information security technologies, and in particular, to an authentication method, an apparatus for implementing authentication, and an intelligent lock.

Background

With the popularization of information security technology, in order to guarantee property or information security, the degree of dependence of people on passwords is greatly improved, and subsequent operations can be performed only by inputting correct passwords during computer login, webpage login, software login, bank account login, intelligent lock unlocking and the like.

The types of passwords are more and more from basic digital passwords to biological feature identification, and under the condition that the current biological feature identification technologies such as face identification, fingerprint identification and the like are gradually popularized due to the advantages of convenience and the like, the digital passwords are applied to some specific occasions due to unique characteristics of the digital passwords, for example, after a mobile terminal such as a mobile phone is started up/restarted, the unlocking can be performed by inputting the digital passwords.

The digital password is most vulnerable to leakage during input, and once leaked, a great loss may be caused to a user. In order to improve the security of the digital password in the input process, the related art generally increases the difficulty of password cracking by increasing the character type and the digit number of the password or setting a dummy password, and the like, thereby ensuring the security of the password input process. However, if there is a bystander, a monitoring device or a monitoring trojan to carry out the whole-course monitoring on the password input process, even if a plurality of groups of dummy passwords are set, the authentication can still be obtained and the unlocking can be successfully carried out as long as the characters and the sequence in the password input process are copied. Therefore, how to reduce the risk of leakage of the password in the input process, maintaining the security of the password in the password input stage is an important problem to be solved urgently by those skilled in the art.

Disclosure of Invention

The application provides an authentication method, equipment for realizing authentication and an intelligent lock, which can improve the privacy of a password in an input process and ensure the safety of password use.

The embodiment of the invention provides an authentication method, which comprises the following steps:

determining a password to be authenticated according to the first characteristic value and the second characteristic value obtained for multiple times;

the first characteristic value is a password value and is used for authority authentication; the second characteristic value is an attribute value and is used for indicating whether the password value displayed by the first characteristic value corresponding to the second characteristic value is valid or not;

before or after the first characteristic value and the second characteristic value are obtained at least once, updating the combination relation of the first characteristic value and the second characteristic value;

and determining whether the password passes the authentication according to the obtained password to be authenticated.

In an exemplary instance, before the determining the password to be authenticated, the method further includes:

setting a first feature value set, wherein the first feature value set comprises a preset correct password; and setting the second characteristic value, wherein the second characteristic value is used for indicating whether the first characteristic value corresponding to the second characteristic value is valid or not.

In one illustrative example, the determining a password to be authenticated includes:

acquiring the first characteristic value and the second characteristic value to form a password bit, and continuously acquiring the first characteristic value and the second characteristic value until confirmation key information is acquired; before or after the first characteristic value and the second characteristic value are obtained at least once, updating the combination relation to update the corresponding relation between the first characteristic value and the second characteristic value;

aiming at the password bits which are obtained in sequence, whether a first characteristic value corresponding to a second characteristic value is valid or not is determined according to the second characteristic value, and if the attribute of the second characteristic value is valid, the corresponding first characteristic value is valid and serves as a one-bit password; if the attribute of the second characteristic value is invalid, the corresponding first characteristic value is invalid, and the first characteristic value is discarded;

forming the password to be authenticated by the determined effective first characteristic values according to an acquisition sequence;

alternatively, the first and second electrodes may be,

acquiring the first characteristic value and the second characteristic value to form a password bit, determining whether a first characteristic value corresponding to the second characteristic value is valid according to the second characteristic value, if the attribute of the second characteristic value is valid, the corresponding first characteristic value is valid, comparing the first characteristic value with a preset correct first bit password value of the password, if the attribute of the second characteristic value is consistent with the attribute of the first characteristic value, marking that the first characteristic value passes authentication, and updating the authenticated password times; if the first characteristic value and the second characteristic value are not consistent, marking that the first characteristic value fails to be authenticated, and updating the authenticated password times; if the attribute of the second characteristic value is invalid, the corresponding first characteristic value is invalid, and the authentication of the bit password is skipped;

continuously acquiring the first characteristic value and the second characteristic value and authenticating until the number of times of the authenticated password is equal to the preset number of bits of the correct password;

before or after the first characteristic value and the second characteristic value are obtained at least once, updating the combination relation to update the corresponding relation between the first characteristic value and the second characteristic value;

and forming the password to be authenticated by the first characteristic values which pass or are authenticated according to the acquisition sequence.

In an exemplary instance, the determining whether the password to be authenticated is authenticated according to the obtained password to be authenticated includes:

if the password to be authenticated is consistent with the preset correct password, the authentication is passed; if the password to be authenticated is not completely consistent with the preset correct password, the authentication is not passed;

alternatively, the first and second electrodes may be,

and if at least one password is marked as not authenticated, the authentication is not passed.

In one illustrative example, prior to the obtaining the first and second feature values, the method further comprises:

and within a preset time length, the first characteristic value and the second characteristic value are not obtained, and the process of the application is ended.

In one illustrative example, the first characteristic value and the second characteristic value are presented differently;

the first characteristic value includes: numbers, and/or letters, and/or location information, and/or coordinate information;

the second characteristic value includes one characteristic or a combination of two or more different characteristics. The second characteristic value includes: letters, and/or shapes, and/or backlight colors of the input areas, and/or outer contour shapes or outer contour filling colors of the input areas where the first characteristic values are located, and/or colors of the indication areas corresponding to the input areas where the first characteristic values are located.

An embodiment of the present application further provides a computer-readable storage medium, in which computer-executable instructions are stored, where the computer-executable instructions are configured to execute any one of the authentication methods described above.

An embodiment of the present application further provides an apparatus for implementing authentication, including a memory and a processor, where the memory stores the following instructions executable by the processor: for performing the steps of the authentication method of any of the above.

An embodiment of the present application further provides an intelligent lock, including: a processing unit, a panel; wherein the content of the first and second substances,

a panel configured to receive an input operation from a user;

the panel is provided with a key area, the key area comprises a password key and a function key, and the password key comprises a first characteristic display part and a second characteristic display part; the first characteristic display part displays a first characteristic value, the second characteristic display part displays a second characteristic value, and the first characteristic value and the second characteristic value form a password bit; the first characteristic value is a password value and is used for authority authentication, and the second characteristic value is an attribute value and is used for indicating whether the password value displayed by the first characteristic value corresponding to the second characteristic value is valid or not;

the processing unit is arranged to determine a password to be authenticated according to the first characteristic value and the second characteristic value obtained for multiple times; before or after the first characteristic value and the second characteristic value are obtained at least once, updating the combination relation of the first characteristic value and the second characteristic value; and determining whether the password passes the authentication according to the obtained password to be authenticated.

In one illustrative example, the processing unit is configured to:

the processing unit is configured to:

aiming at the sequentially obtained password bits, determining whether a first characteristic value corresponding to a second characteristic value is valid or not according to the second characteristic value, if the attribute of the second characteristic value is valid, the corresponding first characteristic value is valid and is used as a one-bit password; if the attribute of the second characteristic value is invalid, the corresponding first characteristic value is invalid, and the first characteristic value is discarded;

alternatively, the first and second electrodes may be,

the processing unit is configured to:

forming the password to be authenticated by the first characteristic values which pass or are authenticated according to an acquisition sequence;

if each password bit of the password to be authenticated is marked as authenticated, the authentication is passed, and if at least one password bit marking bit is not authenticated, the authentication is not passed;

the processing unit is further configured to:

and within a preset time length, the first characteristic value and the second characteristic value are not obtained, and the method is ended.

An embodiment of the present application further provides an authentication method, including:

setting a disable key for indicating that the password input by the keyboard is invalid;

when the password input by the user is obtained, detecting that the disable key is valid, and determining that the currently input password is an invalid password;

the disabling key is used for multiplexing a volume key or a fingerprint area on the back of the mobile phone; or a newly set function key.

According to the embodiment of the application, the validity of the first characteristic value representing the password is restrained by setting the second characteristic value, the corresponding relation between the first characteristic value and the second characteristic value is updated, and the invalid pseudo-password based on the second characteristic value is inserted, so that the risk of unlocking by copying any password is avoided, and the privacy of the password input by a user is well protected. Even if the password input by the user is exposed or leaked during the password input process of the user, the security and the privacy of the real password are still ensured.

Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

Drawings

The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the example serve to explain the principles of the invention and not to limit the invention.

FIG. 1 is a schematic flow chart illustrating an authentication method according to an embodiment of the present application;

FIG. 2(a) is a diagram illustrating an example of an initial correspondence between a first characteristic value and a second characteristic value according to the present application;

FIG. 2(b) is a diagram illustrating an embodiment of a correspondence relationship between the first eigenvalue and the second eigenvalue of FIG. 2(a) after being updated once;

FIG. 2(c) is a diagram illustrating an embodiment of a correspondence relationship between the first eigenvalue and the second eigenvalue of FIG. 2(a) after being updated again;

FIG. 3(a) is a diagram illustrating another embodiment of the initial correspondence relationship between the first characteristic value and the second characteristic value;

fig. 3(b) is a schematic diagram of the correspondence relationship between the first characteristic value and the second characteristic value of fig. 3(a) after being updated once;

fig. 3(c) is a schematic diagram of the correspondence relationship between the first characteristic value and the second characteristic value in fig. 3(a) after being updated once again;

FIG. 4 is a diagram illustrating an embodiment of a combination of a first characteristic value and a second characteristic value according to the present application;

FIG. 5 is a diagram illustrating another embodiment of a combination of a first characteristic value and a second characteristic value according to the present application;

FIG. 6 is a schematic diagram of a structure of an intelligent lock according to an embodiment of the present application;

FIG. 7 is a schematic diagram of another intelligent lock according to an embodiment of the present application;

fig. 8 is a flowchart illustrating another authentication method according to an embodiment of the present application.

Detailed Description

To make the objects, technical solutions and advantages of the present application more apparent, embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.

In one exemplary configuration of the present application, a computing device includes one or more processors (CPUs), input/output interfaces, a network interface, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.

The steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.

Fig. 1 is a schematic flowchart of an authentication method in an embodiment of the present application, as shown in fig. 1, including:

step 100: determining a password to be authenticated according to the first characteristic value and the second characteristic value obtained for multiple times; the first characteristic value is a password value and is used for authority authentication; the second characteristic value is an attribute value and is used for indicating whether the password value displayed by the first characteristic value corresponding to the second characteristic value is valid or not; and before or after the first characteristic value and the second characteristic value are obtained at least once, updating the combination relation of the first characteristic value and the second characteristic value.

In an illustrative example, the first characteristic value may include, but is not limited to, such as a number, and/or location information, and/or coordinate information, and/or letters, and/or characters, and the like.

In an exemplary instance, the second characteristic value may include, but is not limited to, a letter, a figure, a backlight color of the input area, an outer contour shape or an outer contour filling color of the input area where the first characteristic value is located, a color of the indication area corresponding to the input area where the first characteristic value is located, and the like.

Here, the combination relationship between the first feature value and the second feature value means that the first feature value and the second feature value corresponding to the same input region are present in pairs, that is, when the first feature value is input to a certain input region, the second feature value is necessarily accompanied, and in this case, the first feature value is also referred to as corresponding to the second feature value. The purpose of updating the combination relation of the first characteristic value and the second characteristic value is to avoid the risk of unlocking by copying any password input process and well protect the security of the password input by a user. It should be noted that the input area described herein refers to a key that can be used to perform the first feature value and/or the second feature value input operation. Here, the purpose of updating the combination relationship includes at least: the purpose of updating before input is to disturb the relation between the first characteristic value and the second characteristic value, so that the combination of the first characteristic value and the second characteristic value cannot completely follow the input at any time after copying; the updating in the input process is to ensure that the correct password can be input, and in addition, if the updating is not carried out before the input, the updating also plays a role of disturbing the existing combination relation.

In an exemplary embodiment, step 100 may be preceded by:

on one hand, an unlocking or login password is set, and a preset number of first characteristic values are selected from a preset first characteristic value set to form a preset unlocking or login password. The unlock or login password may include a plurality of password values, one password value corresponding to one first characteristic value; in another aspect, a second feature value is set, the second feature value comprising: effective values representing that the first characteristic values corresponding to the effective values are valid and invalid values representing that the first characteristic values corresponding to the invalid values are invalid; if the second characteristic value is a valid value, the corresponding first characteristic value is valid, and if the second characteristic value is an invalid value, the corresponding first characteristic value is invalid.

For example, taking the first characteristic value as a number and the second characteristic value as a letter as an example, the first characteristic value and the second characteristic value form a cipher bit, such as: selecting four first characteristic values from a preset first characteristic value set (such as a set comprising a number 0 to a number 9) to form a password: 1234; selecting a second characteristic value representing the validity of the corresponding first characteristic value from a preset second characteristic value set (such as comprising letters a-j), wherein when the second characteristic value is a letter b, a letter a and a letter g, the attribute of the second characteristic value is invalid, and the corresponding first characteristic value is invalid; when the second feature value is a letter other than the letter b, the letter a, and the letter g, it indicates that the attribute of the second feature value is valid, and its corresponding first feature value is valid.

In an exemplary embodiment, the attribute of the second feature value may be set by the user according to the user's needs, such as: and grouping the second characteristic values according to the commonality of the second characteristic values, setting the attribute of one group of second characteristic values with the first commonality characteristic as valid, indicating that the corresponding first characteristic value is valid, and setting the attribute of the other group of second characteristic values with the second commonality characteristic as invalid, indicating that the corresponding first characteristic value is invalid. The following steps are repeated: and setting the attribute of one or more second characteristic values as invalid to indicate that the corresponding first characteristic value is invalid, and setting the attributes of other second characteristic values as valid to indicate that the corresponding first characteristic value is valid. Therefore, the user is helped to memorize the validity or invalidity of the first characteristic value corresponding to the second characteristic value, and the anti-peeping and anti-leakage of the password are facilitated. Taking the intelligent lock as an example, when the user starts the password setting function of the intelligent lock for the first time, the attribute of the second characteristic value can be set according to the requirement of the user.

In an exemplary example, the determining the password to be authenticated according to the first characteristic value and the second characteristic value obtained multiple times in step 100 may include:

acquiring a first characteristic value and a second characteristic value to form a password bit, and continuously acquiring the first characteristic value and the second characteristic value until the confirmation key information is acquired; before or after the first characteristic value and the second characteristic value are obtained at least once, updating the combination relation of the first characteristic value and the second characteristic value so as to update the corresponding relation of the first characteristic value and the second characteristic value;

determining whether a first characteristic value corresponding to a second characteristic value is valid or not according to the second characteristic value aiming at the sequentially obtained password bits, wherein if the attribute of the second characteristic value is valid, the first characteristic value is valid and is used as a one-bit password; if the attribute of the second characteristic value is invalid, the first characteristic value is invalid, and the first characteristic value is discarded;

and forming the password to be authenticated by the determined effective first characteristic values according to the acquisition sequence.

In the first illustrative example, before obtaining the first characteristic value and the second characteristic value, the method may further include:

if the first characteristic value and the second characteristic value are not obtained within the preset time length, that is, if the input operation of the user is not obtained within the preset time length, the process of the application is ended, that is, the authentication process is ended. In one embodiment, this may be achieved by setting a timer of a preset duration, which is not described in detail herein.

In this embodiment, the input area refers to a key combination used for performing an input operation of the first characteristic value and/or the second characteristic value, and may also be called an input keyboard, for example, a mobile phone or an APP unlock interface is provided with a key area, the key area at least includes a password key (function key is selectable), and the password key includes a first characteristic display portion used for displaying the first characteristic value and a second characteristic display portion used for displaying the second characteristic value. In this embodiment, the first eigenvalue is a number, and the second eigenvalue is a letter, as shown in fig. 2(a), it is assumed that the combination relationship between the first eigenvalue and the second eigenvalue, which are initially randomly presented, is as follows: 1-a, 2-b, 3-c, 4-d, 5-e, 6-f, 7-g, 8-h, 9-i, 0-j. In an embodiment, the combination relationship between the first feature value and the second feature value obtained by updating may be as shown in fig. 2(b), in such an embodiment, only the position of the second feature display portion on the keyboard changes, for example, randomly (or only the position of the first feature display portion on the keyboard changes), and the correspondence relationship between the first feature display portion and the second feature display portion on a certain keyboard after updating is as follows: 1-c, 2-f, 3-d, 4-b, 5-h, 6-a, 7-e, 8-j, 9-g, 0-i. In an embodiment, the combination relationship between the first feature value and the second feature value obtained by updating may also be as shown in fig. 2(c), in such an embodiment, positions of the first feature display portion and the second feature display portion on the keyboard are changed, for example, randomly changed, and the correspondence relationship between the first feature display portion and the second feature display portion on a certain keyboard after updating is as follows: 5-c, 6-f, 7-d, 1-b, 2-h, 4-a, 8-e, 9-i, 0-g, 3-j. It should be noted that fig. 2(a) to 2(c) illustrate a case where the position of the feature display portion on the keyboard changes randomly, and the change of the position of the feature display portion on the keyboard may also change according to a preset rule, which is not described herein again.

Taking the smart lock as an example, the process of obtaining the password to be authenticated may include: when the intelligent lock is in a dormant state, a user triggers the lock panel to wake up the unlocking system. When a user triggers a key for the first time, the system records and stores a first characteristic value and a second characteristic value currently displayed by the key, and updates the arrangement mode (such as the mode shown in fig. 3(a) -3 (c)) or the display effect of at least one characteristic value, so that the combination relationship between the first characteristic value and the second characteristic value which are in one-to-one correspondence originally changes. In this embodiment, the first characteristic value is a number, the second characteristic value is a backlight color, and as shown in fig. 3(a) to 3(c), the cross-hatched shading represents the first color (hereinafter, denoted by I), the vertical-striped shading represents the second color (hereinafter, denoted by II), and the cross-hatched shading represents the third color (hereinafter, denoted by III). Triggering the key again by the user within the preset time length, continuously recording and storing the first characteristic value and the second characteristic value corresponding to the key, updating the arrangement mode or the display effect of at least one characteristic value, repeating the steps until the user inputs a confirmation key, and ending the password input process; and judging the validity of the corresponding first characteristic value according to the attribute of the second characteristic value of each password bit according to the sequentially stored first characteristic value and second characteristic value, removing invalid password bits, and extracting and reserving the first characteristic values of the valid password bits according to the storage sequence to form the password to be authenticated. Such as: the password bits corresponding to the keys sequentially input by the user comprise: 1II, 2I, 2II, 4I, 3III, 4II, and an enter key, according to a rule preset by a user, that is, when a second characteristic value attribute is valid, it indicates that a corresponding first characteristic value is valid, and when the second characteristic value attribute is invalid, it indicates that the corresponding first characteristic value is invalid, in this embodiment, it is assumed that the rule is: if the second characteristic value is that the I-th color indicates that the corresponding first characteristic value is invalid, then, in this embodiment, for 1 II: if the first characteristic value is 1 and the second characteristic value is II, 1 is valid; for 2I: if the first characteristic value is 2 and the second characteristic value is I, 2 is invalid; for 2 II: if the first characteristic value is 2 and the second characteristic value is II, 2 is valid; for 4I: if the first characteristic value is 4 and the second characteristic value is I, 4 is invalid; for 3 III: the first eigenvalue is 3. the second eigenvalue is III, then 3 is valid; for 4 II: the first eigenvalue is 4 and the second eigenvalue is II, then 4 is valid. Thus, the corresponding actual input password, i.e., the password to be authenticated, is 1234. And subsequently, if the password to be authenticated is consistent with the preset correct password, executing unlocking operation. The following steps are repeated: if the password bits corresponding to the keys input by the user in sequence comprise: 1II, 2I, 4I, 3III, 4II, and a confirmation key, where the I-th color indicates that the corresponding first feature value is invalid, then according to the rule in this embodiment, it can be obtained that: for 1 II: if the first characteristic value is 1 and the second characteristic value is II, 1 is valid; for 2I: if the first characteristic value is 2 and the second characteristic value is I, 2 is invalid; for 4I: if the first characteristic value is 4 and the second characteristic value is I, 4 is invalid; for 3 III: if the first characteristic value is 3 and the second characteristic value is III, 3 is valid; for 4II, the first eigenvalue is 4, and the second eigenvalue is II, then 4 is valid; thus, the actually input password, that is, the password to be authenticated is 134, and if the password to be authenticated is not consistent with the correct password in the subsequent judgment, the unlocking is refused, and the unlocking fails at this time.

In a second exemplary example, the determining the password to be authenticated according to the first characteristic value and the second characteristic value obtained multiple times in step 100 may include:

on one hand, if the attribute of the second characteristic value is valid, the first characteristic value is compared with a preset first bit password value of a correct password, if the attribute of the second characteristic value is consistent with the preset first bit password value, the first characteristic value is marked to pass the authentication, and the authenticated password times are updated (namely the authenticated password times are increased by one, the initial value of the authenticated password times is 0, and the authenticated password times can be cleared after the password to be authenticated is determined); if the first characteristic value and the second characteristic value are not consistent, marking that the first characteristic value fails to be authenticated, and updating the authenticated password times; on the other hand, if the attribute of the second characteristic value is invalid, the first characteristic value is invalid, the authentication of the bit password is skipped, namely the bit password is not authenticated, the authenticated password is not updated for times, and the next input is waited;

continuously acquiring the first characteristic value and the second characteristic value and authenticating until the number of times of the authenticated password is equal to the preset number of digits of the unlocking or login password;

before or after the first characteristic value and the second characteristic value are obtained at least once, updating the combination relation of the first characteristic value and the second characteristic value so as to update the corresponding relation of the first characteristic value and the second characteristic value;

In an exemplary instance, before obtaining the first feature value and the second feature value, the method may further include:

Still taking the smart lock as an example, the first characteristic value is a number, the second characteristic value is a backlight color, and it is assumed that a correct password composed of the preset first characteristic values is: 1234, and setting up to indicate that the corresponding first characteristic value is invalid when the attribute of the second characteristic value is the I-th color, and indicate that the corresponding first characteristic value is valid when the attribute of the second characteristic value is the II-th color or the III-th color. Then, the process of obtaining the password to be authenticated may include:

when the intelligent lock is in a dormant state, a user triggers the lock panel to wake up the unlocking system.

When a user triggers a key for the first time, judging the attribute of a second characteristic value for a first characteristic value and a second characteristic value currently displayed by the key, if the attribute of the second characteristic value is invalid, skipping the authentication of the password bit, and simultaneously updating the arrangement mode (the mode shown in figures 3(a) to 3 (c)) or the display effect of at least one characteristic value, so that the combination relationship of the first characteristic value and the second characteristic value which are in one-to-one correspondence originally is changed; if the attribute of the second characteristic value is valid, extracting the first characteristic value, comparing the first characteristic value with the value of the corresponding password bit of the originally set unlocking password and marking a comparison result, if the first characteristic value and the second characteristic value are consistent, passing the authentication, and if the first characteristic value and the second characteristic value are not consistent, failing the authentication, updating the number of times of the authenticated password, such as adding one, and updating the arrangement mode of the first characteristic value and/or the display effect of the second characteristic value so as to change the combination relationship of the first characteristic value and the second characteristic value which are originally in one-to-one correspondence;

triggering the key again by the user within the preset duration, acquiring the first characteristic value and the second characteristic value again, judging the validity of the corresponding first characteristic value, namely the current password bit, according to the second characteristic value acquired again, if the attribute of the second characteristic value is invalid, skipping the authentication of the password bit, and updating the arrangement mode of the first characteristic value and/or the display effect (as shown in the modes of fig. 3(a) to fig. 3 (c)) of the second characteristic value, so that the combination relationship of the first characteristic value and the second characteristic value which are in one-to-one correspondence originally is changed again; if the attribute of the second characteristic value is valid, extracting the first characteristic value, comparing the first characteristic value with the value of the corresponding password bit of the originally set correct password and marking a comparison result, if the two are consistent, passing the authentication, if the two are not consistent, failing the authentication, updating the authenticated password times, if continuing to add one, continuing to update the arrangement mode of the first characteristic value and/or the display effect of the second characteristic value, so that the combination relationship of the first characteristic value and the second characteristic value which are in one-to-one correspondence originally continues to change; and ending the password input process until the number of times of the authenticated password is the same as the preset number of digits of the correct password, and ending the process of acquiring the password to be authenticated. Subsequently, according to the recorded authentication results of the valid password bits, if the authentication results of the valid password bits are all authenticated, the intelligent lock system executes unlocking operation, and if the authentication result of at least one password bit is authenticated, the unlocking operation cannot be executed.

Such as: the password bits corresponding to the keys sequentially input by the user comprise 1II, 2I, 2II, 4I, 3III and 4II, the first characteristic value is a number, and the second characteristic value is an I color, an II color and an III color; according to a rule preset by a user, that is, when the second characteristic value attribute is valid, it indicates that the corresponding first characteristic value is valid, and when the second characteristic value attribute is invalid, it indicates that the corresponding first characteristic value is invalid, in this embodiment, it is assumed that the rule is: if the second characteristic value is the ith color, which indicates that the corresponding first characteristic value is invalid, then, in this embodiment,

receiving a password bit (1 II) input by a user for the first time, judging that a first characteristic value (number 1) in the password bit input for the first time is a valid password according to a second characteristic value (II color) in the password bit input for the first time, keeping the first characteristic value (number 1), comparing the number 1 in the password bit input for the first time with a first bit of a preset correct password, if the first characteristic value and the number 1 are consistent, marking the first bit of the password as pass authentication, keeping an awakening state, and randomly or according to a preset rule, updating the combination relationship of the first characteristic value and the second characteristic value; recording the current authenticated times as 1;

receiving a password bit (2I) input by a user for the second time, judging a first characteristic value (number 2) in the password bit input for the second time as an invalid password according to a second characteristic value (I color) in the password bit input for the second time, and skipping the authentication of the password bit by the system at the moment; continuously keeping the awakening state, and simultaneously updating the combination relation of the first characteristic value and the second characteristic value randomly or according to a preset rule;

receiving a password bit (2 II) continuously input for the third time by a user, judging that a first characteristic value (a number 2) in the password bit input for the third time is an effective password according to a second characteristic value (a color II) in the password bit input for the third time, reserving the number 2 in the password bit input for the third time, comparing the number 2 in the password bit input for the third time with a preset second bit of a correct password, and if the two numbers are consistent, marking the second bit password as a pass authentication; continuously keeping the awakening state of the system, and randomly or according to a preset rule, updating the combination relation of the first characteristic value and the second characteristic value; and updating the authenticated times to be 2;

receiving a password bit (4I) input by a user for the fourth time, judging a first characteristic value (number 4) in the password bit input for the fourth time as an invalid password according to a second characteristic value (I color) in the password bit input for the fourth time, and skipping authentication of the password bit by the system at the moment; continuously keeping the awakening state, and simultaneously updating the combination relation of the first characteristic value and the second characteristic value randomly or according to a preset rule;

receiving a password bit (3 III) continuously input for the fifth time by a user, judging that a first characteristic value (a number 3) in the password bit input for the fifth time is a valid password according to a second characteristic value (a color III) in the password bit input for the fifth time, keeping the number 3 in the password bit input for the fifth time, comparing the number 3 in the password bit input for the fifth time with a preset correct third bit of the password, and if the two numbers are consistent, marking the third bit of the password as being correct and passing the authentication; continuously keeping the awakening state of the system, and randomly or according to a preset rule, updating the combination relation of the first characteristic value and the second characteristic value; and updating the authenticated times to be 3;

receiving a password bit (4 II) continuously input for the sixth time by the user, judging that a first characteristic value (a number 4) in the password bit input for the sixth time is a valid password according to a second characteristic value (a color II) in the password bit input for the sixth time, keeping the number 4 in the password bit input for the sixth time, comparing the number 4 in the password bit input for the sixth time with a preset fourth bit of a correct password, and if the two numbers are consistent, marking the fourth password as a pass authentication; continuously keeping the awakening state of the system, and randomly or according to a preset rule, updating the combination relation of the first characteristic value and the second characteristic value; and updating the authenticated times to be 4;

the authenticated times are 4, namely the authenticated password digit number in the password input process is the same as the preset digit number of the correct password, and the system does not receive new password input operation any more. Meanwhile, the background can confirm whether to unlock according to the authentication result of each password bit.

Step 101: and determining whether the password passes the authentication according to the obtained password to be authenticated.

In a first illustrative example, step 101 may comprise:

if the password to be authenticated is consistent with the preset correct password, the authentication is passed; if the password to be authenticated is not completely consistent with the preset correct password, the authentication is failed.

In a second illustrative example, step 101 may comprise:

if each password of the password to be authenticated is marked as authenticated, the authentication is passed, and the system executes unlocking operation; if at least one bit of password is marked as not authenticated, the authentication is not passed, and the system does not execute the unlocking operation.

The second embodiment can use no confirmation key, that is, the user inputs the password to complete the authentication, which is very convenient and especially suitable for the sliding unlocking scene. In one embodiment, in the sliding unlocking, the first characteristic value may be set as the position coordinate of each key, and the second characteristic value may be set as a value indicating that the corresponding first characteristic value is valid and a value indicating that the corresponding first characteristic value is invalid in the embodiment of the present application.

According to the authentication method provided by the embodiment of the application, the validity of the first characteristic value representing the password is restrained by setting the second characteristic value, the corresponding relation between the first characteristic value and the second characteristic value is updated, and the false password invalid based on the second characteristic value is inserted, so that the risk of unlocking by copying any password is avoided, and the privacy of the password input by a user is well protected. Even if the password input by the user is exposed or leaked during the password input process of the user, the security and the privacy of the real password can be still ensured.

In the above embodiments, the first characteristic value is a number, the second characteristic value is a letter, the first characteristic value is a number, and the second characteristic value is a backlight color, but the present invention is not limited to this embodiment, and there are many ways, such as an example where the first characteristic value is a number, and the second characteristic value is an outer contour shape of an input area where the first characteristic value is located, as shown in fig. 4.

In an illustrative example, the second feature value may include a feature, such as the aforementioned letter; the second feature value may also be a combination of two or more features, such as; different letter combinations, as shown in fig. 5; the following steps are repeated: letter and display color combinations; as another example; letters and backlight color combinations of the input area, etc. When the second feature value includes two or more features, it may be: the first characteristic value corresponding to the second characteristic value is invalid only when more than two characteristics indicate that the corresponding first characteristic value is invalid. That is, as long as one of two or more features constituting the second feature value is indicative that the corresponding first feature value is valid, the first feature value corresponding to the second feature value is valid.

When the second feature value includes two or more features, it may be: if one of the two or more characteristics indicates that the first characteristic value corresponding to the second characteristic value is invalid, the first characteristic value corresponding to the second characteristic value is invalid. That is, the first feature value corresponding to the second feature value is valid only if more than two features constituting the second feature value all indicate that the corresponding first feature value is valid. Taking the second characteristic value as a three-color LED lamp as an example, considering that the three-color LED lamp has fewer changeable colors, in order to reduce the number of password inputs and improve the user experience, it can be defined that the second characteristic value (a combination of color and number) includes: the first characteristic value corresponding to the number 5 of the red backlight, the number 3 of the red backlight, and the number 7 of the red backlight is invalid, and the other numbers of red and the combination of the remaining two colors and all the numbers in the three-color LED are valid. The invalid keys presented on the keyboard at every time can be only 1-2 so as to facilitate the input of real passwords, thus, when the color of the three-color LED lamp changes, the invalid characteristic is greatly reduced, and the usability is improved.

The authentication method provided by the embodiment of the application can be applied to various scenes in which the password needs to be input to complete authentication, such as: ATM machine, mobile terminal, intelligent lock, etc. As long as the combination relationship of the first characteristic value and the second characteristic value can be displayed. For example, for the ATM machine, the second characteristic value information corresponding to the numeric keypad (for receiving the first characteristic value input by the user) of the ATM machine may be displayed through the soft keypad using the screen of the ATM machine. The following steps are repeated: for a mobile terminal, the input area of the first characteristic value and the input area of the second characteristic value can be realized by adopting a soft keyboard in a screen, and for a mobile terminal with a numeric keyboard, a mode similar to an ATM can also be adopted. For another example: for the intelligent lock, the second characteristic value can be represented by using the backlight color of the numeric keyboard, and the change condition of the combination relationship between the second characteristic value and the first characteristic value can be expanded by further increasing the color number of the backlight (for example, adopting a multi-color lamp), so as to further improve the safety.

As shown in fig. 6, the intelligent lock provided in the embodiment of the present application at least includes a processing unit and a panel; wherein the content of the first and second substances,

a panel configured to: an input operation from a user is received. The panel is provided with a key area, the key area comprises a password key and a function key, and the password key comprises a first characteristic display part and a second characteristic display part; the first characteristic display part and the second characteristic display part are in one-to-one correspondence, the first characteristic display part displays a first characteristic value, the second characteristic display part displays a second characteristic value, and the first characteristic value and the second characteristic value form a password bit. The first characteristic value is a password value and is used for authority authentication, and the second characteristic value is an attribute value and is used for indicating whether the password value displayed by the first characteristic value corresponding to the second characteristic value is valid or not;

a processing unit configured to: determining a password to be authenticated according to the first characteristic value and the second characteristic value obtained for multiple times; before or after the first characteristic value and the second characteristic value are obtained at least once, updating the combination relation of the first characteristic value and the second characteristic value; and determining whether the password passes the authentication according to the obtained password to be authenticated.

In one illustrative example, the processing unit may be arranged to:

determining whether a first characteristic value corresponding to a second characteristic value is valid according to the attribute of the second characteristic value aiming at the sequentially obtained password bits, wherein if the attribute of the second characteristic value is valid, the first characteristic value is valid and is used as a one-bit password; if the attribute of the second characteristic value is invalid, the first characteristic value is invalid, and the first characteristic value is discarded;

forming the determined effective first characteristic values into a password to be authenticated according to the acquisition sequence;

In another illustrative example, the processing unit may be configured to:

acquiring a first characteristic value and a second characteristic value to form a password bit, judging whether the corresponding first characteristic value is valid according to the attribute of the second characteristic value, on one hand, if the attribute of the second characteristic value is valid, the first characteristic value is valid, comparing the first characteristic value with a preset correct first bit password value of the password, if the first characteristic value and the preset correct first bit password value are consistent, marking the first characteristic value to pass authentication, and updating the authenticated password times (namely, the authenticated password times are increased by one, the authenticated password times initial value is 0, and after the password to be authenticated is determined, the authenticated password times can be cleared by 0 processing); if the first characteristic value and the second characteristic value are not consistent, marking that the first characteristic value fails to be authenticated, and updating the authenticated password times; on the other hand, if the attribute of the second characteristic value is invalid, the first characteristic value is invalid, the authentication of the bit password is skipped, namely the bit password is not authenticated, the authenticated password is not updated for times, and the next input is waited;

continuously acquiring the first characteristic value and the second characteristic value and authenticating until the number of times of the authenticated password is equal to the preset number of digits of the correct password;

forming a password to be authenticated by the first characteristic values which pass or are authenticated according to an acquisition sequence;

if each password bit of the password to be authenticated is marked as authenticated, the authentication is passed, and if at least one password bit is marked as unauthenticated, the authentication is not passed.

In one illustrative example, the processing unit is further configured to:

if the first characteristic value and the second characteristic value are not obtained within the preset time, that is, if the input operation of the user is not obtained within the preset time, the process of the present application is ended, that is, the authentication process is ended.

In an exemplary example, as shown in fig. 6, the first feature display portion is a numeric keypad, the second feature display portion is overlapped with and disposed under the first feature display portion, and a plurality of single color lamps or multi-color lamps are respectively disposed at positions of the second feature display portion corresponding to each numeric key. And the combination of the color of the lamp and the number is used as a second characteristic value, the color of the lamp of each key is set, the combination of the lamp of each key and the number of each key is used as the second characteristic value, and the validity of the attribute is judged, so that whether the corresponding first characteristic value is a valid password or not is obtained. For clarity of the display in fig. 6, the first feature display portion and the second feature display portion are offset and actually overlap.

In an exemplary example, as shown in fig. 7, the first feature display portion is a numeric keypad, the second feature display portion may be disposed on a periphery of the first feature display portion, such as an upper side, a lower side (fig. 7 is taken as an example of being disposed on a lower side), a left side or a right side, and a plurality of monochromatic lamps or multicolor lamps are disposed at positions of the second feature display portion corresponding to the respective numeric keys, respectively. Whether the number corresponding to the color of the lamp is a valid password is set by the combination of the color of the lamp and the number.

According to the intelligent lock provided by the embodiment of the application, the validity of the first characteristic value representing the password is restrained through the second characteristic value, the corresponding relation between the first characteristic value and the second characteristic value is updated, the invalid fake password based on the second characteristic is inserted, the risk that the password is copied any time to unlock is avoided, and the privacy of the password input by a user is well protected. Even if the password input by the user is exposed or leaked during the password input process of the user, the security and the privacy of the real password are still ensured.

In the above embodiment, by updating the combination relationship between the first characteristic value and the second characteristic value in the input process, the risk that the system cannot be unlocked all the time due to the fact that the second characteristic value corresponding to the correct password is invalid all the time can be reduced, and thus, the preset correct password can be input in the limited password input process, and unlocking can be smoothly achieved. The embodiment can be applied to devices which are not authenticated locally (for example, the terminal device does not store a preset correct password, and a system which needs networking authentication), such as an online banking system, any webpage authorization verification password, an ATM machine and the like.

In an illustrative example, the present application further provides another authentication method, as shown in fig. 8, including:

step 800: determining a password to be authenticated according to the first characteristic value and the second characteristic value obtained for multiple times; the first characteristic value is a password value and is used for authority authentication; the second characteristic value is an attribute value and is used for indicating whether the password value displayed by the first characteristic value corresponding to the second characteristic value is valid or not; the first characteristic value and the second characteristic value have a combination relationship, and the combination relationship comprises that the attribute of the second characteristic value corresponding to the first characteristic value which is consistent with all correct passwords is valid in a specific mode;

step 801: and determining whether the password passes the authentication according to the obtained password to be authenticated.

The authentication method embodiment shown in fig. 8 differs from the embodiment shown in fig. 1 in that: in the embodiment shown in fig. 8, in the specific mode, the combination relationship between the first characteristic value and the second characteristic value may or may not be updated during the input process (the updating becomes unnecessary, but the specific mode may be kept updated to avoid leakage), but when the combination relationship between the first characteristic value and the second characteristic value is established, the combination still needs to be updated, and the attribute of the second characteristic value in the combination relationship corresponding to the first characteristic value representing the correct password is kept valid, so that the attribute of the second characteristic value in the combination relationship corresponding to the first characteristic value is always valid. In this way, a dummy password with invalid attributes based on the second characteristic value (in the embodiment of the present application, such a dummy password is referred to as a characteristic-based dummy password) can be selectively inserted at any position, so that the risk of successful unlocking after any one or several times of unlocking processes are copied and analyzed is avoided, the complexity of the password is increased, and the problem of password leakage caused by peeping in the password input process is prevented.

In an exemplary embodiment, the specific mode in the combination relationship in the present application may be turned on and off by setting a shortcut key, and the specific mode turning on is performed in a state that the authority authentication (including convenient biometric authentication: fingerprint, human face, and other authentication means) passes. The restriction may be turned on to define a specific mode. Thus, after the limitation is opened, the usability of the password can be improved, and the touch typing input is realized. However, the presented combination relationship has a certain rule, and if the combination relationship is utilized by a lawbreaker, the number corresponding to the correct password can be analyzed through the password combination presentation for a certain number of times, so that the password deciphering difficulty can be greatly reduced. Therefore, in order to prevent the real password from being analyzed through the presentation of a large number of combination relations, the number of times of presentation or the presentation period of the feature display part can be limited after a specific mode is entered, and the mode is automatically exited after the threshold of the number of times or the time is reached.

The embodiment shown in fig. 8 is particularly suitable for locally authenticated devices (e.g. devices in which the authentication terminal stores a preset correct password), such as: and the pad unlocking password, the mobile phone unlocking password, the coded lock and other devices for offline authentication unlocking. For example, if the correct unlocking password pre-stored by the device is 1234, when the combination of the first characteristic value and the second characteristic value is presented, and the first characteristic values are number 1, number 2, number 3, and number 4, the attributes of the corresponding second characteristic values are all valid, and the attributes of the corresponding second characteristic values of the other first characteristic values are valid and/or invalid, for example: assuming that only three letter attributes of a letter b, a letter a and a letter d in the letters a-j are set to be invalid, the corresponding first characteristic value is invalid; the remaining 7 letters are valid, 4 letters are selected from the remaining 7 letters to be combined with the true password, i.e., the

numbers

1, 2, 3, and 4, and the remaining 3 letters of the 7 letters and b, a, and d are combined with the

numbers

5, 6, 7, 8, 9, and 0, respectively. Therefore, the combination relationship between the first characteristic value and the second characteristic value can be reduced or even not updated in the input process, and the effective input of all correct passwords can be realized; meanwhile, the function of inserting the false password at any position is reserved, and the privacy of the password input by the user is well protected. By inserting the dummy password, even if the process of the password input by the user is exposed or leaked during the password input process of the user, the security and the privacy of the real password can be still ensured.

The embodiment of the application also provides an intelligent lock, which at least comprises a processing unit and a panel; wherein the content of the first and second substances,

a panel configured to receive an input operation from a user. The password key comprises a first characteristic display part and a second characteristic display part; the first characteristic display part and the second characteristic display part are in one-to-one correspondence, and a group of first characteristic values and second characteristic values are obtained after the key is triggered to form a password bit; the first characteristic display part displays a first characteristic value, the second characteristic display part displays a second characteristic value, the first characteristic value is a password value and is used for authority authentication, and the second characteristic value is an attribute value and is used for indicating whether the password value displayed by the first characteristic value corresponding to the second characteristic value is valid or not; the first characteristic value and the second characteristic value have a combination relationship, and the combination relationship comprises that the attribute of the second characteristic value corresponding to the first characteristic value which is consistent with all correct passwords is valid in a specific mode;

the processing unit is configured to: determining a password to be authenticated according to the first characteristic value and the second characteristic value obtained for multiple times; and determining whether the password passes the authentication according to the obtained password to be authenticated.

The intelligent lock provided by the embodiment is different from the intelligent lock shown in fig. 6 or fig. 7 only in that: in this embodiment, in the specific mode, the combination relationship between the first characteristic value and the second characteristic value may or may not be updated during the input process (the updating becomes unnecessary, but the specific mode may be kept updated to avoid leakage), but when the combination relationship between the first characteristic value and the second characteristic value is established, the combination still needs to be updated, and the attribute of the second characteristic value in the combination relationship is set to indicate that the corresponding first characteristic value is valid in correspondence with the first characteristic value indicating the correct password.

when the disabled key is detected to be valid or triggered while the password input by the user is obtained, the currently input password is determined to be an invalid password.

In an exemplary embodiment, for a mobile phone, the disable key may be a function key that is newly set, such as a volume key, a fingerprint area located on the back of the mobile phone, or the like. The disable key is typically located in a region that is relatively covert, or otherwise imperceptible to activation or deactivation.

The authentication method provided by the embodiment does not need to change the type and the password authentication mode of the original password, and the safety of the input process of the correct password is skillfully improved.

The present application also provides a computer-readable storage medium storing computer-executable instructions for performing the authentication method shown in fig. 1 or fig. 8.

The present application further provides an apparatus for implementing authentication, comprising a memory and a processor, wherein the memory stores the following instructions executable by the processor: for performing the steps of the authentication method described above in fig. 1 or fig. 8.

Although the embodiments disclosed in the present application are described above, the descriptions are only for the convenience of understanding the present application, and are not intended to limit the present application. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims.

Claims

1. An authentication method, comprising:

2. The authentication method of claim 1, prior to determining the password to be authenticated, further comprising:

3. The authentication method of claim 2, wherein the determining a password to be authenticated comprises:

alternatively, the first and second electrodes may be,

4. The authentication method according to claim 3, wherein the determining whether the authentication is passed according to the obtained password to be authenticated comprises:

alternatively, the first and second electrodes may be,

5. The authentication method according to any one of claims 1 to 4, prior to the obtaining the first and second feature values, the method further comprising:

6. An authentication method according to any one of claims 1 to 5, wherein the first characteristic value and the second characteristic value are presented differently;

the second characteristic value comprises one characteristic or a combination of two or more different characteristics; the second characteristic value includes: letters, and/or shapes, and/or backlight colors of the input areas, and/or outer contour shapes or outer contour filling colors of the input areas where the first characteristic values are located, and/or colors of the indication areas corresponding to the input areas where the first characteristic values are located.

7. A computer-readable storage medium storing computer-executable instructions for performing the authentication method of any one of claims 1 to 6.

8. An apparatus for implementing authentication, comprising a memory and a processor, wherein the memory has stored therein instructions executable by the processor to: steps for performing the authentication method of any one of claims 1 to 6.

9. A smart lock, comprising: a processing unit, a panel; wherein the content of the first and second substances,

a panel configured to receive an input operation from a user;

10. The smart lock of claim 9,

the processing unit is configured to:

alternatively, the first and second electrodes may be,

the processing unit is configured to:

the processing unit is further configured to:

11. An authentication method, comprising: