CN115033864A - Identity verification method and system and electronic equipment - Google Patents

Abstract

The application provides an authentication method, an authentication system and electronic equipment, wherein an encryption mechanism is introduced, a master device initiating screen projection is set to actively send an authentication request to a slave device of content of screen projection of a real master device, and an encryption mode is negotiated, so that when the slave device sends acquired authentication information to the master device for authentication, the authentication information can be encrypted according to a first public key which is provided by the master device and is only suitable for the current slave device to execute the current target operation, and after receiving an authentication ciphertext sent by the slave device, the master device can decrypt the authentication information based on a first private key matched with the first public key and verify the decrypted authentication information based on target authentication information stored locally. Therefore, the multi-screen cooperative equipment can carry out identity authentication across equipment, so that the operation of a user is facilitated, and meanwhile, the encryption mode is introduced, and the safety of content transmission between the master equipment and the slave equipment is ensured.

Description

Identity verification method and system and electronic equipment

Technical Field

The embodiment of the application relates to the field of electronic equipment, in particular to an identity authentication method, an identity authentication system and electronic equipment.

Background

With the continuous development of electronic equipment technology, multi-screen cooperation among intelligent electronic equipment such as mobile phones, watches, tablet computers and the like becomes a normal state, and more possibilities are provided in the use scene experience.

At present, in order to ensure privacy and information security of a user, passwords, such as fingerprint passwords, face passwords and the like, are generally set for electronic equipment and applications installed on the electronic equipment. Although when the electronic device or the application installed on the electronic device is operated, the corresponding password is input for authentication first, so that privacy and information security of the user can be guaranteed, under a multi-device interconnection scene, the user cannot directly unlock the main device and the application installed on the main device on the interconnection device by adopting biological characteristic information such as fingerprints and human faces, if the user wants to access the main device in a screen locking state through the interconnection device or the application installed on the main device and provided with the password, the user needs to take up the main device for unlocking first, and the interconnection device can only access the main device. For a scene that the main device is not at the user, for example, the main device is charged in the room a, and the user uses the interconnection device to work in the room B, the user wants to access the main device through the interconnection device, and must first go to the room a to pick up the main device to perform unlocking authentication, and then return to the room B to access the main device through the interconnection device. Therefore, the operation is troublesome, a multi-screen cooperation scene among multiple devices is hindered, and the user experience is seriously influenced.

Disclosure of Invention

In order to solve the technical problem, the present application provides an identity authentication method, an identity authentication system, and an electronic device, so that cross-device identity authentication between multiple devices in cooperation with each other is achieved, thereby improving convenience of identity authentication operation, and in the process of performing identity authentication across devices, an encryption mechanism is introduced, a public key and a private key used for encryption and decryption are set to only operate on a current target, and a slave device performing current target operation is set, thereby ensuring security of content transmission between a master device and a slave device.

In a first aspect, an authentication method is provided. The identity authentication method is applied to main equipment, the main equipment and slave equipment establish communication connection through a multi-screen cooperative function, the main equipment is electronic equipment used for screen projection, the slave equipment is electronic equipment used for displaying screen projection content of the main equipment, and the identity authentication method comprises the following steps: determining a source of a target operation that triggers an authentication service, the authentication service being associated with a primary device; when the target operation comes from the slave equipment, distributing a first public key for executing the target operation for the slave equipment, distributing a first private key matched with the first public key for the master equipment, and generating an authentication request; sending the first public key and the authentication request to the slave device; receiving an authentication ciphertext sent by the slave equipment, and decrypting the authentication ciphertext according to the first private key to obtain authentication information; and verifying the identity verification information according to the target identity information stored locally. Thus, by introducing an encryption mechanism and setting the master device initiating screen projection to actively send an identity authentication request to the slave device of the content of screen projection of the real master device and negotiating an encryption mode, the encryption mode used by both sides can be defined before the slave device sends identity authentication information to the master device, so that when the slave device sends the acquired identity authentication information to the master device for authentication, the identity authentication information can be encrypted according to a first public key which is provided by the master device and is only suitable for the current slave device to execute the current target operation, and after receiving an identity authentication ciphertext sent by the slave device, the master device can decrypt the identity authentication information based on a first private key matched with the first public key and verify the decrypted identity authentication information based on the target identity information stored locally, thereby realizing the cross-device identity authentication between the devices with multi-screen cooperation, the method is convenient for users to operate, and simultaneously, the encryption mode is introduced, so that the safety of content transmission between the master equipment and the slave equipment is ensured.

Illustratively, in one example, the target identity information is set for the object targeted by the authentication service through the master device. Therefore, a setting inlet is provided in the main equipment, and the user directly sets the setting according to the requirement, so that the target identity information can be directly stored in the main equipment locally without network transmission, and the safety of the target identity information is ensured.

Illustratively, in another example, the target identity information is synchronized to the master device for storage after being set by the third-party device. Therefore, the user can conveniently set the target identity information through other third-party equipment, and the convenience of user operation is improved.

According to a first aspect, allocating a first public key for executing a target operation to a slave device, and allocating a first private key matching the first public key to a master device, includes: randomly selecting a group of key pairs from a local key database, wherein the key pairs comprise public keys and private keys; distributing a public key in the selected key pair as a first public key to the slave equipment executing the target operation; and distributing the private key of the selected key pair to the main equipment as a first private key. Therefore, for different target operations initiated by different slave devices, the master device randomly selects the key pair to distribute, so that the security of encryption and decryption operations of the key pair based on random selection is greatly improved, and the problem that the key is easily decoded by people and identity authentication information is stolen due to the fact that the key is fixed is effectively avoided.

According to the first aspect, or any implementation manner of the first aspect above, before randomly selecting a set of key pairs from a local key database, the method further includes: judging whether a key pair exists in a key database; if yes, a step of randomly selecting a group of key pairs from a local key database is executed; otherwise, a group of key pairs are randomly generated, the generated key pairs are stored in a key database, and the step of randomly selecting a group of key pairs from the local key database is executed after the generated key pairs are stored in the key database. Therefore, when the key pair is randomly selected from the key database, whether the selectable key pair exists in the key database is judged, and then whether a new key pair is randomly generated according to a preset algorithm or an existing key pair is selected from the key database is selected according to the judgment result, so that the first key and the first public key which can be used can be ensured to be always used when the master device and the slave device carry out identity verification.

In addition, whether the key pair is selected from the key database or a newly generated key pair is selected, the key pair is randomly generated and acquired, that is, the key pair is not fixed and no rule can be followed, so that the deciphering difficulty is further increased.

According to the first aspect, or any implementation manner of the first aspect above, after randomly selecting a group of key pairs from a local key database, the method further includes: setting a first effective duration for a public key in a key pair, and setting a second effective duration for a private key in the key pair; monitoring a first use duration of a public key in a key pair and a second use duration of a private key in the key pair; destroying the public key in the key pair when the first using duration is equal to the first effective duration; and destroying the private key in the key pair when the second using duration is equal to the second effective duration. Therefore, effective time lengths are respectively set for the first public key and the first private key, and when the service time lengths of the first public key and the first private key are equal to the corresponding effective time lengths, the first public key and the first private key are destroyed, and time is needed for cracking the keys, so that even if the keys are cracked by illegal persons, the current key pair for encryption and decryption is invalid, the subsequent encrypted authentication ciphertext cannot be decrypted by using a newly effective key pair, and the security of the authentication information transmitted between the master device and the slave device is greatly improved.

Illustratively, in one example, the first and second validity periods are the same. Therefore, the first public key and the first private key can be simultaneously effective and destroyed, and management of the main equipment is facilitated.

Illustratively, in another example, the first and second validity periods are not the same, and the second validity period is slightly longer than the first validity period. Therefore, the main device can be prevented from being decrypted according to the first private key due to time delay, the effective time of the first private key and the effective time of the first public key expire, and the first private key is destroyed, so that the problem that decryption cannot be verified due to time delay is effectively solved.

According to the first aspect, or any implementation manner of the first aspect above, generating an authentication request includes: determining an identity authentication mode corresponding to an object targeted by an identity authentication service; and generating an authentication request according to the authentication mode. Therefore, the authentication request is generated according to the authentication mode of different objects aimed at by the authentication service, so that the authentication request can be better adapted to different objects triggered by target operation, and the authentication of the exaggerated equipment can be adapted to various scenes.

Exemplary authentication methods include, but are not limited to, biometric information-based authentication methods, alphanumeric authentication methods, and hand-password-based authentication methods.

Illustratively, the biometric information includes, but is not limited to, fingerprint information, voiceprint information, iris information, face information.

According to the first aspect, or any implementation manner of the first aspect, before decrypting the authentication ciphertext according to the first private key, the method further includes: judging whether the identity verification ciphertext is signed by using a second private key, wherein the second private key is stored in the slave equipment local; if not, the step of decrypting the authentication ciphertext according to the first private key is executed. If yes, detecting whether a second public key which is sent by the slave equipment and is matched with the second private key is stored locally; if the signature passes the signature verification, the step of decrypting the authentication ciphertext according to the first private key is executed; and if the first public key does not exist, sending a request for acquiring the second public key to the slave equipment, performing signature verification on the signed authentication ciphertext according to the second public key after receiving the second public key sent by the slave equipment, and executing the step of decrypting the authentication ciphertext according to the first private key after the signature verification is passed. Therefore, when the acquired authentication ciphertext is fed back to the master equipment by the slave equipment, the signature is carried out based on the second private key, and the signature authentication is carried out by the master equipment based on the second public key provided by the slave equipment, so that the authenticity of the source of the information sent to the master equipment can be ensured, and the safety of the information can be further improved.

According to the first aspect, or any implementation manner of the first aspect, after decrypting the authentication ciphertext according to the first private key, the method further includes: and destroying the first public key and the first private key. Therefore, after the authentication ciphertext is decrypted, the main device destroys the first public key and the first private key, so that a group of key pairs are used only once, the deciphering difficulty is further increased, and the security of the authentication is greatly improved.

According to the first aspect, or any implementation manner of the first aspect above, the authentication method further includes: when the target operation comes from the main equipment, determining an authentication mode corresponding to an object aimed at by an authentication service; calling a verification message acquisition module in the main equipment to acquire identity verification information according to an identity verification mode; and verifying the identity verification information according to the target identity information stored locally. Therefore, when the target operation is determined to be from the master device, the identity information is directly acquired through the master device, namely, the acquisition and verification of the identity verification information are completed on the master device side.

According to the first aspect, or any implementation manner of the first aspect, after the authentication information is authenticated according to the target identity information stored locally, the method further includes: and according to the verification result, responding to the target operation is made on the operation interface of the main equipment, and responding to the target operation is made on the operation interface of the main equipment displayed in the slave equipment based on the multi-screen cooperative function control. Therefore, after verification is completed, the slave device is controlled to display the operation interface of the master device to make a response aiming at target operation according to the verification result, so that a user can operate the master device by controlling the slave device, and the convenience of the user is improved.

Illustratively, in one example, the response to the target operation according to the verification result is specifically: when the verification result is successful, skipping to the user interface after the identity verification is passed; and when the verification result is failure, popping up prompt information on the operation interface.

For example, the pop-up prompt message may be a message for prompting the user to fail authentication, or a reason for the failure, or prompt the user to re-input authentication information.

In a second aspect, an authentication method is provided. The identity authentication method is applied to slave equipment, the slave equipment and main equipment establish communication connection through a multi-screen cooperative function, the main equipment is electronic equipment used for screen projection, and the slave equipment is electronic equipment used for displaying the content of screen projection of the main equipment, and the identity authentication method comprises the following steps: receiving a target operation acting on an operation interface of the slave equipment, wherein the target operation is used for triggering an authentication service, and the authentication service is associated with the master equipment; receiving an identity verification request initiated by the master device in response to the target operation and a first public key distributed by the master device for executing the target operation, wherein the first public key is locally stored by the master device and is matched with the first public key; determining an identity authentication mode according to the identity authentication request, and acquiring identity authentication information according to the identity authentication mode; encrypting the authentication information according to the first public key to obtain an authentication ciphertext; and sending the authentication ciphertext to the main equipment, so that the main equipment decrypts the authentication ciphertext according to the first private key and then performs authentication. Therefore, by introducing an encryption mechanism, and after receiving the authentication request sent by the master device and the negotiated first public key, the appropriate authentication information acquisition module is called to acquire the authentication information according to the authentication mode corresponding to the authentication request, so that the authentication information is acquired at the slave device. After the identity authentication information is collected, the identity authentication information is encrypted according to a first public key provided by the master device, finally, the encrypted identity authentication ciphertext is sent to the master device, and the master device carries out decryption and authentication according to a first private key matched with the first public key, so that the safety of information transmitted between the master device and the slave device is guaranteed, and cross-device identity authentication can be realized.

According to the second aspect, before transmitting the authentication ciphertext to the master device, the method further comprises: distributing a second private key for executing target operation to the slave equipment, and distributing a second public key matched with the second private key to the master equipment; signing the authentication ciphertext according to the second private key, sending the second public key to the main device, and executing the step of sending the authentication ciphertext to the main device; or signing the authentication ciphertext according to the second private key, and executing the step of sending the authentication ciphertext to the main device. Like this, after the first public key of execution target operation has been distributed for slave unit to master unit, slave unit oneself also distributes the second private key of execution target operation, simultaneously for master unit distribution with the second public key that the second private key matches, and after utilizing first public key to encrypt the authentication information of gathering, reuse second private key to sign the authentication ciphertext after encrypting, through dual encryption, thereby further promoted the owner, the security of the information of wearing between the slave unit.

According to the second aspect, or any implementation manner of the second aspect, after signing the authentication ciphertext according to the second private key and performing the step of sending the authentication ciphertext to the master device, the method further includes: and if a request for acquiring the second public key sent by the main equipment is received, sending the second public key to the main equipment. Therefore, the master device can perform signature verification on the identity verification ciphertext signed by using the second private key according to the second public key, and authenticity of the information source is guaranteed.

According to the second aspect, or any implementation manner of the second aspect above, allocating a second private key for executing a target operation to a slave device, and allocating a second public key matching the second private key to a master device, to the master device, includes: randomly selecting a group of key pairs from a local key database, wherein the key pairs comprise public keys and private keys; distributing the private key in the selected key pair as a second private key to the slave equipment executing the target operation; and distributing the public key of the selected key pair as a second public key to the master device. Therefore, the slave equipment distributes a second private key and a second public key to the slave equipment and the master equipment for multi-screen cooperation in a mode of randomly selecting the key pair, so that the security of encryption and decryption operations of the key pair based on random selection is greatly improved, and the problem that the key pair is easily decoded by people and identity verification information is stolen in the fixed existence of the key is effectively avoided.

According to a second aspect, or any implementation manner of the second aspect above, before randomly selecting a set of key pairs from a local key database, the method further includes: judging whether a key pair exists in a key database; if yes, a step of randomly selecting a group of key pairs from a local key database is executed; otherwise, a group of key pairs are randomly generated, the generated key pairs are stored in a key database, and the step of randomly selecting a group of key pairs from the local key database is executed after the generated key pairs are stored in the key database. Therefore, when the key pair is randomly selected from the key database, whether the selectable key pair exists in the key database is judged, and then whether a new key pair is randomly generated according to a preset algorithm or an existing key pair is selected from the key database is selected according to the judgment result, so that the second key and the second public key which can be used can be ensured to be always used when the master device and the slave device carry out identity verification.

According to a second aspect, or any implementation manner of the second aspect above, after randomly selecting a set of key pairs from a local key database, the method further includes: setting a third effective duration for a public key in the key pair, and setting a fourth effective duration for a private key in the key pair; monitoring a third use duration of a public key in the key pair and a fourth use duration of a private key in the key pair; destroying the public key in the key pair when the third using time length is equal to the third effective time length; and destroying the private key in the key pair when the fourth using time length is equal to the fourth effective time length. Therefore, effective time lengths are respectively set for the second public key and the second private key, and when the service time lengths of the second public key and the second private key are equal to the corresponding effective time lengths, the second public key and the second private key are destroyed, and time is needed for cracking the keys, so that even if the keys are cracked by illegal persons, the current key pair for encryption and decryption is invalid, the subsequent encrypted authentication ciphertext cannot be decrypted by a newly effective key, and the security of the authentication information transmitted between the master equipment and the slave equipment is greatly improved.

Illustratively, in one example, the third and fourth validity periods are the same. Therefore, the second public key and the second private key can be simultaneously validated and destroyed, and the slave device management is facilitated.

Illustratively, in another example, the third and fourth validity periods are not the same, and the third validity period is slightly greater than the fourth validity period. Therefore, the problem that the main device cannot decrypt for verification due to time delay can be avoided.

According to a second aspect, or any implementation manner of the second aspect, after the sending the authentication ciphertext to the master device, the method further includes: receiving a verification result sent by the main equipment; and responding to the target operation at the operation interface of the slave equipment according to the verification result. Therefore, after verification is completed, the slave device is controlled to display the operation interface of the master device to make a response aiming at target operation according to the verification result, so that a user can operate the master device by controlling the slave device, and the convenience of the user is improved.

According to a second aspect, or any implementation manner of the second aspect above, after responding to the target operation from the operation interface of the device according to the verification result, the method further includes: and destroying the second public key and the second private key. Therefore, after the verification result fed back by the master device is received, the slave device destroys the second public key and the second private key, so that a group of key pairs are only used once, the decoding difficulty is further increased, and the safety of identity verification is greatly improved.

In a third aspect, an identity verification system is provided. The identity verification system comprises: the multi-screen display system comprises a main device and a slave device, wherein the main device and the slave device realize multi-screen cooperation, the main device is an electronic device used for screen projection, and the slave device is an electronic device used for displaying the content of screen projection of the main device. The master device is configured to perform the authentication method in the first aspect or any possible implementation manner of the first aspect, and the slave device is configured to perform the authentication method in the second aspect or any possible implementation manner of the second aspect.

Any one implementation manner of the third aspect and the third aspect corresponds to any one implementation manner of the first aspect and the first aspect, or corresponds to any one implementation manner of the second aspect and the second aspect. For technical effects corresponding to any one implementation manner of the third aspect and the third aspect, reference may be made to the technical effects corresponding to any one implementation manner of the first aspect and the first aspect, or to the technical effects corresponding to any one implementation manner of the second aspect and the second aspect, respectively, and details are not repeated here.

In a fourth aspect, an electronic device is provided. The electronic device, the memory and the processor being coupled; the memory stores program instructions that, when executed by the processor, cause the electronic device to perform the authentication method of the first aspect or any possible implementation of the first aspect, or the authentication method of the second aspect or any possible implementation of the second aspect.

Illustratively, the electronic device may be a master device or a slave device.

Any one implementation manner of the fourth aspect and the fourth aspect corresponds to any one implementation manner of the first aspect and the first aspect, or corresponds to any one implementation manner of the second aspect and the second aspect. For technical effects corresponding to any one implementation manner of the fourth aspect and the fourth aspect, reference may be made to the technical effects corresponding to any one implementation manner of the first aspect and the first aspect, or the technical effects corresponding to any one implementation manner of the second aspect and the second aspect, respectively, and details are not repeated here.

In a fifth aspect, a computer-readable storage medium is provided. The medium comprises a computer program which, when run on an electronic device, causes the electronic device to perform the authentication method of the first aspect or any possible implementation of the first aspect, or to perform the authentication method of the second aspect or any possible implementation of the second aspect.

Illustratively, the electronic device may be a master device or a slave device.

Any one implementation manner of the fifth aspect and the fifth aspect corresponds to any one implementation manner of the first aspect and the first aspect, or corresponds to any one implementation manner of the second aspect and the second aspect. For technical effects corresponding to any one implementation manner of the fifth aspect and the fifth aspect, reference may be made to the technical effects corresponding to any one implementation manner of the first aspect and the first aspect, or the technical effects corresponding to any one implementation manner of the second aspect and the second aspect, respectively, and details are not repeated here.

In a sixth aspect, an embodiment of the present application provides a computer program, where the computer program includes instructions for executing the authentication method in the first aspect or any possible implementation manner of the first aspect, or instructions for executing the authentication method in the second aspect or any possible implementation manner of the second aspect.

Any one implementation manner of the sixth aspect and the sixth aspect corresponds to any one implementation manner of the first aspect and the first aspect, or corresponds to any one implementation manner of the second aspect and the second aspect. For technical effects corresponding to any one implementation manner of the sixth aspect and the sixth aspect, reference may be made to the technical effects corresponding to any one implementation manner of the first aspect and the first aspect, or the technical effects corresponding to any one implementation manner of the second aspect and the second aspect, respectively, and details are not repeated here.

In a seventh aspect, an embodiment of the present application provides a chip, where the chip includes one or more processing circuits and one or more transceiver pins; the transceiver pin and the processing circuit communicate with each other through an internal connection path, and the processing circuit executes an authentication method in the first aspect or any possible implementation manner of the first aspect, or executes an authentication method in the second aspect or any possible implementation manner of the second aspect, so as to control the receiving pin to receive a signal and control the sending pin to send a signal.

Illustratively, the chip may be a chip of an electronic device, and the electronic device may be a master device or a slave device.

Any one of the seventh aspect and the seventh aspect may correspond to any one of the first aspect and the first aspect, or may correspond to any one of the second aspect and the second aspect. For technical effects corresponding to any one of the implementation manners of the seventh aspect and the seventh aspect, reference may be made to the technical effects corresponding to any one of the implementation manners of the first aspect and the first aspect, or to the technical effects corresponding to any one of the implementation manners of the second aspect and the second aspect, which are not described herein again.

Drawings

FIG. 1 is an exemplary illustration of one of the schematic diagrams of enabling a multi-screen collaboration function via a drop-down notification bar entry;

FIG. 2 is a second exemplary illustration of an exemplary activation of a multi-screen collaboration function via a drop-down notification bar entry;

FIG. 3 is a third exemplary illustration of an exemplary multi-screen collaboration function enabled via a drop-down notification bar entry;

FIG. 4 is a fourth illustration of an exemplary depiction of the activation of a multi-screen collaboration function via a drop-down notification bar entry;

FIG. 5 is a diagram illustrating an exemplary opening of a multi-screen cooperative function by setting a portal;

fig. 6 is a schematic diagram illustrating an exemplary information application in an operation interface of the mobile phone displayed on the tablet computer side;

FIG. 7 is one of the schematic diagrams of the interface presented by the exemplary tablet computer and cell phone in response to user manipulation;

FIG. 8 is a second schematic diagram illustrating an interface presented by the tablet computer and the cell phone in response to a user manipulation;

FIG. 9 is a third schematic diagram illustrating an interface presented by the tablet computer and the cell phone in response to user manipulation;

fig. 10 is a schematic diagram illustrating a hardware configuration of an electronic device;

fig. 11 is a schematic diagram illustrating a software configuration of an electronic device;

fig. 12 is a schematic diagram illustrating modules involved in master devices and slave devices for implementing the authentication method provided by the embodiment of the present application;

fig. 13 is a flowchart illustrating an authentication method applied to a master device according to an embodiment of the present application;

fig. 14 is a flowchart illustrating an authentication method applied to a slave device according to an embodiment of the present application;

fig. 15 is an exemplary illustration of one of timing diagrams of a master device and a slave device implementing cross-device authentication in an authentication system provided by an embodiment of the present application;

FIG. 16 is one of the exemplary illustrative diagrams showing interaction between various software and hardware architectures in collecting authentication information from a device;

FIG. 17 is a second exemplary illustration of the interaction between the software and hardware structures in collecting authentication information from a device;

FIG. 18 is a third exemplary illustration of the interaction between the software and hardware structures in collecting authentication information from a device;

FIG. 19 is a fourth exemplary illustration of the interaction between the various software and hardware structures in collecting authentication information from a device;

FIG. 20 is an exemplary illustration of the interaction between software structures of a master device in authenticating based on authentication information provided by a slave device;

fig. 21 is a second exemplary timing chart of implementing cross-device authentication by a master device and a slave device in an authentication system provided in an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, of the embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone.

The terms "first" and "second," and the like, in the description and in the claims of the embodiments of the present application are used for distinguishing between different objects and not for describing a particular order of the objects. For example, the first target object and the second target object, etc. are specific sequences for distinguishing different target objects, rather than describing target objects.

In the embodiments of the present application, words such as "exemplary" or "for example" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "such as" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.

In the description of the embodiments of the present application, the meaning of "a plurality" means two or more unless otherwise specified. For example, a plurality of processing units refers to two or more processing units; the plurality of systems refers to two or more systems.

Before describing the technical solution of the embodiment of the present application, a description is first given of a scenario used in the embodiment of the present application with reference to the drawings. For convenience of description, in the embodiments of the present application, the electronic device projecting the operation interface is referred to as a master device, and a mobile phone is taken as an example below. The electronic device that displays the operation interface projected by the master device is referred to as a slave device, and a tablet computer is taken as an example below.

Fig. 1 to 4 illustrate an implementation manner of opening a multi-screen cooperative function through a drop-down notification bar.

Referring to fig. 1, the display interface of the mobile phone 10 illustratively displays a main page of the mobile phone, and the main page includes icons of one or more applications, such as a clock, a calendar, a gallery, a memo, a file management, an email, music, a calculator, a video, sports health, weather, a browser, settings, a camera, an address book, a telephone, information, and the like, which are not limited in this application.

With continued reference to fig. 1, the display interface of the tablet pc 20 illustratively displays a main page of the tablet pc, and the main page includes icons of one or more applications, such as a clock, a calendar, a gallery, a memo, a video, sports health, weather, a browser, document management, an email, music, a calculator, and the like, which are not listed here, but are not limited in this application.

Taking the example of initiating the multi-screen cooperative function from the side of the tablet pc 20, with continuing reference to fig. 1, for example, when the user slides downward along the arrow direction from the upper edge of the current display interface of the tablet pc 20, the tablet pc 20 displays a pull-down notification bar, such as 30 in fig. 2, in the upper edge area of the display interface in response to the operation action of the user.

Referring to fig. 2, the pull-down notification bar 30 illustratively includes one or more controls, such as a time bar, a Wi-Fi setting option, a bluetooth setting option, a mobile data setting option, a mute setting option, an auto-rotate setting option, and a multi-screen collaboration setting option, which are not limited in this application.

Illustratively, when the user clicks the multi-screen collaboration setting option 30-1 in the drop-down notification bar 30, the tablet pc 20 may pop up a prompt box, e.g., 40 in fig. 3, for initiating the multi-screen collaboration on the display interface in response to the user's operation behavior.

Referring to FIG. 3, the example prompt box 40 for initiating multi-screen collaboration includes one or more controls, such as an "Cancel" option 40-1 for cancelling a multi-screen collaboration function and an "EYES" option 40-2 for initiating a multi-screen collaboration function.

Illustratively, if the user clicks the "Cancel" option 40-1, the prompt box 40 disappears; if the user clicks the "agree" option 40-2, the tablet pc 20 scans, for example, scans the mobile phone 10, and initiates a multi-screen cooperative connection request for the scanned mobile phone 10, in response to the operation behavior of the user, as shown in fig. 4.

Referring to fig. 4, for example, after the tablet computer 20 scans the mobile phone 10, the content displayed in the prompt box 40 displayed in the display interface of the tablet computer 20 is switched to the content displayed in the prompt box 50.

Continuing with FIG. 4, the content displayed in the prompt box 50 illustratively includes prompt information. Specifically, the prompt information displayed in the prompt box 50 is used to indicate that the mobile phone 10 available for multi-screen collaboration is found, for example, a word "connect your mobile phone" is displayed to indicate that it is currently desired to establish multi-screen collaboration with the mobile phone.

For example, if the found mobile phone is not the electronic device that the user wants to perform multi-screen collaboration, the user may click a "scan code connection" option in the prompt box to establish multi-screen collaboration with the specified electronic device by means of a scan code.

Illustratively, a "cancel" option 50-1 may also be included in the prompt box 50 for canceling the multi-screen collaborative function.

It should be noted that, in an actual application scenario, the prompt box 40 and the prompt box 50 may be the same prompt box, and only the specific content displayed inside needs to be replaced according to different operation behaviors of the user, which is not limited in the present application.

With continued reference to fig. 4, for example, after the tablet 20 sends the multi-screen collaboration request to the mobile phone 10, a prompt box 60 is displayed on the display interface (e.g., the lower half area of the display interface) of the mobile phone 10, and the prompt box 60 may include, but is not limited to: icons 60-1, a cancel option 60-2 and a connect option 60-3 of the devices to be connected cooperatively by multiple screens.

Illustratively, when the user clicks the "cancel" option 60-2, the mobile phone 10 cancels the current connection establishment procedure in response to the user's operation behavior, and cancels the display of the prompt box 60.

Illustratively, when the user clicks the "connect" option 60-3, the mobile phone 10 establishes a multi-screen cooperative connection with the tablet pc 20 in response to the user's operation. The specific connection establishment process may refer to a related document of the multi-screen coordination technology, which is not described in detail herein.

Therefore, the process of establishing the multi-screen cooperative connection between the mobile phone 10 and the tablet computer 20 by using the drop-down notification bar as an entrance is completed.

In addition, another way for establishing the multi-screen cooperative connection between the mobile phone 10 and the tablet computer 20 is provided in the present application, and specifically, a process of opening the multi-screen cooperative function by setting an entry is described.

For example, the user may select a setting application on the display interface of the mobile phone 10, and the mobile phone 10 may jump the current page to the setting page in response to the operation behavior of the user.

For example, the setting page includes one or more controls, such as a sound and vibration setting option, a notification setting option, a more connection setting option, an application setting option, a battery setting option, a storage setting option, and a security setting option, which are not listed here, and the present application is not limited thereto.

Illustratively, after the user clicks on more connections in the setup page, the handset 10 jumps from the setup page to more connections pages in response to the user's operational behavior.

Illustratively, the more connection pages include one or more controls, such as a multi-device cooperation setting option, an NFC (Near Field Communication) setting option, a mobile phone screen projection setting option, a USB (Universal Serial Bus) setting option, a print setting option, and the like, which are not listed here, and the present application is not limited thereto.

Illustratively, after the user clicks the multi-device collaborative setting option in the more connection pages, the mobile phone responds to the operation behavior of the user and jumps to the multi-device collaborative page from the more connection pages.

Illustratively, a multi-device collaboration page includes a multi-device collaboration control.

Illustratively, after the user clicks the multi-device cooperation setting option in the multi-device cooperation page, the mobile phone 10 starts the multi-device cooperation function in response to the operation behavior of the user. At this point, the user may switch the handset 10 back to the home page from the interface.

Referring to fig. 5, after the user switches the mobile phone 10 from the multi-device collaborative page back to the main page, in the case of non-lock screen, the user can slide along the arrow direction from the right side or the left side of the bottom edge of the screen, and then enter the prompt box 70 corresponding to the multi-device control center.

Continuing with FIG. 5, the content displayed in the prompt box 700 illustratively includes prompt information. Specifically, the prompt information displayed in the prompt box 70 is used to indicate that an electronic device, such as the tablet computer 20, which is available for multi-screen collaboration is found, for example, a word "click a nearby device for searching here, and seamlessly continue the current task to other devices" is displayed to indicate that the electronic device for multi-screen collaboration is searched.

Illustratively, other prompt information or options may also be included in the prompt box 70, such as a search icon 70-1 for triggering a search operation.

For example, when the user clicks the search icon 70-1, the mobile phone 10, in response to the operation action of the user, scans the electronic device whose accessory can establish the multi-screen cooperative connection, for example, scans to the tablet pc 20, and initiates a multi-screen cooperative connection request for the scanned tablet pc 20.

The process of initiating the multi-screen cooperative connection request to the searched tablet computer by the mobile phone 10 and finally establishing the multi-screen cooperative connection is substantially the same as the description of fig. 4, and is not repeated here.

Thus, the process of establishing the multi-screen cooperative connection between the mobile phone 10 and the tablet computer 20 by setting the entry is completed.

For example, after the multi-screen cooperative connection between the mobile phone 10 and the tablet pc 20 is implemented by using the above two manners, the multi-screen cooperative window 10 'is displayed on the display interface of the tablet pc 20 (which may be any region on the tablet pc 20), and the display interface of the mobile phone 10 is displayed on the multi-screen cooperative window 10'.

Illustratively, in one example, all controls and images included on the display interface of the mobile phone 10 are displayed in real time on the multi-screen collaboration window 10'.

For example, in another example, the mobile phone 10 may transmit part or all of the display interface of the mobile phone 10 to the tablet pc 20, and the tablet pc 20 displays part or all of the display interface transmitted by the mobile phone 10 in the multi-screen collaboration window 10'.

With continued reference to FIG. 6, the multi-screen collaboration window 10 ' also illustratively includes a minimize setting option 10 ' a for minimizing the multi-screen collaboration window 10 ', a maximize setting option 10 ' b for maximizing the multi-screen collaboration window 10 ', and a close setting option 10 ' c for closing the multi-screen collaboration window 10 '.

Continuing to refer to fig. 6, for example, after the user clicks the information application icon 10-1 ' on the multi-screen cooperative window 10 ', the tablet pc 20 receives a user operation, and sends the user operation (including a pressure value and a position coordinate corresponding to the user operation) to the mobile phone 10, and the mobile phone 10 may acquire an operation behavior of the user on the multi-screen cooperative window 10 ' of the tablet pc 20, and in response to the operation behavior of the user, display an application interface corresponding to the information application on the display interface of the mobile phone 10.

In particular, in a practical application scenario, the application in the mobile phone 10 may set a password, such as a password based on biometric information, or a gesture password, or an alphanumeric password, so as to ensure the privacy of the user and the security of information. Therefore, when the user sets a view password for the information application and the mobile phone 10 responds to the operation behavior of the user, an acquisition interface corresponding to the set password is presented on the display interface of the mobile phone 10, for example, as shown in fig. 7.

Referring to fig. 7, for example, if the view password set by the user for the information application is a fingerprint password, what is specifically displayed on the display interface of the mobile phone 10 is content prompting the user to unlock the fingerprint.

Accordingly, after the mobile phone 10 jumps to the corresponding interface in response to the operation behavior of the user on the tablet pc 20, the mobile phone 10 sends the currently displayed interface, that is, the prompt message prompting the user to "click to perform fingerprint unlocking" and the fingerprint picture 10-2 to the tablet pc 20, so that the tablet pc 20 can also display the current interface of the mobile phone 10 in the multi-screen collaboration window 10 'based on the interface sent by the mobile phone 10, that is, the prompt message prompting the user to "click to perform fingerprint unlocking" and the fingerprint picture 10-2'.

Continuing to refer to fig. 7, for example, when the user clicks the fingerprint picture 10-2 ' displayed in the multi-screen collaboration window 10 ', the tablet pc 20 receives a user operation, and the user operation occurs to the mobile phone 10, the mobile phone 10 may acquire an operation behavior of the user on the multi-screen collaboration window 10 ' of the tablet pc 20, and in response to the operation behavior of the user, display the content shown in fig. 8 on the display interface of the mobile phone 10. Similarly, after the mobile phone 10 switches from the interface shown in fig. 7 to the interface shown in fig. 8, the currently displayed interface is sent to the tablet computer 20, so that the tablet computer 20 can also display the content of the mobile phone 10 in fig. 8 in the multi-screen collaboration window 10' based on the interface sent by the mobile phone 10.

For example, for a scenario where cross-device authentication cannot be implemented in the prior art, after the user moves a finger to an area of the tablet pc 20 for collecting fingerprint information, the tablet pc 20 does not perform fingerprint collection, so that the contents of the multi-screen collaboration window 10' displayed in the mobile phone 10 and the tablet pc 20 do not change, that is, the style of fig. 8 is still maintained. Thus, the user can only authenticate by moving a finger to the fingerprint collection area of the handset 10. However, with the identity authentication method provided in the embodiment of the present application, after the user moves the finger to the area of the tablet pc 20 for collecting fingerprint information, the fingerprint module/chip of the tablet pc 20 is called to further collect the fingerprint information of the user, and sends the collected fingerprint information to the mobile phone 10, and the mobile phone 10 performs authentication, and after the authentication is passed, the current display interface is switched to the homepage of the information application, that is, as shown in fig. 9.

Therefore, the identity authentication can be performed across the equipment under the multi-screen collaborative mode, and the convenience of application access in the main equipment is improved.

It should be understood that the above description is only an example for better understanding of the technical solution of the present embodiment, and is not to be taken as the only limitation of the present embodiment.

In addition, the names and the numbers of the controls displayed in the display interfaces of the mobile phone or the tablet computer and the names and the numbers of the controls in the pull-down notification bar related in fig. 1 to fig. 9 are only illustrative examples, and do not limit the technical solution of the present application.

In addition, in order to avoid the security of the transmitted authentication information, such as passwords, when the authentication is performed across devices, an encryption mechanism is also introduced in the embodiment of the application, so that the security is also considered under the condition of ensuring the user experience.

In order to better understand the electronic device (e.g., a mobile phone or a tablet computer) to which the identity authentication method provided in the embodiment of the present application is applied, a hardware structure and a software structure of the electronic device are described below with reference to fig. 10 and 11, and then a process of implementing identity authentication by the electronic device based on the hardware structure and the software structure is specifically described.

Referring to fig. 10, a schematic diagram of a hardware structure of an electronic device 100 for implementing the authentication method according to the embodiment of the present application is exemplarily shown.

As shown in fig. 10, the electronic device 100 may include: the mobile terminal includes a processor 110, an external memory interface 120, an internal memory 121, a Universal Serial Bus (USB) interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a sensor module 180, a button 190, a motor 191, an indicator 192, a camera 193, a display screen 194, a Subscriber Identity Module (SIM) card interface 195, and the like.

Illustratively, the audio module 170 may include a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, and the like.

For example, the sensor module 180 may include a pressure sensor, a gyroscope sensor, an air pressure sensor, a magnetic sensor, an acceleration sensor, a distance sensor, a proximity light sensor, a fingerprint sensor, a temperature sensor, a touch sensor, an ambient light sensor, a bone conduction sensor, and the like.

Further, processor 110 may include one or more processing units, such as: the processor 110 may include an Application Processor (AP), a modem processor, a Graphics Processing Unit (GPU), an Image Signal Processor (ISP), a controller, a memory, a video codec, a Digital Signal Processor (DSP), a baseband processor, and/or a neural-Network Processing Unit (NPU), etc.

It is to be appreciated that in particular implementations, the various processing units may be stand-alone devices or may be integrated into one or more processors.

Further, in some embodiments, the controller may be a neural hub and a command center of the electronic device 100. The controller can generate an operation control signal according to the instruction operation code and the timing signal to complete the control of instruction fetching and instruction execution.

In addition, memory in the processor 110 is used primarily for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory.

The USB interface 130 is an interface conforming to the USB standard specification, and may specifically be a Mini USB interface, a Micro USB interface, a USB Type C interface, or the like.

It is understood that in a practical application scenario, the USB interface 130 of the electronic device 100 may be used for connecting a charger to charge the electronic device 100, and for transmitting data between the electronic device 100 and a peripheral device.

In addition, for the electronic device 100 that currently uses a USB interface 130 for charging, data transmission, and connection with a wired headset, the USB interface 130 can also be used for connection with a headset, so that the electronic device 100 can play audio through the headset.

Further, in another scenario, the US interface 130 may also be used to connect other electronic devices, such as AR devices and the like.

The charging management module 140 is configured to receive charging input from a charger. The charger may be a wireless charger or a wired charger. In some wired charging embodiments, the charging management module 140 may receive charging input from a wired charger via the USB interface 130. In some wireless charging embodiments, the charging management module 140 may receive a wireless charging input through a wireless charging coil of the electronic device 100. The charging management module 140 may also supply power to the electronic device through the power management module 141 while charging the battery 142.

The power management module 141 is used to connect the battery 142, the charging management module 140 and the processor 110. The power management module 141 receives input from the battery 142 and/or the charge management module 140 and provides power to the processor 110, the internal memory 121, the external memory, the display 194, the camera 193, the wireless communication module 160, and the like. The wireless communication function of the electronic device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.

The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in the electronic device 100 may be used to cover a single or multiple communication bands. Different antennas can also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed as a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.

The mobile communication module 150 may provide a solution including 2G/3G/4G/5G wireless communication applied to the electronic device 100. The mobile communication module 150 may include at least one filter, a switch, a power amplifier, a Low Noise Amplifier (LNA), and the like. The wireless communication module 160 may provide a solution for wireless communication applied to the electronic device 100, including Wireless Local Area Networks (WLANs) (e.g., wireless fidelity (Wi-Fi) networks), bluetooth (bluetooth, BT), Global Navigation Satellite System (GNSS), Frequency Modulation (FM), Near Field Communication (NFC), Infrared (IR), and the like.

In some embodiments, antenna 1 of electronic device 100 is coupled to mobile communication module 150 and antenna 2 is coupled to wireless communication module 160 so that electronic device 100 can communicate with networks and other devices through wireless communication techniques.

The electronic device 100 implements display functions via the GPU, the display screen 194, and the application processor. The GPU is a microprocessor for image processing, and is connected to the display screen 194 and an application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. The processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.

The display screen 194 is used to display images, video, and the like. The display screen 194 includes a display panel. The display panel may employ a Liquid Crystal Display (LCD), an organic light-emitting diode (OLED), or the like. In some embodiments, the electronic device 100 may include 1 or N display screens 194, with N being a positive integer greater than 1.

For example, in the embodiment of the present application, the display screen is used for displaying images, videos, and the like, and is also used for cooperating with a sensor, such as a pressure sensor, so that a slave device can collect gesture verification messages, numbers, letter verification messages, and the like, thereby completing a gesture/number-letter based authentication manner.

The electronic device 100 may implement a shooting function through the ISP, the camera 193, the video codec, the GPU, the display 194, the application processor, and the like.

The camera 193 is used to capture still images or video. The object generates an optical image through the lens and projects the optical image to the photosensitive element. The photosensitive element may be a Charge Coupled Device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The light sensing element converts the optical signal into an electrical signal, which is then passed to the ISP where it is converted into a digital image signal. And the ISP outputs the digital image signal to the DSP for processing. The DSP converts the digital image signal into image signal in standard RGB, YUV and other formats. In some embodiments, the electronic device 100 may include 1 or N cameras 193, N being a positive integer greater than 1.

Illustratively, in the application embodiment, the camera 193 is configured to collect face feature information and iris feature information, thereby completing a face/iris-based authentication method.

The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to extend the memory capability of the electronic device 100. The external memory card communicates with the processor 110 through the external memory interface 120 to implement a data storage function. For example, files such as music, video, etc. are saved in an external memory card.

The internal memory 121 may be used to store computer-executable program code, which includes instructions. The processor 110 executes various functional applications of the electronic device 100 and data processing by executing instructions stored in the internal memory 121.

Specifically, relevant instructions for implementing the authentication method provided by the embodiment of the present application are pre-stored in the internal memory 121, and the processor 110 executes the instructions stored in the internal memory 121, so that the electronic device 100 can execute the authentication method provided by the embodiment of the present application.

Furthermore, it should be noted that in a specific implementation, the internal memory 121 may include a program storage area and a data storage area. The storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, and the like) required by at least one function, and the like. The storage data area may store data created during the use of the electronic device 100 (such as audio data, phone book, and authentication content determined according to the determined call forwarding electronic device in the embodiment of the present application), and the like. In addition, the internal memory 121 may include a high-speed random access memory, and may further include a nonvolatile memory, such as at least one magnetic disk storage device, a flash memory device, a universal flash memory (UFS), and the like.

The electronic device 100 can implement audio functions, such as music playing, recording, voice call, etc., through the speaker 170A, the receiver 170B, the microphone 170C, the earphone interface 170D, and the application processor in the audio module 170.

The audio module 170 is used to convert digital audio information into analog audio signals for output, and also used to convert analog audio inputs into digital audio signals. The audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be disposed in the processor 110, or some functional modules of the audio module 170 may be disposed in the processor 110.

It will be appreciated that in practice, the speaker 170A, also referred to as a "horn", is used to convert electrical audio signals into sound signals.

The receiver 170B, also called "earpiece", is used to convert the electrical audio signal into an acoustic signal.

The microphone 170C, also referred to as a "microphone," is used to convert sound signals into electrical signals. When making a call or sending voice information, the user can input a voice signal into the microphone 170C by uttering a voice signal by the mouth of the user near the microphone 170C. The electronic device 100 may be provided with at least one microphone 170C. In other embodiments, the electronic device 100 may be provided with two microphones 170C to achieve a noise reduction function in addition to collecting sound signals. In other embodiments, the electronic device 100 may further include three, four or more microphones 170C to collect sound signals, reduce noise, identify sound sources, perform directional recording, and so on.

It should be noted that, in this embodiment of the application, when the password set by the user is the voiceprint information, that is, the authentication manner is the voiceprint authentication manner, the microphone 170C is further configured to collect the voice information of the user, so that the electronic device 100 can extract the voiceprint feature information of the user performing the authentication according to the collected voice information, and further implement the authentication.

The headphone interface 170D is used to connect a wired headphone. The headset interface 170D may be the USB interface 130, or may be a 3.5mm open mobile electronic device platform (OMTP) standard interface, a cellular telecommunications industry association (cellular telecommunications industry association of the USA, CTIA) standard interface.

With respect to the sensors included in the electronic device 100 listed above, specific applications of several sensors required by the authentication method provided by the embodiment of the present application are exemplarily given below, specifically as follows:

the pressure sensor is used for sensing a pressure signal and converting the pressure signal into an electric signal. In some embodiments, the pressure sensor may be disposed on the display screen 194. There are many types of pressure sensors, such as resistive pressure sensors, inductive pressure sensors, capacitive pressure sensors, and the like. The capacitive pressure sensor may be a sensor comprising at least two parallel plates having an electrically conductive material. When a force acts on the pressure sensor, the capacitance between the electrodes changes. The electronic device 100 determines the strength of the pressure from the change in capacitance. When a touch operation is applied to the display screen 194, the electronic apparatus 100 detects the intensity of the touch operation according to the pressure sensor. The electronic apparatus 100 may also calculate the touched position from the detection signal of the pressure sensor. For example, in the embodiment of the present application, for an electronic device (slave device) displaying a multi-screen collaboration window 10 ', when a user clicks an information application 10-1 ' in the multi-screen collaboration window 10 ', a pressure sensor in the slave device or collects pressure values and location coordinates corresponding to a user operation, so that the slave device can send the pressure values and the location coordinates to a master device, so that the master device determines which application is specifically clicked by the user.

Fingerprint sensor also calls fingerprint module, fingerprint chip for gather user's fingerprint information.

Touch sensors, also known as "touch panels". The touch sensor may be disposed on the display screen 194, and the touch sensor and the display screen 194 form a touch screen, which is also called a "touch screen". The touch sensor is used to detect a touch operation applied thereto or nearby. The touch sensor can communicate the detected touch operation to the application processor to determine the touch event type. Visual output associated with the touch operation may be provided via the display screen 194. In other embodiments, the touch sensor may be disposed on a surface of the electronic device 100, different from the position of the display screen 194.

The gyro sensor may be used to determine the motion pose of the electronic device 100. In some embodiments, the angular velocity of the electronic device 100 about three axes (i.e., the x, y, and z axes) may be determined by a gyroscope sensor. The gyro sensor may be used for photographing anti-shake. Illustratively, when the shutter is pressed, the gyroscope sensor detects the shake angle of the electronic device 100, calculates the distance to be compensated for the lens module according to the shake angle, and enables the lens to counteract the shake of the electronic device 100 through reverse movement, so as to achieve anti-shake, and the gyroscope sensor is needed when the authentication information to be acquired is face feature information and iris feature information.

A distance sensor for measuring a distance. The electronic device 100 may measure the distance by infrared or laser. In some embodiments, a scene is photographed, and the electronic device 100 may utilize range measurements from a range sensor to achieve fast focus.

The keys 190 include a power-on key, a volume key, and the like. The keys 190 may be mechanical keys. Or may be touch keys. The electronic apparatus 100 may receive a key input, and generate a key signal input related to user setting and function control of the electronic apparatus 100.

The motor 191 may generate a vibration cue. The motor 191 may be used for incoming call vibration cues, as well as for touch vibration feedback. For example, touch operations applied to different applications (e.g., photographing, audio playing, etc.) may correspond to different vibration feedback effects. Indicator 192 may be an indicator light that may be used to indicate a state of charge, a change in charge, or a message, missed call, notification, etc.

The SIM card interface 195 is used to connect a SIM card. The SIM card may be brought into and out of contact with the electronic device 100 by being inserted into the SIM card interface 195 or being pulled out of the SIM card interface 195. The electronic device 100 may support 1 or N (N is an integer greater than 1) SIM card interfaces 195.

While the hardware architecture of electronic device 100 is described herein, it should be understood that electronic device 100 shown in FIG. 10 is merely an example, and that electronic device 100 may have more or fewer components than shown, may combine two or more components, or may have a different configuration of components in a particular implementation. The various components shown in fig. 10 may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits.

Regarding the software structure of the electronic device, the electronic device 100 (which may be a master device or a slave device) is still taken as an example in the embodiments of the present application. The software structure of the electronic device 100 is described below with reference to fig. 11. Before describing the software structure of the electronic device 100, a description will be given of an architecture that can be adopted by the software system of the electronic device 100.

Specifically, in practical applications, the software system of the electronic device 100 may adopt a layered architecture, an event-driven architecture, a micro-core architecture, a micro-service architecture, or a cloud architecture.

Furthermore, it is understood that currently mainstream electronic devices use software systems including, but not limited to, Windows system, Android system, and iOS system. For convenience of description, in the embodiment of the present application, a software structure of the electronic device 100 is exemplarily described by taking an Android system with a layered architecture as an example.

In addition, in the following description of the authentication scheme provided in the embodiment of the present application, the electronic device related to the authentication scheme is an example of an Android system in the present application. In a specific implementation, the authentication scheme provided by the embodiment of the present application is also applicable to other systems.

Referring to fig. 11, a schematic diagram of a software structure of an electronic device 100 for implementing an authentication method according to an embodiment of the present application is shown.

The layered architecture of the electronic device 100 divides the software into several layers, each layer having a clear role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, an application layer, an application framework layer, an Android runtime (Android runtime) and system library, and a kernel layer from top to bottom. Since the authentication scheme provided in the embodiment of the present application mainly relates to an application layer, an application framework layer, and a kernel layer, fig. 12 does not show an android runtime and a system library layer.

Wherein the application layer may include a series of application packages. As shown in fig. 12, in order to implement the authentication scheme provided by the embodiment of the present application, the applications installed at the application layer at least include a setting application capable of providing a multi-screen cooperative function to be opened and an application with a password set, such as the information application in fig. 12.

In an actual application scenario, the application package may further include applications such as a camera, a gallery, a calendar, a map, a navigation, a WLAN, bluetooth, music, a video, and a short message, which are not listed here one by one, but are not limited in this application.

The application framework layer provides an Application Programming Interface (API) and a programming framework for the application program of the application layer. The application framework layer includes a number of predefined functions.

As shown in fig. 11, in order to implement the authentication scheme provided by the embodiment of the present application, the application framework layer may include a system service, a content provider, a multimedia management mode, a system service manager, and the like.

For example, in an actual application scenario, the application framework layer further includes a window manager for managing the window program, a view system for providing basic components for building the application program, a resource manager for providing various resources for the application program, a notification manager for displaying notification information in the status bar, and the like, which are not listed here, and the application is not limited thereto.

In addition, the system service shown in fig. 11 is specifically configured to create various examples when the authentication scheme provided in the embodiment of the present application is implemented, for example, create a fingerprint service example when the authentication mode is a fingerprint authentication mode, create a camera service example when the authentication mode is a face or iris authentication mode, create an audio service example when the authentication mode is a voiceprint authentication mode, create a display service example when the authentication mode is a digital-letter authentication mode, and the like.

In addition, the system service manager shown in fig. 11 is configured to, when implementing the authentication scheme provided in the embodiment of the present application, call a corresponding interface according to various instances created by the system service, and further enable a corresponding driver to call corresponding hardware to obtain a current state of the electronic device 100. For example, when the created instance is an audio service instance, the system service manager invokes an audio driver from the audio service instance, such that the audio driver can invoke the audio module 170 shown in fig. 10.

In addition, in relation to the content provider shown in fig. 11, when implementing the authentication scheme provided in the embodiment of the present application, the content provider is configured to store and obtain data, and make the data accessible to the application program, for example, for the master device, store pre-entered target identity information, so that the master device authenticates the received authentication information collected from the slave device according to the target identity information stored by the content provider.

In addition, when the authentication scheme provided in the embodiment of the present application is implemented, the multimedia management module shown in fig. 11 is configured to process an image based on a camera service instance and a fingerprint service instance, so as to obtain authentication information that meets requirements.

The kernel layer is a layer between hardware and software. As shown in fig. 11, in order to implement the authentication scheme provided in the embodiment of the present application, the kernel layer at least includes a display driver, a camera driver, an audio driver, a sensor driver, a fingerprint driver, and the like.

The software structure of the electronic device 100 is described here, and it is understood that the layers in the software structure shown in fig. 11 and the components included in each layer do not constitute a specific limitation to the electronic device 100. In other embodiments of the present application, electronic device 100 may include more or fewer layers than those shown, and may include more or fewer components in each layer, which is not limited in this application.

In an actual application scenario, any one electronic device may be used as a master device for projecting content to another electronic device, or may be used as a slave device for displaying content projected by another electronic device. Therefore, for any electronic device to implement the authentication method provided in the embodiments of the present application, the software structure of the electronic device at least includes the contents shown in fig. 11. For convenience of description, however, the slave device only collects the authentication information and does not perform authentication, and the master device may collect the authentication information and perform authentication, that is, at least the master device and the slave device need to include the content shown in fig. 12.

Taking an application requiring identity authentication as an information (short message) application as an example, referring to fig. 12, an application layer of a host device at least needs to install a message application, an application framework layer of the host device at least needs to include a system service, a system service manager, a content provider, and a multimedia manager, and a system library and an android runtime layer of the host device at least include a collaboration assistant and a network communication module required for performing collaboration communication.

With continued reference to fig. 12, at least the screen projection display module is required for the application layer of the slave device, the application framework layer execution requirements include a system service, a system service manager, and a multimedia manager, and at least a collaboration assistant and a network communication module required for collaborative communication are included in the system library and android runtime layer.

Based on the structure, in an actual application scene, a user matches the slave device with the cooperative assistant by means of the cooperative assistant (in the master device) located at the system library and the android runtime layer through the two provided manners for starting the multi-screen cooperative function, and establishes communication connection with the matched slave device through the network communication module, thereby realizing the multi-screen cooperative connection between the master device and the slave device.

Further, based on the above structure, after the master device and the slave device achieve the multi-screen cooperative connection, if the screen projection display module of the slave device monitors that the information application in the multi-screen cooperative window (10' in fig. 6) is triggered by the user, the network communication module of the slave device sends a target operation of triggering the information application by the user to the network communication module of the slave device.

For example, the target operation sent from the slave device to the master device may be, in practical applications, a request carrying specific location coordinates and pressure values triggered by a user.

Correspondingly, after the master device receives the target operation, a specific object corresponding to the target operation, for example, an information application located in an application program layer, calls and executes an operation of allocating a first private key to the master device, allocating a first public key to the slave device, generating an operation of an authentication request, and after the operation is completed, sends the operation to the slave device through the network communication module.

Correspondingly, after receiving the authentication request sent by the master device, the slave device calls the system service to create a corresponding service instance according to the authentication mode corresponding to the authentication request, and delivers the created service instance to the system service manager for management.

Correspondingly, the system service manager calls the driver corresponding to the service instance according to the managed service instance, and then the driver triggers the corresponding hardware to acquire the authentication information.

Correspondingly, the authentication information acquired by the hardware is reversely transmitted to the system service manager (namely reversely returned according to the triggered flow), the system management server sends the received authentication information to the multimedia management module for processing, the authentication information processed by the multimedia management module is transmitted to a corresponding service instance in the system service, and the authentication information is transmitted to the information application of the main equipment displayed in the multi-screen cooperative window of the application layer screen projection display module.

Correspondingly, the information application of the main equipment displayed in the multi-screen cooperative window encrypts the authentication information according to the first public key sent by the main equipment, and then sends the encrypted authentication ciphertext to the main equipment through the network communication module of the slave equipment, and the main equipment carries out authentication.

Specifically, after receiving an authentication ciphertext provided by the slave device, the master device decrypts the ciphertext according to the first private key, restores authentication information, calls the content provider, obtains target identity information corresponding to the information application from the content provider, verifies the authentication information by using the target identity information, and further realizes cross-device authentication.

With respect to the scene diagrams given in fig. 1 to fig. 9, the electronic device 100 with the hardware structure shown in fig. 10 and the software structure shown in fig. 11, and the functional module diagrams required by the master device and the slave device shown in fig. 12 to implement the authentication method provided in the embodiment of the present application are used to describe the authentication method provided in the embodiment of the present application from two perspectives of the master device and the slave device, respectively.

Referring to fig. 13, a specific process of implementing the identity authentication method provided in the embodiment of the present application for the master device includes:

step 101, determining a source of a target operation for triggering an authentication service.

Specifically, after the main device establishes a communication connection with the slave device with a high multi-screen cooperative function, that is, after the multi-screen cooperative connection is realized, the user may operate the main device through a multi-screen cooperative window (10' in fig. 6) displayed in the slave device, or may directly operate the main device on the main device side.

That is, the authentication service is associated with the master device. Thus, the master device will give a corresponding response regardless of whether the target operation is from the master device itself or the slave device. However, for different sources, in the authentication scheme provided in the embodiments of the present application, the operations to be performed by the master device are different.

Specifically, for the target operation from the slave device, the slave device needs to collect the authentication information, and the master device only performs authentication; for the target operation from the master device, the master device not only needs to perform authentication, but also needs to acquire authentication information. Therefore, when monitoring a target operation that triggers an authentication service, the master device needs to determine a source of the target operation, that is, whether the target operation is from the master device itself or from the slave device.

Illustratively, in one example, the target operation monitored by the display screen and internal sensors of the master device may be determined to be from the master device itself.

Illustratively, in another example, a request, which is received by the master device through the network communication module and sent by a slave device (sent by the network communication module in the slave device) for establishing the multi-screen cooperative connection, for a target operation carrying specific location coordinates and a pressure value may be determined to be from the slave device.

Illustratively, in an example, regarding the above-mentioned authentication service, if the host device sets a power-on password, in the screen-locked state, when the user wants to open the host device, the triggered authentication service is a service for performing power-on authentication.

It can be understood that, in an actual application scenario, the determination of the authentication service by the target operation is specifically based on a configuration manifest file corresponding to a display interface triggered by a user, for example, in an android system, what page the target operation currently triggered by the user is specifically located in may be determined by the configuration manifest file, which is android software.

Illustratively, in another example, if the access is unlocked, and an application with an access password set is displayed on the display interface of the master device, such as an information application, the triggered authentication service is an authentication service for the information application.

It should be understood that the above description is only an example for better understanding of the technical solution of the present embodiment, and is not to be taken as the only limitation of the present embodiment.

And 102, when the target operation comes from the slave device, allocating a first public key for executing the target operation to the slave device, allocating a first private key matched with the first public key to the master device, and generating an identity verification request.

Specifically, in order to ensure the security of the message transmitted between the master device and the slave device, such as the authentication information, and avoid being intercepted and stolen by a lawbreaker during the transmission process, when it is determined that the target operation comes from the slave device, the master device first sends the first public key required to be used for transmitting the authentication information to the slave device when trying to authenticate this time, and keeps the first private key capable of decrypting the ciphertext encrypted by using the first public key.

In this embodiment, after receiving a target operation triggering an authentication service from a slave device, the master device randomly selects a group of key pairs from a local key database.

Understandably, the key pair includes a public key and a private key matching with the public key, that is, if the public key in the key pair is used for encryption, the obtained ciphertext can be decrypted only by the private key in the key pair, so as to obtain a plaintext before encryption.

Based on this, the master device uses the public key in the selected key pair as the first public key, and distributes the first public key to the slave device executing the target operation, namely the slave device initiating the target operation; and distributing the private key of the selected key pair as a first private key to the user for decryption. Therefore, for different target operations initiated by different slave devices, the master device randomly selects the key pair for distribution, so that the security of encryption and decryption operations based on the randomly selected key pair is greatly improved, and the problem that the key is easily decoded by people and identity authentication information is stolen in the fixed state is effectively avoided.

The key pairs managed by the key database, which is stored locally in the master device, may be as shown in table 1.

Table 1 master device key pair management table

Serial number	Public key	Private key
			1	Public key A	Private key A'
2	Public key B	Private key B'
			3	Public key C	Private key C'
...	...	...

For example, in an actual application scenario, in order to further increase security of performing encryption and decryption using a public key and a private key in a key pair, the key pairs stored in table 1 may be generated after different parameters are processed based on the same encryption algorithm, so as to obtain a plurality of groups of different key pairs generated based on the same encryption algorithm, and further ensure that the key pairs selected each time are different.

For example, in another example, the key pairs stored in table 1 may also be generated after processing the same parameter based on different encryption algorithms, so as to obtain a plurality of groups of different key pairs generated based on different encryptions, thereby ensuring that the key pairs selected each time are different.

For example, in another example, the key pairs stored in table 1 may also be generated after processing non-stop parameters based on different encryption algorithms, so that the obtained key pairs neither adopt the same encryption algorithm nor the same parameters, thereby further increasing the difficulty in breaking the key.

It should be understood that the above description is only an example for better understanding of the technical solution of the present embodiment, and is not to be taken as the only limitation of the present embodiment. In practical application, which encryption algorithm is specifically adopted, which parameters are only processed, and a proper encryption algorithm and parameters are selected according to specific service requirements, which are not limited in the present application and are not specifically described.

In addition, in an actual application scenario, a first valid duration may be set for a public key in the selected key pair, that is, the first public key, a second valid duration may be set for a private key in the selected key pair, that is, the first private key, then a first usage duration of the first public key and a second usage duration of the first private key are monitored, the first public key is destroyed when the first usage duration is equal to the first valid duration, and the first private key is destroyed when the second usage duration is equal to the second valid duration. Therefore, effective time lengths are respectively set for the first public key and the first private key, and when the service time lengths of the first public key and the first private key are equal to the corresponding effective time lengths, the first public key and the first private key are destroyed, and time is needed for cracking the keys, so that even if the keys are cracked by illegal persons, the current key pair for encryption and decryption is invalid, the subsequent encrypted authentication ciphertext cannot be decrypted by using a newly effective key pair, and the security of the authentication information transmitted between the master device and the slave device is greatly improved.

Illustratively, in one example, the first and second validity periods are the same. Therefore, the first public key and the first private key can be simultaneously effective and destroyed, and management of the main equipment is facilitated.

Illustratively, in another example, the first and second validity periods are not the same, and the second validity period is slightly greater than the first validity period. Therefore, the main device can be prevented from not being decrypted according to the first private key due to time delay, the valid durations of the first private key and the first public key expire, and the first private key is destroyed, so that the problem that decryption cannot be verified due to time delay is effectively solved.

Specifically, the valid duration referred to in this embodiment of the application specifically refers to the time that the first public key and the first private key are available, for example, the master device may set valid durations of 100 seconds for the first public key and the first private key, respectively, that is, the master device may decrypt a ciphertext encrypted by using the first public key by using the first private key within 100 seconds (including 100 seconds) of the first public key and the first private key being valid.

Accordingly, the usage duration in the embodiment of the present application is a duration from a time point when the first public key and the first private key take effect to the current time. For example, the first public key and the first private key are at "9: 10: 00 "score effective, current system time is" 9: 10: 50 ", the first public key and the first private key are both used for 50 seconds.

The monitoring of the duration of use of the first public key and the first private key may be accomplished by starting a timer or timer.

It should be noted that, in practical applications, the key pair is provided by whom and the usage duration is monitored by whom.

For example, for the first public key and the first private key, which are specifically provided by the master device, the master device monitors the usage duration of the first public key and the first private key.

For example, in one example, the condition that triggers the master device to start a timer or a timer to start monitoring the usage duration of the first private key and the first public key may be that the master device sends the first public key to the slave device, and receives a response fed back from the slave device to receive the first public key.

For example, in the case of using a timer, i.e., by adding, when the time recorded by the timer is equal to the valid time, it is determined that the first private key and the first public key need to be destroyed.

For example, for a mode of using a timer, an initial duration of the timer may be set to be valid durations corresponding to the first public key and the first private key, that is, the first public key and the first private key are destroyed in a subtraction mode when the time of the timer becomes 0.

As can be seen from the above description, in an actual application scenario, a key pair managed by a key database local to the master device may have been destroyed by the master device (permanently unavailable or unavailable within a preset time), or a selectable key pair has not been generated currently. Therefore, in order to ensure that the master device and the slave device always have the available first secret key and first public key for authentication. The master device may first determine whether a key pair exists in the key database, or whether an available key pair exists, before randomly selecting a set of key pairs from the local key database.

Correspondingly, if the key pair exists, the step of randomly selecting a group of key pairs from the local key database is executed;

otherwise, a group of key pairs are randomly generated, the generated key pairs are stored in a key database, and the step of randomly selecting a group of key pairs from the local key database is executed after the generated key pairs are stored in the key database.

It should be noted that the above scenario of existence of available key pairs may be, for example, that a key pair exists in a key database, but the key pair is already given to the slave device 1 by the master device, respectively, and if the master device receives the target operation of the slave device 2 again at this time, the key pair is not available for the target operation initiated by the slave device 2 in the case of only this set of key pairs in the key database. In this case, a set of key pairs needs to be regenerated based on a preset encryption algorithm and rules.

Accordingly, if a group of key pairs in the key database other than the key pair assigned to the slave device 1 is unused, it can be determined that there is an available key pair in the current key database.

Furthermore, it should be understood that, in an actual application scenario, the key pair generated based on the preset encryption algorithm and the rule needs to be different from the key pair stored in the key database, so as to avoid the same group of key pairs from being reused.

In addition, the step 102 of generating the authentication request may be, for example, determining, by the master device, an authentication manner corresponding to an object to which the authentication service is directed, and then generating the authentication request according to the determined authentication manner. That is, the generated authentication request can inform the slave device which hardware is specifically triggered to acquire the corresponding authentication information.

For example, the master device may determine, according to the pressure value and the location coordinate carried in the target operation sent by the slave device, which application the target operation specifically made by the user is specifically directed to, that is, the object targeted by the authentication service.

It can be understood from the above description that, in an actual application, when the slave device uses the network communication module to send the target operation to the network communication mode of the master device, specifically, the request carrying the pressure value and the location coordinate of the current trigger screen of the user may be sent, so that according to the pressure value and the location coordinate in the request, the master device may determine which application the target operation specifically made by the user is specifically directed to.

Correspondingly, after the object targeted by the authentication service is determined, the object identity information corresponding to the object can be searched from a content provider used for storing and acquiring data and enabling the data to be accessed by an application program, and then the authentication mode is determined according to the type of the object identity information, for example, for fingerprint identity information, the fingerprint authentication mode is correspondingly determined; for the face/iris identity information, a face/iris verification mode corresponds to the face/iris identity information; for the voiceprint identity information, a voiceprint verification mode is correspondingly adopted; for the gesture information, a gesture password verification mode corresponds to the gesture information; for the digital-letter information, the digital-letter verification mode is corresponding.

In addition, in an actual application scenario, after the object targeted by the identity service is determined, the configuration file corresponding to the object can be searched from the specified storage path, and then the recorded identity authentication mode can be directly obtained from the configuration file.

It should be noted that, in an actual application, each application program corresponds to a unique configuration file in android, and all settings of the user about the application are recorded in the configuration file, so that by searching the configuration file corresponding to the application, an trying-to-verify manner of the user setting can be determined from the configuration file.

For example, the directory address of the configuration file may be different for application programs installed in different locations, such as a directory of the configuration file being "data/app" for a third-party application (not system-owned) directly installed in the local storage space of the host device; for system applications installed in the local storage space of the master device, the directory of the configuration file is "system/app"; for an application installed in a Secure Digital Memory Card (SD Card) set in the host device, the directory of the configuration file is "mnt/asec".

Exemplary authentication means include, but are not limited to, biometric information-based authentication means, alphanumeric authentication means, and hand-password-based authentication means.

Illustratively, the biometric information includes, but is not limited to, fingerprint information, voiceprint information, iris information, face information.

It should be understood that the above description is only an example for better understanding of the technical solution of the present embodiment, and is not intended to limit the present embodiment.

Step 103, sending the first public key and the authentication request to the slave device.

Specifically, when the master device executes step 103 (specifically, the network communication module in the master device), an application, e.g., an information application, in the master device, located in the application program layer and currently triggered by the user for an authentication service also responds based on a target operation received from the slave device, for example, switching the current display interface to an interface for performing authentication, and sending the content of the switched interface to the slave device, so that the slave device can display the interface for performing authentication in a multi-screen cooperative window, as shown in fig. 7.

And step 104, receiving the authentication ciphertext sent by the slave device, and decrypting the authentication ciphertext according to the first private key to obtain authentication information.

Specifically, in an actual application scenario, in order to further improve the security of data transmitted between the master device and the slave device, before the transmission of the authentication ciphertext, the slave device may also randomly select a group of key pairs from a local key database for the current target operation, allocate a public key of the key pair as a second public key to the master device, and leave the matched private key as the second private key for local use.

That is to say, in an actual application scenario, before performing cross-device authentication and transmitting authentication information, the master device and the slave device may negotiate an encryption manner of the transmitted authentication information, and provide keys required for encryption and decryption to each other, for example, for the master device providing a first public key required for encryption to the slave device, and for the slave device, a first private key required for decryption is reserved by the master device; and for the slave device to provide the second public key required for signature authentication to the master device, the second private key for signature is reserved by the slave device, namely, the private keys are reserved for the slave device to use, and the public key is sent to the opposite side to use.

In addition, it should be noted that, regarding the use of the first public key, the first private key, the second public key, and the second private key, specifically, the following are used: the slave device encrypts the acquired authentication information according to the first public key to obtain an authentication ciphertext, and then uses a second private key to sign the authentication ciphertext to ensure that the authentication ciphertext sent to the master device is sent by the slave device but not other third-party devices.

Correspondingly, after receiving the authentication ciphertext sent by the slave device, the master device needs to use the second public key to perform signature authentication, and when determining that the authentication ciphertext is sent by the slave device providing the second public key, the master device decrypts by using the first private key to obtain the authentication information.

For example, in an actual application scenario, it may exist that the authentication ciphertext arrives at the master device before the second public key, and therefore, before decrypting the received authentication ciphertext, the master device needs to select and determine whether the authentication ciphertext is signed by using the second private key.

Correspondingly, when the identity verification ciphertext is not signed by the second private key, the master device can decrypt the identity verification according to the first private key; otherwise, that is, when it is determined that the authentication ciphertext is the authentication ciphertext signed by using the second private key, the master device needs to first detect whether the second public key, which is sent by the slave device and is matched with the second private key, is locally stored.

Correspondingly, if the identity authentication ciphertext exists, the signed identity authentication ciphertext is subjected to signature authentication according to the searched second public key matched with the second private key, and then the step of decrypting the identity authentication ciphertext according to the first private key is executed after the signature authentication is passed; otherwise, if the first public key does not exist, sending a request for obtaining a second public key to the slave equipment, performing signature verification on the signed authentication ciphertext according to the second public key after receiving the second public key sent by the slave equipment, and executing the step of decrypting the authentication ciphertext according to the first private key after the signature verification is passed.

Therefore, when the acquired authentication ciphertext is fed back to the master equipment by the slave equipment, the signature is carried out based on the second private key, and the signature authentication is carried out by the master equipment based on the second public key provided by the slave equipment, so that the authenticity of the source of the information sent to the master equipment can be ensured, and the safety of the information can be further improved.

Further, in an actual application scenario, the master device may actively destroy the first public key and the first private key after decrypting the authentication ciphertext according to the first private key to obtain the authentication information.

That is to say, even if the current usage duration of the first public key and the first private key is less than the valid duration, the first public key and the first private key can be destroyed in advance.

Therefore, after the authentication ciphertext is decrypted, the first public key and the first private key are destroyed by the main equipment, so that a group of key pairs are only used once, the decoding difficulty is further increased, and the authentication safety is greatly improved.

Therefore, when the master device determines that the target operation comes from the slave device, the operation from the step 102 to the step 104 is executed, so that the slave device can acquire the authentication information, the user can realize the authentication without operating the master device, the convenience of the authentication is improved, and the security of content transmission between the master device and the slave device is ensured by introducing the encryption mode.

Illustratively, for a scenario where the target operation is from the master device itself, the master device performs the collection of the authentication information directly.

Specifically, when the target operation is from the master device, the master device first determines an authentication manner corresponding to an object targeted by the authentication service; then, according to the identity authentication mode, calling an authentication message acquisition module in the main equipment to acquire identity authentication information; finally, the authentication information is verified according to the target identity information stored locally, i.e. the following step 105 is executed.

For the operation of determining the authentication manner by the master device, see the description of determining the authentication manner when the master device generates the authentication request in step 102, which is not described herein again.

Therefore, when the target operation is determined to be from the master device, the identity information is directly acquired through the master device, namely, the acquisition and verification of the identity verification information are completed on the master device side.

And 105, verifying the identity verification information according to the target identity information stored locally.

Illustratively, in one example, the target identity information is set for an object targeted by the authentication service through the master device. Therefore, a setting inlet is provided in the main equipment, and the user directly sets the setting according to the requirement, so that the target identity information can be directly stored in the main equipment locally without network transmission, and the safety of the target identity information is ensured.

Illustratively, in another example, the target identity information is synchronized to the master device for storage after being set by the third-party device. Therefore, the user can conveniently set the target identity information through other third-party equipment, and the convenience of user operation is improved.

Further, after the primary device verifies the identity verification information according to the target identity information, according to a verification result, a response to the target operation may be made on an operation interface of the primary device, and the operation interface of the primary device displayed in the secondary device may be controlled to make a response to the target operation based on the multi-screen cooperative function.

Illustratively, in one example, the response to the target operation according to the verification result is specifically: when the verification result is successful, skipping to the user interface after the identity verification is passed; if the verification result is failure, a prompt message pops up on the operation interface, for example, as shown in fig. 9.

For example, the pop-up prompt message may be a message for prompting the user to fail authentication, or a reason for the failure, or prompt the user to re-input authentication information.

Therefore, after verification is completed, the slave device is controlled to display the operation interface of the master device to make a response aiming at target operation according to the verification result, so that a user can operate the master device by controlling the slave device, and the convenience of the user is improved.

The present embodiment is introduced with respect to the main steps of the master device for implementing the identity authentication, and a specific process of the slave device for implementing the identity authentication method provided in the embodiment of the present application is described below.

Referring to fig. 14, a specific process of implementing the identity authentication method provided in the embodiment of the present application for the slave device includes:

step 201, receiving a target operation acting on an operation interface of the slave device.

Specifically, in the present embodiment, the target operation of the operation interface acting on the slave device is used to trigger an authentication service, and the authentication service is associated with the master device.

That is, the target operation is specifically a user action in the multi-screen cooperative window (10' in fig. 6) displayed in the operation interface (display interface) of the slave device.

Step 202, receiving an authentication request initiated by the master device in response to the target operation and a first public key allocated by the master device for the slave device to execute the target operation.

Step 203, determining an authentication mode according to the authentication request, and acquiring authentication information according to the authentication mode.

Specifically, the authentication request received by the slave device is determined by the master device according to the authentication mode determined by the object corresponding to the authentication service, so that the slave device can determine the authentication mode according to the authentication request, and further acquire authentication information according to the determined authentication mode.

And 204, encrypting the authentication information according to the first public key to obtain an authentication ciphertext.

Step 205, sending the authentication ciphertext to the master device.

For example, to further improve the security of data transmitted between the master device and the slave device, before the transmission of the authentication ciphertext, the slave device may also allocate a second private key for performing a target operation to itself, and allocate a second public key matched with the second private key to the master device. Then signing the authentication ciphertext according to the second private key, sending the second public key to the main equipment, and executing the step of sending the authentication ciphertext to the main equipment; or signing the authentication ciphertext according to the second private key, and then directly executing the step of sending the authentication ciphertext to the master device.

Correspondingly, the above-mentioned scenario in which the authentication ciphertext is signed according to the second private key is followed by directly executing the step of sending the authentication ciphertext to the master device, and if the slave device subsequently receives a request sent by the master device to obtain the second public key, the second public key is sent to the master device, so that the master device can sign and verify the signed authentication ciphertext according to the second public key to determine that the authentication ciphertext is from the slave device, thereby ensuring the authenticity of the authentication ciphertext transmitted between the master device and the slave device.

Therefore, after the master equipment distributes a first public key for executing target operation to the slave equipment, the slave equipment also distributes a second private key for executing the target operation, and simultaneously distributes a second public key matched with the second private key to the master equipment, and after the collected authentication information is encrypted by using the first public key, the encrypted authentication ciphertext is signed by using the second private key, and through double encryption, the safety of the information passing between the master equipment and the slave equipment is further improved.

Illustratively, in one example, the way of allocating the second private key and the second public key from the device may be, for example: and randomly selecting a group of key pairs from a local key database for the target operation, distributing the public key in the key pairs as a second public key to the master device, and leaving the matched private key as the second private key in the local device for use. That is, the slave device leaves the private key of a group of key pairs randomly selected from the local key database as the second private key for itself, and distributes the public key of the selected key pair as the second public key to the master device for use. Therefore, the slave equipment distributes a second private key and a second public key to the slave equipment and the master equipment for multi-screen cooperation in a mode of randomly selecting the key pair, so that the security of encryption and decryption operations of the key pair based on random selection is greatly improved, and the problem that the key pair is easily decoded by people and identity verification information is stolen in the fixed existence of the key is effectively avoided.

As to the key pairs managed by the key database stored locally in the slave device, it can be as shown in table 2.

Table 2 master device key pair management table

Serial number	Public key	Private key
			1	Public key a	Secret key a'
2	Public key b	Private key b'
			3	Public key c	Private key c'
...	...	...

For example, in an actual application scenario, in order to further increase security of encryption and decryption using a public key and a private key in a key pair, the key pairs stored in table 2 may be generated after different parameters are processed based on the same encryption algorithm, so as to obtain a plurality of groups of different key pairs generated based on the same encryption algorithm, thereby ensuring that the key pairs selected each time are different.

For example, in another example, the key pairs stored in table 2 may also be generated after processing the same parameter based on different encryption algorithms, so as to obtain a plurality of groups of different key pairs generated based on different encryptions, thereby ensuring that the key pairs selected each time are different.

For example, in another example, the key pairs stored in table 2 may also be generated after processing the non-stop parameters based on different encryption algorithms, so that the obtained key pairs neither adopt the same encryption algorithm nor the same parameters, and the difficulty of decrypting the key is further improved.

It should be understood that the above description is only an example for better understanding of the technical solution of the present embodiment, and is not intended to limit the present embodiment. In practical application, which encryption algorithm is specifically adopted, which parameters are only processed, and a proper encryption algorithm and parameters are selected according to specific service requirements, which are not limited in the present application and are not specifically described.

In addition, it should be noted that, in order to ensure security, the first public key and the first private key distributed by the master device need to be different from the second public key and the second private key distributed by the slave device, which further increases the difficulty of decryption.

Furthermore, in an actual application scenario, the encryption algorithm adopted for generating the first public key and the first private key follows the following rules, and the used parameters can be different from those for generating the second public key and the second private key, so that the first public key, the first private key, the second public key and the second private key can follow irregularly, the decoding difficulty is further increased, and the safety is improved.

In addition, in an actual application scenario, a third effective duration may be set for the public key in the selected key pair, that is, the second public key, a fourth effective duration may be set for the private key in the selected key pair, that is, the second private key, then the third use duration of the second public key and the fourth use duration of the second private key are monitored, the second public key is destroyed when the third use duration is equal to the third effective duration, and the second private key is destroyed when the fourth use duration is equal to the fourth effective duration. Therefore, effective time lengths are respectively set for the second public key and the second private key, and the second public key and the second private key are destroyed when the service time lengths of the second public key and the second private key are equal to the corresponding effective time lengths.

Illustratively, in one example, the third and fourth validity periods are the same. Therefore, the second public key and the second private key can be simultaneously effective and destroyed, and the slave device management is convenient.

Illustratively, in another example, the third and fourth validity periods are not the same, and the third validity period is slightly greater than the fourth validity period. Therefore, the situation that the main device has not been subjected to signature verification according to the second public key due to time delay can be avoided, the effective time of the second private key and the second public key expires, and the second public key is destroyed, so that the problem that decryption cannot be performed for verification due to time delay is effectively avoided.

The monitoring of the duration of use of the second public key and the second private key may be accomplished by starting a timer.

For example, in the case of using a timer, i.e., by adding, when the time recorded by the timer is equal to the valid time, it is determined that the second private key and the second public key need to be destroyed.

For example, as for the mode of using the timer, the initial duration of the timer may be set to be the valid durations corresponding to the second public key and the second private key, that is, the second public key and the second private key are destroyed in a subtraction mode when the time of the timer becomes 0.

It can be seen from the above description that in an actual application scenario, a key pair managed from a key database local to the device may have been destroyed by the slave device (permanently unavailable or unavailable within a preset time), or a selectable key pair has not been generated currently. Therefore, in order to ensure that the master device and the slave device always have the available second secret key and second public key for authentication. The slave device may first determine whether a key pair exists in the key database, or whether an available key pair exists, before randomly selecting a set of key pairs from the local key database.

Correspondingly, if the key pair exists, the step of randomly selecting a group of key pairs from the local key database is executed;

otherwise, a group of key pairs are randomly generated, the generated key pairs are stored in a key database, and the step of randomly selecting a group of key pairs from the local key database is executed after the generated key pairs are stored in the key database.

It should be noted that the above scenario of the existence of available key pairs may be, for example, that a key pair exists in the key database, but the key pair is already provided to the master device 1 by the slave device, respectively, and if the slave device listens to the target operation associated with the master device 2 again at this time, the key pair is not available for the target operation associated with the master device 2 in the case of only this set of key pairs in the key database. In this case, a set of key pairs needs to be regenerated based on a preset encryption algorithm and rules.

Accordingly, if a group of key pairs other than the key pair assigned to the master device 1 is unused in the key database, it can be determined that there is an available key pair in the current key database.

Furthermore, it should be understood that, in an actual application scenario, the key pair generated based on the preset encryption algorithm and the rule needs to be different from the key pair stored in the key database, so as to avoid the same group of key pairs from being reused.

In addition, after the slave device sends the authentication ciphertext to the master device, if the authentication result sent by the master device is received, the slave device responds to the target operation on the operation interface of the slave device according to the authentication result. Therefore, after verification is completed, the slave device is controlled to display the operation interface of the master device to make a response aiming at target operation according to the verification result, so that a user can operate the master device by controlling the slave device, and the convenience of the user is improved.

Further, in an actual application scenario, after the slave device responds to the target operation according to the verification result, the slave device may actively destroy the second public key and the second private key.

That is to say, even if the current usage duration of the second public key and the second private key is less than the valid duration, the second public key and the second private key can be destroyed in advance.

Therefore, after the authentication ciphertext is decrypted, the slave device destroys the second public key and the second private key, so that a group of key pairs are used only once, the deciphering difficulty is further increased, and the security of the authentication is greatly improved.

The main steps of the slave device to implement identity authentication are introduced in this embodiment, and specific interactions between the master device and the slave device when implementing identity authentication are described below with reference to fig. 15 to 21.

Referring to fig. 15, when implementing cross-device authentication, only using the first public key and the first private key distributed by the master device, the specific process includes:

step S101, a screen projection display module of the slave device monitors that a user triggers a target operation in an operation interface of the master device projected in a display interface of the slave device.

As can be seen from the above description of the embodiment of the slave device implementing the authentication method, the target operation monitored by the screen-projection display module of the slave device essentially acts on the multi-screen cooperative window 10' in fig. 6.

Understandably, in an actual application scenario, the premise for ensuring that the step S101 can be executed is that multi-screen cooperation is already established between the master device and the slave device.

Specifically, regarding the process of establishing the multi-screen cooperative connection between the master device and the slave device, details of two manners are given in fig. 1 to fig. 5, and are not described herein again.

For example, when the multi-screen coordination is initiated on the master device or the slave device side, the electronic device initiating the multi-screen coordination may search for nearby electronic devices that also have coordination assistants by using the internal coordination assistants.

Correspondingly, when a user selects one searched electronic device as a slave device in a display interface of the master device, the network communication module in the master device initiates a request for establishing multi-screen cooperative connection to the network communication module of the selected electronic device, and after the network module of the slave device receives the request and responds, the operation for establishing multi-screen cooperative connection between the master device and the slave device can be completed.

In addition, it can be understood that, in an actual application scenario, the multi-screen coordination between the master device and the slave device may also be established in other manners, for example, a drop-down notification bar entry of the master device is opened, or a setting entry of the slave device is opened, or application starts of respective installation of applications specially managing the multi-screen coordination are opened, which is not further described herein, and the present application is not limited thereto.

In addition, after monitoring a target operation triggered by the user at the multi-screen cooperative window 10', the screen projection display module of the slave device sends the target operation to the master device through a multi-screen cooperative channel established with the master device, that is, the slave device sends the target operation to the network communication module of the master device through an internal network communication module, and the network communication module of the master device reports the received target operation to an object, such as an information application, corresponding to an authentication service corresponding to the target operation in the application program layer of the master device.

Step S102, an information application located in the application framework layer in the master device, that is, an object corresponding to the authentication service to be triggered by the target operation, determines that the target operation triggering the authentication service comes from the slave device.

In an actual application scenario, a user can operate the master device through the multi-screen cooperative window 10' displayed on the slave device, or can directly operate through the master device. In different operation modes, the operations to be performed by the master device during the identity authentication are different, so that the source of the target operation needs to be determined when the master device acquires the target operation. For a scene that the target operation comes from the main equipment, the authentication mode is similar to the existing scheme, namely the main equipment not only collects the authentication information, but also authenticates the authentication information. For this scenario, this embodiment is not described again, and this embodiment takes as an example that the target operation is from the slave device, that is, the master device directly determines that the received target operation triggering the authentication service is from the slave device.

Step S103, the information application in the application framework layer in the master device distributes a first public key for executing the target operation to the slave device, distributes a first private key matched with the first public key to the slave device, and generates an identity verification request.

For the source of the first public key and the first private key, and how to generate the authentication request, it is detailed in the above embodiment for the description of the method for implementing the authentication by the master device, and details are not described here.

Illustratively, in one example, if the key pair is generated based on the RSA biometric encryption algorithm, the way to randomly generate a set of key pairs may be, for example: RSACryptoServiceProvider crypt ═ new RSACryptoServiceProvider ().

Illustratively, in another example, the generated key may be processed into a string in XML format and then stored, for example: toxmlstring (true).

It should be understood that the above description is only an example for better understanding of the technical solution of the present embodiment, and is not to be taken as the only limitation of the present embodiment.

Step S104, the master device sends the first public key and the authentication request to the slave device, specifically, the network communication module in the master device sends the authentication request generated by the information application and the allocated first public key to the network communication module of the slave device, and the network communication module of the slave device reports the authentication request and the allocated first public key to the screen projection display module in the slave device.

Illustratively, when the master device transmits the content to the slave device, the response of the master device to the target operation may also be transmitted, for example, the currently displayed interface is switched to the interface shown in fig. 7, so that the slave device synchronizes the content displayed by the multi-screen collaboration window 10' with the content currently displayed by the master device, and the content synchronously displayed by the slave device is also transmitted by the master device to the network communication module of the slave device through the network communication module of the master device.

And S105, determining an identity authentication mode according to the identity authentication request by the screen projection display module of the slave device, calling system services in the application program framework layer according to the identity authentication mode to create a corresponding service instance, further handing the service instance to a system reading manager for management, and calling acquisition hardware of identity authentication information corresponding to the identity authentication mode determined by the corresponding drive according to the service instance by the system service manager to acquire identity authentication information.

For convenience of understanding, the present embodiment specifically describes the process of acquiring the four different types of authentication information from the device, taking the authentication manner as a fingerprint authentication manner, a face/iris authentication manner, a voiceprint authentication manner, and a gesture/alphanumeric authentication manner as examples.

Mode one (fingerprint verification mode):

referring to fig. 16, for example, after receiving an authentication request, which is sent by a master device and is directed to an information application of the master device displayed on a multi-screen cooperative window 10', and when determining that an authentication manner corresponding to the information application is a fingerprint authentication manner according to the authentication request, the slave device executes step S201, specifically, a system service of an application framework layer is called, and an operation of creating a fingerprint service instance is executed by the system service.

Accordingly, after the system service completes the creation operation of the fingerprint service instance, step S202 is executed, specifically, the created fingerprint service instance is handed to the system service manager for management.

Accordingly, after receiving the fingerprint service instance created by the system service, the system service manager executes step S203, specifically, invokes a fingerprint driver located in the kernel layer, to trigger the fingerprint driver to execute step S204, specifically, invokes hardware of the fingerprint module (or the fingerprint chip or the fingerprint sensor).

Correspondingly, the fingerprint module outputs the currently collected fingerprint information to the fingerprint driver, namely, executes step S205.

Correspondingly, after the fingerprint information that the fingerprint module sent was received to the fingerprint drive, execution step S206, namely send the fingerprint information for system service manager.

Accordingly, the system service manager outputs the received fingerprint information to the multimedia management module, and the multimedia management module performs corresponding processing, i.e. performs step S207.

Understandably, in an actual application scenario, the multimedia management module processes the fingerprint information, and when the fingerprint information is a fingerprint picture, the processing may be resolution adaptation, that is, the resolution corresponding to the fingerprint picture acquired by the slave device is adapted to the same resolution as the fingerprint picture stored by the master device.

Accordingly, after the multimedia management module processes the fingerprint information, the multimedia management module outputs the processed fingerprint information to the system service manager, i.e. performs step S208.

Accordingly, after receiving the fingerprint information processed by the multimedia management module, the system service manager performs step S209, specifically, transmits the processed fingerprint information to the fingerprint service instance in the system service, and then transmits the fingerprint information to the information application of the main device displayed in the multi-screen collaboration window 10' by the fingerprint service instance in the system service, that is, performs step S210.

To better understand the process of collecting fingerprint authentication information shown in fig. 16, taking the android System as an example, the System service called in step S201 may be, for example, System Services.

Accordingly, System Services create a fingerprint service instance, which may be, for example, a Figerpintservice instance.

Then, after the system service completes the creation of the fingerprint service instance, the system service may call a relevant interface, for example, a servicemanager.

Therefore, the fingerprint authentication information is collected, and then the slave equipment can encrypt the collected fingerprint authentication information according to the first public key provided by the master equipment.

It should be understood that the above description is only an example for better understanding of the technical solution of the present embodiment, and is not to be taken as the only limitation of the present embodiment.

Mode two (face/iris verification mode):

referring to fig. 17, for example, after receiving an authentication request, which is sent by a master device and is directed to an information application of the master device displayed on a multi-screen cooperative window 10', and when determining that an authentication manner corresponding to the information application is a face/iris authentication manner according to the authentication request, the slave device executes step S301, specifically, a system service of an application framework layer is called, and the system service executes an operation of creating a camera service instance.

Accordingly, after the system service completes the creation operation of the camera service instance, step S302 is executed, specifically, the created camera service instance is handed to the system service manager for management.

Accordingly, after receiving the camera service instance created by the system service, the system service manager executes step S303, specifically, invokes a camera driver located in the kernel layer, to trigger the camera driver to execute step S304, specifically, invokes hardware of the camera.

Understandably, users are usually oriented to the display screen of the electronic device, so that the front camera is usually called.

In addition, for the condition that the slave device only has one camera (possibly an external camera), in order to ensure the validity of the acquired authentication information, when the camera is called to acquire the authentication information, the user can be prompted by voice to look at the camera.

Similarly, for other authentication methods, the user may be prompted when acquiring authentication information.

Accordingly, the camera outputs the currently acquired face/iris information to the camera driver, i.e., step S305 is executed.

Accordingly, after the camera driver receives the face/iris information sent by the camera, step S306 is executed, that is, the face/iris information is sent to the system service manager.

Accordingly, the system service manager outputs the received face/iris information to the multimedia management module, and the multimedia management module performs corresponding processing, i.e., step S307 is executed.

It can be understood that, in an actual application scenario, the multimedia management module processes the face/iris information, and when the face/iris information is a face/iris picture, the processing may be resolution adaptation, that is, the resolution corresponding to the face/iris picture acquired from the device is adapted to the same resolution as the face/iris picture stored in the host device.

Accordingly, after the multimedia management module processes the face/iris information, the multimedia management module outputs the processed face/iris information to the system service manager, that is, performs step S308.

Accordingly, after receiving the face/iris information processed by the multimedia management module, the system service manager performs step S309, specifically, transmits the processed face/iris information to the camera service instance in the system service, and then the camera service instance in the system service transmits the face/iris information to the information application of the host device displayed in the multi-screen cooperative window 10', that is, performs step S310.

In order to better understand the process of acquiring the face/iris authentication information shown in fig. 17, taking the android System as an example, the System service called in step S301 may be, for example, System Services.

Accordingly, System Services create a Camera Service instance, which may be a Camera Service instance, for example.

Next, after the system service completes the creation of the camera service instance, the system service may call a related interface, for example, a servicemanager.

Therefore, the acquisition of the face/iris authentication information is realized, and then the slave equipment can encrypt the acquired face/iris authentication information according to the first public key provided by the master equipment.

It should be understood that the above description is only an example for better understanding of the technical solution of the present embodiment, and is not to be taken as the only limitation of the present embodiment.

Mode three (voiceprint verification mode):

referring to fig. 18, for example, after receiving an authentication request, which is sent by a master device and is directed to an information application of the master device displayed on a multi-screen cooperative window 10', and when determining that an authentication manner corresponding to the information application is a voiceprint authentication manner according to the authentication request, a slave device may execute step S401, specifically, invoke a system service of an application framework layer, and execute an operation of creating an audio service instance by the system service.

Accordingly, after the system service completes the creation operation of the audio service instance, step S402 is executed, specifically, the created audio service instance is delivered to the system service manager for management.

Accordingly, after receiving the audio service instance created by the system service, the system service manager performs step S403, specifically, invokes the audio driver located in the kernel layer to trigger the audio driver to perform step S404, specifically, invokes the hardware of the audio module.

It is understood that the audio module 170 can include, for example, a speaker 170A, a receiver 170B, a microphone 170C, and an earphone interface 170D, as will be understood from the description of the audio module 170 in fig. 10. And the microphone 170C is specifically used to collect voice information of the user. Therefore, in the present embodiment, the audio module 170 for audio driving call is specifically the microphone 170C.

Accordingly, the microphone 170C outputs the currently collected sound information to the audio driver, i.e., performs step S405.

Accordingly, after the audio driver receives the sound information sent by the microphone 170C, step S406 is executed to send the sound information to the system service manager.

Accordingly, the system service manager outputs the received sound information to the multimedia management module, and the multimedia management module performs corresponding processing, that is, step S407 is executed.

Understandably, in an actual application scenario, the multimedia management module processes the sound information, for example, noise reduction processing may be performed on the sound information to filter out interfering sound, and then extract voiceprint information meeting requirements.

Accordingly, after the multimedia management module processes the voice message, the multimedia management module outputs the processed voiceprint message to the system service manager, i.e. performs step S408.

Accordingly, after receiving the voiceprint information processed by the multimedia management module, the system service manager executes step S409, specifically, transmits the processed voiceprint information to the audio service instance in the system service, and then transmits the voiceprint information to the information application of the main device displayed in the multi-screen collaboration window 10' by the audio service instance in the system service, that is, executes step S410.

For better understanding of the process of collecting the voiceprint authentication information shown in fig. 18, taking the android System as an example, the System service called in step S401 may be, for example, System Services.

Accordingly, System Services create an instance of an audio service, which may be, for example, an AudioServer instance.

Specifically, the process of creating the AudioServer instance is to create an audiopolicyserve running in a MediaServer process, and establish a relationship between the MediaServer process and the AudioServer process, so that the audiopolicyserve can be started along with the start of the MediaServer process, thereby implementing the process of creating the AudioServer instance.

Then, after the system service completes the creation of the audio service instance, the system service may call a relevant interface, for example, a servicemanager.

Therefore, the acquisition of the voiceprint authentication information is realized, and then the slave equipment can encrypt the acquired voiceprint authentication information according to the first public key provided by the master equipment.

It should be understood that the above description is only an example for better understanding of the technical solution of the present embodiment, and is not intended to limit the present embodiment.

Mode four (gesture/alphanumeric verification mode):

referring to fig. 19, for example, after receiving an authentication request, which is sent by a master device and is directed to an information application of the master device displayed on a multi-screen cooperative window 10', and when determining that an authentication manner corresponding to the information application is a gesture/alphanumeric authentication manner according to the authentication request, the slave device may perform step S501, specifically, to invoke a system service of an application framework layer, and perform an operation of creating a display screen service instance by the system service.

It can be understood that in an actual application scenario, for a gesture verification mode, a pressure sensor service instance is usually created, so that a pressure sensor can be called to acquire information such as a moving position and a pressure value of a finger of a user, and a gesture moving picture is further determined.

Accordingly, after the system service completes the creation operation of the display screen service instance, step S502 is executed, specifically, the created display screen service instance is delivered to the system service manager for management.

Accordingly, after receiving the display service instance created by the system service, the system service manager may perform step S503, specifically, call a display driver located in the kernel layer, to trigger the display driver to perform step S504, specifically, call the display, or a sensor corresponding to the display.

Accordingly, the display screen outputs the currently collected gesture/alphanumeric information to the display screen driver, i.e. step S505 is executed.

Accordingly, after the display driver receives the gesture/alphanumeric information sent by the display, step S506 is executed, that is, the gesture/alphanumeric information is sent to the system service manager.

Accordingly, the system service manager outputs the received gesture/alphanumeric information to the multimedia management module, and the multimedia management module performs corresponding processing, i.e. step S507 is executed.

Understandably, in an actual application scenario, the multimedia management module processes the gesture/alphanumeric information, and when the gesture/alphanumeric information is a gesture/alphanumeric picture, the processing may be resolution adaptation, that is, the resolution corresponding to the gesture/alphanumeric picture acquired from the device is adapted to the same resolution as the gesture/alphanumeric picture stored in the host device.

Accordingly, after the multimedia management module processes the gesture/alphanumeric information, the multimedia management module outputs the processed gesture/alphanumeric information to the system service manager, i.e., performs step S508.

Correspondingly, after receiving the gesture/alphanumeric information processed by the multimedia management module, the system service manager executes step S509, specifically, transmits the processed gesture/alphanumeric information to the display service instance in the system service, and then the display service instance in the system service transmits the gesture/alphanumeric information to the information application of the host device displayed in the multi-screen collaboration window 10', that is, executes step S510.

To better understand the process of collecting gesture/alphanumeric authentication information shown in fig. 19, taking the android System as an example, the System service called in step S501 may be, for example, System Services.

Accordingly, System Services create display service instances, which may be sensor service (SensorServer) instances, for example, as needed.

Specifically, the creating process for the SensorServer instance may create the sensor service instance by calling an interface provided by the system service to acquire the relevant sensor service instance.

For example, by calling the getSystemService () interface, the required sensor service instance is obtained.

Next, after the system service completes the creation of the sensor service instance, the system service may call a relevant interface, for example, a servicemanager.

Therefore, the acquisition of the gesture/digital-letter authentication information is realized, and then the slave device can encrypt the acquired gesture/digital-letter authentication information according to the first public key provided by the master device.

It should be understood that the above description is only an example for better understanding of the technical solution of the present embodiment, and is not to be taken as the only limitation of the present embodiment.

And S106, encrypting the authentication information by the multi-screen display module of the slave device according to the first public key to obtain an authentication ciphertext.

For example, in this embodiment, a manner of performing encryption based on the RSA biometric encryption algorithm is given as follows:

unicodeencodingencoding (); // create a byte array UnicodeEncoding ()

byte [ ] passwortbytes ═ encoding. V/converting the cipher to a byte array

RSACryptoServiceProvider crypt ═ new RSACryptoServiceProvider (); v/RSA biological information encryption algorithm

PasswordBytes ═ crypt. encrypt (false); v/encrypt the byte array to obtain the identity verification ciphertext

It should be understood that the above description is only an example for better understanding of the technical solution of the present embodiment, and is not to be taken as the only limitation of the present embodiment.

And step S107, the network communication module of the slave device sends the authentication ciphertext to the network communication module of the master device.

And S108, the information application positioned in the application program layer in the main equipment decrypts the authentication ciphertext according to the first private key to obtain the authentication information.

Illustratively, in this embodiment, a way of performing decryption based on RSA biometric encryption algorithm is given as follows:

fromxmlstring (key)// input key, key is the XML-formatted string read from the database table field, i.e. the first private key

PasswordBytes is crypt. decrypt (password, false); v/decrypt the byte array and return the original authentication information

It should be understood that the above description is only an example for better understanding of the technical solution of the present embodiment, and is not to be taken as the only limitation of the present embodiment.

In addition, as can be seen from the above description, the primary device destroys the first private key and the first public key after decrypting the authentication information. Clear () may be called, for example, in an actual application scenario, to destroy the currently used key pair.

Step S109, the information application in the application layer in the host device obtains the target identity information from the content provider storing the target identity information, and verifies the identity verification information according to the target identity information stored locally.

The above-mentioned entry process of the target identity information is similar to the manner of collecting the identity verification information from the device as shown in fig. 16 to 19, and is not described herein again.

Specifically, the target identity information is stored in advance, and is managed by the content provider.

Referring to fig. 20, for example, when the host device obtains the authentication information, the information application at the application layer accesses the content provider at the application framework layer, that is, step S601 is performed, and further obtains target identity information corresponding to the information application from the content provider, that is, the content provider performs step S602 to return the target identity information to the information application.

Further, after the authentication of the authentication message is completed, the master device controls the master device and the slave device to synchronize according to the authentication result, so that the content displayed on the display interface of the master device is the same as the content displayed on the multi-screen cooperative window 10' of the slave device.

A scenario in which only the first public key and the first private key allocated by the master device are used when implementing the cross-device authentication is described, and a description is given below with reference to fig. 21 for using both the first public key and the first private key allocated by the master device and the second public key and the second private key allocated by the slave device when implementing the cross-device authentication.

As can be seen from fig. 21, the procedure of the authentication method implemented based on steps S701 to S712 in fig. 21 is substantially the same as the procedure of the authentication method implemented by steps S101 to S109 in fig. 15, and the main difference is that: before the slave device sends the authentication ciphertext encrypted by using the first public key to the network communication module of the master device through the network communication module, the screen projection display module of the slave device needs to allocate a second public key to the master device and allocate a second private key matched with the second public key to the slave device, that is, step S705 in fig. 21 is executed.

Further, after the screen projection display module of the slave device completes step S705, the second public key is sent to the network communication module of the master device through the internal network communication module, that is, step S706 is executed.

Further, after the above operations are completed, the slave device collects the authentication message according to the authentication manner corresponding to the authentication request, and the specific implementation process is substantially the same as that of step S105 in fig. 15, which is not described herein again.

Further, after the slave device collects the authentication information, the slave device encrypts the authentication information by using the first public key provided by the master device to obtain an authentication ciphertext, namely, step S708 is executed, and then, the slave device signs the authentication ciphertext by using the second private key, namely, step S709 is executed, so that the security of the authentication information transmitted between the master device and the slave device is further improved.

In addition, as can be seen from the above description of the embodiment in which the slave device implements the identity verification method and the embodiment in which the master device implements the identity verification method, the second public key allocated to the master device by the slave device may be actively sent to the master device before the identity verification message is collected, may be sent to the master device together when the authentication ciphertext signed by using the second private key is sent, or may be sent to the master device according to a request of the master device, and specifically, in the embodiment shown in fig. 21, before the identity verification message is collected, the slave device actively sends the second public key to the master device.

For example, after step S709 is completed, the slave device may send the authentication ciphertext signed by using the second private key to the network communication module of the master device through the network communication module, that is, step S710 is performed.

Correspondingly, after receiving the authentication ciphertext which is sent by the network communication module of the slave device and signed by using the second private key, the network communication module of the master device reports the authentication ciphertext which is signed by using the second private key to the information application located in the application program layer.

Correspondingly, the information application uses the second public key provided by the slave device to perform signature authentication, and when the signature authentication passes, that is, it is determined that the received authentication message is from the slave device that establishes the multi-screen cooperation, the first private key is used to decrypt the authentication ciphertext, that is, step S711 is executed.

Accordingly, the information application of the master device decrypts the authentication ciphertext, restores the authentication information, obtains the target identity information from the content provider storing the target identity information, and verifies the authentication information according to the target identity information stored locally, i.e., performs step S712.

Therefore, after the master equipment distributes a first public key for executing target operation to the slave equipment, the slave equipment also distributes a second private key for executing the target operation, and simultaneously distributes a second public key matched with the second private key to the master equipment, and after the collected authentication information is encrypted by using the first public key, the encrypted authentication ciphertext is signed by using the second private key, and through double encryption, the safety of the information passing between the master equipment and the slave equipment is further improved. This is described with respect to a scenario in which both a first public key and a first private key allocated by a master device and a second public key and a second private key allocated by a slave device are used in implementing cross-device authentication. The content that is not described in this embodiment is detailed in the above description of the embodiment of implementing the identity authentication method by the master device and the embodiment of implementing the identity authentication method by the slave device, and is not described herein again.

Therefore, the authentication method provided by the application embodiment can ensure that the encryption mode used by the two parties can be agreed before the slave device sends the authentication information to the master device for authentication by introducing the encryption mechanism and setting the master device initiating screen projection to actively send the authentication request to the slave device of the content of screen projection of the real master device and negotiating the encryption mode, so that when the slave device sends the acquired authentication information to the master device for authentication, the slave device can encrypt the authentication information according to the first public key which is provided by the master device and is only suitable for the current slave device to execute the target operation, and the master device can decrypt the authentication information based on the first private key matched with the first public key after receiving the authentication ciphertext sent by the slave device and authenticate the decrypted authentication information based on the target authentication information stored locally, therefore, the multi-screen cooperative equipment can carry out identity authentication across equipment, so that the operation of a user is facilitated, and meanwhile, the encryption mode is introduced, and the safety of content transmission between the master equipment and the slave equipment is ensured.

In addition, it should be noted that, in the authentication methods provided in the foregoing embodiments, the authentication methods respectively executed by the master device and the slave device may also be executed by a chip system included in the master device and the slave device. Wherein the system on a chip may include a processor. The system-on-chip may be coupled to the memory such that the system-on-chip may be operable to invoke computer programs stored in the memory to implement the steps performed by the master device or the steps performed by the slave device. The processor in the system on chip may be an application processor or a processor other than an application processor.

In addition, an embodiment of the present application further provides a computer-readable storage medium, where a computer instruction is stored in the computer-readable storage medium, and when the computer instruction runs on an electronic device, the master device executes the relevant method steps to implement the authentication method applied to the master device in the foregoing embodiment, and the slave device executes the relevant method steps to implement the authentication method applied to the slave device in the foregoing embodiment.

In addition, an embodiment of the present application further provides a computer program product, which when running on a computer, causes the computer to execute the relevant steps described above, so as to implement the authentication method applied to the master device or the slave device in the foregoing embodiment.

In addition, embodiments of the present application also provide a chip (which may also be a component or a module), which may include one or more processing circuits and one or more transceiver pins; the receiving pin and the processing circuit communicate with each other through an internal connection path, and the processing circuit executes the relevant method steps to realize the identity authentication method in the embodiment so as to control the receiving pin to receive signals and control the sending pin to send signals.

It will be appreciated that for the case where the chip is located in the host device, the processing circuitry in the chip performs the authentication method applied to the host device in the above embodiments.

Accordingly, for a request that the chip is located in the slave device, the processor circuit in the chip performs the authentication method applied to the slave device in the above-described embodiment.

As can be seen from the above description of the hardware structure of the electronic device, specifically, the main device includes but is not limited to one or more processors; a memory; and one or more computer programs; the computer program, when executed by the one or more processors, causes the master device or a system-on-chip in the master device to perform the steps of:

determining a source of a target operation that triggers an authentication service, the authentication service being associated with the master device;

when the target operation comes from the slave equipment, distributing a first public key for executing the target operation for the slave equipment, distributing a first private key matched with the first public key for the master equipment, and generating an identity verification request;

sending the first public key and the authentication request to the slave device;

receiving an authentication ciphertext sent by the slave equipment, and decrypting the authentication ciphertext according to the first private key to obtain authentication information;

and verifying the identity verification information according to the target identity information stored in the local.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

randomly selecting a group of key pairs from a local key database, wherein the key pairs comprise public keys and private keys;

distributing the public key of the selected key pair as the first public key to the slave device executing the target operation;

and distributing the selected private key of the key pair as the first private key to the master device.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

judging whether a key pair exists in the key database;

if yes, executing the step of randomly selecting a group of key pairs from a local key database;

otherwise, a group of key pairs are randomly generated, the generated key pairs are stored in a key database, and the step of randomly selecting a group of key pairs from the local key database is executed after the generated key pairs are stored in the key database.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

setting a first effective duration for a public key in the key pair, and setting a second effective duration for a private key in the key pair;

monitoring a first use duration of a public key in the key pair and a second use duration of a private key in the key pair;

destroying the public key in the key pair when the first using time length is equal to the first effective time length;

and destroying the private key in the key pair when the second using time length is equal to the second effective time length.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

determining an identity authentication mode corresponding to an object targeted by the identity authentication service;

and generating an identity authentication request according to the identity authentication mode.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

judging whether the identity verification ciphertext is signed by a second private key or not, wherein the second private key is stored locally in the slave equipment;

if not, the step of decrypting the authentication ciphertext according to the first private key is executed.

If yes, detecting whether a second public key which is sent by the slave equipment and is matched with the second private key is stored locally;

if the identity authentication ciphertext exists, performing signature verification on the signed identity authentication ciphertext according to the second public key, and executing the step of decrypting the identity authentication ciphertext according to the first private key after the signature verification is passed;

and if the first public key does not exist, sending a request for acquiring the second public key to the slave equipment, performing signature verification on the signed authentication ciphertext according to the second public key after receiving the second public key sent by the slave equipment, and executing the step of decrypting the authentication ciphertext according to the first private key after the signature verification is passed.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

destroying the first public key and the first private key.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

when the target operation comes from the master device, determining an authentication mode corresponding to an object targeted by the authentication service;

calling an authentication message acquisition module in the main equipment to acquire authentication information according to the authentication mode;

and verifying the identity verification information according to the target identity information stored in the local.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

and according to the verification result, making a response aiming at the target operation on the operation interface of the main equipment, and controlling the operation interface of the main equipment displayed in the slave equipment to make a response aiming at the target operation on the basis of the multi-screen cooperative function.

As can be seen from the above description of the hardware structure of the electronic device, specifically, the main device includes but is not limited to one or more processors; a memory; and one or more computer programs; the computer program, when executed by the one or more processors, causes the master device or a system-on-chip in the master device to perform the steps of:

receiving a target operation acting on an operation interface of the slave device, wherein the target operation is used for triggering an authentication service, and the authentication service is associated with the master device;

receiving an authentication request initiated by the master device in response to the target operation and a first public key distributed by the master device for the slave device to execute the target operation, wherein the first private key matched with the first public key is locally stored in the master device;

determining an identity authentication mode according to the identity authentication request, and acquiring identity authentication information according to the identity authentication mode;

encrypting the authentication information according to the first public key to obtain an authentication ciphertext;

and sending the authentication ciphertext to the main equipment, so that the main equipment decrypts the authentication ciphertext according to the first private key and then performs authentication.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

distributing a second private key for executing the target operation to the slave device, and distributing a second public key matched with the second private key to the master device;

signing the authentication ciphertext according to the second private key, sending the second public key to the main equipment, and executing the step of sending the authentication ciphertext to the main equipment;

alternatively, the first and second electrodes may be,

and signing the authentication ciphertext according to the second private key, and executing the step of sending the authentication ciphertext to the main equipment.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

and if a request for acquiring the second public key sent by the main equipment is received, sending the second public key to the main equipment.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

randomly selecting a group of key pairs from a local key database, wherein the key pairs comprise public keys and private keys;

distributing the selected private key of the key pair as the second private key to the slave device executing the target operation;

and distributing the public key of the selected key pair as the second public key to the master device.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

judging whether a key pair exists in the key database;

if yes, executing the step of randomly selecting a group of key pairs from a local key database;

otherwise, a group of key pairs are randomly generated, the generated key pairs are stored in a key database, and the step of randomly selecting a group of key pairs from the local key database is executed after the generated key pairs are stored in the key database.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

setting a third effective duration for a public key in the key pair, and setting a fourth effective duration for a private key in the key pair;

monitoring a third use duration of the public key in the key pair and a fourth use duration of the private key in the key pair;

destroying the public key in the key pair when the third using time length is equal to the third effective time length;

and destroying the private key in the key pair when the fourth service duration is equal to the fourth valid duration.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

receiving a verification result sent by the main equipment;

and responding to the target operation on an operation interface of the slave equipment according to the verification result.

Illustratively, in another example, the computer program, when executed by the one or more processors, causes the master device to perform the steps of:

destroying the second public key and the second private key.

It is to be understood that the above steps performed when the master device and the slave device implement the authentication are similar to the authentication method described in the above method embodiment, and therefore specific details that are not described here are not described in detail in the above method embodiment section, and are not described here again.

Furthermore, as can be seen from the above description, the electronic device, the computer-readable storage medium, the computer program product, or the chip provided in the embodiments of the present application are all configured to perform the corresponding methods provided above, for example, the master device is configured to perform the authentication method applied to the master device, and the slave device is configured to perform the authentication method applied to the slave device. Therefore, the beneficial effects that can be achieved by the method can refer to the beneficial effects in the corresponding methods provided above, and are not described again here.

Furthermore, it should be understood that the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present application.

Claims (21)

1. An identity authentication method is applied to a master device, the master device and a slave device establish communication connection through a multi-screen cooperative function, the master device is an electronic device for screen projection, the slave device is an electronic device for displaying content of screen projection of the master device, and the identity authentication method comprises the following steps:

determining a source of a target operation that triggers an authentication service, the authentication service being associated with the primary device;

when the target operation comes from the slave equipment, distributing a first public key for executing the target operation to the slave equipment, distributing a first private key matched with the first public key to the master equipment, and generating an identity verification request;

sending the first public key and the authentication request to the slave device;

receiving an authentication ciphertext sent by the slave device, and decrypting the authentication ciphertext according to the first private key to obtain authentication information;

and verifying the identity verification information according to the target identity information stored in the local.

2. The method of claim 1, wherein assigning the slave device a first public key for performing the target operation and assigning the master device a first private key matching the first public key comprises:

randomly selecting a group of key pairs from a local key database, wherein the key pairs comprise public keys and private keys;

distributing the public key of the selected key pair as the first public key to the slave device executing the target operation;

and distributing the selected private key of the key pair as the first private key to the master device.

3. The method of claim 2, wherein prior to the randomly selecting a set of key pairs from the local key database, the method further comprises:

judging whether a key pair exists in the key database;

if yes, executing the step of randomly selecting a group of key pairs from a local key database;

otherwise, a group of key pairs are randomly generated, the generated key pairs are stored in a key database, and the step of randomly selecting a group of key pairs from the local key database is executed after the generated key pairs are stored in the key database.

4. The method of claim 2, wherein after the randomly selecting a set of key pairs from the local key database, the method further comprises:

setting a first effective duration for a public key in the key pair, and setting a second effective duration for a private key in the key pair;

monitoring a first use duration of a public key in the key pair and a second use duration of a private key in the key pair;

destroying the public key in the key pair when the first using time length is equal to the first effective time length;

and destroying the private key in the key pair when the second using time length is equal to the second effective time length.

5. The method of claim 1, wherein generating an authentication request comprises:

determining an identity authentication mode corresponding to an object targeted by the identity authentication service;

and generating an identity authentication request according to the identity authentication mode.

6. The method of claim 1, wherein prior to the decrypting the authentication ciphertext according to the first private key, the method further comprises:

judging whether the identity verification ciphertext is signed by a second private key or not, wherein the second private key is stored locally in the slave equipment;

if not, the step of decrypting the authentication ciphertext according to the first private key is executed.

If yes, detecting whether a second public key which is sent by the slave equipment and is matched with the second private key is stored locally;

if the identity authentication ciphertext exists, performing signature authentication on the signed identity authentication ciphertext according to the second public key, and executing the step of decrypting the identity authentication ciphertext according to the first private key after the signature authentication is passed;

and if the first public key does not exist, sending a request for acquiring the second public key to the slave equipment, performing signature verification on the signed authentication ciphertext according to the second public key after receiving the second public key sent by the slave equipment, and executing the step of decrypting the authentication ciphertext according to the first private key after the signature verification is passed.

7. The method of claim 1, wherein after the decrypting the authentication ciphertext according to the first private key, the method further comprises:

destroying the first public key and the first private key.

8. The method of claim 1, wherein the authentication method further comprises:

when the target operation comes from the master device, determining an authentication mode corresponding to an object targeted by the authentication service;

calling an authentication message acquisition module in the main equipment to acquire authentication information according to the authentication mode;

and verifying the identity verification information according to the target identity information stored in the local.

9. The method according to any one of claims 1 to 8, wherein after the authentication information is authenticated according to the target identity information stored locally, the method further comprises:

and according to the verification result, making a response aiming at the target operation on the operation interface of the main equipment, and controlling the operation interface of the main equipment displayed in the slave equipment to make a response aiming at the target operation on the basis of the multi-screen cooperative function.

10. An identity authentication method is applied to a slave device, the slave device and a master device establish communication connection through a multi-screen cooperative function, the master device is an electronic device for screen projection, and the slave device is an electronic device for displaying content projected by the master device, and the identity authentication method includes:

receiving a target operation acting on an operation interface of the slave equipment, wherein the target operation is used for triggering an authentication service, and the authentication service is associated with the master equipment;

receiving an authentication request initiated by the master device in response to the target operation and a first public key distributed by the master device for the slave device to execute the target operation, wherein the first private key matched with the first public key is locally stored in the master device;

determining an identity authentication mode according to the identity authentication request, and acquiring identity authentication information according to the identity authentication mode;

encrypting the authentication information according to the first public key to obtain an authentication ciphertext;

and sending the authentication ciphertext to the main equipment, so that the main equipment decrypts the authentication ciphertext according to the first private key and then performs authentication.

11. The method of claim 10, wherein prior to the sending the authentication ciphertext to the master device, the method further comprises:

distributing a second private key for executing the target operation to the slave equipment, and distributing a second public key matched with the second private key to the master equipment;

signing the authentication ciphertext according to the second private key, sending the second public key to the main device, and executing the step of sending the authentication ciphertext to the main device;

alternatively, the first and second electrodes may be,

and signing the authentication ciphertext according to the second private key, and executing the step of sending the authentication ciphertext to the main equipment.

12. The method of claim 11, wherein after the signing the authentication ciphertext according to the second private key and performing the sending the authentication ciphertext to the master device, the method further comprises:

and if a request for acquiring the second public key sent by the main equipment is received, sending the second public key to the main equipment.

13. The method of claim 11, wherein assigning the slave device a second private key for performing the target operation and assigning the master device a second public key matching the second private key comprises:

randomly selecting a group of key pairs from a local key database, wherein the key pairs comprise public keys and private keys;

distributing the selected private key of the key pair as the second private key to the slave device executing the target operation;

and distributing the public key of the selected key pair as the second public key to the master device.

14. The method of claim 13, wherein prior to said randomly selecting a set of key pairs from a local key database, the method further comprises:

judging whether a key pair exists in the key database;

if yes, executing the step of randomly selecting a group of key pairs from a local key database;

otherwise, a group of key pairs are randomly generated, the generated key pairs are stored in a key database, and the step of randomly selecting a group of key pairs from the local key database is executed after the generated key pairs are stored in the key database.

15. The method of claim 13, wherein after randomly selecting a set of key pairs from a local key database, the method further comprises:

setting a third effective duration for a public key in the key pair, and setting a fourth effective duration for a private key in the key pair;

monitoring a third use duration of the public key in the key pair and a fourth use duration of the private key in the key pair;

destroying the public key in the key pair when the third using time length is equal to the third effective time length;

and destroying the private key in the key pair when the fourth service duration is equal to the fourth valid duration.

16. The method according to any one of claims 10 to 15, wherein after the sending the authentication ciphertext to the master device, the method further comprises:

receiving a verification result sent by the main equipment;

and responding to the target operation on an operation interface of the slave equipment according to the verification result.

17. The method according to claim 16, wherein after the responding to the target operation is made by an operation interface of the slave device according to the verification result, the method further comprises:

destroying the second public key and the second private key.

18. An identity verification system, comprising: the multi-screen display system comprises a main device and a slave device, wherein the main device and the slave device realize multi-screen cooperation, the main device is an electronic device used for screen projection, and the slave device is an electronic device used for displaying the content of screen projection of the main device;

wherein the master device is configured to perform the authentication method according to any one of claims 1 to 9, and the slave device is configured to perform the authentication method according to any one of claims 10 to 17.

19. An electronic device, comprising: a memory and a processor, the memory and the processor coupled; the memory stores program instructions that, when executed by the processor, cause the electronic device to perform the authentication method of any one of claims 1 to 9, or the authentication method of any one of claims 10 to 17.

20. A computer-readable storage medium comprising a computer program which, when run on an electronic device, causes the electronic device to perform an authentication method according to any one of claims 1 to 9, or an authentication method according to any one of claims 10 to 17.

21. A chip, comprising: one or more processing circuits and one or more transceiver pins; wherein the transceiver pin and the processing circuit communicate with each other via an internal connection path, and the processing circuit performs the authentication method according to any one of claims 1 to 9, or the authentication method according to any one of claims 10 to 17, to control the receiving pin to receive a signal, and to control the transmitting pin to transmit a signal.

Images