CN115549934A

CN115549934A - Security authentication method, related electronic equipment and system

Info

Publication number: CN115549934A
Application number: CN202110733084.XA
Authority: CN
Inventors: 李维晅; 孔宁; 何思聪; 王旭; 马小双; 任兵飞
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2021-06-29
Filing date: 2021-06-29
Publication date: 2022-12-30

Abstract

The application discloses a security authentication method, related electronic equipment and a system, which can be applied to a distributed system comprising a plurality of electronic equipment. The safety authentication method can divide the whole father key in the first equipment into a plurality of subkeys, the subkeys are stored on other different electronic equipment in a slicing mode, and the other equipment sets different authentication modes for the subkeys according to the authentication capability of the other equipment. When the authentication in the other devices is successful, the corresponding sub-keys may be sent to the first device, and the first device synthesizes each sub-key into a parent key. The method may also assign corresponding weights to different fragment keys for the security levels of different electronic devices. By implementing the technical scheme provided by the application, the software and hardware capabilities of different devices can be integrated, the risk of secret key leakage is reduced, the authentication safety is improved, and the information data safety of the user is better guaranteed.

Description

Security authentication method, related electronic equipment and system

Technical Field

The present application relates to the field of information security technologies, and in particular, to a security authentication method, a related electronic device, and a system.

Background

The rapid development of the information era brings great convenience to the production and life of people, and meanwhile, huge potential safety hazards exist in the process of using electronic equipment.

The security and reliability of security operations such as encryption, authentication, integrity protection, etc. of electronic device data depend on the degree of security and reliability of a key management method.

The life cycle of key management comprises the stages of key generation, storage, use, transmission, destruction and the like, and the insecure management mode of each stage can cause key leakage.

When the key is deployed on a single device, if the single device is attacked, the key may be leaked, and the security risk is high.

Disclosure of Invention

The application provides a security authentication method, related electronic equipment and system. The security authentication method may be applied to a distributed system including a plurality of electronic devices. The safety authentication method is characterized in that the whole secret key is divided, the whole secret key is stored on different electronic equipment in a fragmentation mode, and authentication is carried out by utilizing the authentication capabilities of the different electronic equipment. The method may also assign corresponding weights to different patch keys for the security levels of different electronic devices.

The above and other objects are achieved by the features of the independent claims. Further implementations are presented in the dependent claims, the description and the drawings.

In a first aspect, an embodiment of the present application provides a security authentication method, where the method is applied to a communication system, the communication system includes a first device and N cooperating devices, a first key of the first device is split into N subkeys, the first key is used to access a first service, the N subkeys are distributed on the N cooperating devices, the subkeys have partial information of the first key, N is a positive integer greater than or equal to 1, the N cooperating devices include an ith cooperating device, the first device and the ith cooperating device establish an ith connection, and i is a positive integer greater than or equal to 1 and less than or equal to N. The cooperative function of the cooperative device means a device that performs authentication in cooperation with the first device.

The method comprises the following steps: the first device initiates access to the first service. The first device sends a request for obtaining the subkey to the N cooperating devices. the t cooperating devices send the t sub-keys to the first device. The first device receives t sub-keys, wherein t is a positive integer which is less than or equal to N and greater than or equal to 1. The first device synthesizes a first key from the t sub-keys. The first device accesses the first service using the first key.

By implementing the method of the first aspect, the first device may utilize the authentication capabilities of the N pieces of cooperative devices to assist the security authentication of the first device, and the first key is split into the N sub-keys, and the N sub-keys are distributed and stored on the N pieces of cooperative devices, so that the risk of the first key leakage is reduced, the security of the authentication is improved, and the security of the information data of the user is better ensured. In the communication system, if a single cooperative device is attacked, a single sub-key is leaked, other sub-keys are not leaked, and the security of the first key cannot be influenced.

With reference to the first aspect, in some embodiments, the first device may set a threshold for obtaining the sub-keys, and when t is smaller than N, the first device may synthesize the first key by obtaining the number of sub-keys larger than the threshold t without collecting all the N sub-keys of the cooperative devices.

In combination with the first aspect, in some embodiments, the higher the security level of the first traffic, the larger the value of t. The method may further comprise: the first equipment initiates an access request for accessing a second service, wherein the security level of the second service is higher than that of the first service. And then the first device acquires an authentication request of the second service, the authentication of the second service requires a second key, the second key is split into N sub-keys, and the ith sub-key is stored on the ith cooperative device. And the first equipment sends a request for acquiring the ith sub-key to the ith cooperative equipment. And the ith cooperative equipment initiates ith authentication, and the ith authentication is used for encrypting the ith sub-key. And in response to the fact that the ith cooperative device detects that the user passes the ith authentication, the ith cooperative device sends the ith sub-key to the first device. The first device receives k sub-keys, wherein k is a positive integer less than or equal to N and greater than or equal to 1, and k is greater than t. The first device synthesizes a second key from the k sub-keys. And the first equipment passes the authentication of the second service. And the first equipment acquires the authority to access the second service.

That is, the first device may set the authentication complexity for the applications or services with different security levels according to the security level of the application or the security level of the service, for example, the security level of the second application is higher than the security level of the first application, if the second application is a payment application and the first application is a music application, then k sub-keys of the cooperative devices are needed to access the second application, t sub-keys of the cooperative devices are needed to access the first application, and k is greater than t. Similarly, for example, the security level of the second service is higher than that of the first service, if the second service is a payment service and the first service is a login service, the sub-keys of k pieces of cooperative equipment are required for accessing the second service, the sub-keys of t pieces of cooperative equipment are required for accessing the first service, and k is greater than t. The method for distributing the sub-keys with different weights according to different application security levels or service security levels can enable key fragment storage and authentication modes to be more flexible and reasonable, and the sub-keys can be stored more safely.

With reference to the first aspect, in some embodiments, before each cooperative device is authenticated, the method further includes the step of the first device generating a subkey: the first device generates a first key, wherein the first key is a key for accessing the first service. The first device splits the first key into N subkeys. And the first equipment sends the ith sub-key to the ith cooperative equipment. The ith cooperative device stores the ith subkey. And the ith cooperative equipment sets the ith authentication as an authentication mode for acquiring the ith sub-key.

In combination with the first aspect, in some embodiments, the method may further include: the N pieces of cooperative equipment respectively initiate N pieces of authentication, and the t pieces of cooperative equipment respectively detect that the user passes the authentication.

In combination with the first aspect, in some embodiments, the method may further include: before the first device sends a request for acquiring the sub-key to the N pieces of cooperative devices, the first device verifies first authentication information, where the first authentication information may be user authentication information such as a password, a face feature, and a fingerprint feature. After the first authentication information is verified, the first device learns the N cooperating devices storing the N sub-keys. I.e. the first key may be divided into a plurality of subkeys using a random number seed method. The random number seed method is that a user password is used as a random number seed, based on a password input by a user, a first device can derive N random numbers through a random number generator, the N random numbers respectively correspond to N devices, then a first key is divided into N sub-keys and stored on the N cooperative devices, and the first device can store the corresponding relation between the random numbers and each cooperative device through a hash table. And during subsequent authentication, if the user password is consistent with the preset password and the random number seeds are the same, the random number generator derives the same N random numbers, then the corresponding N cooperative devices are found for authentication, and after the authentication of each cooperative device is passed, the first device acquires the N sub-keys and recovers the first key. The random number seed is not necessarily based on a password, and may be in other authentication manners as long as the authentication manner set by the user can be mapped to the random number seed.

With reference to the first aspect, in some embodiments, the sub-key is generated according to a device security level of the cooperative device, and the higher the device security level of the cooperative device is, the higher the complexity of the sub-key is. The device security level indicates the security capability of the device, the higher the security capability of the cooperating device, the higher the device security level of the cooperating device, the security capability of the cooperating device being determined by the software and/or hardware of the cooperating device.

With reference to the first aspect, in some embodiments, the first device assigns a weight to each sub-key according to a device security level of the N cooperating devices. The higher the evaluated device security level of the ith cooperative device is, the higher the weight of the first device for allocating the ith sub-key to the ith cooperative device is when allocating the sub-key, and the more complicated the ith sub-key is. The method for distributing the sub-keys with different weights according to different equipment security levels can enable key fragment storage and authentication modes to be more flexible and reasonable, and the sub-keys can be stored more safely.

Wherein, the factors influencing the safety level of the equipment comprise: the system comprises a trusted security root, a trusted execution environment TEE, root authority, equipment integrity protection, encryption and data security protection, security isolation, access authority control, a processor type, a memory, a chip and the like.

With reference to the first aspect, in some embodiments, after the first device divides the first key into N sub-keys and sends the N sub-keys to the N cooperating devices for storage, the first device may delete the first key. Therefore, when any single device in the first device or the N pieces of cooperative devices is attacked, only a single sub-key is disclosed at most, and the safety of the first key is guaranteed.

With reference to the first aspect, in some embodiments, after the N pieces of cooperative equipment complete authentication, the first device obtains each sub-key and synthesizes the first key, and after the first device uses the first key and passes local authentication of the first service, the first device may destroy the first key again, without locally storing the first key. Alternatively, the first device may update the new third key, divide the new third key into N new sub-keys, and update and store the N new sub-keys on the N cooperating devices. The first key is updated regularly, which can ensure higher security.

In combination with the first aspect, in some embodiments, the connections between the first device and the N cooperating devices are limited to a first range of distances. When the distance between the cooperative device and the first device exceeds the first distance range, the connection is disconnected, and the cooperative device cannot send the sub-key to the first device.

With reference to the first aspect, in some embodiments, the first device and the N cooperating devices are located in the same local area network, or log in to the same account.

With reference to the first aspect, in some embodiments, if it is detected that the cooperative device is in the unlocked state, the cooperative device determines that the user has been authenticated without re-authentication, and the cooperative device directly sends the subkey to the first device. For example, when the first device needs to acquire the ith sub-key, it is detected that the ith cooperative device is currently in an unlocked state or a service state, for example, a user is watching a video or playing a game using the ith cooperative device, it may be determined that the user has passed the ith authentication, and an authentication request does not need to be initiated to the user, and the ith cooperative device may directly send the ith sub-key to the first device.

With reference to the first aspect, in some embodiments, the authentication manner may include: face identification authentication, password authentication, fingerprint identification authentication, iris authentication, voiceprint authentication, gesture authentication, pattern authentication and the like.

With reference to the first aspect, in some embodiments, the first device has different authentication capabilities from the N cooperating devices, the first device is a weak device, and the N cooperating devices are strong devices. The strong equipment refers to equipment with rich authentication functions and strong authentication capability, such as a mobile phone, a tablet personal computer and the like, and can have higher authentication functions such as fingerprint authentication, face authentication and the like. The corresponding weak device refers to a device with a thinner authentication function and weaker authentication capability, such as a smart watch, a smart bracelet and the like, and is limited by device capability, and may only have a password authentication function, but not have biometric feature recognition capabilities such as fingerprint authentication, face authentication and the like.

With reference to the first aspect, in some embodiments, when multiple authentication manners are available for authentication on the ith cooperative device, the authentication manner that is best experienced by the user may be preferentially selected on the ith cooperative device. For example, there are various ways of authenticating user identities, such as face authentication, fingerprint authentication, password authentication, etc., on a mobile phone. When mobile phone auxiliary authentication is needed, under the condition that software and hardware operation allows, the mobile phone preferentially selects face authentication to verify the identity of a user, then selects fingerprint authentication, and finally selects password authentication. Because the face authentication is the most convenient and experienced authentication mode for the user, the user can finish the verification only by aligning the mobile phone to the face, and the consumed authentication time is the shortest. Fingerprint authentication needs to press a screen, which is an authentication mode inferior to the convenience degree of face authentication, and password authentication also needs a user to input characters, so that the convenience degree is low, and long authentication time is consumed.

In a second aspect, the present application provides a security authentication method, which is applied to a communication system that includes a first device and N cooperating devices, where a first key of the first device is split into N subkeys, the first key is used to access a first service, the N subkeys are distributed over the N cooperating devices, the subkeys have partial information of the first key, and N is a positive integer greater than or equal to 1. The cooperative function of the cooperative device means a device that performs authentication in cooperation with the first device.

The method comprises the following steps: the first device initiates access to the first service. The first device sends a request for obtaining the subkey to the N cooperating devices. The first device receives t sub-keys sent by t cooperating devices, wherein t is a positive integer less than or equal to N and greater than or equal to 1. The first device synthesizes a first key from the t sub-keys. The first device accesses the first service using the first key.

By implementing the method of the second aspect, the first device may assist the security authentication of the first device by using the authentication capabilities of the N pieces of cooperative devices, and the first key is split into the N sub-keys, and is distributed and stored on the N pieces of cooperative devices, so that the risk of the first key leakage is reduced, the authentication security is improved, and the information data security of the user is better ensured. In a communication system, if a single cooperative device is attacked, a single sub-key is revealed, and other sub-keys are not revealed, so that the security of the first key is not affected.

With reference to the second aspect, in some embodiments, the first device may set a threshold for obtaining the sub-keys, and when t is smaller than N, the first device may synthesize the first key by obtaining the number of sub-keys larger than the threshold t instead of collecting all the N sub-keys of the cooperative devices.

In combination with the second aspect, in some embodiments, the higher the security level of the first traffic, the greater the value of t. The method further comprises the following steps: the first equipment initiates an access request for accessing a second service, wherein the security level of the second service is higher than that of the first service. The first device obtains an authentication request of a second service, the authentication of the second service requires a second secret key, the second secret key is divided into N sub-secret keys, and an ith sub-secret key is stored on the ith cooperative device. And the first equipment sends a request for acquiring the ith sub-key to the ith cooperative equipment. The first device receives an ith sub-key sent by the ith cooperative device, wherein the ith sub-key is a key obtained by the ith cooperative device by detecting that a user passes an ith certificate, and the ith certificate is used for encrypting the ith sub-key. The first device synthesizes a first key according to the received k sub-keys, wherein k is a positive integer which is less than or equal to N and greater than or equal to 1, and k is greater than t. The first device synthesizes a second key from the k sub-keys. And the first equipment passes the authentication of the second service. And the first equipment acquires the authority to access the second service.

With reference to the second aspect, in some embodiments, before each cooperative device is authenticated, the method further includes the step of the first device generating a subkey: the first device generates a first key, which is a key for accessing the first service. The first device splits the first key into N subkeys. The first device sends the ith sub-key to the ith cooperative device, the ith sub-key is stored in the ith cooperative device, and the authentication mode for obtaining the ith sub-key on the ith cooperative device is ith authentication.

With reference to the second aspect, in some embodiments, N certificates are respectively set on the N cooperating devices, and the certificates are used for protecting the subkeys.

In combination with the second aspect, in some embodiments, the method may further include: before the first device sends a request for acquiring the sub-key to the N pieces of cooperative devices, the first device verifies and verifies the first authentication information, wherein the first authentication information can be user authentication information such as passwords, face features, fingerprint features and the like. After the first authentication information is verified, the first device learns the N cooperating devices storing the N sub-keys. I.e. the first key may be divided into a plurality of subkeys using a random number seed method. The random number seed method is that a user password is used as a random number seed, based on a password input by a user, a first device can derive N random numbers through a random number generator, the N random numbers respectively correspond to N devices, then a first key is divided into N sub-keys and stored on the N cooperative devices, and the first device can store the corresponding relation between the random numbers and the cooperative devices through a hash table. And during subsequent authentication, the random number generator can derive the same N random numbers only if the user password is consistent with the preset random number seeds, then the corresponding N cooperative devices are found for authentication, and after the authentication of each cooperative device is passed, the first device acquires the N sub-secret keys and recovers the first secret key. The random number seed is not necessarily based on a password, and may be in other authentication manners as long as the authentication manner set by the user can be mapped to the random number seed.

In combination with the second aspect, in some embodiments, the sub-key is generated according to a device security level of the cooperative device, and the higher the device security level of the cooperative device is, the higher the complexity of the sub-key is. The device security level indicates the security capability of the device, the higher the security capability of the cooperating device, the higher the device security level of the cooperating device, the security capability of the cooperating device being determined by the software and/or hardware of the cooperating device.

In some embodiments, in combination with the second aspect, the first device assigns weights to the subkeys according to device security levels of the N cooperating devices. The higher the evaluated device security level of the ith cooperative device is, the higher the weight of the first device for allocating the ith sub-key to the ith cooperative device is when allocating the sub-key, and the more complicated the ith sub-key is. The method for distributing the sub-keys with different weights according to different equipment security levels can enable key fragment storage and authentication modes to be more flexible and reasonable, and the sub-keys can be stored more safely.

In combination with the second aspect, in some embodiments, after the first device divides the first key into N sub-keys and sends the N sub-keys to the N cooperating devices for storage, the first device may delete the first key. Therefore, when any single device in the first device or the N pieces of cooperative devices is attacked, only a single sub-secret key is revealed at most, and the safety of the first secret key is guaranteed.

With reference to the second aspect, in some embodiments, after the N pieces of cooperative equipment complete authentication, the first device obtains each sub-key and synthesizes the first key, and after the first device passes local authentication of the first service using the first key, the first device may destroy the first key again, without locally storing the first key. Alternatively, the first device may update the new third key, divide the new third key into N new sub-keys, and update and store the N new sub-keys on the N cooperating devices. The first key is updated regularly, which can ensure higher security.

In combination with the second aspect, in some embodiments, the connections between the first device and the N cooperating devices are limited to a first range of distances. When the distance between the cooperative device and the first device exceeds the first distance range, the connection is disconnected, and the cooperative device cannot send the sub-key to the first device.

With reference to the second aspect, in some embodiments, the first device and the N cooperating devices are located in the same local area network, or log in to the same account.

With reference to the second aspect, in some embodiments, when the ith cooperative device is in an unlocked state, the ith cooperative device determines that the user passes the ith authentication. For example, when the first device needs to acquire the ith sub-key, it is detected that the ith cooperative device is currently in an unlocked state or a service state, for example, a user is watching a video or playing a game using the ith cooperative device, it may be determined that the user has passed the ith authentication, and an authentication request does not need to be initiated to the user, and the ith cooperative device may directly send the ith sub-key to the first device.

In combination with the second aspect, in some embodiments, the authenticating comprises: face identification authentication, password authentication, fingerprint identification authentication, iris authentication, voiceprint authentication, gesture authentication, pattern authentication and the like.

With reference to the second aspect, in some embodiments, the first device has different authentication capabilities from the N cooperating devices, the first device being a weak device, and the N cooperating devices being strong devices. The strong equipment refers to equipment with rich authentication functions and strong authentication capability, such as a mobile phone, a tablet personal computer and the like, and can have higher authentication functions such as fingerprint authentication, face authentication and the like. The corresponding weak device refers to a device with a thinner authentication function and weaker authentication capability, such as a smart watch, a smart bracelet and the like, which is limited by device capability, and may only have a password authentication function but not have biometric identification capabilities such as fingerprint authentication, face authentication and the like.

In some embodiments, when multiple authentication methods are available for authentication on the ith cooperative device, the authentication method with the best user experience may be preferentially selected on the ith cooperative device. For example, there are various ways of authenticating user identities, such as face authentication, fingerprint authentication, password authentication, etc., on a mobile phone. When the mobile phone auxiliary authentication is needed, under the condition that software and hardware operation allows, the mobile phone preferentially selects face authentication to verify the identity of a user, then selects fingerprint authentication, and finally selects password authentication. Because the face authentication is the most convenient and experienced authentication mode for the user, the user can finish the verification only by aligning the mobile phone to the face, and the consumed authentication time is the shortest. Fingerprint authentication needs to press a screen, which is an authentication mode inferior to the convenience degree of face authentication, and password authentication also needs a user to input characters, so that the convenience degree is low, and long authentication time is consumed.

In a third aspect, the present application provides a security authentication method, which is applied to a communication system that includes a first device and N cooperating devices, where a first key of the first device is split into N subkeys, the first key is used to access a first service, the N subkeys are distributed over the N cooperating devices, the subkeys have partial information of the first key, and N is a positive integer greater than or equal to 1. The cooperative function of the cooperative device means a device that performs authentication in cooperation with the first device.

The method can comprise the following steps: the cooperative device receives a request of the first device to acquire the subkey. The cooperative device sends the subkey to the first device.

With reference to the third aspect, in some embodiments, after the cooperative device receives the request of the first device to obtain the subkey, the cooperative device initiates authentication. The cooperative device detects that the user is authenticated.

With reference to the third aspect, in some embodiments, the sub-key is generated according to a device security level of the cooperative device, and the higher the device security level of the cooperative device is, the larger the information amount of the sub-key containing the first key is. The device security level indicates the security capability of the device, the higher the security capability of the cooperating device, the higher the device security level of the cooperating device, the security capability of the cooperating device being determined by the software and/or hardware of the cooperating device.

In combination with the third aspect, in some embodiments, the connection between the coordinating device and the first device is limited to within a first distance range.

With reference to the third aspect, in some embodiments, the cooperative device and the first device are located in the same local area network, or log in with the same account.

With reference to the third aspect, in some embodiments, if it is detected that the cooperative device is in an unlocked state, the cooperative device sends the subkey to the first device.

With reference to the third aspect, in some embodiments, authenticating comprises: face identification authentication, password authentication, fingerprint identification authentication, iris authentication, voiceprint authentication, gesture authentication and pattern authentication.

In a fourth aspect, an embodiment of the present application provides an electronic device, which may include: a communication device, a memory, and a processor coupled to the memory, and one or more programs. The memory has stored therein computer-executable instructions that, when executed by the processor, enable the electronic device to carry out any of the functions as provided by the first device of the second aspect.

In a fifth aspect, an embodiment of the present application provides an electronic device, which may include: a communication device, a memory, and a processor coupled to the memory, and one or more programs. The memory has stored therein computer-executable instructions that, when executed by the processor, enable the electronic device to carry out any of the functions provided by the co-operating device as in the third aspect.

In a sixth aspect, the present application provides a communication system, which may include the first device and N cooperating devices described in the foregoing aspects, and so on. It can be understood that, based on the same inventive concept, the steps executed by the first device in the communication system according to the sixth aspect may refer to the steps executed when the first device in the method according to the second aspect implements the corresponding function, and the steps executed by the N pieces of cooperative devices may refer to the steps executed when the cooperative devices in the method according to the third aspect implement the corresponding function, which is not described herein again.

In a seventh aspect, an embodiment of the present application provides a computer storage medium, where a computer program is stored in the storage medium, and the computer program includes executable instructions, and when the executable instructions are executed by a processor, the processor is caused to execute operations corresponding to the method provided in the second aspect or the third aspect.

In an eighth aspect, the present application provides a computer program product, which when run on an electronic device, causes the electronic device to perform any possible implementation manner as in the second aspect or the third aspect.

In a ninth aspect, the present application provides a chip system, which may be applied to an electronic device, where the chip includes one or more processors, and the processors are configured to invoke computer instructions to cause the electronic device to implement any implementation manner as in the second aspect or the third aspect.

By implementing the above aspect provided by the application, the security authentication capabilities of the first device and the N pieces of cooperative devices can be integrated, the first device can utilize the authentication capabilities of the N pieces of cooperative devices to assist the security authentication of the first device, and the first key is divided into the N sub-keys which are distributed and stored on the N pieces of cooperative devices, so that the risk of leakage of the first key is reduced, the authentication security is improved, and the information data security of a user is better ensured. In the communication system, if a single cooperative device is attacked, a single sub-key is leaked, other sub-keys are not leaked, and the security of the first key cannot be influenced.

Drawings

Fig. 1 is a schematic diagram of a communication system according to an embodiment of the present application;

fig. 2A is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present disclosure;

fig. 2B is a schematic diagram of a software architecture of an electronic device according to an embodiment of the present application;

FIG. 3 is a schematic diagram of a user interface provided by an embodiment of the present application;

FIG. 4 is a schematic diagram of a user interface provided by an embodiment of the present application;

FIG. 5 is a schematic diagram of a user interface provided by an embodiment of the present application;

FIG. 6 is a schematic diagram of a user interface provided by an embodiment of the present application;

FIG. 7 is a schematic diagram of a user interface provided by an embodiment of the present application;

FIG. 8 is a schematic view of a user interface provided by an embodiment of the present application;

FIG. 9 is a schematic diagram of a user interface provided by an embodiment of the present application;

FIG. 10 is a schematic view of a user interface provided by an embodiment of the present application;

FIG. 11 is a schematic view of a user interface provided by an embodiment of the present application;

FIG. 12 is a schematic view of a scene interface provided in an embodiment of the present application;

fig. 13 is a schematic view of a scene interface provided in an embodiment of the present application;

FIG. 14 is a schematic view of a scene interface provided in an embodiment of the present application;

FIG. 15 is a schematic view of a scene interface provided in an embodiment of the present application;

FIG. 16 is a schematic view of a scene interface provided in an embodiment of the present application;

fig. 17 is a schematic view of a scene interface provided in an embodiment of the present application;

fig. 18 is a flowchart of a security authentication method according to an embodiment of the present application;

fig. 19 is a functional block diagram of a communication system according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and exhaustively described below with reference to the accompanying drawings. In the description of the embodiments herein, "/" means "or" unless otherwise specified, for example, a/B may mean a or B; "and/or" in the text is only an association relationship describing an associated object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone.

In the following, the terms "first", "second" are used for descriptive purposes only and are not to be understood as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature, and further, in the description of embodiments of the application, "plurality" means two or more than two.

The term "User Interface (UI)" in the following embodiments of the present application is a media interface for interaction and information exchange between an Application (APP) or an Operating System (OS) and a user, and implements conversion between an internal form of information and a form acceptable to the user. The user interface is source code written by java, extensible markup language (XML) and other specific computer languages, and the interface source code is analyzed and rendered on the electronic equipment and finally presented as content which can be identified by a user. A common presentation form of the user interface is a Graphical User Interface (GUI), which refers to a user interface related to computer operations and displayed in a graphical manner. It may be a visual interface element such as text, an icon, a button, a menu, a tab, a text box, a dialog box, a status bar, a navigation bar, a Widget, etc. displayed in a display of the electronic device.

The term "cipher (cipher)" in the following embodiments of the present application may be understood in the narrow sense of cryptography as a cryptographic algorithm, including an encryption algorithm and a decryption algorithm. The encryption algorithm is encryption for short, and refers to a process of converting plaintext into ciphertext. The decryption algorithm is simply decryption, which, in contrast to encryption, refers to converting ciphertext into plaintext. Plaintext refers to information that is meant to be true, and ciphertext refers to information that is meant to be hidden.

The term "key" in the following embodiments of the present application refers to a parameter in a cryptographic algorithm, which is a key parameter for encryption and decryption. The plaintext can generate ciphertext through the key and the cryptographic algorithm, and the ciphertext can obtain the plaintext through the key and the cryptographic algorithm. In general, keys are divided into two categories: symmetric keys and asymmetric keys.

Symmetric key encryption, also known as private key encryption, i.e., encryption and decryption use the same key. The advantages are that the encryption/decryption speed is fast, and the method is suitable for encrypting a large amount of data, but the key management is difficult.

Asymmetric key encryption, also known as public key encryption, i.e. encryption and decryption use different keys, one key being published publicly, i.e. a public key, and the other key being kept secret by the user himself, i.e. a private key. Encryption uses a public key and decryption uses a private key. The public key mechanism is flexible to use, but is slow in encryption and decryption.

In the following embodiments of the present application, a complete key may be referred to as a parent key, and by dividing the parent key, a plurality of child keys may be generated, and the plurality of child keys may constitute the parent key.

The term "password" in the following embodiments of the present application refers to a character string used for authentication, which may include numbers, upper and lower case english, chinese, special characters, etc., and is also a "password" commonly referred to in life, such as a login "password" for various accounts.

With the development of the digitalization and information society, electronic devices are widely used in the production and life of people, and information security becomes increasingly important. The purpose of information encryption is to ensure confidentiality, integrity, availability and the like of information, key management is one of the most important parts in information encryption, and key security is the core of key management. The security level of the key thus determines the security level of the encrypted information.

The life cycle of key management comprises the stages of key generation, storage, use, transmission, destruction and the like, and the insecure management mode of each stage can cause key leakage. The security and reliability of security operations such as encryption, authentication, integrity protection, etc. of electronic device data depend on the security and reliability degree of the key management method.

If the electronic device does not have a secure hardware storage environment, the key management of the electronic device does not have a trusted hardware key, and the key management of the electronic device needs to rely on software technology, such as a white-box encryption algorithm, for key encryption. In comparison, the hardware key is more difficult to attack and higher in security than the software key. Therefore, for electronic equipment without a secure hardware storage environment, the electronic equipment is more vulnerable during key storage and use, and the information protection degree is lower.

Limited by device capability, some electronic devices do not have the capability of multi-factor authentication or the capability of multi-factor authentication is insufficient, and the information protection safety degree is low.

Multi-factor authentication is a security mechanism that uses more than one authentication element to verify the legitimacy of current operations. The authentication element may refer to an authentication means such as password authentication, face authentication, fingerprint authentication, and the like.

For example, the strength of the password depends on the password strength and the strength of the encryption algorithm. The more complex and random the password, the higher the algorithm strength and the more difficult the cracking. But a simple username + password is not secure enough. The mode of confirming the user identity based on password authentication has security defects, for example, the password is easy to guess or to obtain through ways such as communication engineering, is easy to peep by people when inputting the password, is easy to crack by a plurality of tools, has defects and loopholes which are not detected on electronic equipment to cause password leakage, can be peeped when the network is off-line, is easy to transfer a password file from a personal computer or a server, is easy to forget by a user, and the like. For the reasons, the method for inputting the password has low security, so in an actual application scene, besides the factors known by the person, such as the password, the factors owned by the person, such as the face, the fingerprint, the equipment, the certificate and the like, can be adopted to realize multiple authentications with higher security intensity. This manner of multiple authentications may be referred to as multi-factor authentication, or multiple authentication. When the number of authentication times is two, the authentication is also called secondary authentication, secondary verification and the like.

A common scenario of multi-factor authentication, for example, requires the user to input a six-digit payment password and confirm the security environment when the user logs in the payment application during payment. In front of a bank atm, a user needs to insert the correct bank card and input the correct password at the same time. When the user name + password is used for logging in the application, a page is popped up to prompt that the application can be continuously accessed only by scanning the code by using the authenticated mobile phone. When the login password is tried to be modified in the application, the verification code is sent to the mobile phone number bound by the user to verify the user behavior. The safe box can be opened only by the three-in-one verification of the fingerprint, the iris and the password.

The security of multi-factor authentication depends on two aspects.

First, the strength of a single authentication factor. The stronger it is for a single authentication factor, the more secure the key is. For example, for the username + password authentication method, the longer, more complex, and more random the password, the more secure it is. As another example, non-networked hardware is generally more secure than software on the Internet.

Second, the degree of isolation between multiple authentication elements. I.e. whether it is easier to obtain one factor while another is being obtained illegally. The less easily obtainable, the better the isolation and the higher the safety. For example, when a mobile phone is acquired, if the secondary authentication is to verify a mobile phone number and a mobile phone fingerprint, it is obviously not as safe as the verification of the mobile phone number and the user name + password.

The application provides a security authentication method which can be applied to a distributed system comprising a plurality of electronic devices. The safety authentication method can divide the whole father key in the first equipment into a plurality of subkeys, the subkeys are stored on other different electronic equipment in a slicing mode, and the other equipment sets different authentication modes for the subkeys according to the authentication capability of the other equipment. When the authentication in the other devices is successful, the corresponding sub-keys may be sent to the first device, and the first device synthesizes each sub-key into a parent key. The method can also assign corresponding weights to different sub-keys for the security levels of different electronic devices, and if the security level of the electronic device a is detected to be high, the weight of the sub-key assigned to the electronic device a is higher when the sub-key is fragmented.

By implementing the technical scheme provided by the application, the software and hardware capabilities of different devices can be integrated, the risk of secret key leakage is reduced, the authentication safety is improved, and the information data safety of the user is better guaranteed.

A communication system 10 provided in an embodiment of the present application will first be described.

Fig. 1 illustrates a communication system 10 provided in an embodiment of the present application, where the communication system 10 may include a plurality of electronic devices, and the communication system 10 may also be referred to as a distributed system 10.

As shown in fig. 1, the communication system 10 may include a first device, a second device, a third device, and a fourth device. The first device and the second device can communicate through the first connection. And a second connection is established between the first device and the third device, and the first device and the third device can communicate through the second connection. And a third connection is established between the first device and the fourth device, and the first device and the fourth device can communicate through the third connection.

A plurality of electronic devices included in the communication system 10 are all intelligent terminal devices, which are simply referred to as terminals or devices, and the terminal devices are generally intelligent electronic devices that can provide a user interface, interact with a user, and provide a service function for the user.

In fig. 1, a first device is exemplified as a smart watch, a second device is exemplified as a mobile phone, a third device is exemplified as a notebook computer, and a fourth device is exemplified as a tablet computer (PAD).

The first device, the second device, the third device, or the fourth device may also be other types of devices, and the embodiments of the present application do not limit the specific types of the multiple electronic devices. For example, a Personal Computer (PC), a smart screen, a cloud host/cloud server or other desktop computer, a laptop computer (laptop), a handheld computer, an Artificial Intelligence (AI) device, a smart television, a vehicle-mounted device (car), a game console, a wearable device such as a smart bracelet, smart glasses, a smart headset, an Augmented Reality (AR) device, a Virtual Reality (VR) device, an internet of things (IOT) device, or a smart home device such as a smart water heater, a smart light, a smart air conditioner, a camera, and so on, which are not limited by the embodiments.

Each electronic device in communication system 10, such as the first device, the second device, the third device, or the fourth device, may be equipped with

A system,

The system,

The operating systems of the various electronic devices in communication system 10 may be the same or different, and are not limited in this application, to a system (harmony os, HOS) or other type of operating system.

In some embodiments, multiple terminals are each equipped with communications system 10

The system, then the system composed of the plurality of terminals can be called as

Super virtual device (super virtual device), also called super virtual device

The super terminal integrates the capabilities of a plurality of terminals through a distributed technology, stores the capabilities in a virtual hardware resource pool, and uniformly manages, schedules and integrates the capabilities of the terminals according to business needs to provide services to the outside, so that quick connection, capability mutual assistance and resource sharing are realized among different terminals.

The communication connection between the electronic devices, such as the first connection, the second connection or the third connection, includes but is not limited to: the wired connection or the wireless connection may implement communication between multiple electronic devices under the same account number, no account number, or different account numbers, and the embodiment is not limited.

Wireless connections, which may be, for example, bluetooth (BT) connections, wireless fidelity (Wi-Fi) connections, hotspot connections, near Field Communication (NFC) connections, infrared (IR) connections, and remote connections (e.g., connections established through a server, internet connections), etc. The wireless connection is not bound by a connecting line, and the freedom degree of the movement of the user is higher.

The wired connection may be, for example, a Universal Serial Bus (USB) connection, a High Definition Multimedia Interface (HDMI) connection, a display interface (DP) connection, or the like. Typically, wired connections are more data efficient than wireless connections.

In the communication system 10, a plurality of electronic devices can log in to the same account, so as to connect and communicate through the internet. For example, multiple electronic devices may log into the same wonder account and remotely connect and communicate through a server.

In the communication system 10, a plurality of electronic devices may log in different accounts, but connect in a binding manner. For example, after the second device logs in the account, the second device binds a device with a different account or with an account that is not logged in the device management application, for example, the first device and the second device are bound by setting, and then communication can be performed through the device management application.

The embodiment of the present application does not limit the types of the communication connections in the communication system 10, and the terminals in the communication system 10 may perform data transmission and interaction through multiple types of communication connections. In addition, each terminal may also be connected and communicate in any of the above manners, which is not limited in this embodiment of the application.

Accordingly, a mobile communication module and a wireless communication module may be configured in each electronic device in the communication system 10 for communication. The mobile communication module can provide a solution including wireless communication of 2G/3G/4G/5G and the like applied to the terminal. The wireless communication module may include a bluetooth module and/or a Wireless Local Area Network (WLAN) module, and the like. Wherein, the bluetooth module may provide solutions including one or more of classic bluetooth (bluetooth 2.1) or Bluetooth Low Energy (BLE), and the WLAN module may provide solutions including one of wireless fidelity peer-to-peer (Wi-Fi P2P), wireless fidelity local area network (Wi-Fi LAN), or wireless fidelity software access point (Wi-Fi software access point)One or more solutions for WLAN communication. In some embodiments, wi-Fi P2P refers to a wireless router that allows devices in a wireless network to connect to each other in a peer-to-peer fashion without going through the wireless router

The system may also be referred to as wireless fidelity direct (Wi-Fi direct). The devices establishing the Wi-Fi P2P connection can directly exchange data through Wi-Fi (which must be in the same frequency band) under the condition of not connecting with a network or a hot spot, so that point-to-point communication is realized, such as data of transmission files, pictures, videos and the like. Compared with Bluetooth, wi-Fi P2P has the advantages of higher searching speed and transmission speed, longer transmission distance and the like.

In some embodiments, when two electronic devices are trusted devices, for example, the first device and the second device are matched or connected before, when the two electronic devices are to be connected again, the first device will automatically establish a communication connection with the second device, and then perform data interaction, without requiring a user to manually perform an operation of connecting or matching again, which is time-saving and labor-saving.

In conjunction with communication system 10, in some embodiments, the first device has a first key stored therein, assuming that the first key is a key to unlock the screen. For security, the first device may divide the first key into key a, key B, key C, key D, etc., and then store key a on the first device, key B to the second device for storage, key C to the third device for storage, and key D to the fourth device for storage. After distributing each sub-key, the first device may delete the first key to prevent leakage.

The first device, the second device, the third device, and the fourth device may set a verification mode, such as face authentication, fingerprint authentication, password authentication, etc., and encrypt each sub-key, i.e., key a, key B, key C, and key D, respectively. For example, a Personal Identification Number (PIN) (abbreviated as PIN code) authentication is set on the first device, a face authentication is set on the second device, a finger password authentication is set on the third device, and a fingerprint authentication is set on the fourth device.

After each device successfully authenticates, the subkey stored on the device may be sent to the first device. After the first device acquires all the child keys, a complete parent key, namely the first key, can be synthesized, and at the moment, the first device can unlock the screen smoothly. In some embodiments, the first device may set the threshold value according to a threshold method, and the parent key may be obtained only by acquiring the number of child keys greater than the threshold value without collecting all child keys of the devices.

In some embodiments, the first key may be equally divided into each piece of sub-key, or may be distributed unequally, for example, different weights are given when distributing the key according to the security level of each device, and then, weights of the sub-keys may be distributed randomly.

In the embodiment of the present application, the electronic devices in the communication system 10 may be classified into strong devices and weak devices according to the difference of authentication capabilities. The strong equipment refers to equipment with rich authentication functions and strong authentication capability, such as a mobile phone, a tablet personal computer and the like, and can have higher authentication functions such as fingerprint authentication, face authentication and the like. The corresponding weak device refers to a device with a thinner authentication function and weaker authentication capability, such as a smart watch, a smart bracelet and the like, which is limited by device capability, and may only have a password authentication function but not have biometric identification capabilities such as fingerprint authentication, face authentication and the like.

The weak device can divide the parent key in the device into a plurality of sub keys, sends the sub keys to the strong device for storage, and protects the sub keys by utilizing the rich authentication function of the strong device. When the weak device encounters an authentication transaction requiring participation of the parent key, the user is required to pass authentication on each strong device in advance, each strong device sends the child keys to the weak device, and the weak device synthesizes the child keys into the parent key. In some embodiments, the parent key is divided into a plurality of child keys, and the executing device that synthesizes the plurality of child keys into the parent key is not necessarily a weak device, but may also perform the steps of dividing the parent key into a plurality of child keys and synthesizing the plurality of child keys into the parent key, and then sending the parent key to the weak device and other devices for other devices in the communication system 10, such as electronic devices with stronger computing power and stronger encryption and decryption functions.

It should be noted that, the communication system 10 shown in fig. 1 is only used for assisting in describing the technical solution provided by the embodiment of the present application, and does not limit other embodiments of the present application, and other scenarios based on the same technical solution are within the protection scope of the present application.

In an actual service scenario, the communication system 10 may include more or fewer terminal devices, and the present application does not limit the terminal types, the number of terminals, the connection modes, and the like in the communication system 10.

Through the communication system 10 shown in fig. 1, the technical scheme provided by the application can integrate the software and hardware capabilities of different devices, reduce the risk of secret key leakage, improve the security of authentication, and better guarantee the information data security of users.

Fig. 2A is a schematic diagram of a hardware structure of the electronic device 100 according to an embodiment of the present disclosure.

The electronic device 100 shown in fig. 2A may be any one of the electronic devices in the communication system 10 shown in fig. 1.

The embodiment of the present application does not set any limit to the specific type of the electronic device 100. The electronic device 100 may be a mobile phone, a notebook computer, a tablet computer, a PC, a smart screen, a cloud host/cloud server or other desktop computer, a laptop computer (laptop), a handheld computer, an AI device, an ultra-mobile personal computer (UMPC), a netbook, a cellular phone, a Personal Digital Assistant (PDA), a smart television, a vehicle mounted device (car), a game machine, a wearable device such as a smart bracelet, a smart watch, smart glasses, a smart headset, an AR device, a VR device, an internet of things (IOT) device, or a smart home device such as a smart water heater, a smart light, a smart air conditioner, a camera, etc.

When the electronic device 100 is a different electronic device, part of the hardware structure may be increased or decreased according to actual situations.

The electronic device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a Universal Serial Bus (USB) interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, a key 190, a motor 191, an indicator 192, a camera 193, a display screen 194, a Subscriber Identity Module (SIM) card interface 195, and the like. The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.

It is to be understood that the structure illustrated in the present embodiment does not specifically limit the electronic device 100. In other embodiments of the present application, the electronic device 100 may include more or fewer components than shown, or combine certain components, or split certain components, or arrange different components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

The processor 110 is generally used to control the overall operation of the electronic device 100 and may include one or more processing units. For example: the processor 110 may include a Central Processing Unit (CPU), an Application Processor (AP), a modem processor, a Graphics Processing Unit (GPU), an Image Signal Processor (ISP), a Video Processing Unit (VPU), a controller, a memory, a video codec, a Digital Signal Processor (DSP), a baseband processor, and/or a neural-Network Processing Unit (NPU), and the like. The different processing units may be separate devices or may be integrated into one or more processors.

The controller can generate an operation control signal according to the instruction operation code and the timing signal to complete the control of instruction fetching and instruction execution.

The digital signal processor is used for processing digital signals, and can process digital image signals and other digital signals. For example, when the electronic device 100 selects a frequency bin, the digital signal processor is used to perform fourier transform or the like on the frequency bin energy.

Video codecs are used to compress or decompress digital video. The electronic device 100 may support one or more video codecs. In this way, the electronic device 100 may play or record video in a variety of encoding formats, such as: moving Picture Experts Group (MPEG) 1, MPEG2, MPEG3, MPEG4, and the like.

The NPU is a neural-network (NN) computing processor that processes input information quickly by using a biological neural network structure, for example, by using a transfer mode between neurons of a human brain, and can also learn by itself continuously. Applications such as intelligent recognition of the electronic device 100 can be realized through the NPU, for example: image recognition, face recognition, speech recognition, text understanding, and the like.

A memory may also be provided in processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that have just been used or recycled by the processor 110. If the processor 110 needs to reuse the instruction or data, it can be called directly from the memory. Avoiding repeated accesses reduces the latency of the processor 110, thereby increasing the efficiency of the system.

The USB interface 130 is an interface conforming to the USB standard specification, and may specifically be a Mini USB interface, a Micro USB interface, a USB Type C interface, or the like. The USB interface 130 may be used to connect a charger to charge the electronic device 100, and may also be used to transmit data between the electronic device 100 and a peripheral device. The interface can also be used for connecting other electronic equipment, such as a mobile phone, a PC, a smart television and the like. The USB interface may be USB3.0, and is used for compatible with high-speed Display Port (DP) signaling, and may transmit video and audio high-speed data.

The charging management module 140 is configured to receive a charging input from a charger. The charger can be a wireless charger or a wired charger. In some wired charging embodiments, the charging management module 140 may receive charging input from a wired charger via the USB interface 130. In some wireless charging embodiments, the charging management module 140 may receive a wireless charging input through a wireless charging coil of the electronic device 100. The charging management module 140 may also supply power to the electronic device through the power management module 141 while charging the battery 142.

The power management module 141 is used to connect the battery 142, the charging management module 140 and the processor 110. The power management module 141 receives input from the battery 142 and/or the charge management module 140, and supplies power to the processor 110, the internal memory 121, the display device 194, the camera 193, the wireless communication module 160, and the like. The power management module 141 may also be used to monitor parameters such as battery capacity, battery cycle count, battery state of health (leakage, impedance), etc. In some other embodiments, the power management module 141 may also be disposed in the processor 110. In other embodiments, the power management module 141 and the charging management module 140 may be disposed in the same device.

The wireless communication function of the electronic device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.

The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in an electronic device may be used to cover a single or multiple communication bands. Different antennas can also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed as a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.

The mobile communication module 150 may provide a solution for wireless communication applied to the electronic device 100, including a second generation (2th generation, 2g) network, a third generation (3th generation, 3g) network, a fourth generation (4th generation, 4g) network, a fifth generation (5th generation, 5g) network, and the like. The mobile communication module 150 may include at least one filter, a switch, a power amplifier, a Low Noise Amplifier (LNA), and the like. The mobile communication module 150 may receive electromagnetic waves from an antenna, filter, amplify, etc. the received electromagnetic waves, and transmit the electromagnetic waves to a modem processor for demodulation. The mobile communication module 150 may also amplify the signal modulated by the modem processor, and convert the signal into electromagnetic wave through the antenna to radiate the electromagnetic wave. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the processor 110. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the same device as at least some of the modules of the processor 110.

The modem processor may include a modulator and a demodulator. The modulator is used for modulating a low-frequency baseband signal to be transmitted into a medium-high frequency signal. The demodulator is used for demodulating the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then passes the demodulated low frequency baseband signal to a baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and then transferred to the application processor. The application processor outputs a sound signal through an audio device (not limited to the speaker 170A, the receiver 170B, etc.) or displays an image or video through the display device 194. In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be provided in the same device as the mobile communication module 150 or other functional modules, independent of the processor 110.

The wireless communication module 160 may provide a solution for wireless communication applied to the electronic device 100, including Wireless Local Area Networks (WLANs) (e.g., wireless fidelity (Wi-Fi) networks), bluetooth (bluetooth, BT), global Navigation Satellite System (GNSS), frequency Modulation (FM), near Field Communication (NFC), infrared (IR), and the like. The wireless communication module 160 may be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via an antenna, performs frequency modulation and filtering on electromagnetic wave signals, and transmits the processed signals to the processor 110. Wireless communication module 160 may also receive signals to be transmitted from processor 110, frequency modulate them, amplify them, and convert them into electromagnetic waves via an antenna for radiation.

In some embodiments, the antenna of the electronic device 100 is coupled to the mobile communication module 150, the wireless communication module 160, such that the electronic device 100 may communicate with networks and other devices through wireless communication techniques. The wireless communication technology may include global system for mobile communications (GSM), general Packet Radio Service (GPRS), code division multiple access (code division multiple access, CDMA), wideband Code Division Multiple Access (WCDMA), time-division code division multiple access (time-division code division multiple access, TD-SCDMA), long Term Evolution (LTE), BT, GNSS, WLAN, NFC, FM, and/or IR technologies, etc. GNSS may include Global Positioning System (GPS), global navigation satellite system (GLONASS), beidou satellite navigation system (BDS), quasi-zenith satellite system (QZSS), and/or Satellite Based Augmentation System (SBAS).

The electronic device 100 may implement display functions via the GPU, the display screen 194, and the application processor, among others. The GPU is a microprocessor for image processing, and is connected to the display screen 194 and an application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. The processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.

The display screen 194 may be used to display images, video, and the like. The display screen may include a display panel. The display panel may adopt a Liquid Crystal Display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (active-matrix organic light-emitting diode, AMOLED), a flexible light-emitting diode (FLED), a miniature, a Micro-oeld, a quantum dot light-emitting diode (QLED), and the like. The electronic device 100 may include 1 or N display screens 194, N being a positive integer greater than 1.

The electronic device 100 may implement a photographing function through the ISP, the camera 193, the video codec, the GPU, the display screen 194, and the application processor, etc.

The ISP is used to process the data fed back by the camera 193. For example, when a photo is taken, the shutter is opened, light is transmitted to the camera photosensitive element through the lens, the optical signal is converted into an electrical signal, and the camera photosensitive element transmits the electrical signal to the ISP for processing and converting into an image visible to naked eyes. The ISP can also carry out algorithm optimization on the noise, brightness and skin color of the image. The ISP can also optimize parameters such as exposure, color temperature and the like of a shooting scene. In some embodiments, the ISP may be provided in camera 193.

The camera 193 is used to capture still images or video. The object generates an optical image through the lens and projects the optical image to the photosensitive element. The photosensitive element may be a Charge Coupled Device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The light sensing element converts the optical signal into an electrical signal, which is then passed to the ISP where it is converted into a digital image signal. And the ISP outputs the digital image signal to the DSP for processing. The DSP converts the digital image signal into image signal in standard RGB, YUV and other formats. In some embodiments, electronic device 100 may include 1 or N cameras 193, N being a positive integer greater than 1. The camera 193 may include, but is not limited to, a conventional color camera (RGB camera), a depth camera (RGB depth camera), a Dynamic Vision Sensor (DVS) camera, and the like. In some embodiments, camera 193 may be a depth camera. The depth camera can acquire spatial information of a real environment.

The internal memory 121 may be used to store computer-executable program code, which includes instructions. The processor 110 executes various functional applications of the electronic device 100 and data processing by executing instructions stored in the internal memory 121. The internal memory 121 may include a program storage area and a data storage area. The storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, and the like) required by at least one function, and the like. The storage data area may store data (such as audio data, phone book, etc.) created during use of the electronic device 100, and the like.

In some embodiments of the present application, internal memory 121 may be used to store application programs, including instructions, for one or more applications. The application program, when executed by the processor 110, causes the electronic device 100 to generate content for presentation to a user. Illustratively, the applications may include applications for managing the electronic device 100, such as game applications, conferencing applications, video applications, desktop applications, or other applications, among others.

The internal memory 121 may include one or more Random Access Memories (RAMs) and one or more non-volatile memories (NVMs).

The random access memory has the characteristics of high reading/writing speed and volatility. Volatile means that upon power down, the data stored in the RAM will subsequently disappear. In general, the ram has a very low static power consumption and a relatively large operating power consumption. The data in the RAM is the memory data, can be read at any time, and disappears when the power is cut off.

The nonvolatile memory has nonvolatile and stable storage data. The nonvolatile property means that after power is off, the stored data can not disappear, and the data can be stored for a long time after power is off. Data in the NVM includes application data and can be stably stored in the NVM for a long time. The application data refers to content written in the running process of an application program or a service process, such as photos or videos acquired by a photographing application, texts edited by a user in a document application, and the like.

The random access memory may include static random-access memory (SRAM), dynamic random-access memory (DRAM), synchronous dynamic random-access memory (SDRAM), double data rate synchronous dynamic random-access memory (DDR SDRAM), such as fifth generation DDR SDRAM generally referred to as DDR5 SDRAM, and the like.

The nonvolatile memory may include a magnetic disk storage device (magnetic disk storage), a flash memory (flash memory), and the like.

The magnetic disk storage device is a storage device using a magnetic disk as a storage medium, and has the characteristics of large storage capacity, high data transmission rate, long-term storage of stored data and the like.

The FLASH memory may include NOR FLASH, NAND FLASH, 3D NAND FLASH, etc. according to the operation principle, the FLASH memory may include single-level cell (SLC), multi-level cell (MLC), three-level cell (TLC), four-level cell (QLC), etc. according to the potential order of the memory cell, and the FLASH memory may include universal FLASH memory (english: UFS), embedded multimedia memory Card (mc em), etc. according to the storage specification.

The random access memory may be read directly by the processor 110, may be used to store executable programs (e.g., machine instructions) for an operating system or other programs that are running, and may also be used to store data for user and application programs, etc.

The nonvolatile memory may also store executable programs, data of users and application programs, and the like, and may be loaded into the random access memory in advance for the processor 110 to directly read and write.

The external memory interface 120 may be used to connect an external nonvolatile memory to extend the storage capability of the electronic device 100. The external non-volatile memory communicates with the processor 110 through the external memory interface 120 to implement data storage functions. For example, files such as music, video, etc. are saved in an external nonvolatile memory.

The electronic device 100 may implement audio functions via the audio module 170, the speaker 170A, the receiver 170B, the microphone 170C, the headphone interface 170D, and the application processor. Such as music playing, recording, etc.

The audio module 170 is used to convert digital audio information into an analog audio signal output and also to convert an analog audio input into a digital audio signal. The audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be disposed in the processor 110, or some functional modules of the audio module 170 may be disposed in the processor 110.

The speaker 170A, also called a "horn", is used to convert the audio electrical signal into an acoustic signal. The electronic apparatus 100 can listen to music through the speaker 170A or listen to a handsfree call.

The receiver 170B, also called "earpiece", is used to convert the electrical audio signal into an acoustic signal. When the electronic apparatus 100 receives a call or voice information, it can receive voice by placing the receiver 170B close to the ear of the person.

The microphone 170C, also referred to as a "microphone," is used to convert sound signals into electrical signals. When making a call or transmitting voice information, the user can input a voice signal to the microphone 170C by speaking near the microphone 170C through the mouth. The electronic device 100 may be provided with at least one microphone 170C. In other embodiments, the electronic device 100 may be provided with two microphones 170C to achieve a noise reduction function in addition to collecting sound signals. In other embodiments, the electronic device 100 may further include three, four or more microphones 170C to collect sound signals, reduce noise, identify sound sources, perform directional recording, and so on.

The earphone interface 170D is used to connect a wired earphone. The headset interface 170D may be the USB interface 130, or may be a 3.5mm open mobile electronic device platform (OMTP) standard interface, a cellular telecommunications industry association (cellular telecommunications industry association of the USA, CTIA) standard interface.

Electronic device 100 may include one or more keys 190, and these keys 190 may control the electronic device to provide a user with access to functions on electronic device 100. The keys 190 may be in the form of mechanical buttons, switches, dials, etc., or may be touch or near touch sensing devices (e.g., touch sensors). The electronic apparatus 100 may receive a key input, and generate a key signal input related to user setting and function control of the electronic apparatus 100. The keys 190 may include a power-on key, a volume key, and the like.

The motor 191 may generate a vibration cue. The motor 191 may be used for incoming call vibration prompts as well as for touch vibration feedback. For example, touch operations applied to different applications (e.g., photographing, audio playing, etc.) may correspond to different vibration feedback effects. The motor 191 may also respond to different vibration feedback effects for touch operations applied to different areas of the electronic device 100. Different application scenes (such as time reminding, receiving information, alarm clock, game and the like) can also correspond to different vibration feedback effects. The touch vibration feedback effect may also support customization.

Indicator 192 may be an indicator light that may be used to indicate a state of charge, a change in charge, or may be used to indicate a message, notification, or the like.

Electronic device 100 may also include other input and output interfaces, and other devices may be connected to electronic device 100 via suitable input and output interfaces. The components may include, for example, audio/video jacks, data connectors, and the like.

The electronic device 100 is equipped with one or more sensors including, but not limited to, a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, etc.

The pressure sensor 180A is used for sensing a pressure signal, and can convert the pressure signal into an electrical signal. The pressure sensor 180A can be of a wide variety, such as a resistive pressure sensor, an inductive pressure sensor, a capacitive pressure sensor, and the like. When a touch operation is applied to the electronic apparatus 100, the electronic apparatus 100 detects the intensity of the touch operation according to the pressure sensor 180A. The electronic apparatus 100 may also calculate the touched position from the detection signal of the pressure sensor 180A.

The gyro sensor 180B may be used to determine the motion attitude of the electronic device 100. In some embodiments, the angular velocity of electronic device 100 about three axes (i.e., the x, y, and z axes) may be determined by gyroscope sensor 180B. The gyroscope sensor 180C may also be used for navigation, motion sensing of game scenes, camera anti-shake, and the like.

The acceleration sensor 180E may detect the magnitude of acceleration of the electronic device 100 in various directions (typically three axes). The magnitude and direction of gravity may be detected when the electronic device 100 is stationary. The gesture recognition method can also be used for recognizing the gesture of the electronic equipment 100, and is applied to somatosensory game scenes, horizontal and vertical screen switching, pedometers and other applications.

The touch sensor 180K is also called a "touch device". The touch sensor 180K is used to detect a touch operation applied thereto or nearby. The touch sensor 180K may pass the detected touch operation to the application processor to determine the touch event type. The electronic device 100 may provide visual output related to touch operations via the display screen 194. The electronic device 100 may also transmit an instruction corresponding to the touch operation to another electronic device that establishes a communication connection.

The SIM card interface 195 is used to connect a SIM card. The SIM card can be brought into and out of contact with the electronic apparatus 100 by being inserted into the SIM card interface 195 or being pulled out of the SIM card interface 195. The electronic device 100 may support 1 or N SIM card interfaces, N being a positive integer greater than 1. The SIM card interface 195 may support a Nano SIM card, a Micro SIM card, a SIM card, etc. The same SIM card interface 195 can be inserted with multiple cards at the same time. The types of the plurality of cards may be the same or different. The SIM card interface 195 may also be compatible with different types of SIM cards. The SIM card interface 195 may also be compatible with external memory cards. The electronic device 100 interacts with the network through the SIM card to implement functions such as communication and data communication. In some embodiments, the electronic device 100 employs esims, namely: an embedded SIM card. The eSIM card can be embedded in the electronic device 100 and cannot be separated from the electronic device 100.

It should be understood that the interface connection relationship between the modules illustrated in the embodiments of the present application is only an illustration, and does not limit the structure of the electronic device 100. In other embodiments of the present application, the electronic device 100 may also adopt different interface connection manners or a combination of multiple interface connection manners in the above embodiments.

Referring to fig. 2B, fig. 2B is a schematic diagram of a software structure of the electronic device 100 according to an embodiment of the present disclosure. The electronic device 100 may be any one of the electronic devices in the communication system 10 shown in fig. 1.

The software system of the electronic device 100 may be a layered architecture, an event-driven architecture, a micro-core architecture, a micro-service architecture, or a cloud architecture. Illustratively, the software system of the electronic device 100 includes, but is not limited to

Or other operating system.

The layered architecture divides the software into several layers, each layer having a clear role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the method will comprise

The system is divided into four layers, namely an application program layer, an application program framework layer and an android runtime from top to bottom (

runtime) and system libraries, and kernel layer.

The application layer may include a series of application packages.

As shown in fig. 2B, the application package may include APPs such as camera, gallery, calendar, phone, map, navigation, WLAN, bluetooth, music, video, short message, etc. applications.

The application framework layer provides an Application Programming Interface (API) and a programming framework for the application program of the application layer. The application framework layer includes a number of predefined functions.

As shown in FIG. 2B, the application framework layers may include a window manager, content provider, view system, phone manager, resource manager, notification manager, and the like.

The window manager is used for managing window programs. The window manager can obtain the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like.

The content provider is used to store and retrieve data and make it accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phone books, etc.

The view system includes visual controls such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.

The phone manager is used to provide communication functions of the electronic device. Such as management of call status (including on, off, etc.).

The resource manager provides various resources for the application, such as localized strings, icons, pictures, layout files, video files, and the like.

The notification manager enables the application to display notification information in the status bar, can be used to convey notification-type messages, can disappear automatically after a short dwell, and does not require user interaction. Such as a notification manager used to inform download completion, message alerts, etc. The notification manager may also be a notification that appears in the form of a chart or scroll bar text at the top status bar of the system, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, prompting text information in the status bar, sounding a prompt tone, vibrating the electronic device, flashing an indicator light, etc.

Runtime bagIncluding a core library and a virtual machine.

runtime is responsible for the scheduling and management of the android system.

The core library comprises two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.

The application layer and the application framework layer run in a virtual machine. And executing java files of the application program layer and the application program framework layer into a binary file by the virtual machine. The virtual machine is used for performing the functions of object life cycle management, stack management, thread management, safety and exception management, garbage collection and the like.

The system library may include a plurality of functional modules. For example: surface managers (surface managers), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), 2D graphics engines (e.g., SGL), and the like.

The surface manager is used to manage the display subsystem and provide fusion of 2D and 3D layers for multiple applications.

The media library supports a variety of commonly used audio, video format playback and recording, and still image files, among others. The media library may support a variety of audio-video encoding formats such as MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, etc.

The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.

The 2D graphics engine is a drawing engine for 2D drawing.

The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver.

The multi-device cooperative security authentication method provided by the embodiment of the application can be applied to various service scenes, including but not limited to:

(1) Scene for payment protection of old people and minors

For example, in life, the old people have poor discrimination ability and are easy to believe fraud people, so that money is swindled. The mobile phone of the old can be bound with the mobile phones of other families and children, the account transfer exceeding a certain amount of money is set on the mobile phone of the old, verification needs to be carried out on the mobile phones of other families or children, and payment can be carried out only after the verification of the devices of other families or children is passed. Therefore, when the old people transfer and pay large amount of money, the old people can be informed to other family members or children, and the occurrence of frauds is reduced.

As another example, minors have poor continence and are easily tempted to, for example, recharge a game with large sums of money. The electronic equipment of the minor can be bound with the mobile phone of the parents, when the electronic equipment detects that the minor pays money exceeding a certain amount, the mobile phone of the parents is informed, and the parents can pay only after verification on the mobile phone is passed. In this way, consumption by minors beyond themselves can be limited.

(2) Scenarios for protecting private information in lost devices

For example, lightweight wearable devices such as smartwatches, smartbands, and wireless headsets are easily lost or stolen. The wearable device may be bound to the user's cell phone, unlocking or using the wearable device requires the user to authenticate on the cell phone at the same time. Thus, even if the wearable device is stolen or lost, the wearable device cannot be used by others without the authentication of the user on the mobile phone, and the personal privacy information of the user is protected.

(3) Important things protection scene

For example, the electronic safe holds important property, and the electronic safe can distribute the key for opening the safe to different devices, such as mobile phones of couples and couples. The electronic safe can be opened only by the password of the safe and the verification of the two couples on the mobile phone. Therefore, the important finance can be prevented from being taken away by a single person in a stealing mode.

For another example, for an important privacy file, the user may set to distribute the key for opening the file to other devices, and only have the right to open the file when each device is successfully verified.

For another example, the user may set that the large-amount transfer payment in the mobile phone bank not only needs to be successfully verified on the mobile phone, but also needs to be simultaneously verified on other multiple devices such as a computer and a PAD, and then the payment can be made. When the user is stressed by robbers, the user can not transfer the account to the robbers successfully only by providing the mobile phone payment password.

The above described scenarios are only examples and do not set any limit to other embodiments of the present application. The security authentication method based on multi-device cooperation provided by the embodiment of the application can be applied to any scenes needing security authentication, such as other social scenes, office scenes, shopping scenes and the like.

According to the technical scheme of the multi-device cooperative security authentication, the whole parent key in the main device can be divided into a plurality of sub keys, and the sub keys are stored on other cooperative devices in a slicing mode. And the other cooperative equipment sets different authentication modes for the sub-secret key according to the authentication capability of the other cooperative equipment. After the cooperative equipment successfully authenticates, the corresponding sub-keys can be sent to the main equipment, and the main equipment synthesizes all the sub-keys into a parent key.

Specifically, the method can include the stages of generating, storing, using, transmitting, destroying and the like of the key.

(1) A key generation phase.

The generation phase of the key may include generation of a parent key and generation of each child key in the master device.

The generation of the parent key refers to the master device generating the parent key for encrypting the local data, and the generation manner may be random generation or derivation based on a user password, which is not limited in this embodiment. After generating the parent key, the local data is encrypted using the parent key. For example, for a payment password, a parent key is generated and the payment password is encrypted with the parent key. After the payment password is verified to be correct subsequently, the payment can be successfully carried out. The encryption and decryption algorithm in this embodiment is not limited, and for example, a symmetric encryption algorithm or the like may be used.

The generation of the child key means that the master device divides the parent key into a plurality of child keys. The present embodiment does not limit the way in which the subkey is split. The master device may divide the parent key into a number of child keys based on the number of devices in the trusted device list.

In some embodiments, the master device needs to obtain all of the child keys to recover the parent key.

In some embodiments, a threshold method may be employed to divide the parent key into multiple child keys. The threshold method refers to that a parent key can be divided into n sub-keys, the n sub-keys are respectively sent to n devices, and a threshold value t is set. When the parent key is recovered, the parent key can be recovered only by selecting any t sub-keys (t is less than n) from the n sub-keys. The threshold method can improve the fault tolerance, the parent key can be recovered without all the child keys, and the situation that some cooperative devices cannot be normally authenticated under the condition of abnormal connection is avoided.

In some embodiments, a random number seeding method may be employed to divide a parent key into multiple child keys. The properties of the random number may include: 1. and (4) randomness. There is no statistical deviation and it is a completely chaotic array. 2. Unpredictability. The next occurring number cannot be inferred from the past number series. 3. Irreproducibility. The same sequence cannot be reproduced unless the sequence itself is saved.

The random number seed method is that a user password is used as a random number seed, based on the password input by a user, a main device can derive n random numbers through a random number generator, the n random numbers respectively correspond to n devices, then a parent key is divided into n sub-keys and stored on the n devices, and the main device can store the corresponding relation between the random numbers and each cooperative device through a hash table. And during subsequent authentication, the random number generator can derive the same n random numbers only if the user password is consistent with the preset random number seeds, then the corresponding n cooperative devices are found for authentication, and after the authentication of each cooperative device is passed, the main device acquires the n sub-keys and recovers the parent key.

The parent key is divided into a plurality of child keys, which may be divided equally or unevenly, and this embodiment is not limited.

The embodiment of the application also provides a method for partitioning the key based on the equipment security level. By evaluating the security level of the cooperating device, different weights are given when splitting the subkeys. The higher the security level of the cooperative device, the higher the weight assigned to the subkey held by the cooperative device. The method for distributing the sub-keys with different weights according to different security levels of the equipment can enable key fragmentation to be more flexible and reasonable, and the storage of the sub-keys to be safer.

The master device or other devices in the communication system may evaluate the device security level of each cooperative device, and assign different weights of sub-keys to cooperative devices of different security levels. For example, for a cooperative device a with a higher security level, a higher weight may be set when assigning the subkey, and for a cooperative device B with a lower security level, a lower weight may be set when assigning the subkey, and the number of the subkeys on the cooperative device a is greater than that on the cooperative device B.

Factors for evaluating the security level of a device may include static factors characterizing the security capabilities of the device and dynamic factors characterizing the security status of the device.

The static factor is mainly determined by the hardware and software configuration of the electronic device itself. The higher the security capability provided by the hardware and software configuration of the electronic device, the higher the device security level.

The software configuration affecting security capabilities may include: a trusted security root, a Trusted Execution Environment (TEE), root privileges, device integrity protection, encryption and data security protection, security isolation, access privilege control, and so on. root rights refer to the highest management rights of the operating system of the electronic device.

The hardware configuration affecting security capabilities may include: processor, memory, chip, etc.

For example, the device a runs a lightweight operating system (LiteOS), and the hardware uses a low-end processor, which does not support complex virtual memory isolation or hardware-based security isolation; operation of plant B

The system is provided with a plurality of sensors,the hardware adopts a high-end processor, and the equipment supports the safety capabilities of the hardware, such as safety isolation, virtual memory isolation and the like. Then device B has a higher device security level than device a. For another example, generally, the software and hardware configurations of mobile phones, tablet computers, smartwatches, and large-screen devices decrease in sequence, and therefore the security levels of the devices also decrease in sequence.

The dynamic factors may include: whether a primary account number is logged in on the equipment, whether biological characteristic information is bound, and the like.

The configuration of software and hardware in an electronic device may change dynamically, and thus the device security level of an electronic device may also change dynamically.

By combining a threshold method, the main device can set that the total weight of the obtained sub-keys exceeds a certain threshold value and then the authentication can be passed.

In the embodiment of the present application, the master device may be installed with one or more applications. Each application installed by the main device has a corresponding application security level. The security level may be different for different applications. The functional security level of different functions may also be different in different applications. For example, the application security level of the lock screen application is less than the application security level of the payment application. The functional security level of the login function in the payment application is less than the functional security level of the payment function in the payment application.

According to the embodiment of the application, the application security levels can be divided into different levels according to different granularities. The particle size is not limited in this application. For example, the application security level can be roughly divided into three levels, high, medium, and low. As another example, the application security level may be divided into 1-10 levels, with higher values giving higher application security levels.

In some embodiments of the present application, the security level of each application in the master device may be set autonomously by the user. Specifically, the master device may determine or set a security level of an application installed in the master device in response to the received user operation.

(2) A key storage phase.

And after the master device fragments the parent key into the sub keys, the master device stores the sub keys in each cooperative device in the trusted device list respectively, and protects the sub keys by using the authentication capability of each cooperative device. Each cooperative device may set different authentication modes for the sub-key, for example, according to the software and hardware authentication capability of each cooperative device, set biometric authentication such as face authentication, fingerprint authentication, voiceprint authentication, iris authentication, gesture authentication, pattern authentication, and the like.

(3) A key usage phase.

When the master device needs to use the parent key, each cooperative device storing the child key can be notified to initiate user authentication. After each cooperative device verifies that the user component is correct, each subkey may be sent back to the master device.

The master device may verify the identity of the cooperative device in advance, and after confirming the identity of the cooperative device, the master device receives the sub-key.

And after the main equipment acquires the child keys of the cooperative equipment, the main equipment recovers the parent key according to the child keys.

In the embodiment adopting the threshold method, when the parent key is recovered, only t sub-keys (t is less than n) are selected from n sub-keys, and the parent key can be recovered.

In the embodiment of the random number seed method, when the master device performs authentication, the random number seed is the same only if the user password is consistent with the preset password, the random number generator will derive the same n random numbers, and then the corresponding n cooperative devices are awakened for authentication. And after the cooperative equipment passes the authentication, the main equipment acquires the n sub-keys and recovers the parent key.

(4) A key transmission phase.

After the master device splits the parent key into the child keys, the child keys can be sent to the cooperative devices through the trusted connection.

When the parent key is required to be used, each cooperative device is successfully verified, and each child key is transmitted back to the main device through the trusted connection.

(5) And a key destruction stage.

After the master device divides the parent key into the child keys and sends the child keys to the cooperative devices for storage, the master device may delete the parent key. Therefore, when any single device in the main device or the cooperative device is attacked, only a single child key is disclosed at most, and the safety of the parent key is guaranteed.

After the authentication of each cooperative device is completed, the main device acquires each child key and synthesizes a parent key, and after the local authentication of the main device by using the parent key is passed, the main device can destroy the parent key again and does not locally store the parent key. Alternatively, the master device may update the new parent key and divide the new parent key into new child keys, with the updates stored on the cooperating devices. The regular updating of the parent key can ensure higher security.

The above description is exemplary only and is not intended as a limitation on other embodiments of the present application. More or fewer stages can be included in the actual scene, and more or fewer steps can be included in each stage, and the technical solutions based on the same inventive idea are within the protection scope of the present application.

In connection with the foregoing embodiments, illustrative user interfaces associated with some embodiments of the present application are described below.

In the following, the device where the parent key is located is referred to as a first device, and in fig. 3 to 11, the first device is described as an example of a smart watch.

Fig. 3 to 11 show the related setting interfaces of the key shard.

As shown in fig. 3, in the user interface 300 of the first device, a prompt is displayed to remind the user to set the key fragment.

Referring to fig. 3, a prompt 301 and a confirmation control 302 are displayed in a user interface 300. The prompt 301 is used to remind the user that the key fragment can be set, for example, a prompt text such as "please go to the setting of the key fragment for the safety of use of the smart watch". After the user clicks on the confirmation control 302, the home page may be returned or the settings page may be forwarded to.

User interfaces related to key fragment management and setting can be added to the setting options of the first device.

Referring to fig. 4, the user interface 400 is a settings page on the smart watch.

In the user interface 400, a setting page title bar 401, and a plurality of setting items may be included. The title "settings" is displayed in the settings page title bar 401. A plurality of setting items, such as an account number setting item, a display and brightness setting item, a bluetooth setting item, a key setting item 402, and the like, shown in fig. 4 are displayed under the setting page title bar 401. Each column of setting items can display icons, setting item names, controls for jumping to a detailed setting interface and the like.

When the user clicks the key setting item 402, the first device may display the user interface 500 shown in fig. 5.

In the user interface 500, a key setting page title bar 501, and a plurality of application options may be included. The title "key set" and a return control are displayed in the key set page title column 501. A plurality of application options such as a lock screen application option, a camera application option, a memo application option, a payment application option 502, and the like shown in fig. 5 are listed under the key setting page title bar 501. Each column of application options can be displayed with icons, application names, controls for a jump detail setting interface, and the like.

The first device may evaluate application security levels of different applications and default different key fragment numbers, weights, or devices to the applications of different application security levels. For example, for an application with a high application security level, the first device may set the parent key corresponding to the application to be divided into a plurality of fragment keys, and store the fragment keys in a plurality of cooperative devices, or preferentially store the fragment keys in a cooperative device with a higher device security level. For an application with a high application security level, the parent key corresponding to the application set by the first device may be divided into fewer sub-keys, and stored in fewer cooperative devices, or the device security level of the cooperative device storing the sub-keys does not need to be high.

The user can also set the application security level of different applications, the cooperative devices bound by different applications, the weight of the sub-key correspondingly distributed to different cooperative devices by different applications, and the like in a self-defined manner.

For example, when the user clicks on the payment application option 502, the first device may display the user interface 600 shown in fig. 6.

In the user interface 600, a payment application title bar 601 and a select bound device options page 602 may be included. The title "pay" and return control are displayed in the pay application title bar 601. A plurality of trusted devices, such as a mobile phone a, a laptop B, a tablet C, etc., are displayed in the device option page 602 for selecting binding. The user may select the collaborative device that needs to be bound and then click on the "next" control 603.

As shown in fig. 6, when the user selects the mobile phone a, the notebook computer B, and the tablet computer C as the bound devices, the number of the devices for assisting the verification, i.e., the threshold value, may be selected next. Such as user interface 700 shown in fig. 7.

In the user interface 700, a payment application title bar 701 may be included, and a device number options page 702 to select assisted verification. The title "pay" and return controls are displayed in the pay application title bar 701. The device number to select secondary verification option page 702 has a plurality of options, such as any one, any two, any three, etc., displayed therein. The user may select the number of devices that require secondary verification and then click on the "next" control 703.

As shown in fig. 7, the number of devices that the user selects for the secondary authentication is any two, that is, the threshold value is 2, and after confirming the selection, the first device may display the user interface 800 shown in fig. 8.

The user interface 800 is a setup complete prompt page, and a setup complete prompt 801 may be displayed in the user interface 800, where the setup complete prompt 801 includes, for example, "setup complete! Any two devices of the mobile phone A, the notebook computer B and the tablet computer C are required to assist in passing the verification prompt characters and the like when the payment is carried out next time. Also displayed in user interface 800 is a reset control 802, which returns to home page 803. If the user clicks on reset 802, a jump may be made to user interface 500. If the user clicks back to home 803, he can jump to the desktop.

In some embodiments, the user may also manually set the weight of each collaborative device for the assigned sub-key. Accordingly, the lowest weight of the auxiliary verification, i.e., the threshold value, may also be set. As shown in fig. 9 and 10.

For example, in fig. 6, the user selects the mobile phone a, the notebook computer B, and the tablet computer C as the binding devices, and then the weights for distributing the keys can be set, as shown in the user interface 900 of fig. 9.

In the user interface 900, an assigned key weight option page 901 is displayed. The assign key weight option page 901 displays the bound devices selected by the user, one for each device 902. The user can drag the slidable control 902 to select the weights. As shown in fig. 9, the mobile phone a is selected to be assigned a weight of 50%, the notebook computer B is selected to be assigned a weight of 30%, and the tablet computer C is selected to be assigned a weight of 20%. It should be noted that the sum of the weights of the three devices cannot exceed 100%, and the first device may automatically set the user non-draggable slider to the portion exceeding the limit. The first device may also automatically adjust the weight of the third device after the user selects the weights of the first two devices, so that the sum of the weights of the three devices is 100%.

There may also be an auto-assign option 903 in the user interface 900, and if the user selects the auto-assign option 903, the first device may evaluate the device security level of the bound device and automatically assign a weight based on its device security level.

After the user has assigned the weights, clicking on the next control 904 selects the lowest weight for the secondary verification, i.e., the threshold value. Such as user interface 1000 shown in fig. 10.

In user interface 1000, a slidable control 1001 that selects the lowest weight to assist in verification may be included. Selecting the lowest weight slideable control 1001 to assist in validation may be used to adjust the weight threshold value. The user may drag the slidable control 1001 to select the lowest weight. For example, in FIG. 10, the user has selected the lowest weight of 70%, and then the user clicks the "Next" control 1002.

Upon confirming selection of the lowest weight, the first device may display the user interface 1100 shown in fig. 11.

The user interface 1100 is a setup complete prompt page, and a setup complete prompt box 1101 may be displayed in the user interface 1100, where the setup complete prompt box 1101 includes, for example, "setup complete! And when the next payment is carried out, prompting characters such as verification and the like can be passed when the sum of the fragment keys of all verification devices reaches 80 percent of the total key. A reset control 1102 is also displayed in the user interface 1100, returning to the home page 1103. If the user clicks on reset 1102, a jump may be made to user interface 500. If the user clicks on the return home page 1103, the user can jump to the desktop.

It is understood that the user interfaces described in fig. 3 to 11 are only auxiliary examples and do not limit other embodiments of the present application. The user interface in other embodiments may also include more or fewer controls or functions, and a developer or designer may design the user interface according to specific situations, so that the user interface better conforms to the interaction habits of the user and better caters to the preferences of the user.

With reference to fig. 12 to 17 in combination with the foregoing embodiments, schematic scenarios related to cooperative device authentication in some embodiments of the present application are described below.

In fig. 12 to 17, the smart watch, the mobile phone a, the notebook computer B, and the tablet computer C form a communication system. The smart watch is connected with the mobile phone A in a first mode, the smart watch is connected with the notebook computer B in a second mode, and the smart watch is connected with the tablet computer C in a third mode.

The key fragmentation setting is already carried out on the smart watch, the parent key of the payment function in the payment application on the smart watch is divided into three sub-keys, and the three sub-keys are stored on the mobile phone A, the notebook computer B and the tablet computer C respectively. A face recognition verification mode is used for encrypting the sub-secret key, a password verification mode is used for encrypting the sub-secret key on the notebook computer B, and a fingerprint recognition verification mode is used for encrypting the sub-secret key on the tablet computer C.

When the payment function is initiated on the smart watch, a scenario as shown in fig. 12 may be displayed. The smart watch can send a notification to the mobile phone A, the notebook computer B and the tablet computer C to call out the corresponding verification interfaces of the mobile phone A, the notebook computer B and the tablet computer C.

As shown in fig. 12, in a user interface 1200 of the smart watch, a payment title bar 1201, a payment prompt box 1202, a verification progress indicator 1203, a confirmation payment control 1204, and the like are displayed.

A payment title is displayed in the display payment title column 1201.

The payment prompt box 1202 displays payment information, such as prompt words, such as "payment is 1000.0, please perform auxiliary verification on the binding device" shown in fig. 12.

The verification progress indication bar 1203 is used to indicate the current verification progress. In fig. 12, since the mobile phone a, the notebook computer B, and the tablet computer C have not been verified, the verification progress indicator 1203 displays that the current verification progress is 0.

The confirm payments control 1204 may be used to obtain a click operation of the user confirming payment. In fig. 12, since the current verification progress is 0, the confirmation payment control 1204 is a gray area, and does not respond to the user click operation.

As shown in fig. 12, the user interface 1210 of the mobile phone a is a face recognition verification interface, the user interface 1220 of the notebook computer B is a password verification interface, and the user interface 1230 of the tablet computer C is a fingerprint recognition verification interface.

A prompt 1211 and a face finder 1212 may be displayed in the user interface 1210 of cell phone a. The prompt 1211 may be, for example, a prompt text such as "the smart watch requests payment, please perform face recognition verification". The face view frame 1212 is used to display a face picture acquired by the current camera.

The user interface 1220 of the notebook B may be displayed with a prompt 1221 and a password input box 1222. The prompt 1221 may be a prompt text such as "smart watch requests payment, please verify password", etc. The password input box 1222 is used for a user to input a password.

The user interface 1230 of the tablet C may be displayed with a prompt 1231 and a fingerprint detection area 1232. The prompt 1231 may be, for example, a prompt such as "smart watch requests payment, please perform fingerprint verification". The fingerprint detection area 1232 is used to sense fingerprint information.

After the user passes face recognition verification on the mobile phone a, password verification on the notebook computer B, and fingerprint recognition verification on the tablet computer C, the scene shown in fig. 13 may be displayed.

As shown in fig. 13, in a user interface 1300 of the smart watch, a payment prompt box 1301, a verification progress indicator bar 1302, a confirmation payment control 1303, and the like are displayed.

The payment prompt box 1301 displays payment information, such as prompt words, such as "pay 1000.0, please perform auxiliary verification on the binding device" shown in fig. 13.

The verification progress indication bar 1302 is used to represent the current verification progress. In fig. 13, since the mobile phone a, the notebook computer B, and the tablet computer C have been verified, the current verification progress is displayed as 100 in the verification progress indication bar 1302.

The confirm payment control 1303 may be used to obtain a click operation of the user confirming payment. In fig. 13, the confirmation payment control 1303 may respond to a user click operation since the current verification progress is 100.

As shown in fig. 13, the user interface 1310 of the mobile phone a is an interface through which the face recognition authentication passes, the user interface 1320 of the laptop B is an interface through which the password authentication passes, and the user interface 1330 of the tablet C is an interface through which the fingerprint recognition authentication passes.

A passing prompt 1311 may be displayed in the user interface 1310 of the mobile phone a, where the prompt 1311 may be a prompt word such as "request for payment by smart watch, successful face verification", and a number matching icon is displayed to indicate that verification is passed.

The user interface 1320 of the notebook B may display a prompt 1321, where the prompt 1321 may be a prompt word such as "smart watch requests payment, password verification succeeds" and the like, and display a number matching icon indicating that the verification is passed.

The user interface 1330 of the tablet pc C may display a prompt 1331, where the prompt 1331 may be a prompt, such as "the smart watch requests payment, the fingerprint verification succeeds" or the like, and a number matching icon indicating that the verification is passed.

When the user clicks on the confirm payment control 1303, the smart watch may display a user interface 1340 where the payment was successful. The user interface 1340 may display a prompt 1341 and a return control 1342, where the prompt 1341 may be, for example, "pay 1000.0, pay successful" or other prompt words, and a number matching icon is displayed to indicate successful payment. Clicking on the return control 1342 returns the home page.

In some embodiments, a threshold method is adopted during key authentication, that is, all devices do not need to pass verification, and a parent key can be recovered as long as a child key larger than a threshold value is obtained.

For example, in the embodiment shown in fig. 7, the user sets any two devices of the mobile phone a, the notebook computer B, and the tablet computer C to pass the authentication, and the smart phone can complete the authentication, so that the situation shown in fig. 14 can be displayed during the authentication, the authentication is completed on the two devices of the mobile phone a and the notebook computer B, and the smart watch can synthesize a parent key according to the two child keys of the mobile phone a and the notebook computer B, and complete the payment operation.

In fig. 14, the mobile phone a passes the face recognition authentication, the notebook computer B passes the password authentication, but the user does not perform the fingerprint authentication on the tablet computer C. The mobile phone a displays a user interface 1310 that passes the verification, the notebook computer B displays a user interface 1320 that passes the verification, and the tablet computer C displays a user interface 1230 that does not pass the verification. The smart watch displays the user interface 1300 that has completed validation and may display the user interface 1340 of a successful payment after the user clicks on the confirm payment control.

Fig. 15 shows a scenario when face authentication fails on the cell phone a.

As shown in fig. 15, in the user interface 1500 of the smart watch, a payment prompt box 1501, a verification progress bar 1502, a confirmation payment control 1503, and the like are displayed.

The payment prompt box 1501 displays payment information, such as prompt words "payment is 1000.0, and the mobile phone a has not passed the verification, please re-verify" and the like as shown in fig. 15.

The verification progress indication bar 1502 is used to represent the current verification progress. In fig. 15, since the mobile phone a is not authenticated, and the notebook computer B and the tablet computer C are already authenticated, the current authentication progress is displayed in the authentication progress indication bar 1502 as 50.

The confirm payments control 1503 may be used to obtain click operations for the user to confirm payments. In fig. 15, since the current verification progress is not 100, the confirmation payment control 1503 is a gray area and cannot respond to a user click operation.

As shown in fig. 15, the user interface 1510 of the mobile phone a is an interface for failing to verify face identification, the user interface 1520 of the notebook computer B is an interface for passing password verification, and the user interface 1530 of the tablet computer C is an interface for passing fingerprint identification verification.

An unverified passing prompt 1511 may be displayed in the user interface 1510 of the mobile phone a, the prompt 1511 may be, for example, prompt text such as "smart watch requests payment, face verification fails" and the like, and an error icon is displayed to indicate that the user fails verification. The user interface 1510 may further include a re-authentication control 1512, and when the user clicks the re-authentication control 1512, the face authentication interface is refreshed, and face authentication is restarted.

The user interface 1520 of the notebook B may display a prompt 1521, where the prompt 1521 may be a prompt text such as "smart watch requests payment, password verification succeeds" and the like, and display a number matching icon to indicate that the verification is passed.

The user interface 1530 of the tablet pc C may display a prompt 1531, the prompt 1531 may be a prompt such as "the smart watch requests payment, the fingerprint verification succeeds" and the like, and a number matching icon is displayed to indicate that the verification is passed.

Fig. 16 shows an authentication scenario when the first connection between handset a and the smart watch is disconnected. The disconnection of the first connection may be that the current network signal is not good, or that the distance between the mobile phone a and the smart watch exceeds a first distance range, where the first distance range is the maximum distance at which the mobile phone a and the smart watch are kept connected. Based on the threshold method, if the user sets any two devices to complete verification, when the smart watch detects that the mobile phone A is disconnected and cannot be verified, the smart watch can remind the user to verify on the notebook computer B and the tablet computer C.

As shown in fig. 16, in user interface 1600 of the smart watch, a payment prompt box 1601, a verification progress indicator 1602, a confirmation payment control 1603, and the like are displayed.

The payment prompt box 1601 displays payment prompt information, such as "payment 1000.0" shown in fig. 16, and if the connection state of the mobile phone a is detected to be abnormal, please use the notebook computer B and the tablet computer C to perform verification "and other prompt characters.

The verification progress indicator bar 1602 is used to indicate a current verification progress. In fig. 16, since the first connection between the mobile phone a and the smart watch is not established, and the notebook computer B and the tablet computer C have not been verified, the current verification progress is displayed in the verification progress indicator 1602 as 0.

Confirmation payment control 1603 may be used to obtain a click operation for the user to confirm payment. In fig. 16, since the current verification progress 0, the confirmation payment control 1603 is a gray area and cannot respond to a user click operation.

As shown in fig. 16, the user interface 1610 of the mobile phone a is a screen locking interface of the mobile phone, the user interface 1620 of the notebook computer B is a password verification interface, and the user interface 1630 of the tablet computer C is a fingerprint identification verification interface. The user has not yet authenticated on laptop B and tablet C.

Fig. 17 shows an authentication scenario when the smart watch detects that the current handset a is not secure. If the smart watch detects that the current mobile phone A is not a security device, trojan or virus can exist, the key can be leaked due to connection of the trojan or virus, the smart watch can be disconnected from the first connection of the mobile phone A, and other security devices are preferentially used for verification.

As shown in fig. 17, in the user interface 1700 of the smart watch, a payment prompt box 1701, a verification progress indicator bar 1702, a confirmation payment control 1703, and the like are displayed.

The payment prompt box 1701 displays payment prompt information, such as "payment 1000.0" shown in fig. 17, and if it is detected that the mobile phone a has a security risk, please use the notebook computer B and the tablet computer C to perform verification "and other prompt characters.

The verification progress indicator bar 1702 is used to indicate the current verification progress. In fig. 17, since the mobile phone a and the smart watch are disconnected from each other and the notebook computer B and the tablet computer C have not been authenticated, the current authentication progress is displayed as 0 in the authentication progress indicator 1702.

Confirmation payment control 1703 may be used to obtain a click operation of the user confirming payment. In fig. 17, the confirmation payment control 1703 is a gray area due to the current verification progress 0, and may not respond to a user click operation.

As shown in fig. 17, the user interface 1710 of the mobile phone a is a screen locking interface of the mobile phone, the user interface 1720 of the notebook computer B is a password verification interface, and the user interface 1730 of the tablet computer C is a fingerprint identification verification interface. The user has not yet authenticated on laptop B and tablet C.

It is understood that the user interfaces described in fig. 12 to 17 are only exemplary interfaces, and do not limit the user interfaces of other embodiments of the present application, and other scenarios based on the same scheme are within the scope of the present application. In other embodiments, more or fewer user interfaces can be added or subtracted according to actual conditions, more or fewer controls can be added or subtracted in the user interfaces, or different man-machine interaction operations can be designed, so that the user interfaces are more suitable for the user experience.

With reference to the foregoing embodiments shown in fig. 1 to 17, a security authentication method provided in the embodiments of the present application is described below.

The embodiment of the method is described by taking a first communication system composed of a master device, a first cooperative device, a second cooperative device, … …, and an nth cooperative device as an example. In this embodiment, the types, the numbers, the connection manners, and the like of the master device, the first cooperative device, the second cooperative device, the … …, and the nth cooperative device are not limited at all. The master device may also be referred to as the first device.

The master device, the first collaboration device, the second collaboration device, … …, the nth collaboration device may be a cell phone, a PC, a tablet, a notebook, a wearable, a cloud host/cloud server or other desktop computer, a laptop, a handheld computer, an AI device, a smart television, an in-vehicle device, a game console, and so forth.

In some embodiments, the master device is a weak device with weak security authentication capability, and the first cooperative device, the second cooperative device, … … and the nth cooperative device are strong devices with strong security authentication capability. The weak device can divide the self father key into a plurality of sub keys to be stored on each strong device, and each sub key is protected by the strong security authentication capability of the strong device, so that the father key is protected.

A parent key is generated on the master device and the master device or other device may split the parent key into multiple child keys and serve the keys to the N cooperating devices.

In the first communication system, if a single device is attacked, a single child key is leaked, and other child keys are not leaked, so that the security of a parent key is not affected.

The master device, the first cooperative device, the second cooperative device, … …, and the nth cooperative device in the first communication system may be mounted thereon

The system,

The system,

The system,

The operating system of each terminal device in the first communication system may be the same or different, and is not limited in this application.

In some embodiments, the master device, the first cooperative device, the second cooperative device, … …, and the nth cooperative device are all installed in the first communication system

Super virtual terminal, alsoCan be called as

And (4) super terminals.

The examples provided in this embodiment do not set any limit to the other embodiments of the present application.

Fig. 18 is a flowchart of a security authentication method provided in an embodiment of the present application, which specifically includes the following steps:

S101A, the main device and the first cooperative device establish a first connection.

And S101B, the main device establishes a second connection with the second cooperative device.

S101C, the main device and the Nth cooperative device establish Nth connection.

The first communication system comprises a main device and N pieces of cooperative devices, wherein the main device can establish N connections with the N pieces of cooperative devices respectively. The master device and the first cooperating device may communicate over the first connection. The master device and the second cooperating device may communicate over the second connection. By analogy, the master device and the nth cooperating device may communicate through the nth connection. N is a positive integer. The cooperative action of the cooperative device refers to a device performing authentication in cooperation with the master device, and assisting the master device in performing authentication. The authentication set on the cooperating device is to protect the subkey.

In this embodiment, the order of establishing the first connection, the second connection, and the nth connection is not limited.

The first connection, the second connection or the nth connection may be a wired connection or a wireless connection, and the embodiment is not limited.

The first connection, the second connection, or the nth connection may include a short-range wireless communication connection, such as a bluetooth connection, a Wi-Fi connection, a hotspot connection, or the like, to enable the primary device and the N cooperating devices to communicate with each other under the same account number, no account number, or a different account number.

The first connection, the second connection or the nth connection may also be an Internet connection.

In some embodiments, the master device and the N cooperating devices may log in to the same account, thereby connecting and communicating via the internet.

In some embodiments, multiple terminals may also log in different accounts, but connect in a binding manner. For example, the primary device and the first cooperative device may log in different accounts, and the first cooperative device sets, in a device management application, to bind the primary device and itself, and then connects through the device management application.

The first connection, the second connection, or the nth connection may also include a wired connection, such as a USB connection or the like.

The embodiment of the application does not limit the types of the first connection, the second connection or the nth connection, and data transmission and interaction can be performed between terminals in the first communication system through multiple communication connection types. In addition, each terminal may also be connected and communicate in any of the above manners, which is not limited in this embodiment of the application.

Accordingly, the master device and the N cooperating devices may be configured with a mobile communication module and a wireless communication module for communication. The mobile communication module can provide a solution including 2G/3G/4G/5G wireless communication and the like applied to the terminal. The wireless communication module may include a bluetooth module and/or a WLAN module, etc. Wherein, the Bluetooth module can provide a solution comprising one or more of classic Bluetooth (Bluetooth 2.1) or Bluetooth low energy communication, and the WLAN module can provide a solution comprising one or more of Wi-Fi P2P, wi-Fi LAN or Wi-Fi softAP communication.

S102, the master device generates a parent key.

The generation manner of the parent key may be random generation or derivation based on the user password, and the embodiment does not limit the generation manner of the parent key. After generating the parent key, the local data is encrypted using the parent key. For example, for a payment password, a parent key is generated and the payment password is encrypted with the parent key. The payment can be successful only after the payment password is verified to be correct subsequently. The encryption and decryption algorithm in this embodiment is not limited, and for example, a symmetric encryption algorithm or the like may be used.

In some embodiments, the parent key may also be referred to as the first key.

The master device may generate different keys according to different services. Such as screen locking service, payment service, etc., all have corresponding different keys. The master device may encrypt data of the local service to generate a different parent key. The user can set which services' parent keys need to be divided into child keys and stored on which cooperating devices. Correlation user interfaces reference may be made to fig. 3-6, which illustrate example user interfaces related to key setting.

In some embodiments, the higher the security level of the application is detected, the higher the complexity of setting the corresponding key, and correspondingly, the higher the security level of the service is, the master device may assign the sub-key to the cooperative device with the higher security level of the device for storage.

S103, the master device divides the parent key into N child keys.

The master device, or other cooperating devices in the first communication system, may divide the parent key into N child keys, including: a first subkey, a second subkey, … …, an nth subkey, and so on. The master device may divide the parent key into a number of child keys based on the number of devices in the trusted device list, assuming that the number of devices in the trusted device list is N.

The present embodiment does not limit the way in which the parent key splits the child keys.

The parent key is divided into a plurality of child keys, which may be divided equally or unevenly, and this embodiment is not limited. The subkey has partial information of the first key.

The embodiment of the application also provides a method for partitioning the key based on the equipment security level. By evaluating the security level of the cooperative device, different weights are given when splitting the subkeys. The higher the security level of the cooperative device, the higher the weight assigned to the subkey held by the cooperative device. The more information the child key contains the parent key. The information amount can be embodied as key length, key complexity, key structure, key association relation and the like. The method for distributing the sub-keys with different weights according to different security levels of the equipment can enable key fragmentation to be more flexible and reasonable, and the storage of the sub-keys to be safer.

The static factor is mainly determined by the hardware and software configuration of the electronic device itself. The higher the security capability provided by the hardware and software configuration of the electronic device, the higher the security level of the device.

In the system, a high-end processor is adopted as hardware, and the equipment supports the safety capabilities of hardware, such as safety isolation, virtual memory isolation and the like. Then device B has a higher device security level than device a. For another example, generally, the software and hardware configurations of mobile phones, tablet computers, smartwatches, and large-screen devices decrease in sequence, and therefore the security levels of the devices also decrease in sequence.

In some embodiments, a threshold method may be employed to divide the parent key into multiple child keys. The threshold method means that a parent key can be divided into N child keys, and the N child keys are respectively sent to N cooperating devices, and a threshold value t is set. When the parent key is recovered, the parent key can be recovered only by selecting any t sub-keys (t is less than N) from the N sub-keys. The threshold method can improve the fault tolerance, the parent key can be recovered without all the child keys, and the situation that some cooperative devices cannot be normally authenticated under the condition of abnormal connection is avoided.

In some embodiments, a random number seed method may be employed to divide the parent key into a plurality of child keys. The random number seed method is that a user password is used as a random number seed, based on the password input by a user, a main device can derive N random numbers through a random number generator, the N random numbers respectively correspond to N devices, then a parent key is divided into N sub-keys and stored on the N devices, and the main device can store the corresponding relation between the random numbers and each cooperative device through a hash table. And during subsequent authentication, the random number generator can derive the same N random numbers only if the user password is consistent with the preset random number seeds, then the corresponding N cooperative devices are found for authentication, and after the authentication of each cooperative device is passed, the main device acquires the N sub-secret keys and recovers the parent secret key. Of course, in this embodiment, the first verification method is not limited to the password, and may also be other first authentication information, such as a face feature, a fingerprint feature, a voiceprint feature, and the like.

S104A, the main device sends the first sub-key to the first cooperative device.

S104B, the main device sends the second sub-key to the second cooperative device.

S104C, the main device sends the Nth sub-key to the Nth cooperative device.

After the master device splits the parent key into the child keys, the child keys may be sent to the cooperative devices, respectively.

In some embodiments, a piece of subkey may also be stored on the master device. For the sub-key on the master device, the master device may also set an access control method/authentication method to protect it.

S105A, the first cooperative device stores the first sub-key.

S106A, the first cooperative device sets a first authentication mode according to the first sub-secret key.

After the first cooperative device receives the first sub-key, the first cooperative device may store the first sub-key and protect the first sub-key by using the authentication capability of its own device. The same applies to the second to nth cooperative devices, which are not described again.

Each cooperative device may set a different access control manner/authentication manner for the sub-key, for example, according to the software and hardware authentication capability of each cooperative device, set biometric authentication such as face authentication, fingerprint authentication, voiceprint authentication, iris authentication, and the like.

The type of authentication means supported by the electronic device depends on the hardware and/or software configuration of the electronic device. For example, supporting password authentication requires the electronic device to configure a display screen. Supporting fingerprint authentication requires the electronic device to be equipped with a fingerprint sensor. The face authentication is supported, and a camera and a face recognition algorithm are required to be configured on the electronic equipment. Supporting voice command authentication requires the electronic device to be equipped with a microphone or other sound pickup device. Supporting key authentication requires the electronic device to configure physical keys.

When the electronic equipment supports password authentication, a password input box can be displayed on the display screen and used for submitting authentication password information by a user.

When the electronic equipment supports fingerprint authentication, the fingerprint of the user can be collected through the fingerprint sensor, the collected fingerprint is compared with the preset fingerprint, and if the two fingerprints are consistent, the electronic equipment acquires the authority required by the access request. In some embodiments, the electronic device may preset a plurality of fingerprints and acquire different permissions when different preset fingerprints are acquired.

When the electronic equipment supports face authentication, a face image of a user can be collected through the camera, the collected face image is compared with a preset face image, and if the collected face image is consistent with the preset face image, the electronic equipment acquires the authority required by the access request.

When the electronic equipment supports voice instruction authentication, a voice instruction input by a user can be collected through a microphone, a telephone receiver or other sound pickup equipment, the collected voice instruction is compared with a preset voice instruction, and if the collected voice instruction is consistent with the preset voice instruction, the electronic equipment acquires the authority required by the access request.

When the electronic device supports key authentication, the pressing operation of the user can be collected through the physical key, and if a preset pressing operation (for example, one-time pressing operation, long-time pressing operation, two continuous pressing operations, and the like) is collected on the physical key, the electronic device acquires the authority required by the access request.

And S105B, the second cooperative equipment stores the second subkey.

And S106B, the second cooperative equipment sets a second authentication mode according to the second sub-secret key.

S105C, the nth cooperative device stores the nth subkey.

And S106C, the Nth cooperative equipment sets an Nth authentication mode according to the Nth sub-key.

In some embodiments, after the master device splits the parent key into the child keys and sends the child keys to the cooperating devices for storage, the master device may delete the parent key. Therefore, when any single device in the main device or the cooperative device is attacked, only a single child key is disclosed at most, and the safety of the parent key is guaranteed.

S107, the main device receives a request for acquiring a parent key.

When an authentication service requiring a parent key is initiated, the master device receives a request for obtaining the parent key.

S108A, the master device requests the first cooperative device to obtain the first sub-key.

And S108B, the main device requests the second cooperative device to acquire a second sub-key.

S108C, the main device requests the Nth cooperative device to acquire the Nth sub-key.

The master device sends a request for acquiring the subkey to each cooperative device.

In the embodiment of the random number seed method, after the master device receives the preset password, the random number generator will derive the same N random numbers, and then send a request for acquiring the sub-key to the corresponding N cooperating devices.

S109A, the first cooperative device initiates a first authentication request.

S109B, the second cooperative device initiates a second authentication request.

S109C, the nth cooperative device initiates an nth authentication request.

In response to the request of the master device, the first cooperative device initiates a first authentication request, where the first authentication manner may be preset by a previous user.

Likewise, in response to the request of the master device, the nth cooperating device initiates an nth authentication request.

In some embodiments, when multiple authentication methods are available for authentication on the nth cooperative device, the authentication method with the best user experience may be preferentially selected on the nth cooperative device. For example, there are various ways of authenticating user identities, such as face authentication, fingerprint authentication, password authentication, etc., on a mobile phone. When mobile phone auxiliary authentication is needed, under the condition that software and hardware operation allows, the mobile phone preferentially selects face authentication to verify the identity of a user, then selects fingerprint authentication, and finally selects password authentication. Because the face authentication is the most convenient and experienced authentication mode for the user, the user can finish the verification only by aligning the mobile phone to the face, and the consumed authentication time is the shortest. Fingerprint authentication needs to press a screen, which is an authentication mode inferior to the convenience degree of face authentication, and password authentication also needs a user to input characters, so that the convenience degree is low, and long authentication time is consumed.

S110A, the first cooperative device detects that the user passes the first authentication.

And S110B, the second cooperative equipment detects that the user passes the second authentication.

S110C, the Nth cooperative equipment detects that the user passes the Nth authentication.

In some embodiments, when the nth cooperative device is in the unlocked state, the nth cooperative device determines that the user passes the nth authentication. For example, when the first device needs to acquire the nth sub-key, if it is detected that the nth cooperative device is currently in an unlocked state or a service state, for example, a user is watching a video or playing a game using the nth cooperative device, it may be determined that the user has passed the nth authentication, and an authentication request does not need to be initiated to the user, and the nth cooperative device may directly send the nth sub-key to the first device.

S111A, the first cooperative device sends the first sub-key to the main device.

And S111B, the second cooperative equipment sends the second sub-key to the main equipment.

S111C, the Nth cooperative device sends the Nth sub-key to the main device.

After the first cooperative device detects that the user passes the first authentication, the first cooperative device may send the first sub-key to the master device. Similarly, after the nth cooperative device detects that the user passes the nth authentication, the nth cooperative device may send the nth sub-key to the master device.

S112, the master device synthesizes the parent key.

In some embodiments, the master device needs to obtain all N child keys to recover the parent key.

In the embodiment adopting the threshold method, when the parent key is recovered, the parent key can be recovered only by any t child keys (t is less than N). That is, the parent key of the master device can be recovered when the t cooperating devices complete authentication.

In the embodiment of the random number seed method, when the master device performs authentication, the random number seed is the same only if the user password is consistent with the preset password, the random number generator will derive the same N random numbers, and then the corresponding N cooperating devices are awakened for authentication. And after the cooperative equipment passes the authentication, the main equipment acquires the N sub-keys and recovers the parent key.

In some embodiments of the present application, the number of child keys required to synthesize the parent key may also be divided according to the level of service security. For example, for payment services, different payment amounts correspond to different service security levels, for example, the payment amount is greater than 10 ten thousand, which is the highest security level, and the highest security level requires that all N devices pass authentication to synthesize a parent key for payment. The payment amount is greater than 1 ten thousand and less than 10 ten thousand, which is the middle security level, and the middle security level can be used for payment only by t (t is less than N) devices which pass the authentication. When the payment amount is less than 100 yuan, the ultra-low security level is an ultra-low security level, and secret payment can be avoided due to the ultra-low security level.

In some embodiments, after the authentication of each cooperative device is completed, the main device acquires each child key and synthesizes a parent key, and after the local authentication of the main device using the parent key is passed, the main device may destroy the parent key again without locally storing the parent key. Alternatively, the master device may update the new parent key and divide the new parent key into new child keys, with the updates stored on the cooperating devices. The regular updating of the parent key can ensure higher security.

By implementing the method provided by the embodiment, the software and hardware capabilities of the main device and the multiple cooperative devices can be integrated, the risk of secret key leakage is reduced, the authentication security is improved, and the information data security of the user is better guaranteed.

In conjunction with the foregoing embodiments, fig. 19 shows a functional module schematic diagram of a communication system 1900 provided in an embodiment of the present application.

As shown in fig. 19, the communication system 1900 includes a master device and a first cooperative device. A first connection is established between the master device and the first cooperating device. The master device and the first cooperative device may communicate over a first connection. The first connection may be a wired connection or a wireless connection, and the embodiment is not limited. The master device is a device that splits a parent key into a plurality of child keys, and the first cooperative device is a device that stores a first child key. The first child key is one of a plurality of child keys constituting a parent key.

The master device may include functional modules such as a device connection and information transmission module 1901, a key fragmentation and synthesis algorithm module 1902, a local key management module 1903, a trusted device list storage module 1904, a data management module 1905, and a device cooperation logic processing module 1906.

The device connection and information transmission module 1901 may be used for communication between the master device and other cooperative devices, is responsible for connecting trusted devices and transmitting information, and may receive or send data or instructions, and the like. For example, the device connection and information transmission module 1901 may send the subkey generated by the master device to the first cooperative device for storage, or may receive the first subkey from the first cooperative device.

Key sharding and composition algorithm module 1902 may be configured to split a parent key into a plurality of child keys according to a number of devices in the trusted device list, a weight set according to a security level, a set threshold, and/or the like. And the method can also be used for recovering the parent key according to the acquired multiple child keys. The number of the child keys required for recovering the parent key may be all or part of the parent key. For example, if the threshold value is set to 2 according to the threshold method, two child keys corresponding to any two cooperative devices may be recovered and combined into a complete parent key through verification on any two cooperative devices.

The local key management module 1903 is responsible for managing the life cycle of the key on the local device, such as generation, storage, use, transmission, and destruction.

A trusted device list storage module 1904, configured to store a trusted collaboration device list in the communication system.

The data management module 1905 is responsible for encrypting and decrypting the local data.

The device cooperation logic processing module 1906 is responsible for the docking of the upper layer service and the lower layer function module in the main device, and for the logic processing during the storage and synthesis use of the key fragment.

The first cooperative device may include functional modules such as a device connection and information transmission module 1910, a key fragmentation and recovery logic processing module 1911, a local key management module 1912, a trusted device list storage module 1913, and a local biometric authentication module 1914.

The device connection and information transmission module 1910 may be used for communication between the first cooperative device and the master device, and is responsible for connecting the master device and information transmission, and may receive or send data or instructions, and the like. For example, the device connection and information transmission module 1910 may receive the subkey sent by the master device, and may also send the subkey to the master device in response to a subkey acquisition request of the master device.

The key fragmentation and recovery logic processing module 1911 is responsible for interfacing between an upper layer service and a lower layer functional module in the first cooperative device, and for storing and recovering a child key as a parent key for logic processing.

The local key management module 1912 is responsible for managing the life cycle of the key on the local device, such as generation, storage, usage, transmission, and destruction.

A trusted device list storage module 1913, configured to store a trusted collaborative device list in the communication system.

The local biometric authentication module 1914 is configured to configure a biometric-based access control method, such as face authentication and fingerprint authentication, for the sub-key, and may collect biometric information of the user and perform authentication.

The respective modules in the main device or the first cooperative device mentioned in fig. 19 may be located in an application layer, an application framework layer, a system service layer, a kernel layer, and the like in the electronic device shown in fig. 2B, which is not limited herein.

It should be noted that the functional modules shown in fig. 19 are only used to assist in describing the technical solutions provided in the embodiments of the present application, and do not limit other embodiments of the present application. In an actual business scenario, more or fewer functional modules, or a different combination of functional modules, may be included in communication system 1900.

The implementation manner described in the above embodiments is only an example, and does not set any limit to other embodiments of the present application. The specific internal implementation manner may be different according to different types of electronic devices, different loaded operating systems, different used programs, and different called interfaces, and the embodiments of the present application are not limited at all, and may implement the feature functions described in the embodiments of the present application.

As used in the above embodiments, the term "when …" may be interpreted to mean "if …" or "after …" or "in response to determination …" or "in response to detection of …", depending on the context. Similarly, the phrase "in determining …" or "if (a stated condition or event) is detected" may be interpreted to mean "if … is determined" or "in response to … is determined" or "in response to (a stated condition or event) is detected", depending on the context.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, digital subscriber line) or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), among others.

One of ordinary skill in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by hardware related to instructions of a computer program, which may be stored in a computer-readable storage medium, and when executed, may include the processes of the above method embodiments. And the aforementioned storage medium includes: various media capable of storing program codes, such as ROM or RAM, magnetic or optical disks, etc.

The above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims

1. A security authentication method is applied to a communication system, wherein the communication system comprises a first device and N cooperating devices, a first key of the first device is split into N subkeys, the first key is used for accessing a first service, the N subkeys are scattered on the N cooperating devices, the subkeys have partial information of the first key, and N is a positive integer greater than or equal to 1;

the method comprises the following steps:

the first equipment initiates the access of a first service;

the first device sends a request for acquiring the subkey to the N pieces of cooperative devices;

the t pieces of cooperative equipment send t pieces of the sub-keys to the first equipment;

the first equipment receives t sub-keys, wherein t is a positive integer less than or equal to N and greater than or equal to 1;

the first device synthesizes the first key according to the t sub-keys;

the first device accesses a first service using the first key.

2. The method of claim 1, wherein the higher the security level of the first service is, the larger the value of t is.

3. The method according to claim 1 or 2, wherein after the first device sends a request to the N cooperating devices to obtain the subkey, the method further comprises:

the N pieces of cooperative equipment respectively initiate N pieces of authentication;

and the t pieces of cooperative equipment respectively detect that the user passes the authentication.

4. The method according to any of claims 1-3, wherein before the first device sends a request to the N cooperating devices to obtain the subkey, the method further comprises:

the first device verifies that the first authentication information passes;

the first device learns the N cooperating devices that store the N subkeys.

5. The method according to any one of claims 1 to 4, wherein the sub-key is generated according to a device security level of the cooperative device, and the higher the device security level of the cooperative device is, the larger the information amount of the sub-key containing the first key is; the device security level indicates a security capability of a device, and the higher the security capability of the cooperative device is, the higher the device security level of the cooperative device is, and the security capability of the cooperative device is determined by software and/or hardware of the cooperative device.

6. The method according to any of claims 1-5, wherein the connections between the first device and the N cooperating devices are limited to a first range of distances.

7. The method according to any of claims 1-6, wherein the first device and the N cooperating devices are located in the same LAN or are logged in with the same account.

8. The method according to claim 1 or 2, wherein before the t cooperating devices send the t subkeys to the first device, the method further comprises:

and if the cooperative device is detected to be in an unlocked state, the cooperative device sends the subkey to the first device.

9. The method according to any of claims 3-8, wherein the authenticating comprises: face identification authentication, password authentication, fingerprint identification authentication, iris authentication, voiceprint authentication, gesture authentication and pattern authentication.

10. A security authentication method is applied to a communication system, wherein the communication system comprises a first device and N cooperating devices, a first key of the first device is split into N subkeys, the first key is used for accessing a first service, the N subkeys are scattered on the N cooperating devices, the subkeys have partial information of the first key, and N is a positive integer greater than or equal to 1;

the method comprises the following steps:

the first equipment initiates the access of a first service;

the first equipment receives t sub-keys sent by t pieces of cooperative equipment, wherein t is a positive integer less than or equal to N and greater than or equal to 1;

the first device synthesizes the first key according to the t sub-keys;

the first device accesses a first service using the first key.

11. The method of claim 10, wherein the higher the security level of the first service is, the larger the value of t is.

12. The method according to claim 10 or 11, wherein N authentications are respectively provided on the N cooperating devices, and the authentications are used for protecting the subkey.

13. The method according to any of claims 10-12, wherein before the first device sends a request to the N cooperating devices to obtain the subkey, the method further comprises:

the first device verifies that the first authentication information passes;

the first device learns the N cooperating devices that store the N subkeys.

14. The method according to any one of claims 10 to 13, wherein the sub-key is generated according to a device security level of the cooperative device, and the higher the device security level of the cooperative device is, the larger the information amount of the sub-key containing the first key is; the device security level indicates a security capability of a device, the higher the security capability of the cooperative device, the higher the device security level of the cooperative device, the security capability of the cooperative device being determined by software and/or hardware of the cooperative device.

15. The method according to any of claims 10-14, wherein the connections between the first device and the N cooperating devices are limited to a first range of distances.

16. The method according to any of claims 10-15, wherein the first device is located in the same local area network as the N cooperating devices, or is logged in with the same account.

17. The method according to any of claims 10-16, wherein the authenticating comprises: face identification authentication, password authentication, fingerprint identification authentication, iris authentication, voiceprint authentication, gesture authentication and pattern authentication.

18. An electronic device, characterized in that the electronic device comprises: a communication device, a memory, and a processor coupled to the memory, and one or more programs; the memory has stored therein computer-executable instructions that, when executed by the processor, cause the electronic device to implement the method of any of claims 10-17.

19. A communication system, the communication system comprising: a first device, N cooperating devices, wherein the first device performs the method of any of claims 10 to 17.

20. A computer-readable storage medium comprising instructions that, when executed on an electronic device, cause the electronic device to perform the method of any of claims 10-17.

21. A computer program product comprising instructions for causing an electronic device to perform the method of any one of claims 10 to 17 when the computer program product is run on the electronic device.