CN115829577A

CN115829577A - Authentication method, apparatus, system, medium, and program product

Info

Publication number: CN115829577A
Application number: CN202211459273.3A
Authority: CN
Inventors: 曾智; 胡佳
Original assignee: Jiede China Technology Co ltd
Current assignee: Jiede China Technology Co ltd
Priority date: 2022-11-16
Filing date: 2022-11-16
Publication date: 2023-03-21

Abstract

An authentication method, apparatus, system, medium, and program product are disclosed. The method is applied to a secure element comprising at least one reference voiceprint information, the method comprising: acquiring first voiceprint information; the first voiceprint information is obtained by analyzing the electronic equipment based on the received first voice information of the user; determining that the user passes authentication under the condition that the first voiceprint information is matched with target reference voiceprint information; the target reference voiceprint information is reference voiceprint information matched with the first voiceprint information in the at least one piece of reference voiceprint information; for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user; and sending the confirmation information passing the authentication to the electronic equipment so that the electronic equipment carries out payment operation based on the confirmation information. The security of voiceprint authentication can be improved.

Description

Authentication method, apparatus, system, medium, and program product

Technical Field

The present application relates to the field of information authentication technologies, and in particular, to an authentication method, apparatus, system, medium, and program product.

Background

Electronic payment refers to the act of securely transmitting payment information between a consumer, a merchant and a financial institution to a bank or a corresponding processing institution via an information network by using secure electronic means to realize currency payment or fund transfer.

At present, when electronic equipment is used for payment operation, identity information of a user needs to be authenticated, and voiceprint information can be adopted for verification at present, but the storage or transmission safety of the existing voiceprint information cannot be guaranteed, and the voiceprint information is easy to steal, so that property loss of the user is caused.

Disclosure of Invention

An object of the embodiments of the present application is to provide an authentication method, apparatus, electronic device, medium, and program product, so as to improve the security of voiceprint authentication.

The technical scheme of the application is as follows:

in a first aspect, an authentication method is provided, where the method is applied to a secure element, where the secure element includes at least one piece of reference voiceprint information, and the method includes:

acquiring first voiceprint information; the first voiceprint information is obtained by analyzing the electronic equipment based on the received first voice information of the user;

determining that the user passes authentication under the condition that the first voiceprint information is matched with target reference voiceprint information; the target reference voiceprint information is reference voiceprint information matched with the first voiceprint information in the at least one piece of reference voiceprint information; for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user;

and sending the confirmation information passing the authentication to the electronic equipment so as to enable the electronic equipment to carry out payment operation based on the confirmation information.

In a second aspect, an authentication method is provided, which is applied to an electronic device, and includes:

acquiring first voice information of a user;

analyzing the first voice information to obtain first voiceprint information;

sending the first voiceprint information to a secure element so that the secure element matches the first voiceprint information with at least one reference voiceprint information; determining that the user passes the authentication under the condition that the first voiceprint information is matched with the target reference voiceprint information, and sending confirmation information of the passing authentication to the electronic equipment so that the electronic equipment carries out payment operation based on the confirmation information; the secure element comprises at least one piece of reference voiceprint information, and the target reference voiceprint information is the reference voiceprint information which is matched with the first voiceprint information in the at least one piece of reference voiceprint information; and for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user.

In a third aspect, an authentication apparatus is provided, which is applied to a secure element including at least one piece of reference voiceprint information therein, and includes:

the first acquisition module is used for acquiring first voiceprint information; wherein the first voiceprint information is obtained by the electronic equipment through analysis based on the received first voice information of the user,

a first determining module, configured to determine that the user passes authentication when the first voiceprint information matches target reference voiceprint information; the target reference voiceprint information is reference voiceprint information matched with the first voiceprint information in at least one piece of reference voiceprint information; for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user;

and the first sending module is used for sending the confirmation information passing the authentication to the electronic equipment so as to enable the electronic equipment to carry out payment operation based on the confirmation information.

In a fourth aspect, an authentication apparatus is provided, which is applied to an electronic device, and includes:

the first acquisition module is used for acquiring first voice information of a user;

the first determining module is used for analyzing the first voice information to obtain first voiceprint information;

a first sending module, configured to send the first voiceprint information to a secure element, so that the secure element matches the first voiceprint information with at least one reference voiceprint information; determining that the user passes the authentication under the condition that the first voiceprint information is matched with the target reference voiceprint information, and sending confirmation information of the passing authentication to the electronic equipment so that the electronic equipment carries out payment operation based on the confirmation information; the secure element comprises at least one piece of reference voiceprint information, and the target reference voiceprint information is the reference voiceprint information which is matched with the first voiceprint information in the at least one piece of reference voiceprint information; and for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user.

In a fifth aspect, an embodiment of the present application provides an authentication system, where the system includes:

the electronic equipment is used for acquiring first voice information of a user and analyzing the first voice information to obtain first voiceprint information; and sending the first voiceprint information to a secure element;

the secure element is configured to match the first voiceprint information with at least one reference voiceprint information; and determining that the user passes the authentication under the condition that the first voiceprint information is matched with the target reference voiceprint information; sending the confirmation information passing the authentication to the electronic equipment so that the electronic equipment carries out payment operation based on the confirmation information;

the secure element comprises at least one piece of reference voiceprint information, and the target reference voiceprint information is the reference voiceprint information which is matched with the first voiceprint information in the at least one piece of reference voiceprint information; and for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user.

In a sixth aspect, an embodiment of the present application provides a readable storage medium, on which a program or instructions are stored, and when the program or instructions are executed by a processor, the program or instructions implement the steps of the authentication method according to any one of the embodiments of the present application.

In a seventh aspect, this application provides a computer program product, where instructions in the computer program product, when executed by a processor of an electronic device, enable the electronic device to perform the steps of the authentication method according to any one of the embodiments of the application.

The technical scheme provided by the embodiment of the application at least has the following beneficial effects:

in the embodiment of the application, by acquiring the first voiceprint information transmitted by the electronic device, under the condition that the first voiceprint information is matched with the target reference voiceprint information in at least one piece of reference voiceprint information in the secure element, the authentication of the user is determined to be passed.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and, together with the description, serve to explain the principles of the application and are not to be construed as limiting the application.

Fig. 1 is a schematic structural diagram of an authentication system provided in an embodiment of a third aspect of the present application;

fig. 2 is one of schematic flow charts of an authentication method provided in an embodiment of the first aspect of the present application;

fig. 3 is a second schematic flowchart of an authentication method according to an embodiment of the first aspect of the present application;

fig. 4 is one of schematic structural diagrams of an authentication apparatus provided in an embodiment of a second aspect of the present application;

fig. 5 is a second schematic structural diagram of an authentication apparatus according to an embodiment of the second aspect of the present application;

fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the third aspect of the present application.

Detailed Description

In order to make the technical solutions of the present application better understood by those of ordinary skill in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are intended to be illustrative only and are not intended to be limiting. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present application by illustrating examples thereof.

It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the accompanying drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples consistent with certain aspects of the present application, as detailed in the appended claims.

As described in the background section, in order to solve the above problem, embodiments of the present application provide an authentication method, apparatus, system, medium, and program product, where first voiceprint information transmitted by an electronic device is obtained, and when the first voiceprint information matches target reference voiceprint information in at least one reference voiceprint information in a secure element, it is determined that a user passes authentication, and in this application, the reference voiceprint information is stored in the secure element. .

The authentication method provided by the embodiment of the present application is described in detail below with reference to the accompanying drawings through specific embodiments and application scenarios thereof.

Before introducing the authentication method of the present application, an authentication system for implementing the authentication method of the present application is first introduced, fig. 1 is a schematic structural diagram of an authentication system provided in an embodiment of the present application, and as shown in fig. 1, the authentication system provided in the embodiment of the present application may include: an electronic device 110 and a secure element 120.

The electronic device 110 is configured to obtain first voice information of a user, and analyze the first voice information to obtain first voiceprint information; and sending the first voiceprint information into the secure element.

A secure element 120 for matching the first voiceprint information with at least one reference voiceprint information; and determining that the user passes the authentication under the condition that the first voiceprint information is matched with the target reference voiceprint information; and sending the confirmation information passing the authentication to the electronic equipment so that the electronic equipment carries out payment operation based on the confirmation information.

In some embodiments of the present application, the electronic device may be, but is not limited to, a smart speaker, a smart television, a vehicle-mounted smart unit, a Personal Computer (PC), a smart phone, a tablet Computer, a Personal Digital Assistant (PDA), or the like.

The electronic device includes at least an input device (a microphone or a keyboard), an output device (a display screen or a sound box), a Control device (for example, a Micro Control Unit (MCU)), a storage Unit, and a communication Unit.

In some embodiments of the present application, the secure Element may be an Element with Security Element (SE). The environment of the secure element is secure, and the voiceprint information cannot be modified or stolen, so that the voiceprint information can be prevented from being replaced, and the security of the voiceprint information in the secure element is ensured.

In some embodiments of the present application, at least one reference voiceprint information may be included in the secure element.

In some embodiments of the present application, for each piece of reference voiceprint information, the piece of reference voiceprint information may be parsed by the electronic device based on the received second voice information of the user.

The second voice information may be voice information input by a user using a microphone of the electronic device.

The first voice information may be voice information input by a user using a microphone of the electronic device.

The first voiceprint information may be voiceprint feature data of the first voice information obtained after the first voice information is analyzed.

The target reference voiceprint information may be reference voiceprint information matched with the first voiceprint information in the at least one reference voiceprint information.

In the embodiment of the application, the first voiceprint information transmitted by the electronic equipment is acquired, and the user is determined to pass the authentication under the condition that the first voiceprint information is matched with the target reference voiceprint information in at least one piece of reference voiceprint information in the secure element.

In some embodiments of the present application, the electronic device is further configured to: performing information authentication on the user based on the first voice information; under the condition that the information authentication of the user is determined to pass, sending the first voiceprint information to the safety element;

the security element is particularly configured to: matching the first voiceprint information with at least one reference voiceprint information; and determining that the identity authentication of the user passes under the condition that the first voiceprint information is matched with the target reference voiceprint information.

The information authentication may be to verify whether data content extracted based on the first voice information input by the user is consistent with a random verification code received by the electronic device.

The authentication method provided by the embodiment of the present application is described in detail below. Fig. 2 is a flowchart illustrating an authentication method according to an embodiment of the present application, where the authentication method is executed by the secure element 120 in fig. 1.

It should be noted that the same terms and explanations in the embodiments of the present application as those in the above embodiments are not repeated herein.

As shown in fig. 2, the authentication method provided by the embodiment of the present application may include steps 210 to 230.

And step 210, acquiring first voiceprint information.

The first voiceprint information can be obtained by analyzing the electronic equipment based on the received first voice information of the user.

And step 220, determining that the user passes the authentication under the condition that the first voiceprint information is matched with the target reference voiceprint information.

The target reference voiceprint information may be reference voiceprint information matched with the first voiceprint information in the at least one piece of reference voiceprint information.

For each piece of reference voiceprint information, the reference voiceprint information can be obtained by analyzing the electronic device based on the received second voice information of the user.

In some embodiments of the present application, in order to enhance the user experience, step 210 may specifically include:

acquiring first voiceprint information under the condition that the electronic equipment is determined to pass information authentication of the user;

step 220 may specifically include:

and determining that the identity authentication of the user passes under the condition that the first voiceprint information is matched with the target reference voiceprint information.

In some embodiments of the present application, authenticating a user is authenticating that the user is a real person, not a machine.

In some embodiments of the application, a random verification code may be displayed in the electronic device, and a user reads the random verification code (that is, obtains the first voice information), and when the random verification code read by the user is extracted from the first voice information, and the extracted random verification code read by the user is consistent with the random verification code displayed in the electronic device, it may be determined that the information authentication of the user passes.

In the embodiment of the application, when the information authentication of the user is determined to pass, the first voiceprint information corresponding to the first voice information is obtained again, and when the first voiceprint information is matched with the target reference voiceprint information, the identity authentication of the user is determined to pass.

That is, in some embodiments of the present application, the voice information used for the information authentication of the user by the electronic device and the identity authentication of the user by the secure element is the same voice information.

In some embodiments of the present application, the user is authenticated in order for the user to be an authorized user of the electronic device, i.e., the authenticated user a is an authorized user a and not an unauthorized user B.

In the embodiment of the application, the same voice information is adopted for the information authentication and the identity authentication, so that the user does not need to input the voice information for many times, the user operation is saved, and the user experience is improved.

And step 230, sending the confirmation information that the authentication is passed to the electronic equipment so that the electronic equipment carries out payment operation based on the confirmation information.

In some embodiments of the present application, the authentication system described above may be applied in a payment scenario. In particular, the method can be applied to a payment scene of a gas station.

In some embodiments of the present application, in order to ensure the security of payment, after step 240, the authentication method as referred to above may further include:

generating data to be paid for payment order information;

and sending the data to be paid to the electronic equipment so as to pay based on the data to be paid.

The order information can be generated by the electronic equipment in response to a purchase instruction of the user.

In some embodiments of the present application, the purchase instruction may be a voice purchase instruction input by the user on the electronic device, or may be an instruction generated in response to the user performing an operation of purchasing the article on the electronic device.

The data to be paid may include, but is not limited to: bank card number, payment validity period, card owner name, payment amount and user voiceprint information.

The data to be paid may also include a secure payment address provided by the merchant, and the electronic device may access the address to complete the payment based on the secure payment address.

In the embodiment of the application, the data to be paid for the payment order information is generated, and the data to be paid is sent to the electronic equipment so as to carry out payment based on the data to be paid, so that payment can be carried out only after the identity authentication of the user is determined to pass, and the payment safety is ensured.

In some embodiments of the present application, at least one of the electronic device and the checkout device may be in an offline state while making a payment based on the data to be paid. The electronic device and the payment apparatus may be communicatively connected, and specifically, may be connected through Near Field Communication (NFC) or Bluetooth Low Energy (BLE).

The following is presented for these two cases:

(1) One of the electronic device and the money receiving device is in an off-line state

The authentication method of the embodiment of the application supports a single-connection payment scene, namely only one of a payment device (namely, electronic device) or a collection device is in a networking state.

For example, oil fees are paid at a gas station, and the oil fees are paid to an oil gun or a point of sale (POS) machine of the gas station by vehicle-mounted intelligent devices (namely, electronic devices), each vehicle-mounted electronic device can be off-line and communicates with the POS machine or the oil gun device of the gas station through NFC or BLE and completes payment transactions, and the gas station has unified devices capable of being networked to broadcast payment information through a large screen or a voice terminal.

The following is described with respect to one of the electronic device and the checkout device being offline:

(a) Only the electronic device is networked, i.e. the checkout device is in an offline state:

the sending the data to be paid to the electronic device to perform payment based on the data to be paid may specifically include:

under the condition that the cash register is in an offline state, the safety element sends the data to be paid to the electronic equipment, so that the electronic equipment sends payment information corresponding to the data to be paid to the server.

Specifically, when the checkout device is in an offline state, the payment process may be as follows:

the electronic device communicates with the POS machine in a near field communication mode, such as Bluetooth. The electronic equipment and the POS machine are mutually authenticated, the electronic equipment and the user interact to generate order information, SE of the electronic equipment authenticates first voiceprint information of the user, after the SE authentication is passed, data to be paid are generated and returned to the electronic equipment, the electronic equipment sends payment information corresponding to the data to be paid to a bank server or a merchant server (the merchant server interacts with the bank server), and after the money deduction is successful, a payment success certificate is returned to the electronic equipment and/or the merchant unified networking equipment.

(b) Only the collection device is networked, and the electronic device cannot be connected to the internet temporarily or permanently:

the sending of the data to be paid to the electronic device for payment based on the data to be paid may specifically include:

under the condition that the electronic equipment is in an offline state, the safety element sends the data to be paid to the electronic equipment, so that the electronic equipment sends payment information corresponding to the data to be paid to the money receiving equipment.

Specifically, when the electronic device is in an offline state, the payment process may be as follows:

the electronic device communicates with the POS machine in a near field communication mode, such as Bluetooth. The electronic device and the POS machine are mutually authenticated. The electronic equipment interacts with a user to generate order information, an SE of the electronic equipment authenticates first voiceprint information of the user, after the SE authentication is passed, data to be paid are generated and returned to the electronic equipment, the electronic equipment sends the order information and the data to be paid to a POS machine through Bluetooth, the POS machine communicates with a bank server or a merchant server through a network (the merchant server interacts with the bank server), and after money deduction is successful, a payment success certificate is returned to the POS machine.

(2) The electronic device and the cash register are both off-line

Specifically, when both the electronic device and the payment apparatus are in an offline state, the payment process may be as follows:

this case is mainly applied to a scenario in which a transaction is performed using digital money. And after the two parties of the payment and receipt pass the authentication and the SE voiceprint information of the payer passes the authentication, the SE generates data to be paid according to the payment amount, the account information and the like, and the payment information corresponding to the data to be paid is sent to the payee through the transmission module. The two parties respectively record the information of the digital currency payment to finish the double-off-line payment.

The data to be paid may be a digital currency string to be paid.

In the embodiment of the application, the voiceprint information authentication is carried out in the SE, the security is higher, the voiceprint information comparison process and result cannot be informed to the outside, and only whether payment operation is carried out is informed, so that the security of the voiceprint information is further ensured.

In some embodiments of the present application, the secure element may be disposed in a gateway, the gateway may be connected to at least one electronic device, and the secure element may include at least one storage area, where each storage area corresponds to one electronic device and is used for storing voiceprint information of a user, acquired by the corresponding electronic device.

acquiring first voiceprint information transmitted by target electronic equipment and equipment information of the target electronic equipment;

step 220 may specifically include:

determining a target storage area corresponding to the target electronic device based on the device information;

in a case where the first voiceprint information matches the target reference voiceprint information stored in the target storage area, it is determined that the authentication of the user passes.

The target electronic device may be any one of the at least one electronic device.

The target storage area may be a storage area in the secure element corresponding to the target electronic device.

In some embodiments of the present application, there may be a plurality of electronic devices, each connected to a gateway, managed collectively by the gateway. The SE is arranged in the gateway and is used for voiceprint authentication of the electronic equipment connected with the SE.

Different electronic devices may belong to different users, and thus, different electronic devices correspond to different voiceprint users. Each electronic device and SE may communicate using a different key.

For this, the SE may divide a storage area, and store voiceprints of users of different electronic devices and keys of corresponding electronic devices, respectively.

In some embodiments of the present application, the first voiceprint information may be sent to the secure element by the gateway after the target electronic device corresponding to the first voice information is identified.

The device information may be sent to the secure element after the gateway identifies the target electronic device corresponding to the first voice information.

In an embodiment of the application, the secure element may be disposed in a gateway, the gateway may be connected to at least one electronic device, the secure element may include at least one storage area, each storage area corresponds to one electronic device and is configured to store voiceprint information of a user acquired by the corresponding electronic device, so that first voiceprint information transmitted by the target electronic device and device information of the target electronic device may be acquired, and then according to the device information, a target storage area corresponding to the target electronic device may be determined, so that when the first voiceprint information is matched with target reference voiceprint information stored in the target storage area, it is determined that the user passes authentication, so that voiceprint authentication may be performed on each electronic device respectively, and voiceprint payment is performed, thereby improving user experience.

In some embodiments of the application, each electronic device and the secure element may communicate based on a different key.

In some embodiments of the present application, the first voiceprint information may be voiceprint information encrypted by the electronic device based on the first secret key.

In the case that the first voiceprint information matches the reference voiceprint information stored in the target storage area in the secure element, before determining that the authentication of the user is passed, the authentication method may further include:

decrypting the first voiceprint information based on a first key corresponding to the target electronic device;

step 220 may specifically include:

and determining that the user passes the authentication under the condition that the first voiceprint information is decrypted and matched with the reference voiceprint information stored in the target storage area in the safety element.

Wherein the first secret key may be a key for communication between the electronic device and the secure element.

In some embodiments of the application, when the secure element is provided in the gateway, the payment procedure may be as follows:

after a user interacts with electronic equipment to generate order information, voiceprint payment is selected, the electronic equipment sends voiceprint characteristic data (namely first voiceprint information) to a gateway, the gateway judges and identifies the electronic equipment sending voiceprints, the first voiceprint information and a storage region corresponding to the electronic equipment are sent to an SE, the SE decrypts the first voiceprint information by using a corresponding secret key (namely a first secret key), and compares the first voiceprint information with the voiceprint information (namely target reference voiceprint information) in the storage region, if the first voiceprint information and the storage region are consistent, a message of successful authentication is returned to the gateway, and the gateway and a corresponding server communicate to complete payment operation.

In the embodiment of the application, by decrypting the first voiceprint information based on the first key corresponding to the target electronic device, it is determined that the user passes the authentication when the decryption of the first voiceprint information is completed and the first voiceprint information matches with the reference voiceprint information stored in the target storage area in the secure element, so that the first voiceprint information passes the encrypted voiceprint information, and the authentication is performed only after the decryption succeeds, thereby further ensuring the security of the voiceprint information.

In some embodiments of the present application, to further enhance the user experience, the secure element may also be disposed within the integrated circuit card.

Step 210 may specifically include:

receiving first voiceprint information sent by a control element of an integrated circuit card;

step 220 may specifically include:

decrypting the first voiceprint information by using the second key;

and determining that the user passes the authentication under the condition that the first voiceprint information is decrypted and matched with the target reference voiceprint information.

The Control element of the integrated circuit card may be a controller of the integrated circuit card, for example, a Micro Control Unit (MCU) of the integrated circuit card.

The first voiceprint information may be voiceprint information encrypted based on the second secret key.

The first voiceprint information received by the control element of the integrated circuit card is transmitted by the electronic device.

The second secret key may be a key for the integrated circuit card to communicate with the secure element.

In the embodiment of the application, by receiving the first voiceprint information sent by the control element of the integrated circuit card, and then decrypting the first voiceprint information by using the second key, when the decryption of the first voiceprint information is completed and the first voiceprint information is matched with the target reference voiceprint information, the authentication of the user is determined to be passed, so that the first voiceprint information passes through the encrypted voiceprint information, and the authentication is performed after the decryption is successful, so that the security of the voiceprint information is further ensured.

In some embodiments of the present application, the integrated circuit card and the electronic device may be bound, and the integrated circuit card and the electronic device may be communicatively connected, and after step 220, the authentication method referred to above may further include:

and sending the confirmation information that the authentication is passed and the data to be paid for payment into the control element of the integrated circuit card, so that the control element of the integrated circuit card sends the data to be paid to the electronic equipment, and the electronic equipment completes payment based on the data to be paid.

In some embodiments of the present application, before sending the data to be paid for payment into the control element of the integrated circuit card, the authentication method referred to above may further comprise:

encrypting the data to be paid based on the third secret key;

the sending of the data to be paid for payment to the control element of the integrated circuit card comprises:

the encrypted data to be paid for the payment are sent to the control element of the integrated circuit card. The third key is a key for the secure element to directly communicate with the integrated circuit card.

In some embodiments of the present application, for an existing electronic device, if there is no SE, a secure authenticated payment may be implemented by configuring a separate integrated circuit card with SE for the electronic device.

During initialization, voiceprint feature data (i.e. reference voiceprint information) can be placed in an SE of an integrated circuit card, the integrated circuit card and the electronic device are bound, key negotiation is performed between the integrated circuit card and the electronic device, and a symmetric key or an asymmetric key can be used.

The user and the electronic equipment perform voice interaction to generate order information, and after the user selects voiceprint verification, the electronic equipment and the integrated circuit card can communicate through the near field communication module, for example, through NFC, BLE and the like.

The electronic equipment encrypts the acquired first voiceprint information by using the negotiated second secret key and transmits the first voiceprint information to the MCU of the integrated circuit card through NFC or BLE and the like, the MCU of the integrated circuit transmits the first voiceprint information to the SE of the integrated circuit card, the SE uses the corresponding second secret key to decrypt and then compares the first voiceprint information, after passing the authentication, the information passing the authentication is transmitted to the MCU, and meanwhile, the data for payment is encrypted by using the third secret key and transmitted to the MCU of the integrated circuit card. The integrated circuit card MCU transmits data for payment to the electronic device through NFC or BLE and the like, and the electronic device transmits encrypted payment data to a bank server or a merchant server (the merchant server and the bank server are interactive). The data for payment encrypted by the second secret key can be decrypted only by the bank server, and the electronic equipment only serves as a data transmission medium and cannot obtain real payment data, so that the safety of the payment data is guaranteed.

In the embodiment of the application, the secure element can be arranged in the integrated circuit card, and the integrated circuit card can be bound with the electronic device, so that voiceprint authentication can be performed on the electronic device, voiceprint payment can be performed, and user experience is improved.

In some embodiments of the present application, another implementable manner of the authentication method is also provided. Fig. 3 is a flowchart illustrating another authentication method according to an embodiment of the present application, where an execution subject of the authentication method may be the electronic device 110 in fig. 1.

As shown in fig. 3, the authentication method provided by the embodiment of the present application may include steps 310 to 330.

Step 310, obtaining the first voice information of the user.

And step 320, analyzing the first voice information to obtain first voiceprint information.

Step 330, sending the first voiceprint information to the secure element, so that the secure element matches the first voiceprint information with at least one reference voiceprint information; and determining that the user passes the authentication under the condition that the first voiceprint information is matched with the target reference voiceprint information, and sending confirmation information of the authentication to the electronic equipment so that the electronic equipment carries out payment operation based on the confirmation information.

Wherein the secure element may include therein at least one reference voiceprint information.

For each piece of reference voiceprint information, the reference voiceprint information may be obtained by the electronic device through analysis based on the received second voice information of the user.

In the embodiment of the application, the first voice print information is obtained by analyzing the acquired first voice information of the user, and the first voice print information is sent to the secure element, so that the secure element matches the first voice print information with at least one piece of reference voice print information; and under the condition that the first voiceprint information is matched with the target reference voiceprint information, the information authentication of the user is determined to be passed, so that the reference voiceprint information is stored in the safety element, the safety element is a safety environment, and the voiceprint information cannot be modified or stolen, so that the voiceprint information can be prevented from being replaced, the safety of the voiceprint information is ensured, and the voiceprint authentication is carried out in the safety element, so that the safety performance is higher.

In some embodiments of the present application, for further security of the voiceprint information, before step 330, the authentication method referred to above may further include:

performing information authentication on the user based on the first voiceprint information;

step 330 may specifically include:

under the condition that the information authentication of the user is confirmed to pass, sending the first voiceprint information to the safety element, so that the safety element matches the first voiceprint information with at least one piece of reference voiceprint information; and determining that the identity authentication of the user passes under the condition that the first voiceprint information is matched with the target reference voiceprint information.

The information authentication may be a verification for verifying whether data content extracted based on the first voice information input by the user is consistent with a random verification code received by the electronic device.

In the embodiment of the application, the first voiceprint information corresponding to the first voice information is obtained again under the condition that the information authentication of the user is determined to pass, and the identity authentication of the user is determined to pass under the condition that the first voiceprint information is matched with the target reference voiceprint information.

In some embodiments of the present application, to further enhance the user experience, before step 310, the authentication method related to the above may further include:

acquiring a purchase instruction of a user;

generating order information based on the purchase instruction;

acquiring a random verification code corresponding to order information;

correspondingly, step 310 may specifically include:

and acquiring first voice information of a user reading the random verification code.

The random verification code may be a verification code generated by the electronic device for verifying the information of the user.

In some embodiments of the present application, the electronic device communicates with the merchant server, and after generating the order information, the electronic device obtains a random verification code (e.g., randomly displaying several digits, requiring the user to read the random verification code according to its listed rules) and displays the random verification code to the user, obtains the voice input by the user (i.e., the first voice information), identifies the voice, extracts the content spoken by the user, and compares the content spoken by the user with the dynamic random verification code provided by the merchant server to verify whether the content spoken by the user is consistent with the displayed content. If so, acquiring the first voice information of the user again, and authenticating the identity of the user based on the first voice information.

In some embodiments of the present application, the comparing the first voice information spoken by the user with the random verification code may be performed locally (the device stores and analyzes the dynamic verification information sent by the server), or may be performed at the server side (the device extracts the user content, sends the content to the server side, and compares the content with the server), which is not limited herein.

In the embodiment of the application, the order information is generated based on the obtained purchase instruction of the user, then the random verification code corresponding to the order information is obtained, and the first voice information of the random verification code read by the user is obtained, so that the information authentication and the identity authentication can be performed on the user based on the first voice information, the information authentication is performed firstly, then the identity authentication is performed, the authentication safety is improved, meanwhile, the information authentication and the identity authentication are performed successively through the same voice information, the voice information of a plurality of users does not need to be obtained, and the user experience is improved.

In some embodiments of the present application, for further security of the voiceprint information, before step 310, the authentication method referred to above may further include:

acquiring second voice information of the user;

analyzing the second voice information to obtain reference voiceprint information;

sending the reference voiceprint information into the secure element to cause the secure element to store the reference voiceprint information.

In some embodiments of the present application, in a secure environment, the voice of the user (i.e., the second voice message) may be collected, the voice may be converted into voiceprint feature data (i.e., the reference voiceprint message), and the voiceprint feature data may be initially stored in the SE of the electronic device, or may be sent by the server through the secure channel and stored in the SE of the electronic device. In the embodiment of the application, the voiceprint information corresponding to the acquired second voice information is stored in the secure element, so that the security of the reference voiceprint information is improved.

In the authentication method, the electronic equipment can be used for purchasing commodity service through voice interaction, the SE is used for authenticating the voiceprint information of the user in the transaction process, and the payment operation can be carried out only after the authentication is passed.

Possible usage scenarios include: the intelligent sound box is used for purchasing songs, and the intelligent television is used for purchasing movies or other goods sold on line.

The whole process can include: and the control device of the intelligent sound box receives the voice instruction (namely, the third voice information), generates transaction order information, requires the user to carry out voiceprint authentication, sends voiceprint characteristics input by the user to the SE, waits for and receives the authentication information of the SE, and activates transaction operation after the SE confirms that the transaction can be carried out.

The scheme supports online payment, single online payment and double offline payment, and the following scenario takes online payment as an example for description.

The conventional transaction flow mainly includes: (1) generating an order according to the instruction; (2) SE voice authentication; and (3) activating the order.

(1) The input device of the electronic equipment receives the voice command and generates order information.

The electronic device may specifically be a smart speaker.

The order information may include at least: purchase item type, quantity, total price and payee.

The manner of generating order information may be: and the user interacts with the electronic equipment through the voice man-machine interface. For example, a user sends a purchase instruction through voice, a control device of the electronic equipment identifies and analyzes the voice of the user, extracts and generates order information, the order information is interacted with the user through a man-machine interaction interface, and the user confirms the order information.

(2) After the order information is confirmed, the electronic equipment defaults or is selected by the user to carry out voiceprint authentication.

Voiceprint authentication comprises two steps: information authentication and identity authentication.

The first step is as follows: information authentication

The electronic equipment communicates with the merchant server, after order information is generated, the electronic equipment obtains a random verification code (for example, several numbers are randomly displayed, the user is required to read according to enumerated rules) and displays the random verification code to the user, after voice input by the user (namely, second voice information) is obtained, recognition is carried out, content spoken by the user is extracted and obtained, the content spoken by the user is compared with the dynamic random verification code provided by the merchant server, and whether the content spoken by the user is consistent with the displayed content is verified. If so, acquiring first voice information of the user, and performing identity authentication on the user based on the first voice information.

The second step is that: identity authentication

A microphone of the electronic device acquires authentication sound, namely first voice information, input by a user, (in order to ensure good user experience, to avoid the user from inputting voice information twice, preferably, sound when the user performs information authentication is simultaneously used as a voiceprint template for identity authentication), a control device of the electronic device analyzes and calculates, converts the sound into a voiceprint feature template (namely the first voiceprint information), sends the converted first voiceprint information to an SE, compares the received first voiceprint information with reference voiceprint information preset in the SE, and judges whether the received first voiceprint information and the reference voiceprint information belong to the same person or not. And when the contact ratio (score) obtained by comparison is larger than a certain threshold value (the preset value can be set according to the requirement of the user), the authentication is passed. And the SE sends the message of successful authentication to the electronic equipment, activates the order and carries out a subsequent transaction flow.

Note that the voice print feature data (i.e., the first voice print information) of a specific phrase is stored in the SE, and the same specific phrase needs to be spoken even when the user authenticates (correspondence scenario: reading a fixed number string, comparing with the voice print information of the same number string stored in the SE).

A plurality of voiceprint characteristic data of the user are stored in the SE, when the user authenticates the user, other sentences are spoken, and whether the voiceprints are the same or not can also be judged based on the other sentences (corresponding scenes: reading random numbers or characters, extracting voiceprint information, comparing the voiceprint information with the voiceprint information stored in the SE, and judging whether the voiceprints come from the same person or not).

With respect to the reference voiceprint information: the voice of the user can be collected in a secure environment, the voice is converted into voiceprint characteristic data (namely reference voiceprint information), and the voiceprint characteristic data is initially stored in the SE, or the voiceprint characteristic data is issued by the server through a secure channel and stored in the SE.

One SE can store voiceprint information of a plurality of persons, and when voiceprint authentication is carried out, the SE compares the received voiceprint characteristic data with all reference voiceprint characteristic data preset in the SE one by one, and judges whether the received voiceprint characteristic data and at least one of prestored voiceprints belong to the same person or not.

(3) And carrying out payment operation after the authentication is passed.

And after the SE confirms that the voiceprint belongs to the same person, activating the payment operation. The concrete form is as follows: data for payment (i.e., data to be paid) is provided. The SE encrypts the data for payment and transmits the data to a control device of the electronic equipment, and the control device transmits payment information to a payee or a bank server through the communication module.

In the embodiment of the application, since the data to be paid is originated in the SE, the data is ensured to be safe and tamper-proof.

It should be noted that, in the authentication method provided in the embodiment of the present application, the execution subject may be an authentication device, or a control module in the authentication device for executing the authentication method.

Based on the same inventive concept as the authentication method, the application also provides an authentication device. The following describes in detail an authentication apparatus provided in an embodiment of the present application with reference to fig. 4.

Fig. 4 is a schematic diagram illustrating a structure of an authentication apparatus according to an exemplary embodiment.

As shown in fig. 4, the authentication apparatus 400 may be applied to a secure element, and the authentication apparatus 400 may include:

a first obtaining module 410, configured to obtain first voiceprint information; wherein the first voiceprint information is obtained by the electronic equipment through analysis based on the received first voice information of the user,

a first determining module 420, configured to determine that the user passes authentication if the first voiceprint information matches target reference voiceprint information; the target reference voiceprint information is reference voiceprint information matched with the first voiceprint information in at least one piece of reference voiceprint information; for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user;

a first sending module 430, configured to send the confirmation information that the authentication passes to the electronic device, so that the electronic device performs a payment operation based on the confirmation information.

In the embodiment of the application, the first voiceprint information is acquired through the first acquisition module, the user is determined to pass the authentication based on the first determination module under the condition that the first voiceprint information is matched with the target reference voiceprint information, the confirmed information passing the authentication is sent to the electronic equipment based on the first sending module, so that the electronic equipment carries out payment operation based on the confirmed information.

In some embodiments of the present application, to ensure security of payment, the first obtaining module 410 may specifically be configured to:

acquiring first voiceprint information under the condition that the electronic equipment is determined to pass the information authentication of the user; the information authentication is to verify whether the data content extracted based on the first voice information input by the user is consistent with a random verification code received by the electronic equipment;

the first determining module 420 may specifically be configured to:

In some embodiments of the present application, in order to improve user experience, voice information used by the electronic device for authenticating the user information and the secure element for authenticating the user identity are the same voice information.

In some embodiments of the present application, the authentication device as described above may further include:

the first generation module is used for generating data to be paid for payment order information; the order information is generated by the electronic equipment in response to a purchase instruction of the user;

and the second sending module is used for sending the data to be paid to the electronic equipment so as to carry out payment based on the data to be paid.

In some embodiments of the subject application, at least one of the electronic device and the checkout device is in an offline state, the electronic device and the checkout device are communicatively coupled; the second sending module is specifically configured to:

under the condition that the electronic equipment is in an offline state, the secure element sends the data to be paid to the electronic equipment, so that the electronic equipment sends payment information corresponding to the data to be paid to a money receiving device;

under the condition that the money receiving device is in an offline state, the secure element sends the data to be paid to the electronic device, so that the electronic device sends payment information corresponding to the data to be paid to a server.

In some embodiments of the present application, the secure element is disposed in a gateway, the gateway is connected to at least one electronic device, the secure element includes at least one storage area, and each storage area corresponds to one electronic device and is configured to store voiceprint information of a user, acquired by the corresponding electronic device.

In some embodiments of the present application, to improve user experience, the first obtaining module 410 may be specifically configured to:

acquiring first voiceprint information corresponding to target electronic equipment and equipment information of the target electronic equipment; the target electronic equipment is any one of at least one electronic equipment; the gateway identifies the target electronic equipment corresponding to the first voice message and then sends the first voice print message to the secure element; the device information is sent to the safety element after the gateway identifies the target electronic device corresponding to the first voice information;

the first determining module 420 may specifically include:

a first determination unit configured to determine a target storage area corresponding to the target electronic device based on the device information;

a second determination unit configured to determine that the user passes authentication in a case where the first voiceprint information matches target reference voiceprint information stored in the target storage area; the target storage area is a storage area corresponding to the target electronic device in the secure element.

In some embodiments of the application, each electronic device communicates with the secure element based on a different key; the first voiceprint information is the voiceprint information encrypted by the electronic equipment based on a first secret key;

the first determining module 420 may further include:

the second determination unit may specifically be configured to:

and determining that the user passes the authentication if the first voiceprint information is decrypted and the first voiceprint information is matched with the reference voiceprint information stored in the target storage area in the secure element.

In some embodiments of the present application, to further enhance the user experience, the secure element is disposed within an integrated circuit card.

The first obtaining module 410 may specifically be configured to:

receiving first voiceprint information sent by a control element of the integrated circuit card; the first voiceprint information is encrypted based on a second secret key, and the first voiceprint information received by the control element of the integrated circuit card is sent by the electronic equipment;

the first determining module 420 may specifically be configured to:

decrypting the first voiceprint information by using the second secret key;

In some embodiments of the present application, the integrated circuit card is bound to the electronic device, and the integrated circuit card is communicatively connected to the electronic device, and the authentication apparatus may further include:

and the third sending module is used for sending the authentication passing confirmation information and the data to be paid for payment into the control element of the integrated circuit card, so that the control element of the integrated circuit card sends the data to be paid to the electronic equipment, and the electronic equipment completes payment based on the data to be paid.

the encryption module is used for encrypting the data to be paid based on a third secret key;

the third sending module may specifically be configured to:

and sending the encrypted data to be paid for payment to a control element of the integrated circuit card.

The authentication apparatus provided in the embodiment of the present application may be configured to execute the authentication method provided in the method embodiment in which the execution subject is a secure element, and the implementation principle and the technical effect are similar, and for the sake of brevity, no further description is given here.

Fig. 5 is a schematic diagram illustrating the structure of another authentication apparatus according to an exemplary embodiment.

As shown in fig. 5, the authentication apparatus 500 may be applied to an electronic device, and the authentication apparatus 500 may include:

a first obtaining module 510, configured to obtain first voice information of a user;

a first determining module 520, configured to analyze the first voice information to obtain first voiceprint information;

a first sending module 530, configured to send the first voiceprint information to a secure element, so that the secure element matches the first voiceprint information with at least one reference voiceprint information; under the condition that the first voiceprint information is matched with the target reference voiceprint information, the authentication of the user is determined to be passed, and confirmation information of the authentication passing is sent to the electronic equipment, so that the electronic equipment carries out payment operation based on the confirmation information; the secure element comprises at least one piece of reference voiceprint information, and the target reference voiceprint information is the reference voiceprint information which is matched with the first voiceprint information in the at least one piece of reference voiceprint information; and for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user.

In the embodiment of the application, the first voice information of the user acquired by the acquisition module is analyzed through the first determination module to obtain first voiceprint information, and the first voiceprint information is sent to the secure element based on the first sending module, so that the secure element matches the first voiceprint information with at least one piece of reference voiceprint information; and under the condition that the first voiceprint information is matched with the target reference voiceprint information, the authentication of the user is determined to be passed, so that the reference voiceprint information is stored in the safety element, the safety element is a safety environment, and the voiceprint information cannot be modified or stolen, so that the voiceprint information can be prevented from being replaced, the safety of the voiceprint information is ensured, and the voiceprint authentication is carried out in the safety element, so that the safety performance is higher.

In some embodiments of the present application, to further enhance the security of the voiceprint information,

the information authentication module is used for performing information authentication on the user based on the first voiceprint information; the information authentication is to verify whether the data content extracted based on the first voice information input by the user is consistent with a random verification code received by the electronic equipment;

the first sending module 530 may specifically be configured to:

under the condition that the information authentication of the user is confirmed to pass, sending the first voiceprint information to a secure element, so that the secure element matches the first voiceprint information with at least one piece of reference voiceprint information; and determining that the identity authentication of the user passes under the condition that the first voiceprint information is matched with the target reference voiceprint information.

In some embodiments of the present application, in order to further enhance the user experience, the authentication apparatus may further include:

the third acquisition module is used for acquiring the purchase instruction of the user;

the first generation module is used for generating order information based on the purchase instruction;

the fourth obtaining module is used for obtaining the random verification code corresponding to the order information; the random verification code is used for performing information verification on the user;

the first obtaining module 510 may specifically be configured to:

and acquiring first voice information of the user reading the random verification code.

In some embodiments of the present application, in order to further enhance the security of the voiceprint information, the authentication apparatus mentioned above may further include:

the second acquisition module is used for acquiring second voice information of the user;

the second determining module is used for analyzing the second voice information to obtain reference voiceprint information;

and a third sending module, configured to send the reference voiceprint information to the secure element, so that the secure element stores the reference voiceprint information.

The authentication apparatus provided in the embodiment of the present application may be configured to execute the authentication method provided in the method embodiment in which the execution subject is an electronic device, and the implementation principle and the technical effect are similar, and for the sake of brevity, no further description is given here.

Based on the same inventive concept, the embodiment of the application also provides the electronic equipment.

Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 6, the electronic device may include a processor 601 and a memory 602 storing computer programs or instructions.

Specifically, the processor 601 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured as one or more Integrated circuits implementing embodiments of the present invention.

Memory 602 may include mass storage for data or instructions. By way of example, and not limitation, memory 602 may include a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, tape, or Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 602 may include removable or non-removable (or fixed) media, where appropriate. The memory 602 may be internal or external to the integrated gateway disaster recovery device, where appropriate. In a particular embodiment, the memory 602 is a non-volatile solid-state memory. The Memory may include Read Only Memory (ROM), random Access Memory (RAM), magnetic disk storage media devices, optical storage media devices, flash Memory devices, electrical, optical, or other physical/tangible Memory storage devices. Thus, in general, the memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software comprising computer-executable instructions and when the software is executed (e.g., by one or more processors), it is operable to perform the operations described for the authentication methods provided by the embodiments described above.

The processor 601 realizes any one of the authentication methods in the above embodiments by reading and executing computer program instructions stored in the memory 602.

In one example, the electronic device may also include a communication interface 603 and a bus 610. As shown in fig. 6, the processor 601, the memory 602, and the communication interface 603 are connected via a bus 610 to complete communication therebetween.

The communication interface 603 is mainly used for implementing communication between modules, devices, units and/or devices in the embodiment of the present invention.

The bus 610 includes hardware, software, or both to couple the components of the electronic device to one another. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hypertransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 610 may include one or more buses, where appropriate. Although specific buses have been described and shown in the embodiments of the invention, any suitable buses or interconnects are contemplated by the invention.

The electronic device may execute the authentication method in the embodiment of the present invention, so as to implement the authentication method described in fig. 2 to fig. 3.

In addition, in combination with the authentication method in the foregoing embodiment, the embodiment of the present invention may provide a readable storage medium to implement. The readable storage medium having stored thereon program instructions; the program instructions, when executed by a processor, implement any of the authentication methods in the above embodiments.

In addition, in combination with the authentication method in the above embodiments, the embodiments of the present invention may be implemented by providing a computer program product. The instructions in the computer program product, when executed by a processor of the electronic device, cause the electronic device to perform any of the authentication methods in the above embodiments.

It is to be understood that the invention is not limited to the specific arrangements and instrumentality described above and shown in the drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions or change the order between the steps after comprehending the spirit of the present invention.

The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.

It should also be noted that the exemplary embodiments mentioned in this patent describe some methods or systems based on a series of steps or devices. However, the present invention is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.

Aspects of the present application are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions/acts specified in the flowchart and/or block diagram block or blocks. Such a processor may be, but is not limited to, a general purpose processor, a special purpose processor, an application specific processor, or a field programmable logic circuit. It will also be understood that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based computer instructions which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

As described above, only the specific embodiments of the present invention are provided, and it can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the module and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present invention, and these modifications or substitutions should be covered within the scope of the present invention.

Claims

1. An authentication method applied to a secure element including at least one reference voiceprint information therein, the method comprising:

2. The method of claim 1, wherein the obtaining the first voiceprint information comprises:

determining that the user passes authentication when the first voiceprint information matches the reference voiceprint information, comprising:

3. The method according to claim 2, wherein the voice information used for the information authentication of the user by the electronic device and the identity authentication of the user by the secure element is the same voice information.

4. The method of claim 2, wherein after the determining that the identity authentication of the user is passed, the method further comprises:

generating data to be paid for payment order information; the order information is generated by the electronic equipment in response to a purchase instruction of the user;

after the sending the confirmation information that the authentication is passed to the electronic device, the method further includes:

5. The method of claim 4, wherein at least one of the electronic device and a checkout device are offline, the electronic device and the checkout device being communicatively coupled;

the sending the data to be paid to the electronic device to pay based on the data to be paid comprises:

under the condition that the electronic equipment is in an offline state, the safety element sends the data to be paid to the electronic equipment so that the electronic equipment sends payment information corresponding to the data to be paid to a money receiving device;

6. The method according to claim 1, wherein the secure element is disposed in a gateway, the gateway is connected to at least one electronic device, and the secure element includes at least one storage area, each storage area corresponds to one electronic device, and is configured to store voiceprint information of the user acquired by the corresponding electronic device.

7. The method of claim 6, wherein the obtaining the first voiceprint information comprises:

determining that the user passes authentication when the first voiceprint information matches target reference voiceprint information, comprising:

determining that the user passes authentication when the first voiceprint information matches target reference voiceprint information stored in the target storage area; the target storage area is a storage area corresponding to the target electronic device in the secure element.

8. The method of claim 7, wherein each electronic device communicates with the secure element based on a different key; the first voiceprint information is the voiceprint information encrypted by the electronic equipment based on a first secret key;

in a case where the first voiceprint information matches reference voiceprint information stored in a target storage area in the secure element, before determining that the authentication of the user is passed, the method further comprises:

the determining that the user is authenticated in the case that the first voiceprint information matches reference voiceprint information stored in a target storage area in the secure element, includes:

9. The method of claim 1, wherein the secure element is disposed within an integrated circuit card;

the acquiring of the first voiceprint information includes:

decrypting the first voiceprint information by using the second secret key;

10. The method of claim 9, wherein the integrated circuit card is bound to the electronic device, wherein the integrated circuit card is communicatively coupled to the electronic device,

after the determining that the authentication of the user passes, the method further comprises:

and sending the confirmation information which passes the authentication and the data to be paid for payment to the control element of the integrated circuit card, so that the control element of the integrated circuit card sends the data to be paid to the electronic equipment, and the electronic equipment completes the payment based on the data to be paid.

11. The method of claim 10, wherein prior to sending the data to be paid for payment to the control element of the integrated circuit card, the method further comprises:

encrypting the data to be paid based on a third key;

12. An authentication method, applied to an electronic device, the method comprising:

acquiring first voice information of a user;

analyzing the first voice information to obtain first voiceprint information;

13. The method of claim 12, wherein prior to said sending the first voiceprint information into a secure element, the method further comprises:

performing information authentication on the user based on the first voiceprint information; the information authentication is to verify whether the data content extracted based on the first voice information input by the user is consistent with a random verification code received by the electronic equipment;

sending the first voiceprint information into a secure element so that the secure element matches the first voiceprint information with at least one reference voiceprint information; and determining that the user passes the authentication when the first voiceprint information matches the target reference voiceprint information, comprising:

under the condition that the information authentication of the user is confirmed to pass, the first voiceprint information is sent to a secure element, so that the secure element can match the first voiceprint information with at least one piece of reference voiceprint information; and determining that the identity authentication of the user passes under the condition that the first voiceprint information is matched with the target reference voiceprint information.

14. The method of claim 13, wherein prior to said obtaining the first voice information of the user, the method further comprises:

acquiring a purchase instruction of the user;

generating order information based on the purchase instruction;

acquiring the random verification code corresponding to the order information; the random verification code is used for performing information verification on the user;

the acquiring of the first voice information of the user comprises:

15. The method of claim 12, wherein prior to said obtaining the first voice information of the user, the method further comprises:

acquiring second voice information of the user;

16. An authentication apparatus, wherein the apparatus is applied to a secure element, and the secure element includes at least one piece of reference voiceprint information therein, and the apparatus comprises:

17. An authentication apparatus, applied to an electronic device, the apparatus comprising:

18. An authentication system, the system comprising:

19. The system of claim 18, wherein the electronic device is further configured to: performing information authentication on the user based on the first voiceprint information; the information authentication is to verify whether the data content extracted based on the first voice information input by the user is consistent with a random verification code received by the electronic equipment; under the condition that the information authentication of the user is determined to pass, sending the first voiceprint information to a safety element;

20. A readable storage medium, characterized in that it stores thereon a program or instructions which, when executed by a processor, implement the steps of the authentication method according to any one of claims 1 to 15.

21. A computer program product, characterized in that instructions in the computer program product, when executed by a processor of an electronic device, cause the electronic device to perform the steps of the authentication method according to any of claims 1-15.