KR20220064765A - Method for authenticating a user and electronic device thereof - Google Patents

Abstract

An electronic device, which can enhance user experience, according to the present disclosure includes a camera, a display, and at least one processor operatively connected to the camera and the display, wherein the at least one processor may run an application that can operate in a security state, acquire an image corresponding to a face of a user through the camera, attempt authentication of the user based on the acquired image, display a first user interface (UI) indicating that the authentication of the user is being performed through the display during the authentication of the user, determine an authentication maintenance time based on a specified parameter, and release the security state during the determined authentication maintenance time when the authentication of the user is successful. In addition, various embodiments recognized through the specification are possible.

Description

METHOD FOR AUTHENTICATING A USER AND ELECTRONIC DEVICE THEREOF

Various embodiments according to the present disclosure relate to a technique for performing user authentication using a camera in an electronic device.

As multimedia services are diversified, personal information stored in electronic devices is increasing, and the use of payment services using electronic devices is increasing. Accordingly, the electronic device provides various authentication services for protecting personal information or payment information stored in the electronic device from others. The authentication service provided by the electronic device may include at least one of a PIN code input, a pattern input, or a biometric authentication method using a user's physical characteristics. In particular, recently, among biometric authentication methods, face authentication has been widely used in various application fields such as security systems, mobile authentication, and multimedia data search because of its convenience and efficiency.

On the other hand, in the case of biometric authentication, a separate window for explicitly requesting authentication occurs and a specific action for authentication is requested from the user, thereby hindering usability and waste of time.

Various embodiments disclosed in this document provide an electronic device that uses a security function while maintaining an authentication status without a separate operation.

An electronic device according to an embodiment includes a camera, a display, and at least one processor operatively connected to the camera and the display, wherein the at least one processor executes an application capable of operating in a security state, Obtaining an image corresponding to the user's face through the camera, attempting authentication of the user based on the obtained image, and while authentication of the user is in progress, authentication of the user is in progress through the display may display a first user interface (UI) representing .

The method of operating an electronic device according to an embodiment includes an operation of executing an application capable of operating in a security state, an operation of acquiring an image corresponding to the user's face through a camera, and authentication of the user based on the acquired image an operation of attempting to, while the user's authentication is in progress, an operation of displaying a first user interface (UI) indicating that the user's authentication is in progress through a display, and an authentication maintenance time based on a specified parameter The determining operation may include, if the authentication of the user is successful, releasing the security state during the determined authentication maintenance time.

The electronic device according to various embodiments of the present disclosure may improve the user experience by allowing a security function to be used while maintaining use continuity without going through an additional authentication step.

In addition, various effects directly or indirectly identified through this document may be provided.

1 is a block diagram of an electronic device in a network environment according to an embodiment.
2A is a block diagram of an electronic device according to an exemplary embodiment.
2B is a block diagram illustrating a camera of an electronic device according to an embodiment.
3 is a diagram illustrating a system structure of an electronic device according to an exemplary embodiment.
4 is a flowchart illustrating a method for an electronic device to provide a user authentication function using a face authentication method, according to an exemplary embodiment.
5 is a diagram illustrating an electronic device displaying a UI informing of a user authentication state on a display according to an exemplary embodiment.
6 is a flowchart of a method for tracking a user's face after an electronic device succeeds in user authentication, according to an embodiment.
7 is a flowchart illustrating a method for an electronic device to execute a background authentication system according to an embodiment.
8A illustrates a UI displayed on a display when user authentication fails in an electronic device according to an embodiment.
8B illustrates a UI displayed on a display when an authentication time ends in an electronic device according to an embodiment.
9 illustrates an example of an authentication maintenance time and a number of authentication renewals determined based on an application attribute in an electronic device according to an embodiment.

1 is a block diagram of an electronic device 101 in a network environment 100 according to various embodiments of the present disclosure.

Referring to FIG. 1 , in a network environment 100 , an electronic device 101 communicates with an electronic device 102 through a first network 198 (eg, a short-range wireless communication network) or a second network 199 . It may communicate with the electronic device 104 or the server 108 through (eg, a long-distance wireless communication network). According to an embodiment, the electronic device 101 may communicate with the electronic device 104 through the server 108 . According to an embodiment, the electronic device 101 includes a processor 110 , a memory 130 , an input module 150 , a sound output module 155 , a display module 160 , an audio module 170 , and a sensor module ( 176), interface 177, connection terminal 178, haptic module 179, camera 180, power management module 188, battery 189, communication module 190, subscriber identification module 196, Alternatively, the antenna module 197 may be included. In some embodiments, at least one of these components (eg, the connection terminal 178 ) may be omitted or one or more other components may be added to the electronic device 101 . In some embodiments, some of these components (eg, sensor module 176 , camera 180 , or antenna module 197 ) may be integrated into one component (eg, display module 160 ). can

The processor 120, for example, executes software (eg, a program 140) to execute at least one other component (eg, a hardware or software component) of the electronic device 101 connected to the processor 120 . It can control and perform various data processing or operations. According to an embodiment, as at least part of data processing or operation, the processor 120 stores a command or data received from another component (eg, the sensor module 176 or the communication module 190 ) into the volatile memory 132 . may be stored in the volatile memory 132 , and may process commands or data stored in the volatile memory 132 , and store the result data in the non-volatile memory 134 . According to an embodiment, the processor 120 is the main processor 121 (eg, a central processing unit or an application processor) or a secondary processor 123 (eg, a graphic processing unit, a neural network processing unit) a neural processing unit (NPU), an image signal processor, a sensor hub processor, or a communication processor). For example, when the electronic device 101 includes the main processor 121 and the sub-processor 123 , the sub-processor 123 may use less power than the main processor 121 or may be set to be specialized for a specified function. can The auxiliary processor 123 may be implemented separately from or as a part of the main processor 121 .

The auxiliary processor 123 is, for example, on behalf of the main processor 121 while the main processor 121 is in an inactive (eg, sleep) state, or the main processor 121 is active (eg, executing an application). ), together with the main processor 121, at least one of the components of the electronic device 101 (eg, the display module 160, the sensor module 176, or the communication module 190) It is possible to control at least some of the related functions or states. According to an embodiment, the auxiliary processor 123 (eg, an image signal processor or a communication processor) may be implemented as a part of another functionally related component (eg, the camera 180 or the communication module 190 ). . According to an embodiment, the auxiliary processor 123 (eg, a neural network processing device) may include a hardware structure specialized for processing an artificial intelligence model. Artificial intelligence models can be created through machine learning. Such learning may be performed, for example, in the electronic device 101 itself on which artificial intelligence is performed, or may be performed through a separate server (eg, the server 108). The learning algorithm may include, for example, supervised learning, unsupervised learning, semi-supervised learning, or reinforcement learning, but in the above example not limited The artificial intelligence model may include a plurality of artificial neural network layers. Artificial neural networks include deep neural networks (DNNs), convolutional neural networks (CNNs), recurrent neural networks (RNNs), restricted boltzmann machines (RBMs), deep belief networks (DBNs), bidirectional recurrent deep neural networks (BRDNNs), It may be one of deep Q-networks or a combination of two or more of the above, but is not limited to the above example. The artificial intelligence model may include, in addition to, or alternatively, a software structure in addition to the hardware structure.

The memory 130 may store various data used by at least one component of the electronic device 101 (eg, the processor 120 or the sensor module 176 ). The data may include, for example, input data or output data for software (eg, the program 140 ) and instructions related thereto. The memory 130 may include a volatile memory 132 or a non-volatile memory 134 .

The program 140 may be stored as software in the memory 130 , and may include, for example, an operating system 142 , middleware 144 , or an application 146 .

The input module 150 may receive a command or data to be used in a component (eg, the processor 120 ) of the electronic device 101 from the outside (eg, a user) of the electronic device 101 . The input module 150 may include, for example, a microphone, a mouse, a keyboard, a key (eg, a button), or a digital pen (eg, a stylus pen).

The sound output module 155 may output a sound signal to the outside of the electronic device 101 . The sound output module 155 may include, for example, a speaker or a receiver. The speaker can be used for general purposes such as multimedia playback or recording playback. The receiver may be used to receive an incoming call. According to an embodiment, the receiver may be implemented separately from or as a part of the speaker.

The display module 160 may visually provide information to the outside (eg, a user) of the electronic device 101 . The display module 160 may include, for example, a control circuit for controlling a display, a hologram device, or a projector and a corresponding device. According to an embodiment, the display module 160 may include a touch sensor configured to sense a touch or a pressure sensor configured to measure the intensity of a force generated by the touch.

The audio module 170 may convert a sound into an electric signal or, conversely, convert an electric signal into a sound. According to an embodiment, the audio module 170 acquires a sound through the input module 150 or an external electronic device (eg, a sound output module 155 ) directly or wirelessly connected to the electronic device 101 . A sound may be output through the electronic device 102 (eg, a speaker or headphones).

The sensor module 176 detects an operating state (eg, power or temperature) of the electronic device 101 or an external environmental state (eg, user state), and generates an electrical signal or data value corresponding to the sensed state. can do. According to an embodiment, the sensor module 176 may include, for example, a gesture sensor, a gyro sensor, a barometric pressure sensor, a magnetic sensor, an acceleration sensor, a grip sensor, a proximity sensor, a color sensor, an IR (infrared) sensor, a biometric sensor, It may include a temperature sensor, a humidity sensor, or an illuminance sensor.

The interface 177 may support one or more designated protocols that may be used by the electronic device 101 to directly or wirelessly connect with an external electronic device (eg, the electronic device 102 ). According to an embodiment, the interface 177 may include, for example, a high definition multimedia interface (HDMI), a universal serial bus (USB) interface, an SD card interface, or an audio interface.

The connection terminal 178 may include a connector through which the electronic device 101 can be physically connected to an external electronic device (eg, the electronic device 102 ). According to an embodiment, the connection terminal 178 may include, for example, an HDMI connector, a USB connector, an SD card connector, or an audio connector (eg, a headphone connector).

The haptic module 179 may convert an electrical signal into a mechanical stimulus (eg, vibration or movement) or an electrical stimulus that the user can perceive through tactile or kinesthetic sense. According to an embodiment, the haptic module 179 may include, for example, a motor, a piezoelectric element, or an electrical stimulation device.

The camera 180 may capture still images and moving images. According to an embodiment, the camera 180 may include one or more lenses, image sensors, image signal processors, or flashes.

The power management module 188 may manage power supplied to the electronic device 101 . According to an embodiment, the power management module 188 may be implemented as, for example, at least a part of a power management integrated circuit (PMIC).

The battery 189 may supply power to at least one component of the electronic device 101 . According to an embodiment, the battery 189 may include, for example, a non-rechargeable primary cell, a rechargeable secondary cell, or a fuel cell.

The communication module 190 is a direct (eg, wired) communication channel or a wireless communication channel between the electronic device 101 and an external electronic device (eg, the electronic device 102, the electronic device 104, or the server 108). It can support establishment and communication performance through the established communication channel. The communication module 190 may include one or more communication processors that operate independently of the processor 120 (eg, an application processor) and support direct (eg, wired) communication or wireless communication. According to an embodiment, the communication module 190 is a wireless communication module 192 (eg, a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module 194 (eg, : It may include a LAN (local area network) communication module, or a power line communication module). A corresponding communication module among these communication modules is a first network 198 (eg, a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)) or a second network 199 (eg, legacy It may communicate with the external electronic device 104 through a cellular network, a 5G network, a next-generation communication network, the Internet, or a computer network (eg, a telecommunication network such as a LAN or a WAN). These various types of communication modules may be integrated into one component (eg, a single chip) or may be implemented as a plurality of components (eg, multiple chips) separate from each other. The wireless communication module 192 uses the subscriber information (eg, International Mobile Subscriber Identifier (IMSI)) stored in the subscriber identification module 196 within a communication network such as the first network 198 or the second network 199 . The electronic device 101 may be identified or authenticated.

The wireless communication module 192 may support a 5G network after a 4G network and a next-generation communication technology, for example, a new radio access technology (NR). NR access technology includes high-speed transmission of high-capacity data (eMBB (enhanced mobile broadband)), minimization of terminal power and access to multiple terminals (mMTC (massive machine type communications)), or high reliability and low latency (URLLC (ultra-reliable and low-latency) -latency communications)). The wireless communication module 192 may support a high frequency band (eg, mmWave band) to achieve a high data rate, for example. The wireless communication module 192 includes various technologies for securing performance in a high-frequency band, for example, beamforming, massive multiple-input and multiple-output (MIMO), all-dimensional multiplexing. It may support technologies such as full dimensional MIMO (FD-MIMO), an array antenna, analog beam-forming, or a large scale antenna. The wireless communication module 192 may support various requirements specified in the electronic device 101 , an external electronic device (eg, the electronic device 104 ), or a network system (eg, the second network 199 ). According to an embodiment, the wireless communication module 192 includes a peak data rate (eg, 20 Gbps or more) for realizing eMBB, loss coverage (eg, 164 dB or less) for realizing mMTC, or U-plane latency ( Example: downlink (DL) and uplink (UL) each 0.5 ms or less, or round trip 1 ms or less).

The antenna module 197 may transmit or receive a signal or power to the outside (eg, an external electronic device). According to an embodiment, the antenna module 197 may include an antenna including a conductor formed on a substrate (eg, a PCB) or a radiator formed of a conductive pattern. According to an embodiment, the antenna module 197 may include a plurality of antennas (eg, an array antenna). In this case, at least one antenna suitable for a communication method used in a communication network such as the first network 198 or the second network 199 is connected from the plurality of antennas by, for example, the communication module 190 . can be selected. A signal or power may be transmitted or received between the communication module 190 and an external electronic device through the selected at least one antenna. According to some embodiments, other components (eg, a radio frequency integrated circuit (RFIC)) other than the radiator may be additionally formed as a part of the antenna module 197 .

According to various embodiments, the antenna module 197 may form a mmWave antenna module. According to one embodiment, the mmWave antenna module comprises a printed circuit board, an RFIC disposed on or adjacent to a first side (eg, bottom side) of the printed circuit board and capable of supporting a specified high frequency band (eg, mmWave band); and a plurality of antennas (eg, an array antenna) disposed on or adjacent to a second side (eg, top or side) of the printed circuit board and capable of transmitting or receiving signals of the designated high frequency band. can do.

At least some of the components are connected to each other through a communication method between peripheral devices (eg, a bus, general purpose input and output (GPIO), serial peripheral interface (SPI), or mobile industry processor interface (MIPI)) and a signal ( eg commands or data) can be exchanged with each other.

According to an embodiment, the command or data may be transmitted or received between the electronic device 101 and the external electronic device 104 through the server 108 connected to the second network 199 . Each of the external electronic devices 102 or 1104 may be the same as or different from the electronic device 101 . According to an embodiment, all or a part of operations executed by the electronic device 101 may be executed by one or more external electronic devices 102 , 1104 , or 1108 . For example, when the electronic device 101 is to perform a function or service automatically or in response to a request from a user or other device, the electronic device 101 may perform the function or service itself instead of executing the function or service itself. Alternatively or additionally, one or more external electronic devices may be requested to perform at least a part of the function or the service. One or more external electronic devices that have received the request may execute at least a part of the requested function or service, or an additional function or service related to the request, and transmit a result of the execution to the electronic device 101 . The electronic device 101 may process the result as it is or additionally and provide it as at least a part of a response to the request. For this, for example, cloud computing, distributed computing, mobile edge computing (MEC), or client-server computing technology may be used. The electronic device 101 may provide an ultra-low latency service using, for example, distributed computing or mobile edge computing. In another embodiment, the external electronic device 104 may include an Internet of things (IoT) device. Server 108 may be an intelligent server using machine learning and/or neural networks. According to an embodiment, the external electronic device 104 or the server 108 may be included in the second network 199 . The electronic device 101 may be applied to an intelligent service (eg, smart home, smart city, smart car, or health care) based on 5G communication technology and IoT-related technology.

The electronic device according to various embodiments disclosed in this document may be a device of various types. The electronic device may include, for example, a portable communication device (eg, a smart phone), a computer device, a portable multimedia device, a portable medical device, a camera, an electronic device, or a home appliance device. The electronic device according to the embodiment of the present document is not limited to the above-described devices.

2A is a block diagram of an electronic device according to an exemplary embodiment.

Referring to FIG. 2A , an electronic device (eg, the electronic device 101 of FIG. 1 ) may include a processor 210 , a display 220 , a camera 230 , a sensor module 225 , and a memory 240 . there is. According to various embodiments, the electronic device 101 may include additional components in addition to the components illustrated in FIG. 2A , or may omit at least one of the components illustrated in FIG. 2A . At least some of the respective components of the illustrated (or not illustrated) electronic device 101 may be operatively, functionally, and/or electrically connected.

According to an embodiment, the processor 210 may execute an operation or data processing related to control and/or communication of at least one other component of the electronic device 101 using instructions stored in the memory 240 . According to an embodiment, the processor 210 may process data for which general data processing and security processing are required. According to an embodiment, the processor 210 includes a normal world (not shown) for processing general data (eg, rich execution environment (REE)) and a security region for processing data higher than the general security level. (secure world) (not shown) (eg, a trusted execution environment (TEE)).

For example, the general area (not shown) may mean an area that can be accessed without a separate access right. The security area (not shown) may mean an area requiring access to a separate security area (not shown). According to some embodiments, a general area (not shown) or a security area (not shown) may be implemented on the memory 240 . According to an embodiment, a secure region (not shown) (eg, an embedded secure element) of the memory 240 may be implemented as a separate chip.

According to an embodiment, the processor 210 includes a central processing unit (CPU), a graphic processing unit (GPU), a micro controller unit (MCU), a sensor hub, a supplementary processor, a communication processor, and an application. It may include at least one of a processor (application processor), application specific integrated circuit (ASIC), and field programmable gate arrays (FPGA), and may have a plurality of cores.

According to an embodiment, the display 220 may display various contents (eg, text, image, video, icon, and/or symbol, etc.) under the control of the processor 210 . According to an embodiment, the display 220 may include a liquid crystal display (LCD), a light emitting diode (LED) display, or an organic light emitting diode (OLED) display. According to an embodiment, the display 220 may display a user interface (UI) for a state of performing user authentication. For example, the display 220 may display a first UI indicating that user authentication is in progress. Also, for example, if the user authentication is successful, the display 220 may display a second UI indicating that the user authentication is successful. According to an embodiment, the display 220 may include a touch circuitry configured to sense a touch or a sensor circuit (eg, a pressure sensor) configured to measure the intensity of a force generated by the touch. .

According to various embodiments, at least a part of the display 220 may be flexible, and may be implemented as a foldable display or a rollable display.

According to an embodiment, the camera 230 may capture a still image (photo) and a moving image by collecting image information about the subject. For example, the camera 230 may transmit collected or photographed data (eg, an image) to the display 220 and the processor 210 . For example, the camera 230 may include at least one of at least one image sensor, a lens, an image signal processor (ISP), or a flash (eg, an LED or a xenon lamp). For example, the camera 230 may include a plurality of cameras disposed on the front or rear of the electronic device 101 . According to an embodiment, the camera 230 may include at least one infrared camera disposed in front of the electronic device 101 . For example, the camera 230 may be implemented in the form of a Time of Flight (ToF) camera capable of acquiring the user's face information.

According to an embodiment, the sensor module 225 may include a plurality of various sensors. For example, the sensor module 225 obtains a height value (or elevation value) above sea level of the electronic device 101 and/or a global navigation satellite system (GNSS) sensor configured to obtain a position value of the electronic device 101 . a geomagnetometer sensor or altimeter configured to A global navigation satellite system (GNSS) sensor may detect the location of the electronic device 101 based on a plurality of radio signals transmitted from artificial satellites (eg, GNSS satellites). For another example, the sensor module 225 may include a biometric sensor for obtaining user authentication information (eg, biometric information) in order to perform user authentication. For example, the biometric sensor may include at least one of a fingerprint sensor, an iris sensor, and a heart rate monitoring (HRM) sensor.

According to an embodiment, the memory 240 may store various data acquired or used by at least one component (eg, the processor 210 ) of the electronic device 101 . According to an embodiment, the memory 240 may include a volatile and/or non-volatile memory embedded in the electronic device 101 . According to an embodiment, the memory 240 may include an external memory functionally connected to the electronic device 101 .

2B is a block diagram illustrating a camera of an electronic device according to an embodiment.

Referring to FIG. 2B , the camera 230 includes a lens assembly 250 , a flash 260 , an image sensor 270 , an image stabilizer 280 , a memory 240 (eg, a buffer memory), or an image signal processor ( 290) may be included. According to an embodiment, the lens assembly 250 may collect light emitted from a subject, which is an image to be captured. According to an embodiment, the lens assembly 250 may include one or more lenses. According to an embodiment, the camera 230 may include a plurality of lens assemblies 250 . In this case, the camera 230 may form, for example, a dual camera, a 360 degree camera, or a spherical camera. According to an embodiment, some of the plurality of lens assemblies 250 have the same lens property (eg, angle of view, focal length, auto focus, f number, or optical zoom), or at least one A lens assembly may have one or more lens properties that are different from lens properties of other lens assemblies. According to an embodiment, the lens assembly 250 may include, for example, a wide-angle lens or a telephoto lens.

According to an embodiment, the flash 260 may emit light used to enhance light emitted or reflected from a subject. According to an embodiment, the flash 260 may include one or more light emitting diodes (eg, a red-green-blue (RGB) LED, a white LED, an infrared LED, or an ultraviolet LED), or a xenon lamp. According to an embodiment, the image sensor 270 may acquire an image corresponding to the subject by converting light emitted or reflected from the subject and transmitted through the lens assembly 250 into an electrical signal. According to an embodiment, the image sensor 270 may include, for example, one image sensor selected from among image sensors having different properties, such as an RGB sensor, a black and white (BW) sensor, an IR sensor, or a UV sensor, the same It may include a plurality of image sensors having properties, or a plurality of image sensors having different properties. Each image sensor included in the image sensor 270 may be implemented using, for example, a charged coupled device (CCD) sensor or a complementary metal oxide semiconductor (CMOS) sensor.

According to an embodiment, the image stabilizer 280 responds to the movement of the camera 230 or the electronic device 101 including the same, and moves at least one lens or image sensor 270 included in the lens assembly 250 . It may move in a specific direction or control operation characteristics of the image sensor 270 (eg, adjust read-out timing, etc.). This makes it possible to compensate for at least some of the negative effects of the movement on the image being taken. According to an embodiment, the image stabilizer 280, according to an embodiment, the image stabilizer 280 is a gyro sensor (not shown) or an acceleration sensor (not shown) disposed inside or outside the camera 230 . Such a movement of the camera 230 or the electronic device 101 may be sensed by using it. According to an embodiment, the image stabilizer 280 may be implemented as, for example, an optical image stabilizer. The memory 240 may temporarily store at least a portion of the image acquired through the image sensor 270 for the next image processing operation. For example, when image acquisition is delayed according to the shutter or a plurality of images are acquired at high speed, the acquired original image (eg, Bayer-patterned image or high-resolution image) is stored in the memory 240 and , a copy image corresponding thereto (eg, a low-resolution image) may be previewed through the display 220 . Thereafter, when a specified condition is satisfied (eg, a user input or a system command), at least a portion of the original image stored in the memory 240 may be obtained and processed by, for example, the image signal processor 290 . According to an embodiment, the memory 240 may be configured as at least a part of the memory 130 or as a separate memory operated independently of the memory 130 .

According to an embodiment, the image signal processor 290 may perform one or more image processing on an image acquired through the image sensor 270 or an image stored in the memory 240 . The one or more image processes may include, for example, depth map generation, 3D modeling, panorama generation, feature point extraction, image synthesis, or image compensation (eg, noise reduction, resolution adjustment, brightness adjustment, blurring ( blurring, sharpening, or softening. Additionally or alternatively, the image signal processor 290 may include at least one of components included in the camera 230 (eg, an image sensor ( 270)), for example, exposure time control, readout timing control, etc. The image processed by the image signal processor 290 is stored back in the memory 240 for further processing or It may be provided as an external component of the camera 230 (eg, the memory 130 , the display device 160 , the electronic device 102 , the electronic device 104 , or the server 108 ). Accordingly, the image signal processor 290 may be configured as at least a part of the processor 120 or may be configured as a separate processor operated independently of the processor 120. The image signal processor 290 may be configured as a separate processor from the processor 120. When configured with a processor of , at least one image processed by the image signal processor 290 may be displayed through the display device 160 as it is or after additional image processing is performed by the processor 120 .

According to an embodiment, the electronic device 101 may include a plurality of cameras 180 each having different properties or functions. In this case, for example, at least one of the plurality of cameras 180 may be a wide-angle camera, and at least the other may be a telephoto camera. Similarly, at least one of the plurality of cameras 180 may be a front camera, and at least the other may be a rear camera.

3 is a diagram illustrating a system structure of an electronic device according to an exemplary embodiment.

Referring to FIG. 3 , the system structure of the electronic device 101 includes a background authentication service 310 , an application 320 , an authentication system 330 , a face tracking system 340 , a location measurement system 350 , and a security table ( 360), and an authorization list 370 .

According to an embodiment, the background authentication service 310 may request authentication from the authentication system 330 according to a command of the application 320 . According to an embodiment, the background authentication service 310 may deliver the result of the authentication request to the application 320 . For example, the background authentication service 310 may transmit whether the user authentication is successful to the application 320 . According to an embodiment, the background authentication service 310 may store the remaining authentication time and the remaining number of authentications in the authentication list 370 based on the security table 360 and location information of the electronic device 101 . According to an embodiment, when the user authentication is successful, the background authentication service 310 may check the presence or absence of the user through the face tracking system 340 during the authentication maintenance time.

According to an embodiment, the application 320 may include at least one application that uses the background authentication service 310 . According to an embodiment, the application 320 may provide a function requiring authentication (or security). For example, a short message service (SMS) application may provide a function for transmitting an authentication message. As another example, the application 320 may provide a function for setting a lock state. According to an embodiment, the application 320 requests user authentication from the background authentication service 310 and obtains information (eg, a result of the user authentication request) on whether or not user authentication is successful from the background authentication service 310 . can do.

In various embodiments disclosed in this document, an application for which a security level can be set may be referred to as a resource of the electronic device 101 . In addition, the application 320 may include an application loaded at the time of shipment of the electronic device 101 or an application downloaded and installed through an application store. Also, the application 320 may include a setting application capable of setting a usage environment (eg, an authentication method) of the electronic device 101 .

According to an embodiment, the authentication system 330 may include a trusted execution environment (TEE). A TEE may be a security platform that consists of hardware, software, or firmware and provides a level of protection against software attacks generated by the REE. A TEE may control access and/or execution of sensitive applications that need to be isolated from a rich execution environment (REE). According to an embodiment, the authentication system 330 may perform user authentication by comparing the stored biometric information with the acquired biometric information (eg, a fast identity online (FIDO) authentication protocol). For example, the stored biometric information may be stored in a secure area (not shown) (eg, eSE) of a memory (eg, the memory 130 of FIG. 1 or the memory 240 of FIG. 2A ).

According to an embodiment, when the user authentication is successful, the face tracking system 340 may check the presence of the user and the interference of other users during the authentication maintenance time. For example, the face tracking system 340 may track an image corresponding to the user's face acquired through the camera 230 .

According to an embodiment, the location measurement system 350 may obtain location information of the electronic device 101 . According to an embodiment, the location measurement system 350 may obtain a planar location value of the electronic device 101 through GPS. According to an embodiment, the position measuring system 350 may acquire a height value above the sea level of the electronic device 101 through a geomagnetism sensor. According to an embodiment, the position measuring system 350 may determine the three-dimensional position of the electronic device 101 by combining the plane position value and the height value above the sea level.

According to an embodiment, the security table 360 may include the authentication retention time and the number of authentication retries based on the properties of the application 320 . A specific example of the authentication retention time and the number of authentication renewals according to the properties of the application 320 will be described later with reference to FIG. 9 . For example, the security table 360 may be stored in a memory (eg, the memory 240 of FIG. 2A ).

According to an embodiment, the authentication list 370 may store information related to the application 320 . According to an embodiment, the authentication list 370 may store each security level of the application 320 . For example, the security level of the application 320 may be determined based on at least one of an attribute of the application 320 , a user authentication method, and/or a user setting. According to an embodiment, the authentication list 370 may store the remaining authentication time and the number of authentication renewals determined based on the security level of the application 320 .

According to an embodiment, at least a part of the system structure of the electronic device 101 illustrated in FIG. 3 may be implemented as software or hardware.

4 is a flowchart illustrating a method for an electronic device to provide a user authentication function using a face authentication method, according to an embodiment.

The series of operations described in FIG. 4 are simultaneously performed by the electronic device 101 of FIG. 1 or 2 or the processor of the electronic device 101 (eg, the processor 120 of FIG. 1 or the processor 210 of FIG. 2A ). It may be performed or performed out of order, and some operations may be omitted or added.

Referring to FIG. 4 , the processor (eg, the processor 210 of FIG. 2A ) according to an embodiment may execute an application (eg, the application 320 of FIG. 3 ) capable of operating in a security state in operation 410 . . According to an embodiment, the processor 210 may execute an application requiring a security function, such as a payment application, a short message service (SMS) application, or a social networking service (SNS) application.

According to an embodiment, the processor 210 may acquire an image corresponding to the user's face through the camera 230 in operation 420 . According to an embodiment, the processor 210 may perform biometric authentication using biometric information in response to a request for the background authentication service 310 of the application 320 . For example, the biometric information may be information about at least one of a user's fingerprint, hand pattern, face, voice, iris, retina, and vein obtained by the electronic device 101 . However, the biometric information is not limited thereto, and may include all information that is collected using the electronic device 101 and can identify a user.

According to an embodiment, the processor 210 may acquire an image corresponding to the user's face through the front camera without performing a separate authentication operation while the application 320 is running.

According to an embodiment, the processor 210 may attempt user authentication based on the image obtained in operation 430 . For example, the processor 210 may determine whether an image acquired through the camera 230 and a stored image match. According to an embodiment, the processor 210 may detect the user's facial feature information and additional information from the acquired image. According to an embodiment, the processor 210 may perform user authentication by comparing the detected facial feature information and additional information with feature information stored in the memory 230 .

According to an embodiment, when it is determined that the acquired image and the stored image match, the processor 210 may determine that user authentication is successful. According to an embodiment, when it is determined that the acquired image and the stored image do not match, the processor 210 may determine that user authentication has failed.

According to an embodiment, the processor 210 may display a first UI indicating that user authentication is in progress on the display 220 while user authentication is in progress in operation 440 . For example, the processor 210 may display an icon indicating that authentication is being checked. According to various embodiments, the processor 210 may support the user to intuitively recognize that authentication is in progress by providing various effects such as color, transparency, shape, or haptics of the UI.

According to an embodiment, the processor 210 may determine the authentication retention time based on the parameter specified in operation 450 . According to an embodiment, the processor 210 may control the authentication maintenance time to be automatically determined based on a specified parameter such as location information of the electronic device 101 and a security level of the application 320 . For example, when it is determined that the location of the electronic device 101 is a place where there is a high risk of information leakage and/or when it is determined that the security level of the application is higher than a specified level, the processor 210 removes the authentication maintenance time. It can be decided in 1 hour. Also, for example, when it is determined that the location of the electronic device 101 is a place where the risk of information leakage is small and/or when it is determined that the security level of the application is lower than a specified level, the processor 210 may reduce the authentication maintenance time. It may be determined that the second time is longer than the first time.

According to an embodiment, the processor 210 may determine the number of authentication retries based on a specified parameter. According to an embodiment, the processor 210 may control the number of authentication retries to be automatically determined based on a specified parameter such as location information of the electronic device 101 and a security level of an application. For example, the processor 210 determines the number of authentication retries when it is determined that the location of the electronic device 101 is a location with a high risk of information leakage and/or when it is determined that the security level of the application is higher than a specified level. It can be determined by the first number of times. Also, for example, the processor 210 determines the number of authentication retries when it is determined that the location of the electronic device 101 is a place where the risk of information leakage is small and/or when it is determined that the security level of the application is lower than a specified level. may be determined as a second number of times greater than the first number.

According to an embodiment, if the user authentication is successful in operation 460, the processor 210 may release the security state during the authentication maintenance time. According to an embodiment, when the user authentication is successful, the processor 210 may release security for the security-set application 320 . For example, when it is determined that the image acquired through the camera 230 and the stored image match, the processor 210 may release the security set in the application 320 .

According to various embodiments, when the security set in the application 320 is released, the processor 210 may provide various functions based on background authentication. For example, when an SMS is transmitted from the SMS application, the processor 210 may display (or add) an authentication icon indicating the identity of the user and transmit the message. As another example, the processor 210 may display (or add) an authentication icon indicating the identity of the user when uploading a post in the SNS application.

According to an embodiment, when the security set in the application 320 is released, the processor 210 may directly execute the application without a separate authentication operation.

5 is a diagram illustrating an electronic device displaying a UI informing of a user authentication state on a display according to an exemplary embodiment.

Referring to FIG. 5 , the processor (eg, the processor 210 of FIG. 2A ) according to an exemplary embodiment displays a first user interface (user) indicating that user authentication is in progress through the display 220 while user authentication is in progress. interface, UI) 501 may be displayed. For example, the UI may include an icon. According to various embodiments, the processor 210 may provide various effects such as color, transparency, shape, or haptics of the UI. For example, the processor 210 may provide a flickering effect by changing the color of the first UI 501 over time while user authentication is in progress.

According to an embodiment, the processor 210 deletes the display of the first UI 501 when the user authentication is successful, and displays the second UI 503 indicating that the user authentication is successful through the display 220 . can For example, the UI may include an icon. According to various embodiments, the processor 210 may provide various effects such as color, transparency, shape, or haptics of the UI.

According to the above-described embodiment, the electronic device 101 may support the user to intuitively recognize the security situation by providing the user's authentication status as a UI.

6 is a flowchart of a method for tracking a user's face after an electronic device succeeds in user authentication, according to an embodiment. Contents corresponding to, identical to, and/or similar to those described above in relation to FIG. 6 may be simplified or omitted.

Referring to FIG. 6 , in operation 430 of FIG. 4 , when the processor (eg, the processor 210 of FIG. 2A ) attempts user authentication based on an image acquired through the camera 230 , the processor 210 operates In 610 , the authentication retention time may be determined based on the specified parameter. According to an embodiment, the processor 210 is configured such as location information of the electronic device (eg, the electronic device 101 of FIG. 1 or FIG. 2 ) and a security level of an application (eg, the application 320 of FIG. 3 ). It can be controlled so that the authentication retention time is automatically determined based on the parameter.

According to an embodiment, the processor 210 may release the security state when user authentication is successful in operation 620 . According to an embodiment, when the user authentication is successful, the processor 210 may release security for the security-set application 320 . For example, when it is determined that the image acquired through the camera 230 and the stored image match, the processor 210 may release the security set in the application 320 .

According to an embodiment, if the user authentication is successful in operation 630, the processor 210 may start tracking the user's face. According to an embodiment, the processor 210 may track the user's face by executing the face tracking system (eg, the face tracking system 340 of FIG. 3 ) from the time when user authentication is successful. According to an embodiment, the processor 210 may identify the number of objects corresponding to the user's face obtained through the camera 230 . According to an embodiment, from the point in time when user authentication is successful, the processor 210 may identify only the number of objects corresponding to the user's face without comparing the image acquired through the camera 230 with the stored image. For example, when the number of images corresponding to the user's face is maintained as one even when the user wears a mask and/or sunglasses, the processor 210 may maintain the security release state.

According to an embodiment, when the number of objects corresponding to faces acquired through the camera 230 changes in operation 640 , the processor 210 may enter a security state (eg, change from a security release state to a security state). For example, if the user's face recognized through the front camera disappears or it is determined that two or more users exist, the processor 210 may end the authentication maintenance time and enter a security state.

7 is a flowchart illustrating a method for an electronic device to execute a background authentication system according to an embodiment. In relation to the description of FIG. 7 , the same and/or similar or corresponding content as described above may be simplified or omitted.

Referring to FIG. 7 , a processor (eg, the processor 120 of FIG. 1 or the processor 210 of FIG. 2A ) according to an embodiment may request user authentication in operation 710 . According to an embodiment, the application (eg, the application 320 of FIG. 3 ) may request user authentication from a background authentication service (eg, the background authentication service 310 of FIG. 3 ) while it is running. According to an embodiment, the processor 210 may determine whether the application 320 has the authority to request background authentication based on the security table 360 .

According to an embodiment, the processor 210 may execute the background authentication system in operation 720 . According to an embodiment, the processor 210 may execute the background authentication service 310 when it is determined that the application 320 has the authority to request the background authentication. For example, the application 320 may request user authentication from the background authentication service 310 and obtain information (eg, a result of the user authentication request) on whether user authentication has been successful from the background authentication service 310 . there is.

According to an embodiment, the processor 210 may determine whether the image stored in operation 730 matches the acquired image corresponding to the user's face. According to an embodiment, the processor 210 detects feature information from the image corresponding to the face acquired through the camera 230 and compares the feature information of the image pre-stored in a memory (eg, the memory 240 of FIG. 2A ) and It can be determined whether they match.

According to an embodiment, the processor 210 may execute the face tracking system 340 when it is determined that the image stored in operation 740 matches the image corresponding to the acquired user's face (operation 730 - Yes). According to an embodiment, the processor 210 may execute the face tracking system 340 to determine whether the user is present and/or whether there is interference from another user.

According to an embodiment, when it is determined that the image stored in operation 750 and the image corresponding to the acquired user's face do not match (operation 730 - NO), the processor 210 may provide an authentication failure notification. For example, the authentication failure notification may include a UI through a display (eg, the display 220 of FIG. 2A ), voice guidance or a sound through a speaker (eg, the sound output module 155 of FIG. 1 ), or a haptic module (eg: It may include at least one of vibrations through the haptic module 179 of FIG. 1 .

According to an embodiment, the processor 210 may determine whether there is one object corresponding to the face during the authentication maintenance time in operation 760 . According to an embodiment, the processor 210 may identify only the number of objects corresponding to the user's face from the images collected through the camera 230 without comparing the acquired image with the pre-stored image. For example, even when the user wears a mask and/or sunglasses, it may be determined that there is one object corresponding to the user's face.

According to an embodiment, when it is determined that there is only one object corresponding to the face in operation 770 (operation 760 - Yes), the processor 210 may release the security state until the authentication maintenance time expires. According to an embodiment, when it is continuously determined that there is only one object corresponding to the face, the processor 210 may automatically perform re-authentication even if the authentication maintenance time has expired. According to an embodiment, the processor 210 may determine the number of authentication retries based on a security table (eg, the security table 360 of FIG. 3 ). According to an embodiment, the processor 210 may automatically perform re-authentication based on the determined number of authentication retries. For example, when the number of authentication retries is determined to be three, the processor 210 may automatically perform re-authentication three more times whenever the authentication maintenance time exceeds.

According to an embodiment, when it is determined that there is not one object corresponding to the face in operation 780 (operation 760 - No), the processor 210 provides a notification that the authentication time (or authentication maintenance time) has expired. can For example, when it is determined that the user disappears or two or more users exist, the processor 210 may provide a notification that the authentication time has expired. For example, the authentication time end notification may include at least one of UI through the display 220 , voice guidance or sound through the speaker 155 , and vibration through the haptic module 179 .

8A illustrates a UI displayed on a display when user authentication fails in an electronic device according to an embodiment.

Referring to FIG. 8A , when the processor (eg, the processor 120 of FIG. 1 or the processor 210 of FIG. 2A ) according to an embodiment fails user authentication, a message indicating authentication failure through the display 220 (eg : “Authentication failed”) can be printed. According to an embodiment, the processor 210 may display a pop-up window 801 informing of an authentication failure through the display 220 .

8B illustrates a UI displayed on a display when an authentication time ends in an electronic device according to an embodiment.

Referring to FIG. 8B , the processor (eg, the processor 120 of FIG. 1 or the processor 210 of FIG. 2A ) according to an embodiment indicates the end of the authentication time through the display 220 when the authentication maintenance time is exceeded. A message (eg, “authentication time has expired”) can be output. According to an embodiment, the processor 210 may display a pop-up window 803 informing of the end of the authentication time through the display 220 .

9 illustrates an example of an authentication maintenance time and a number of authentication renewals determined based on an application attribute in an electronic device according to an embodiment.

FIG. 9 may show an example of the security table 360 of FIG. 3 .

Referring to FIG. 9 , an application (eg, the application 320 of FIG. 3 ) may be classified into four types of applications (a first application, a second application, a third application, and a fourth application) according to a security level, The authentication maintenance time and/or the number of authentication retries may be determined according to the properties of each application.

For example, the first application may mean a system application. According to an embodiment, the system application may include an application having most of the resource usage rights in an operating system (eg, an Android operating system (OS)). For example, the system application may include at least one of a settings application, a my files application, and a secure folder application. Also, for example, the system application may include an artificial intelligence service (eg, Bixby). According to an embodiment, in the system application, the authentication maintenance time may be set as the first time (eg, 2 minutes) and the number of authentication retries may be determined as the first number (eg, 5 times).

For example, the second application may mean a vendor sign application. According to an embodiment, the vendor signature application may include an application provided by a telecommunication company. According to an embodiment, in the vendor sign application, the authentication retention time may be set to a second time (eg, 1 minute), and the number of authentication retries may be determined as the second number (eg, 3 times).

For example, the third application may mean a trust sign ^3rd application of a third party. According to an embodiment, in the third-party trustee application, the authentication retention time may be set to a third time (eg, 1 minute), and the number of authentication retries may be determined as the third number (eg, 2 times).

For example, the fourth application may mean an untrusted application. According to an embodiment, the untrusted application may include an application that an individual distributes in a store or does not receive a service from a certification authority. According to an embodiment, in the untrusted application, the authentication retention time may be set as a fourth time (eg, 30 seconds) and the number of authentication retries may be determined as the fourth number (eg, 0 times).

This embodiment is only one embodiment, and various embodiments of the present invention do not limit the type of application, the authentication maintenance time, and/or the number of authentication retries.

The various embodiments of this document and the terms used therein are not intended to limit the technical features described in this document to specific embodiments, and should be understood to include various modifications, equivalents, or substitutions of the embodiments. In connection with the description of the drawings, like reference numerals may be used for similar or related components. The singular form of the noun corresponding to the item may include one or more of the item, unless the relevant context clearly dictates otherwise. As used herein, "A or B", "at least one of A and B", "at least one of A or B", "A, B or C", "at least one of A, B and C", and "A , B, or C" each may include any one of, or all possible combinations of, items listed together in the corresponding one of the phrases. Terms such as "first", "second", or "first" or "second" may be used simply to distinguish an element from other elements in question, and may refer elements to other aspects (e.g., importance or order) is not limited. It is said that one (eg, first) component is "coupled" or "connected" to another (eg, second) component, with or without the terms "functionally" or "communicatively". When referenced, it means that one component can be connected to the other component directly (eg by wire), wirelessly, or through a third component.

The term “module” used in various embodiments of this document may include a unit implemented in hardware, software, or firmware, for example, and interchangeably with terms such as logic, logic block, component, or circuit. can be used A module may be an integrally formed part or a minimum unit or a part of the part that performs one or more functions. For example, according to an embodiment, the module may be implemented in the form of an application-specific integrated circuit (ASIC).

According to various embodiments of the present document, one or more instructions stored in a storage medium (eg, internal memory 136 or external memory 138) readable by a machine (eg, electronic device 101) may be implemented as software (eg, the program 140) including For example, a processor (eg, processor 120 ) of a device (eg, electronic device 101 ) may call at least one command among one or more commands stored from a storage medium and execute it. This makes it possible for the device to be operated to perform at least one function according to the called at least one command. The one or more instructions may include code generated by a compiler or code executable by an interpreter. The device-readable storage medium may be provided in the form of a non-transitory storage medium. Here, 'non-transitory' only means that the storage medium is a tangible device and does not contain a signal (eg, electromagnetic wave), and this term refers to the case where data is semi-permanently stored in the storage medium and It does not distinguish between temporary storage cases.

According to an embodiment, the method according to various embodiments disclosed in this document may be provided by being included in a computer program product. Computer program products may be traded between sellers and buyers as commodities. The computer program product is distributed in the form of a machine-readable storage medium (eg compact disc read only memory (CD-ROM)), or through an application store (eg Play Store™) or on two user devices ( It can be distributed online (eg download or upload), directly between smartphones (eg smartphones). In the case of online distribution, at least a part of the computer program product may be temporarily stored or temporarily created in a machine-readable storage medium such as a memory of a server of a manufacturer, a server of an application store, or a relay server.

According to various embodiments, each component (eg, a module or a program) of the above-described components may include a singular or a plurality of entities, and some of the plurality of entities may be separately disposed in other components. . According to various embodiments, one or more components or operations among the above-described corresponding components may be omitted, or one or more other components or operations may be added. Alternatively or additionally, a plurality of components (eg, a module or a program) may be integrated into one component. In this case, the integrated component may perform one or more functions of each component of the plurality of components identically or similarly to those performed by the corresponding component among the plurality of components prior to the integration. . According to various embodiments, operations performed by a module, program, or other component are executed sequentially, in parallel, repetitively, or heuristically, or one or more of the operations are executed in a different order, omitted, or , or one or more other operations may be added.

As described above, the electronic device (eg, the electronic device 101 of FIG. 1 ) according to an embodiment includes a camera, a display, and at least one processor operatively connected to the camera and the display, and the At least one processor executes an application capable of operating in a secure state, acquires an image corresponding to the user's face through the camera, attempts authentication of the user based on the acquired image, and While the authentication is in progress, a first user interface (UI) indicating that the authentication of the user is in progress is displayed through the display, the authentication retention time is determined based on a specified parameter, and the authentication of the user is If successful, the security state may be released during the determined authentication maintenance time.

According to an embodiment, the at least one processor may determine the number of authentication retries according to the user's authentication failure, and if the user's authentication fails, the number of authentication retries may be subtracted.

According to an embodiment, the at least one processor may determine the specified parameter based on at least one of a property of the application or location information of the electronic device.

According to an embodiment, the at least one processor may obtain the location information of the electronic device from at least one of a GPS and a geomagnetic sensor.

According to an embodiment, when the authentication of the user is successful, the at least one processor may delete the display of the first UI and display a second UI indicating that the authentication of the user is successful through the display. there is.

According to an embodiment, the at least one processor may delete the display of the second UI when the authentication maintenance time is exceeded.

According to an embodiment, the at least one processor may provide a notification when authentication of the user fails.

According to an embodiment, when the authentication maintenance time is exceeded, re-authentication may be automatically performed.

As described above, the method of operating an electronic device according to an embodiment includes an operation of executing an application capable of operating in a secure state, an operation of acquiring an image corresponding to a user's face through a camera, and an operation of acquiring an image corresponding to the user's face through the camera. An operation of attempting authentication of the user based on an operation of displaying a first user interface (UI) indicating that authentication of the user is in progress through a display while the authentication of the user is in progress It may include an operation of determining an authentication holding time based on the authentication and, if the authentication of the user is successful, releasing the security state for the determined authentication holding time.

The method of operating an electronic device according to an embodiment may include determining the number of authentication retries according to the authentication failure of the user and subtracting the number of authentication retries when the user's authentication fails.

The method of operating an electronic device according to an embodiment may include determining the specified parameter based on at least one of a property of the application or location information of the electronic device.

The method of operating an electronic device according to an embodiment may include acquiring location information of the electronic device from at least one of a GPS and a geomagnetic sensor.

The method of operating an electronic device according to an embodiment includes, when the authentication of the user is successful, deleting the display of the first UI, and displaying a second UI indicating that the authentication of the user is successful through a display. may include

The method of operating an electronic device according to an embodiment may include deleting the display of the second UI when the authentication maintenance time is exceeded.

The method of operating an electronic device according to an embodiment may include providing a notification when authentication of the user fails.

As described above, the electronic device according to an embodiment includes a camera, a display, and at least one processor operatively connected to the camera and the display, and the at least one processor is capable of operating in a security state. Execute an application, acquire an image corresponding to the user's face through the camera, attempt authentication of the user based on the acquired image, determine an authentication retention time based on a specified parameter, and When the authentication is successful, the security state is released, the user's face tracking is started through the camera from the time when the user's authentication is successful, and the number of images corresponding to the face acquired through the camera If changed, the security state can be entered.

According to an embodiment, the at least one processor may determine the number of authentication retries according to the user's authentication failure, and if the user's authentication fails, the number of authentication retries may be subtracted.

According to an embodiment, the at least one processor may determine the specified parameter based on at least one of a property of the application or location information of the electronic device.

According to an embodiment, the at least one processor may obtain the location information of the electronic device from at least one of a GPS and a geomagnetic sensor.

According to an embodiment, the at least one processor may automatically perform re-authentication when the authentication maintenance time is exceeded.

Claims (20)

In an electronic device,
camera;
display; and
at least one processor operatively coupled with the camera and the display, the at least one processor comprising:
Run applications that can operate in a secure state,
Obtaining an image corresponding to the user's face through the camera,
Attempt to authenticate the user based on the acquired image,
while the user's authentication is in progress, displaying a first user interface (UI) indicating that the user's authentication is in progress through the display;
determine the duration of the authentication based on the specified parameter;
When the authentication of the user succeeds, the electronic device releases the security state for the determined authentication maintenance time. The method according to claim 1,
The at least one processor determines the number of authentication retries according to the authentication failure of the user, and subtracts the number of authentication retries when the authentication of the user fails. The method according to claim 1,
The at least one processor determines the specified parameter based on at least one of a property of the application and location information of the electronic device. 4. The method according to claim 3,
The at least one processor obtains the location information of the electronic device from at least one of a GPS and a geomagnetic sensor. The method according to claim 1,
When the authentication of the user is successful, the at least one processor deletes the display of the first UI and displays a second UI indicating that the authentication of the user is successful through the display. 6. The method of claim 5,
The at least one processor deletes the display of the second UI when the authentication maintenance time is exceeded. The method according to claim 1,
The at least one processor provides a notification when authentication of the user fails. The method according to claim 1,
An electronic device that automatically performs re-authentication when the authentication maintenance time is exceeded. A method of operating an electronic device, comprising:
executing an application capable of operating in a secure state;
acquiring an image corresponding to the user's face through a camera;
attempting authentication of the user based on the acquired image;
displaying a first user interface (UI) indicating that the user's authentication is in progress through a display while the user's authentication is in progress;
determining an authentication retention time based on the specified parameter;
and releasing the security state for the determined authentication maintenance time when the user's authentication is successful. 10. The method of claim 9,
and determining the number of authentication retries according to the authentication failure of the user and subtracting the number of authentication retries when the authentication of the user fails. 10. The method of claim 9,
and determining the specified parameter based on at least one of a property of the application and location information of the electronic device. 12. The method of claim 11,
and acquiring the location information of the electronic device from at least one of a GPS and a geomagnetic sensor. 10. The method of claim 9,
and, when the authentication of the user is successful, deleting the display of the first UI, and displaying a second UI indicating that the authentication of the user is successful through a display. 14. The method of claim 13,
and deleting the display of the second UI when the authentication maintenance time is exceeded. 10. The method of claim 9,
and providing a notification when authentication of the user fails. In an electronic device,
camera;
display; and
at least one processor operatively coupled with the camera and the display, the at least one processor comprising:
Run applications that can operate in a secure state,
Obtaining an image corresponding to the user's face through the camera,
Attempt to authenticate the user based on the acquired image,
determine the duration of the authentication based on the specified parameter;
When the authentication of the user is successful, the security state is released,
Start tracking the user's face through the camera from the time when the user's authentication is successful,
The electronic device enters the security state when the number of images corresponding to faces acquired through the camera changes. 17. The method of claim 16,
The at least one processor determines the number of authentication retries according to the authentication failure of the user, and subtracts the number of authentication retries when the authentication of the user fails. 17. The method of claim 16,
The at least one processor determines the specified parameter based on at least one of a property of the application and location information of the electronic device. 19. The method of claim 18,
The at least one processor obtains the location information of the electronic device from at least one of a GPS and a geomagnetic sensor. 17. The method of claim 16,
The at least one processor automatically performs re-authentication when the authentication maintenance time is exceeded.

Images