KR20240117014A - Electronic device, method, and non-transitory computer readable storage medium for adaptively providing authentication scheme of service based on context - Google Patents

Abstract

According to an embodiment, an electronic device includes a display, a plurality of communication circuits, and at least one memory configured to store instructions, and when executing the instructions, interworking with an external electronic device. receive a first user input requesting the use of a service provided through user authentication based on (interworking with), and based on receiving the first user input, at least one of the plurality of communication circuits Identify the situation of the electronic device using one, identify an authentication method corresponding to the situation among a plurality of authentication schemes registered for the service for user authentication, and use the identified authentication method. Displaying a visual object for guiding authentication of a user of the service using the display, and based on at least one second user input received while displaying the visual object, through the identified authentication method It may include at least one processor configured to authenticate the user and provide the service based on interworking with the external electronic device in response to authenticating the user.

Description

Electronic device, method, and non-transitory computer readable storage medium for adaptively providing an authentication method of a service based on context ON CONTEXT}

The description below describes an electronic device, method, and non-transitory computer readable storage for adaptively providing an authentication scheme for a service based on context. It is about medium).

Portable electronic devices, such as smartphones, laptop computers, tablets, and/or smart watches, authenticate users based on interworking with external electronic devices. It can be used for digital wallet services provided through user authentication. For example, a user may provide privacy information to the external electronic device associated with the gate based on authenticating the user using the electronic device to pass the gate. As another example, a user may open the door of his or her vehicle or start the vehicle, based on authenticating the user using the electronic device. A command can be transmitted to the external electronic device.

An electronic device can provide an electronic wallet service based on linkage with an external electronic device. The electronic wallet service provided by the electronic device may require the user of the electronic device to be authenticated in order to use privacy information. To authenticate the user, various authentication methods may be used within the electronic device. For example, authentication methods such as input of a registered password, input of a registered pattern, or input of registered fingerprint information may be used within the electronic device to authenticate the user.

Meanwhile, because the electronic device is carried by the user, the electronic device can be involved in various situations. For example, the electronic device may be included in a situation where the received strength of a signal received from the external electronic device is greater than or equal to the reference strength, or may be included in a situation where the received strength is less than the reference strength. Accordingly, there may be a need for a method to adaptively provide an authentication method for the electronic wallet service depending on the situation of the electronic device.

The technical problem to be achieved in this document is not limited to the above-described technical problem, and other technical problems not mentioned will be clearly understood by those skilled in the art from the description below. .

According to an embodiment, an electronic device includes a display, a plurality of communication circuits, and at least one memory configured to store instructions, and when executing the instructions, interworking with an external electronic device. receive a first user input requesting the use of a service provided through user authentication based on (interworking with), and based on receiving the first user input, at least one of the plurality of communication circuits Identify the situation of the electronic device using one, identify an authentication method corresponding to the situation among a plurality of authentication schemes registered for the service for user authentication, and use the identified authentication method. Displaying a visual object for guiding authentication of a user of the service using the display, and based on at least one second user input received while displaying the visual object, through the identified authentication method It may include at least one processor configured to authenticate the user and provide the service based on interworking with the external electronic device in response to authenticating the user.

An electronic device according to an embodiment includes at least one memory configured to store instructions, and when executing the instructions, a user input requesting registration of a service provided through user authentication based on linkage with an external electronic device. Receiving and, based on the type of the service, identifying authentication methods to be used to authenticate the user required when using the service, and upon receiving a user input requesting use of the service, identify the authentication methods among the authentication methods At least one, configured to register the service based on storing data for providing an authentication method corresponding to the situation of the electronic device for user authentication as associated with data about the service. may include a processor.

An electronic device according to an embodiment includes a display, a communication circuit, and at least one memory configured to store instructions, and when executing the instructions, user authentication is performed based on interworking with an external electronic device. (via) Receiving a user input requesting the use of a provided service, based on receiving the user input, identifying whether connection is possible with the external electronic device using the communication circuit, and using the communication circuit Based on identifying that connection with the external electronic device is possible, to guide the user of the service to be authenticated using a first authentication method among a plurality of authentication methods registered for the service for user authentication. Based on displaying a first visual object through the display and identifying the inability to connect to the external electronic device using the communication circuit, the user is recognized using a second authentication method among the plurality of authentication methods. It may include at least one processor configured to display a second visual object for guiding authentication through the display.

An electronic device according to various embodiments provides an enhanced user experience by adaptively providing an authentication method for a service based on a context identified using at least one of a plurality of communication circuits in the electronic device. can be provided.

The effects that can be obtained from the present disclosure are not limited to the effects mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the description below. will be.

1 is a block diagram of an electronic device in a network environment according to various embodiments.
2 is a flowchart illustrating a method for registering a service according to various embodiments.
Figure 3 shows examples of screens displayed during service registration according to one embodiment.
Figure 4 shows an example of a screen displayed when registering a service according to one embodiment.
Figure 5 shows another example of a screen displayed when registering a service according to one embodiment.
Figure 6 is a flowchart illustrating a method for identifying authentication methods based on the type of service according to one embodiment.
FIG. 7 is a flowchart illustrating a method of displaying a visual object for guiding input of reference information based on identifying that the reference information includes an unregistered authentication method, according to one embodiment.
FIG. 8 illustrates an example of a screen including a visual object for guiding entry of reference information while registering a service, according to an embodiment.
Figure 9 is a flowchart illustrating a method for identifying the priority of each authentication method based on the type of service, according to one embodiment.
10 is a flowchart illustrating a method of using a service according to various embodiments.
Figure 11 shows examples of screens displayed while performing user authentication for use of a service, according to one embodiment.
12 to 16 show examples of environments identified for authentication methods for use of services.
Figure 17 shows an example of a visual object in a screen displayed while performing user authentication for use of a service, according to one embodiment.
FIG. 18 is a flowchart illustrating a method of authenticating a user through an identified authentication method among a plurality of authentication methods, according to an embodiment.
FIG. 19 is a flowchart illustrating a method of identifying another authentication method among a plurality of authentication methods according to an embodiment.
Figure 20 shows an example of another visual object in a screen displayed while performing user authentication for use of a service, according to one embodiment.
21 is a flow diagram illustrating a method for displaying different visual objects based on identifying different authentication methods, according to one embodiment.

1 is a block diagram of an electronic device 101 in a network environment 100, according to various embodiments.

Referring to FIG. 1, in the network environment 100, the electronic device 101 communicates with the electronic device 102 through a first network 198 (e.g., a short-range wireless communication network) or a second network 199. It is possible to communicate with at least one of the electronic device 104 or the server 108 through (e.g., a long-distance wireless communication network). According to one embodiment, the electronic device 101 may communicate with the electronic device 104 through the server 108. According to one embodiment, the electronic device 101 includes a processor 120, a memory 130, an input module 150, an audio output module 155, a display module 160, an audio module 170, and a sensor module ( 176), interface 177, connection terminal 178, haptic module 179, camera module 180, power management module 188, battery 189, communication module 190, subscriber identification module 196 , or may include an antenna module 197. In some embodiments, at least one of these components (eg, the connection terminal 178) may be omitted or one or more other components may be added to the electronic device 101. In some embodiments, some of these components (e.g., sensor module 176, camera module 180, or antenna module 197) are integrated into one component (e.g., display module 160). It can be.

The processor 120, for example, executes software (e.g., program 140) to operate at least one other component (e.g., hardware or software component) of the electronic device 101 connected to the processor 120. It can be controlled and various data processing or operations can be performed. According to one embodiment, as at least part of data processing or computation, the processor 120 stores commands or data received from another component (e.g., sensor module 176 or communication module 190) in volatile memory 132. The commands or data stored in the volatile memory 132 can be processed, and the resulting data can be stored in the non-volatile memory 134. According to one embodiment, the processor 120 includes the main processor 121 (e.g., a central processing unit or an application processor) or an auxiliary processor 123 that can operate independently or together (e.g., a graphics processing unit, a neural network processing unit ( It may include a neural processing unit (NPU), an image signal processor, a sensor hub processor, or a communication processor). For example, if the electronic device 101 includes a main processor 121 and a secondary processor 123, the secondary processor 123 may be set to use lower power than the main processor 121 or be specialized for a designated function. You can. The auxiliary processor 123 may be implemented separately from the main processor 121 or as part of it.

The auxiliary processor 123 may, for example, act on behalf of the main processor 121 while the main processor 121 is in an inactive (e.g., sleep) state, or while the main processor 121 is in an active (e.g., application execution) state. ), together with the main processor 121, at least one of the components of the electronic device 101 (e.g., the display module 160, the sensor module 176, or the communication module 190) At least some of the functions or states related to can be controlled. According to one embodiment, co-processor 123 (e.g., image signal processor or communication processor) may be implemented as part of another functionally related component (e.g., camera module 180 or communication module 190). there is. According to one embodiment, the auxiliary processor 123 (eg, neural network processing unit) may include a hardware structure specialized for processing artificial intelligence models. Artificial intelligence models can be created through machine learning. For example, such learning may be performed in the electronic device 101 itself on which the artificial intelligence model is performed, or may be performed through a separate server (e.g., server 108). Learning algorithms may include, for example, supervised learning, unsupervised learning, semi-supervised learning, or reinforcement learning, but It is not limited. An artificial intelligence model may include multiple artificial neural network layers. Artificial neural networks include deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), restricted boltzmann machine (RBM), belief deep network (DBN), bidirectional recurrent deep neural network (BRDNN), It may be one of deep Q-networks or a combination of two or more of the above, but is not limited to the examples described above. In addition to hardware structures, artificial intelligence models may additionally or alternatively include software structures.

The memory 130 may store various data used by at least one component (eg, the processor 120 or the sensor module 176) of the electronic device 101. Data may include, for example, input data or output data for software (e.g., program 140) and instructions related thereto. Memory 130 may include volatile memory 132 or non-volatile memory 134.

The program 140 may be stored as software in the memory 130 and may include, for example, an operating system 142, middleware 144, or application 146.

The input module 150 may receive commands or data to be used in a component of the electronic device 101 (e.g., the processor 120) from outside the electronic device 101 (e.g., a user). The input module 150 may include, for example, a microphone, mouse, keyboard, keys (eg, buttons), or digital pen (eg, stylus pen).

The sound output module 155 may output sound signals to the outside of the electronic device 101. The sound output module 155 may include, for example, a speaker or a receiver. Speakers can be used for general purposes such as multimedia playback or recording playback. The receiver can be used to receive incoming calls. According to one embodiment, the receiver may be implemented separately from the speaker or as part of it.

The display module 160 can visually provide information to the outside of the electronic device 101 (eg, a user). The display module 160 may include, for example, a display, a hologram device, or a projector, and a control circuit for controlling the device. According to one embodiment, the display module 160 may include a touch sensor configured to detect a touch, or a pressure sensor configured to measure the intensity of force generated by the touch.

The audio module 170 can convert sound into an electrical signal or, conversely, convert an electrical signal into sound. According to one embodiment, the audio module 170 acquires sound through the input module 150, the sound output module 155, or an external electronic device (e.g., directly or wirelessly connected to the electronic device 101). Sound may be output through the electronic device 102 (e.g., speaker or headphone).

The sensor module 176 detects the operating state (e.g., power or temperature) of the electronic device 101 or the external environmental state (e.g., user state) and generates an electrical signal or data value corresponding to the detected state. can do. According to one embodiment, the sensor module 176 includes, for example, a gesture sensor, a gyro sensor, an air pressure sensor, a magnetic sensor, an acceleration sensor, a grip sensor, a proximity sensor, a color sensor, an IR (infrared) sensor, a biometric sensor, It may include a temperature sensor, humidity sensor, or light sensor.

The interface 177 may support one or more designated protocols that can be used to connect the electronic device 101 directly or wirelessly with an external electronic device (eg, the electronic device 102). According to one embodiment, the interface 177 may include, for example, a high definition multimedia interface (HDMI), a universal serial bus (USB) interface, an SD card interface, or an audio interface.

The connection terminal 178 may include a connector through which the electronic device 101 can be physically connected to an external electronic device (eg, the electronic device 102). According to one embodiment, the connection terminal 178 may include, for example, an HDMI connector, a USB connector, an SD card connector, or an audio connector (eg, a headphone connector).

The haptic module 179 can convert electrical signals into mechanical stimulation (e.g., vibration or movement) or electrical stimulation that the user can perceive through tactile or kinesthetic senses. According to one embodiment, the haptic module 179 may include, for example, a motor, a piezoelectric element, or an electrical stimulation device.

The camera module 180 can capture still images and moving images. According to one embodiment, the camera module 180 may include one or more lenses, image sensors, image signal processors, or flashes.

The power management module 188 can manage power supplied to the electronic device 101. According to one embodiment, the power management module 188 may be implemented as at least a part of, for example, a power management integrated circuit (PMIC).

Battery 189 may supply power to at least one component of electronic device 101. According to one embodiment, the battery 189 may include, for example, a non-rechargeable primary battery, a rechargeable secondary battery, or a fuel cell.

Communication module 190 is configured to provide a direct (e.g., wired) communication channel or wireless communication channel between electronic device 101 and an external electronic device (e.g., electronic device 102, electronic device 104, or server 108). It can support establishment and communication through established communication channels. Communication module 190 operates independently of processor 120 (e.g., an application processor) and may include one or more communication processors that support direct (e.g., wired) communication or wireless communication. According to one embodiment, the communication module 190 is a wireless communication module 192 (e.g., a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module 194 (e.g., : LAN (local area network) communication module, or power line communication module) may be included. Among these communication modules, the corresponding communication module is a first network 198 (e.g., a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)) or a second network 199 (e.g., legacy It may communicate with an external electronic device 104 through a telecommunication network such as a cellular network, a 5G network, a next-generation communication network, the Internet, or a computer network (e.g., LAN or WAN). These various types of communication modules may be integrated into one component (e.g., a single chip) or may be implemented as a plurality of separate components (e.g., multiple chips). The wireless communication module 192 uses subscriber information (e.g., International Mobile Subscriber Identifier (IMSI)) stored in the subscriber identification module 196 to communicate within a communication network such as the first network 198 or the second network 199. The electronic device 101 can be confirmed or authenticated.

The wireless communication module 192 may support 5G networks after 4G networks and next-generation communication technologies, for example, NR access technology (new radio access technology). NR access technology provides high-speed transmission of high-capacity data (eMBB (enhanced mobile broadband)), minimization of terminal power and access to multiple terminals (mMTC (massive machine type communications)), or high reliability and low latency (URLLC (ultra-reliable and low latency). -latency communications)) can be supported. The wireless communication module 192 may support a high frequency band (eg, mmWave band), for example, to achieve a high data rate. The wireless communication module 192 uses various technologies to secure performance in high frequency bands, for example, beamforming, massive array multiple-input and multiple-output (MIMO), and full-dimensional multiplexing. It can support technologies such as input/output (FD-MIMO (full dimensional MIMO)), array antenna, analog beam-forming, or large scale antenna. The wireless communication module 192 may support various requirements specified in the electronic device 101, an external electronic device (e.g., electronic device 104), or a network system (e.g., second network 199). According to one embodiment, the wireless communication module 192 supports Peak data rate (e.g., 20 Gbps or more) for realizing eMBB, loss coverage (e.g., 164 dB or less) for realizing mmTC, or U-plane latency (e.g., 164 dB or less) for realizing URLLC. Example: Downlink (DL) and uplink (UL) each of 0.5 ms or less, or round trip 1 ms or less) can be supported.

The antenna module 197 may transmit or receive signals or power to or from the outside (eg, an external electronic device). According to one embodiment, the antenna module 197 may include an antenna including a radiator made of a conductor or a conductive pattern formed on a substrate (eg, PCB). According to one embodiment, the antenna module 197 may include a plurality of antennas (eg, an array antenna). In this case, at least one antenna suitable for a communication method used in a communication network such as the first network 198 or the second network 199 is, for example, connected to the plurality of antennas by the communication module 190. can be selected. Signals or power may be transmitted or received between the communication module 190 and an external electronic device through the selected at least one antenna. According to some embodiments, in addition to the radiator, other components (eg, radio frequency integrated circuit (RFIC)) may be additionally formed as part of the antenna module 197.

According to various embodiments, the antenna module 197 may form a mmWave antenna module. According to one embodiment, a mmWave antenna module includes a printed circuit board, an RFIC disposed on or adjacent to a first side (e.g., bottom side) of the printed circuit board and capable of supporting a designated high frequency band (e.g., mmWave band), And a plurality of antennas (e.g., array antennas) disposed on or adjacent to the second side (e.g., top or side) of the printed circuit board and capable of transmitting or receiving signals in the designated high frequency band. can do.

At least some of the components are connected to each other through a communication method between peripheral devices (e.g., bus, general purpose input and output (GPIO), serial peripheral interface (SPI), or mobile industry processor interface (MIPI)) and signal ( (e.g. commands or data) can be exchanged with each other.

According to one embodiment, commands or data may be transmitted or received between the electronic device 101 and the external electronic device 104 through the server 108 connected to the second network 199. Each of the external electronic devices 102 or 104 may be of the same or different type as the electronic device 101. According to one embodiment, all or part of the operations performed in the electronic device 101 may be executed in one or more of the external electronic devices 102, 104, or 108. For example, when the electronic device 101 needs to perform a certain function or service automatically or in response to a request from a user or another device, the electronic device 101 may perform the function or service instead of executing the function or service on its own. Alternatively, or additionally, one or more external electronic devices may be requested to perform at least part of the function or service. One or more external electronic devices that have received the request may execute at least part of the requested function or service, or an additional function or service related to the request, and transmit the result of the execution to the electronic device 101. The electronic device 101 may process the result as is or additionally and provide it as at least part of a response to the request. For this purpose, for example, cloud computing, distributed computing, mobile edge computing (MEC), or client-server computing technology can be used. The electronic device 101 may provide an ultra-low latency service using, for example, distributed computing or mobile edge computing. In another embodiment, the external electronic device 104 may include an Internet of Things (IoT) device. Server 108 may be an intelligent server using machine learning and/or neural networks. According to one embodiment, the external electronic device 104 or server 108 may be included in the second network 199. The electronic device 101 may be applied to intelligent services (e.g., smart home, smart city, smart car, or healthcare) based on 5G communication technology and IoT-related technology.

2 is a flowchart illustrating a method for registering a service according to various embodiments. This method may be executed by the electronic device 101 shown in FIG. 1 or the processor 120 of the electronic device 101.

Figure 3 shows examples of screens displayed during service registration according to one embodiment.

Figure 4 shows an example of a screen displayed when registering a service according to one embodiment.

Figure 5 shows another example of a screen displayed when registering a service according to one embodiment.

Referring to FIG. 2, in operation 202, the processor 120 processes a user requesting registration of a service provided through user authentication based on interworking with an external electronic device (e.g., the electronic device 102). Input can be received. For example, the service may be a digital wallet service provided based on linkage with the external electronic device. For example, the service is a service that performs payment using the electronic device 101 by providing information about the credit card of the user of the electronic device 101 to the external electronic device, and provides the user's identification information to the external electronic device. A service that opens the gate of a secure area using the electronic device 101 by providing it to an external electronic device, and providing the user's vehicle information to the external electronic device to open the vehicle using the electronic device 101 It may include a service that opens the door or starts the vehicle, or a service that performs a bank transfer using the electronic device 101 by providing information about the user's account to the external electronic device. there is. For example, because the service requires the use of privacy information such as information about the credit card, the identification information, the vehicle information, or information about the account, the service may be provided through user authentication. there is. For example, the user authentication may be performed within the electronic device 101 or may be performed based on interworking between the external electronic device and the electronic device 101.

For example, the user input may be received to register the service among a plurality of services that can be provided through the electronic device 101. For example, the user input may be an input for selecting the service among a plurality of services that can be provided through an application for an electronic wallet service installed in the electronic device 101. For example, referring to FIG. 3, the processor 120, as in state 300, displays a plurality of devices for indicating each of the plurality of services within the user interface 310 of the application providing an electronic wallet service. Visual objects 311 may be displayed. Within the state 300, the processor 120 selects a visual object ( A user input 313 for 312) may be received as the user input.

In operation 204, the processor 120 may identify authentication schemes to be used to authenticate the user required when using the service, based on the type of the service. For example, because the electronic device 101 is portable, the electronic device 101 can be in a variety of situations. For example, because the electronic device 101 is portable, the electronic device 101 can be located in various environments. For example, the processor 120, based on the type of service, rather than one authentication method, to adaptively provide different authentication methods depending on the environments in which the electronic device 101 may be located. , various authentication methods can be identified based on the type of service. For example, the authentication methods include a method of authenticating the user by entering a password registered through user input, a method of authenticating the user by entering a passcode registered through user input, and a method of authenticating the user by entering a password registered through user input. A method of authenticating the user by inputting a pattern registered through a method, a method of authenticating the user by inputting fingerprint information registered through a user input, a method of authenticating the user by inputting face information registered through a user input, A method of authenticating the user by inputting iris information registered through a user input, a method of authenticating the user by inputting voice information registered through a user input, or a method of authenticating the user by inputting the electronic device 101 through the user input. It may include two or more ways to authenticate the user by contacting the device. A method of identifying the authentication methods based on the type of the service will be described later through the description of FIG. 6.

In operation 206, when receiving a user input requesting use of the service, the processor 120 provides data for providing an authentication method corresponding to the situation of the electronic device 101 among the authentication methods for user authentication. The service can be registered based on storing it as associated with data about the service. For example, when receiving the user input, the processor 120 links data for providing an authentication method corresponding to the environment in which the electronic device 101 is located among the authentication methods with data about the service. Based on what you save, you can register the service. For example, processor 120 may, based on identifying the authentication methods in operation 204, identify a priority of the identified authentication methods for each of the candidate environments in which the electronic device 101 may be located; , the data for providing the authentication method corresponding to the environment among the authentication methods can be obtained based on the identified priority.

For example, referring to Figure 3, processor 120, in response to receiving user input 313 within state 300, determines that the service indicated by user input 313 performs the function of a car key. is a service provided using the electronic device 101, and based on the identification, operations may be performed to authenticate that the user is the owner of a car related to the service before registering the service. For example, processor 120 may transition state 300 to state 320 in response to receiving user input 313.

Figure 3 shows an example in which the user input 313 is a touch input, but the user input 313 may be replaced with a user input of another format. For example, the user input 313 may be a voice command (eg, “register car key”) obtained through the input module 150 (eg, microphone) of the electronic device 101. In one embodiment, the voice command may be obtained after a call word indicating that voice recognition is required (e.g., “Hi, Bixby”) is obtained through the input module 150. However, it is not limited to this.

Within state 320, processor 120, within user interface 310, controls the vehicle (or the external electronic device installed within the vehicle, for driving and controlling the vehicle (e.g., a digital cockpit). ))) may display an executable object 321 for executing establishing a connection. For example, the executable object 321 may provide a user interface ( 310). Within state 320, processor 120 may receive user input 322 for executable object 321.

For example, if the electronic device 101 includes communication circuitry for an ultra wide band (UWB) communication scheme, the processor 120 may, in response to receiving the user input 322, generate a status 320. You can switch to state 330. Within state 330, processor 120, while establishing a connection with the external electronic device within the vehicle via the UWB communication scheme based on user input 322, within user interface 310: A visual object 331 may be displayed within the user interface 310 to indicate that a connection with the external electronic device is being established. In one embodiment, to emphasize the display of the visual object 331, the remaining area of the user interface 310, excluding the area displaying the visual object 331, may be treated as blur or translucent. there is. In one embodiment, the display of visual object 331 causes processor 120 to transmit information to authenticate that the user is the owner of the automobile from electronic device 101 to the external electronic device via the established connection. and may be maintained until a message indicating that the user is authenticated as the owner of the car is received from the external electronic device. For example, because the message indicates that the user authenticates as an owner of the car, processor 120 may, in response to receiving the message, provide upon use of the service based on the type of the service. The authentication methods that can be used can be identified. Meanwhile, processor 120 may transition state 330 to state 340 in response to receiving the message. Within state 340, the processor 120 is used to indicate that a service for opening the door of the car or starting the car can be executed using the electronic device 101 within the user interface 310. A visual object 341 may be displayed. Within state 340, processor 120 may further display information 342 to indicate that registration of the service is complete within user interface 310. Within state 340, processor 120, in response to receiving user input 344 on executable object 343 to indicate completion of registration of the service within user interface 310, , you can register the above service.

For another example, if the electronic device 101 does not include communication circuitry for the UWB communication method, the processor 120, in response to receiving the user input 322, sets the state 320 to state ( 335). Within state 335, processor 120 establishes a connection with the external electronic device within the vehicle via a short-range communication method (e.g., near field communication (NFC) method) based on user input 322. A visual object 336 may be displayed within the user interface 310 to guide that it is required to touch the electronic device 101 on the external electronic device or on an area within the vehicle connected to the external electronic device. there is. Processor 120 may establish a connection with the external electronic device based on contact between electronic device 101 and a portion of the vehicle while displaying visual object 336 within user interface 310. You can. The processor 120 transmits information for authenticating that the user is the owner of the car from the electronic device 101 to the external electronic device through the established connection, and transmits information for authenticating that the user is the owner of the car from the external electronic device. Display of the visual object 336 may be maintained until a message is received indicating that owner is authenticated. For example, because the message indicates that the user authenticates as an owner of the car, processor 120 may, in response to receiving the message, provide upon use of the service based on the type of the service. The authentication methods that can be used can be identified. Meanwhile, processor 120 may transition state 335 to state 340 in response to receiving the message. Within state 340, the processor 120 is used to indicate that a service for opening the door of the car or starting the car can be executed using the electronic device 101 within the user interface 310. A visual object 341 may be displayed. Within state 340, processor 120 may further display information 342 to indicate that registration of the service is complete within user interface 310. Within state 340, processor 120, in response to receiving user input 344 on executable object 343 to indicate completion of registration of the service within user interface 310, , you can register the above service.

In one embodiment, processor 120 may display information to notify what the authentication methods identified in operation 204 are. For example, referring to Figure 4, processor 120 may provide state 400 instead of state 340 based on identifying the authentication methods. Within state 400, processor 120 may display information 401 to indicate the authentication methods within user interface 310. For example, the information 401 includes text, registration, and text to guide that the service can be used through an authentication method of entering a fingerprint corresponding to a registered fingerprint and tagging (or contacting) the electronic device 101. Enter the registered passcode (or registered PIN), text to guide you that you can use the service through an authentication method that tags the electronic device 101, and enter the registered pattern and enter the electronic device 101 ) may include text to guide that the service can be used through an authentication method tagging. However, it is not limited to this.

In one embodiment, the information 401 for indicating the authentication methods may be images superimposed on the visual object 341. For example, referring to Figure 5, processor 120 may provide state 500 instead of state 340 based on identifying the authentication methods. Within state 500, processor 120 may display images 501 for indicating each of the above authentication methods, overlaid on a visual object 341 displayed within user interface 310. For example, among the images 501, image 501-1 guides that the service can be used through an authentication method of entering a fingerprint corresponding to a registered fingerprint and tagging the electronic device 101, and the image 501-1 Among the images 501, the image 501-2 guides that the service can be used through an authentication method of entering a registered passcode and tagging the electronic device 101, and among the images 501, the image 501-2 -3) can guide that the service can be used through an authentication method of entering a registered pattern and tagging the electronic device 101. However, it is not limited to this.

As described above, when receiving a user input requesting use of a service, the electronic device 101 adaptively provides an authentication method according to the situation of the electronic device 101 or the environment in which the electronic device 101 is located. To do so, the authentication methods can be identified based on the type of the service while registering the service. In one embodiment, the electronic device 101 may guide information indicating what the identified authentication methods are while registering the service.

Figure 6 is a flowchart illustrating a method for identifying authentication methods based on the type of service according to one embodiment. This method may be executed by the electronic device 101 shown in FIG. 1 or the processor 120 of the electronic device 101.

Operations 602 to 606 of FIG. 6 may be related to operation 204 of FIG. 2 .

Referring to FIG. 6, in operation 602, the processor 120 may identify a storage method of data for the service based on the type of the service. For example, because the level of security required may vary depending on the content of the service for which registration is requested or depending on the attributes of privacy information used for the service for which registration is requested, the processor 120 performs operation 202: Based on the user input received, the type of service can be identified. For example, the type of service can be expressed as Table 1 below.

For example, referring to Figure 3, processor 120, based on receiving user input 313 in state 300, determines the type of the service to be registered according to user input 313, in the table Among the plurality of types illustrated through 1, the type corresponding to the digital key can be identified.

In one embodiment, the processor 120 may identify the storage method as a storage method corresponding to the type of service. For example, the processor 120 may identify at least one storage method corresponding to the type of the service among the storage methods included in Table 2 below as a storage method for storing data for the service. there is.

In Table 2, eSE may refer to a storage method provided through hardware-based security functions. For example, eSE is a storage method that protects data from digital attacks through a processing unit with enhanced security and a physically unclonable function (PUF) that generates keys that cannot be duplicated. You can. In Table 2, TZ is provided based on dividing the execution environment used by the processor 120 and the memory associated with the processor 120 into a non-secure environment (e.g., rich environment) and a secure area (e.g., trusted environment). It may refer to a hardware-based storage method. In Table 2, WBC may refer to a storage method provided by preventing leakage of encryption keys through software-based security functions. In Table 2, non-secure storage may mean storing data without processing for security or storing data with minimal security.

For example, if the type of the service for which registration is requested corresponds to the digital key, the processor 120 may identify each of eSE and TZ among the storage methods in Table 2 as the storage method of data for the service. You can. However, it is not limited to this.

At operation 604, processor 120 may identify a data security method for the service based on the type of the service. In one embodiment, the processor 120 may identify the security method of the data as a security method corresponding to the type of the service. For example, the security method may mean a security method applied to the channel for the data. For example, the processor 120 may identify at least one security method corresponding to the type of the service among the security methods included in Table 3 below as the security method applied to the channel for the data. You can.

In Table 3, SCP stands for secure channel protocol, TCP/IP stands for transmission control protocol/internet protocol, and RSA (Rivest-Shamir-Adleman) stands for electronic It may refer to a security method that provides authentication based on signatures.

For example, if the type of service for which registration is requested corresponds to the digital key, the processor 120 may identify SCP as a security method for data for the service.

Figure 6 shows an example of executing operation 604 after executing operation 602, but this is for convenience of explanation. In one embodiment, processor 120 may execute operation 604 while executing operation 602, or may execute operation 602 after executing operation 604.

At operation 606, the processor 120 may identify authentication methods to be used for user authentication required when using the service for which registration is requested, based on the identified storage method and the identified security method. For example, the processor 120 may identify the authentication methods based on a security level corresponding to the identified storage method and a security level corresponding to the identified security method. For example, the processor 120 selects the authentication methods corresponding to the identified storage method and the identified security method among the authentication methods included in Table 4 below as required when using the service for which registration has been requested. The authentication methods to be used for user authentication can be identified.

In Table 4, FIDO refers to an authentication method that authenticates users through transmission of authentication results (e.g., results of authentication using biometric information) instead of transmission of authentication data (e.g., biometric information), and FIDO - UVI When the biometric information used for authentication is a fingerprint, unlike FIDO, which authenticates the user even if the user's fingerprint obtained for authentication corresponds to any one of the registered fingerprints, the fingerprint is not registered with the registered fingerprint. It may refer to an authentication method that requires correspondence to all fingerprints.

As described above, when receiving a user input requesting use of the service for which registration has been requested, the electronic device 101 adapts adaptively according to the situation of the electronic device 101 or the environment in which the electronic device 101 is located. To provide an authentication method, a plurality of authentication methods may be identified based on the type of the service for which registration is requested. Because the plurality of authentication methods are identified based on the storage method of data for the service and the security method of data for the service, the electronic device 101 has an enhanced user experience while maintaining security. Services can be provided.

FIG. 7 is a flowchart illustrating a method of displaying a visual object for guiding input of reference information based on identifying that the reference information includes an unregistered authentication method, according to one embodiment. This method may be executed by the electronic device 101 shown in FIG. 1 or the processor 120 of the electronic device 101.

Operations 702 to 710 of FIG. 7 may be related to operations 204 and 206 of FIG. 2 .

FIG. 8 illustrates an example of a screen including a visual object for guiding entry of reference information while registering a service, according to an embodiment.

Referring to FIG. 7, in operation 702, the processor 120 may identify authentication methods to be used for user authentication required when using the service, based on the type of service for which registration is requested. For example, operation 702 may correspond to operation 204 of FIG. 2 or operation 606 of FIG. 6 .

In operation 704, the processor 120 may identify whether an authentication method for which the reference information for user authentication is not registered is included in the authentication methods based on identifying the authentication methods. For example, the reference information is registered in the electronic device 101 to identify whether information obtained through user input received for user authentication when using the service is information for authenticating the user of the service. It may refer to information registered within the external electronic device. For example, the reference information may mean information registered for comparison with the information obtained through the user input while performing the user authentication. The processor 120 may execute operation 708 on the condition that an authentication method in which the reference information is not registered is included in the authentication methods, and otherwise execute operation 706.

In operation 706, the processor 120 may register the service based on identifying that an authentication method for which the reference information is not registered is not included in the authentication methods. For example, when receiving a user input requesting use of the service, the processor 120 provides an authentication method corresponding to the environment in which the electronic device 101 is located among the authentication methods for user authentication. The service can be registered based on storing data for the service in connection with data for the service.

In operation 708, the processor 120 may display a visual object for guiding input of the reference information based on identifying that the authentication methods in which the reference information is not registered are included in the authentication methods. For example, referring to FIG. 8 , the processor 120 may provide a status 800 based on identifying that an authentication method in which the reference information is not registered is included in the authentication methods. Within state 800, processor 120 may display at least one visual object 810 to guide input of the reference information within user interface 310. For example, when the unregistered reference information is biometric information such as fingerprint information, at least one visual object 810 is an image for guiding how to register biometric information (e.g. fingerprint information) of a user of the service. It may consist of at least one of 815 or text 820. However, it is not limited to this. In one embodiment, when a sensor for obtaining the fingerprint information is disposed below the display of the electronic device 101 or included within the display, the processor 120 operates the reference at a position corresponding to the position of the sensor. A visual object 823 that guides the location where information can be received may be further displayed.

In operation 710, the processor 120 may obtain the unregistered reference information while displaying the visual object. For example, the processor 120 may obtain the reference information based on at least one user input received while displaying the visual object. For example, referring to FIG. 8 , while displaying at least one visual object 810 within state 800, processor 120 may detect the biometric object 810 through at least one sensor of electronic device 101. The at least one user input providing information may be received, and the reference information may be obtained based on the at least one user input. The processor 120 may transition state 800 to state 850 based on obtaining the reference information. Within state 850, the processor 120 may display information 855 within the user interface 310 to indicate that acquisition of the reference information is complete. Within state 850, processor 120 may further display an executable object 860 within user interface 310 to confirm that obtaining the reference information is complete. Processor 120 may complete obtaining the reference information based on receiving user input for executable object 860.

Meanwhile, the processor 120 may re-execute operation 704 based on obtaining the reference information in operation 710. For example, the processor 120 determines whether another authentication method for which the standard information for user authentication is not registered is included in the authentication methods, based on obtaining the standard information for the authentication method. can be identified. For example, the processor 120 performs operations 708 and 710 again to obtain the reference information for the other authentication method under the condition that the other authentication method for which the reference information is not registered is included in the authentication methods. Execute, otherwise operation 706 may be executed.

As described above, the electronic device 101 performs the authentication method for which the standard information is not registered, under the condition that an authentication method for which the standard information is not registered exists among the authentication methods identified based on the type of the service for which registration is requested. The user experience for user authentication can be enhanced by identifying a method performed during use of the service while registering the service and displaying a visual object for registering or obtaining the reference information.

Figure 9 is a flowchart illustrating a method for identifying the priority of each authentication method based on the type of service, according to one embodiment. This method may be executed by the electronic device 101 shown in FIG. 1 or the processor 120 of the electronic device 101.

Operations 902 to 906 of FIG. 9 may be related to operations 204 and 206 of FIG. 2 .

Referring to FIG. 9, in operation 902, the processor 120 may identify authentication methods to be used for user authentication required when using the service, based on the type of service for which registration is requested. For example, operation 902 may correspond to operation 204 of FIG. 2, operation 606 of FIG. 6, or operation 702 of FIG. 7.

In operation 904, the processor 120 is configured to identify the priority of each of the identified authentication methods for each of the candidate environments in which the electronic device 101 may be located when using the service for which registration has been requested. Data can be obtained. For example, because the electronic device 101 is a portable device, it can be located in various environments. For example, the electronic device 101 may be located in an environment where communication connection with the external electronic device is possible, or may be located in an environment where communication connection with the external electronic device is not possible. For example, when the electronic device 101 is located in an environment in which communication connection with the external electronic device is possible, user authentication through an online-based authentication method is more suitable than an offline-based authentication method in terms of security, while the electronic device ( If 101) is located in an environment where communication connection with the external electronic device is impossible, user authentication through an offline-based authentication method may be more suitable than user authentication through an online-based authentication method. For another example, when the electronic device 101 is located in an environment where the strength of a signal received from an intermediate node, such as a base station or an access point (AP), is greater than or equal to the reference strength, the electronic device 101 may use a cellular communication method or a Wi-Fi communication method. While user authentication through an authentication method performed based on a direct communication method is more suitable than user authentication through an authentication method performed based on a direct communication method, in terms of usability or convenience, the strength of the signal received by the electronic device 101 from the intermediate node is When located in an environment where the intensity is less than the above standard, user authentication through an authentication method performed based on a direct communication method may be more suitable than user authentication through an authentication method performed based on a cellular communication method or Wi-Fi communication method. . As another example, when the electronic device 101 is located in a warm and humid environment, user authentication through an authentication method using a fingerprint is more secure than user authentication through an authentication method using a password, passcode, or pattern. On the other hand, when the electronic device 101 is located in a cold and dry environment, user authentication through an authentication method using a password, passcode, or pattern may be more suitable in terms of usability or convenience than user authentication through an authentication method using a fingerprint. You can. As another example, when the electronic device 101 is located in an environment with a reference illuminance level or higher, user authentication through an authentication method performed based on facial recognition is more suitable than other authentication methods, while the electronic device 101 When located in an environment with less than the above-mentioned standard illumination level, user authentication through another authentication method that is distinct from the authentication method performed based on facial recognition may be appropriate. However, it is not limited to this.

In one embodiment, processor 120 may obtain data to identify the priority of each of the identified authentication methods for each of the candidate environments defined to represent these environments. For example, data for identifying the priority may be composed of weights defined as shown in Table 5 below.

For example, in Table 5, the data defined for the first communication link is related to each of the authentication methods in an environment where the quality of the communication link established through the 5th generation (5G) cellular communication method is higher than the standard quality. Indicates the applied weights, and the data defined for the second communication link is the weight applied to each authentication method in an environment where the quality of the communication link established through the 4th generation (4G) cellular communication method is higher than the standard quality. and the data defined for the third communication link represents weights applied to each authentication method in an environment where the quality of the communication link established through the Wi-Fi direct communication method is higher than the standard quality, and the fourth communication link The data defined for may represent weights applied to each authentication method in an environment where the quality of the communication link established through the Bluetooth communication method is higher than the standard quality. For example, the electronic device 101 may determine that the quality of the communication link established through the 5th generation cellular communication method is higher than the standard quality, the quality of the communication link established through the 4th generation cellular communication method is less than the standard quality, and Wi -If the quality of the communication link established through the Fi Direct communication method is below the reference quality and the quality of the communication link established through the Bluetooth communication method is located within a candidate environment below the reference quality, the processor 120 performs FIDO-based authentication. A weight of 5 is applied to the offline fingerprint-based authentication methods, a weight of 1 is applied to the offline fingerprint-based authentication method, a weight of 3 is applied to the passcode-based authentication method, a weight of 2 is applied to the pattern-based authentication method, and a weight of 4 is applied to the password-based authentication method. By applying, the priorities can be identified in the following order: FIDO-based authentication method, password-based authentication method, passcode-based authentication method, pattern-based authentication method, and offline fingerprint-based authentication method. However, it is not limited to this.

In one embodiment, data for identifying the priority may be configured differently depending on the type of service. For example, data for identifying the priority may be composed of weights defined as in Table 6 below, which are different from some of the weights illustrated in Table 5, depending on the type of service.

For example, as shown in Table 6, data for identifying the priority may include different weights for the identified authentication methods depending on the type of service.

In operation 906, the processor 120 may store data for identifying the priority in association with data for the service. For example, the processor 120 uses data for identifying the priority, which can be expressed as shown in Table 5, to provide an authentication method corresponding to the environment in which the electronic device 101 is located when using the service. , can be saved. In one embodiment, data for identifying the priority may be updated depending on whether an authentication method identified based on the priority is used when using the service. An example of updating the data will be described later through the description of FIG. 10.

As described above, the electronic device 101 may store data for identifying priorities for each of the candidate environments in which the electronic device 101 may be located in order to adaptively provide an authentication method depending on the environment. You can. Through such storage, the electronic device 101 can provide user authentication with enhanced usability or convenience.

10 is a flowchart illustrating a method of using a service according to various embodiments. This method may be executed by the electronic device 101 shown in FIG. 1 or the processor 120 of the electronic device 101.

Figure 11 shows examples of screens displayed while performing user authentication for use of a service, according to one embodiment.

12 to 16 show examples of environments identified for authentication methods for use of services.

Figure 17 shows an example of a visual object in a screen displayed while performing user authentication for use of a service, according to one embodiment.

Referring to FIG. 10 , in operation 1002, the processor 120 may receive a first user input requesting the use of a service provided through user authentication based on interworking with an external electronic device. For example, the service may be a service registered through FIG. 2. For example, the service may be a service registered through an application that provides an electronic wallet service. For example, the service is a service that performs payment using the electronic device 101 by providing information about the credit card of the user of the electronic device 101 to the external electronic device, and provides the user's identification information to the external electronic device. A service that opens the gate of a secure area using the electronic device 101 by providing it to an external electronic device, and providing the user's vehicle information to the external electronic device to open the vehicle using the electronic device 101 It may include a service that opens the door or starts the vehicle, or a service that performs a bank transfer using the electronic device 101 by providing information about the user's account to the external electronic device. there is. For example, because the service requires the use of privacy information such as information about the credit card, the identification information, the vehicle information, or information about the account, the service may be provided through user authentication. there is. However, it is not limited to this.

For example, the first user input may be an input received to use one service among a plurality of services registered through the application. In one embodiment, the first user input may be received while the lock screen is displayed through the display of the electronic device 101 (eg, the display module 160 of FIG. 1). In one embodiment, the first user input may be received while a screen different from the lock screen is displayed on the display of the electronic device 101. For example, the first user input may be received while displaying a home screen including a plurality of executable objects for respectively executing a plurality of applications installed in the electronic device 101. For example, referring to FIG. 11 , the processor 120 may display a home screen 1101 within state 1100 . Within state 1100, home screen 1101 may include a visual object 1102 for use of the service. For example, the visual object 1102 may have a representation intersected with the side of the display to guide that the service is available without compromising the visibility of the home screen 1101. For example, the visual object 1102 may have the shape of a card inserted into a wallet to guide that the service is available without reducing the visibility of the home screen 1101. However, it is not limited to this. The processor 120 may receive user input 1105, which is the first user input, within state 1100. For example, user input 1105 may be an input that drags a visual object 1102. Processor 120 may transition state 1100 to state 1110 in response to receiving user input 1105. Within state 1110, processor 120 may display a visual object 1102 overlaid on home screen 1101. For example, the visual object 1102 in the state 1110, unlike the visual object 1102 in the state 1100, may have a shape that indicates what function is provided through the service. For example, the visual object 1102 in the state 1110 is an image indicating that the service is a service that opens the door of the car or starts the car based on interworking with an external electronic device related to the car. may include. However, it is not limited to this.

At operation 1004, the processor 120 may identify the status of the electronic device 101 using at least one of a plurality of communication circuits within the electronic device 101, based on receiving the first user input. there is. For example, based on receipt of the first user input, the processor 120 identifies the environment in which the electronic device 101 is located using at least one of the plurality of communication circuits within the electronic device 101. can do. For example, the plurality of communication circuits may include the communication module 190 shown in FIG. 1. For example, the plurality of communication circuits include at least one communication circuit for providing a cellular communication method, a communication circuit for providing a Wi-Fi communication method, a communication circuit for providing a Bluetooth communication method, and a UWB communication method. It may include two or more of a communication circuit for providing a communication circuit, a communication circuit for providing an NFC communication method, or a receiving circuit for GNSS (global navigation satellite system).

In one embodiment, if at least one of the plurality of communication circuits is deactivated upon receiving the first user input, processor 120, in response to receiving the first user input, At least one of the circuits may be activated and, based on the activation, the environment in which the electronic device 101 is located may be identified. However, it is not limited to this.

In one embodiment, the processor 120 may identify the environment based on the reception strength of each signal received through at least one of the plurality of communication circuits. For example, the processor 120 may identify the location of the electronic device 101 based on the reception strength and identify the environment based on the identified location. For another example, the processor 120 may, based on the reception strength, control the electronic device 101 within an environment in which only some of the plurality of communication methods supported by the electronic device 101 are available for communication with the external electronic device. It can be identified that (101) is located. However, it is not limited to this.

In one embodiment, the processor 120 may identify the environment based on information received through at least one of the plurality of circuits. For example, the processor 120 may identify the location of the electronic device 101 based on signals received through the receiving circuit for the GNSS and identify the environment based on the identified location. there is. For another example, the processor 120 may receive information about the weather through at least one of the plurality of circuits and identify the environment based on the information. However, it is not limited to this.

For example, referring to FIG. 12 , the processor 120 may identify the environment 1200 in which the electronic device 101 is located through at least one of the plurality of communication circuits. For example, the processor 120 determines that the reception strength of the signal received through the communication circuit for the cellular communication method is less than the reference strength and the access point (AP) in the elevator 1210 through the communication circuit for the Wi-Fi communication method. ) Based on identifying that the strength of the signal received from 1215 is greater than or equal to the reference strength, it can be identified that the electronic device 101 is located within the elevator 1210. For example, the processor 120 controls the electronic device 101 in the elevator 1210 based on the first user input and the direction of movement of the electronic device 101 identified through an acceleration sensor in the electronic device 101. It can be identified that the electronic device 101 located on the 4th basement floor is moving toward the user's car 1220. For another example, processor 120 may, based on receiving the first user input and identifying that the reception strength of a signal received through a communication circuit for a cellular communication method is reduced, determine It can be identified that the electronic device 101 is moving toward the car 1220 located on the fourth basement floor.

For another example, referring to FIG. 13 , the processor 120 may identify the environment 1300 in which the electronic device 101 is located through at least one of the plurality of communication circuits. For example, the processor 120 uses a communication circuit for a communication method with first coverage (e.g., UWB communication method) to communicate with the electronic device 101 and the user's car 1310 of the electronic device 101. It is possible to establish a communication connection between an external electronic device 1320, and an electronic device using a communication circuit for a communication method (e.g., Bluetooth communication method or NFC communication method) having a second coverage narrower than the first coverage. Based on identifying that it is impossible to establish a communication connection between the 101 and the external electronic device 1320, an environment 1300 in which the electronic device 101 is separated from the car 1310 by a certain distance or more. It can be identified that it is located within. For example, the processor 120, based on further identifying that the illuminance identified using the illuminance sensor of the electronic device 101 is less than the reference illuminance, determines that the electronic device 101 is a car 1310 parked underground. It can be further identified that it is located within an environment 1300 that is separated by a certain distance or more.

As another example, referring to FIG. 14 , the processor 120 may identify the environment 1400 in which the electronic device 101 is located through at least one of the plurality of communication circuits. For example, the processor 120 identifies that the electronic device 101 is located outdoors through a reception circuit for GNSS and transmits information received from the external electronic device 1420 in the car 1410 through a communication circuit for Bluetooth. By identifying the distance between the electronic device 101 and the external electronic device 1420 based on the signal, it is possible to identify that the electronic device 101 is adjacent to the car 1410 in the outdoor parking lot. For example, the processor 120, based on acquiring an image including a visual object corresponding to the car 1410 through the camera of the electronic device 101, determines the electronic device 101 to detect the car in the outdoor parking lot ( 1410) It can be identified that it is located right next to it.

For another example, referring to FIG. 15 , the processor 120 may identify the environment 1500 in which the electronic device 101 is located through at least one of the plurality of communication circuits. For example, the processor 120 may receive information about the weather received through a communication circuit for the cellular communication method and external electronic devices within the electronic device 101 and the vehicle 1510 established through the communication circuit for the Bluetooth communication method. Based on the communication link between the devices 1520, the electronic device 101 may be identified as being located near the automobile 1510 in cold weather.

For another example, referring to FIG. 16 , the processor 1200 may identify the environment 1600 in which the electronic device 101 is located through at least one of the plurality of communication circuits. For example, the processor 120 identifies the distance 1615 between the base station 1610 and the electronic device 101 based on a signal received from the base station 1610 through a communication circuit for a cellular communication method, The distance 1625 between the AP 1620 and the electronic device 101 is identified based on the signal received from the AP 1620 through the communication circuit for the Wi-Fi communication method, and the communication circuit for the UWB communication method is established. The location of the electronic device 101 is determined by identifying the distance 1645 between the electronic device 101 and the automobile 1640 based on a reflected signal for a signal transmitted from the electronic device 101 toward the automobile 1640. can be identified. The processor 120 establishes a communication connection between the wearable device 1630 and the electronic device 101 through a communication circuit for the Bluetooth communication method and collects electronic data obtained through the sensor of the wearable device 1630 through the communication connection. Based on the biometric information of the user of the device 101, it can be identified that the electronic device 101 is held by the user wearing the wearable device 1630.

In operation 1006, the processor 120 may identify an authentication method corresponding to the environment among a plurality of authentication methods registered for the service for user authentication.

For example, referring to FIG. 12, the processor 120 controls the car 1220 located on the 4th basement level in a state where communication through the cellular communication method is restricted by the electronic device 101 in the elevator 1210. Based on identifying that the device is moving toward the user, the authentication method that performs the user authentication using the Wi-Fi communication method among the plurality of authentication methods can be identified as the authentication method corresponding to the environment 1200. For another example, the processor 120 determines that the electronic device 101 in the elevator 1210 is moving toward the car 1220 located on the fourth basement floor while communication through the cellular communication method is restricted. Based on the identification, an offline-based authentication method among the plurality of authentication methods may be identified as an authentication method corresponding to the environment 1200.

For another example, referring to FIG. 13, the processor 120 is capable of establishing a communication connection with an external electronic device 1320 in the car 1310 using a communication method having the first coverage, and Based on identifying that it is impossible to establish a communication connection with an external electronic device 1320 in the automobile 1310 using a communication method having the second coverage narrower than 1 coverage, the authentication method among the plurality of authentication methods The authentication method that performs the user authentication using a communication method with a first coverage or a communication method with a wider coverage than the first coverage can be identified as an authentication method corresponding to the environment 1300. For another example, the processor 120 performs the user authentication through facial recognition among the plurality of authentication methods, based on identifying that the illuminance around the electronic device 101 is less than the reference illuminance. A different authentication method that is distinct from the above can be identified as an authentication method corresponding to the environment 1300.

For another example, referring to FIG. 14, the processor 120 selects an offline-based authentication method among the plurality of authentication methods based on identifying that the electronic device 101 is adjacent to the car 1410. The first authentication method that performs the user authentication through the NFC communication method and the second authentication method that performs the user authentication through the NFC communication method can be identified as the authentication method corresponding to the environment 1400.

As another example, referring to FIG. 15, since fingerprint recognition has a relatively high probability of being misrecognized in cold weather, the processor 120 is configured to operate the electronic device 101 outdoors in cold weather and the car 1510 Based on identifying the location in the vicinity, the authentication method that performs the user authentication through input of a pattern (or password, passcode) among the plurality of authentication methods can be identified as the authentication method corresponding to the environment 1500. You can.

As another example, referring to FIG. 16, the processor 120 determines which of the plurality of authentication methods will be used for user authentication based on distance 1615, distance 1625, and distance 1645. The authentication method can be identified as an authentication method corresponding to the environment 1600. In one embodiment, the processor 120 may use one of the plurality of authentication methods instead of the electronic device 101 based on identifying that the user of the electronic device 101 is wearing the wearable device 1630. The authentication method that performs the user authentication through the wearable device 1630 may be identified as an authentication method corresponding to the environment 1600. An example of authenticating a user of the service through the wearable device 1630 after identifying the authentication method will be described later through the description of operation 1010.

In one embodiment, the processor 120 may identify the authentication method with the highest priority for the identified environment among the plurality of authentication methods as the authentication method corresponding to the environment. For example, the processor 120 may identify the priority of each of the plurality of authentication methods based on data for identifying the priority of each of the plurality of authentication methods stored when registering the service. there is. For example, when the data is structured as shown in Table 5, the processor 120 determines in operation 1004 that the quality of the communication link established by the electronic device 101 through the 5th generation cellular communication method is higher than the standard quality and the 4th generation cellular communication method is used. The quality of the communication link established through the cellular communication method is below the standard quality, the quality of the communication link established through the Wi-Fi direct communication method is below the standard quality, and the quality of the communication link established through the Bluetooth communication method is below the standard quality. Based on identifying a location in a candidate environment that is of lower quality, the data is used to apply a weight of 5 to a FIDO-based authentication method, one of the plurality of authentication methods, and Weight 1 is applied to the offline fingerprint-based authentication method, which is an authentication method, weight 3 is applied to the passcode-based authentication method, which is one of the plurality of authentication methods, and authentication is applied to one of the plurality of authentication methods. By applying a weight of 2 to the pattern-based authentication method, and applying a weight of 4 to the password-based authentication method, which is one of the plurality of authentication methods, FIDO-based authentication method, password-based authentication method, and passcode-based authentication The priorities can be identified in the following order: method, pattern-based authentication method, and offline fingerprint-based authentication method. The processor 120 uses the FIDO-based authentication method with the highest priority among the FIDO-based authentication method, password-based authentication method, passcode-based authentication method, pattern-based authentication method, and offline fingerprint-based authentication method corresponding to the environment. It can be identified using the above authentication method.

In one embodiment, the priority of each of the plurality of authentication methods may be determined based on the history in which each of the plurality of authentication methods has been used to authenticate the user while the electronic device 101 is located within the environment. It can be identified based on past authentication heuristics including. For example, if the electronic device 101 fails to authenticate a user of the service through an identified authentication method among the plurality of authentication methods while located within the environment, the processor 120 may The past authentication heuristics may be updated (refined or updated) based on data indicating failure to authenticate the user of the service through the authentication method. For example, according to the update, data for identifying the priority configured as shown in Table 5 may be changed as shown in Table 7 below.

For example, based on the above update, the weight applied to the FIDO-based authentication method, which was defined as 5 for the first communication link in Table 5, is changed to 4 in Table 7, and is changed to 4 for the first communication link in Table 5. The weight applied to the password-based authentication method defined as 4 can be changed to 5 in Table 7. However, it is not limited to this.

In operation 1008, the processor 120 may display a visual object on the display of the electronic device 101 to guide the user of the service to be authenticated through the identified authentication method. For example, referring to Figure 11, processor 120, in response to identifying the release of user input 1105 dragging visual object 1102 within state 1110, enters state 1110 ) can be converted to state (1120). Within state 1120, processor 120 may display a user interface 1130 of the application running in electronic device 101 to provide the service and providing the electronic wallet service. User interface 1130 displayed within state 1120 may include a visual object 1102 to indicate which service is selected for use. The user interface 1130 displayed within the state 1120 may include a visual object 1121 that guides the user of the service to authenticate through the authentication method identified in operation 1006 among the plurality of authentication methods. there is.

In one embodiment, an intermediate state between state 1110 and state 1120 may be defined to indicate which of the plurality of authentication methods is identified. For example, referring to Figure 17, processor 120 may transition state 1110 to state 1700 in response to identifying release of user input 1105. Within state 1700, processor 120 displays visual objects 1701 for indicating each of the plurality of authentication methods within visual object 1102 within user interface 1130 or displays visual objects 1701 within visual object 1102 within user interface 1130. ) can be displayed by overlapping the visual objects 1701 on the visual objects 1102 within the visual object 1701. Among the visual objects 1701, the visual object 1701-1 for indicating the identified authentication method may be emphasized relative to the visual object 1701-2 and the visual object 1701-3. For example, within state 1700, processor 120 may display visual effect 1702 surrounding visual object 1701-1. Processor 120 may transition state 1700 to state 1120 after providing state 1700 for a specified period of time. However, it is not limited to this.

In operation 1010, the processor 120 may authenticate a user of the service based on at least one second user input received while displaying the visual object. For example, referring to Figure 11, processor 120, while displaying visual object 1121, within state 1120, via a fingerprint sensor disposed below the area displaying visual object 1121. Obtain fingerprint information from a user input 1122 that touches a finger on a visual object 1121, compare the obtained fingerprint information with registered reference information, and authenticate the user of the service based on the result of the comparison. can do.

In one embodiment, the processor 120 may authenticate the user through another electronic device (eg, a wearable device) connected to the electronic device 101. For example, referring to FIG. 16, the processor 120 selects the first of the plurality of authentication methods based on identifying that the user of the electronic device 101 is wearing the wearable device 1630. An authentication method that performs the user authentication through the wearable device 1630 instead of the device 101 may be identified in operation 1006. For example, if the quality of the link between the wearable device 1630 and an external electronic device within the car 1640 is better than the quality of the link between the electronic device 101 and the external electronic device, the processor 120 may: Among a plurality of authentication methods, an authentication method that performs user authentication can be identified based on biometric information that can be obtained through the wearable device 1630. The processor 120 may request the biometric information from the wearable device 1630 based on the identification. In response to the request, the processor 120 may authenticate the user based on the biometric information received from the wearable device 1630. However, it is not limited to this.

In operation 1012, the processor 120 may provide the service based on interworking with the external electronic device in response to authenticating the user in operation 1010. For example, referring to FIG. 11 , processor 120 authenticates the user based on user input 1122 received in state 1120 and, in response to authenticating the user, executes state 1120 ) can be converted to state (1135).

For example, within state 1135, the processor 120 creates a visual effect 1131 to indicate that the car's door can be opened or the car can be started using a communication circuit for the NFC communication method. Can be displayed within the user interface 1130 along with the visual object 1102. The processor 120 is configured to use the NFC communication method through a connection between the electronic device 101 tagged (or in contact) with a part of the vehicle and the external electronic device while displaying the visual effect 1131. Using a communication circuit, a signal for opening the door of the car or starting the car can be transmitted to the external electronic device in the car. The external electronic device controls the car to open the door of the car or start the car based on the signal, and then transmits a message to the electronic device 101 to indicate that the service is provided. You can. Processor 120 may transition state 1135 to state 1140 based on receiving the message. Within the state 1140, the processor 120 may display a notification message 1145 within the user interface 1130 to notify that provision of the service is performed or completed. In one embodiment, notification message 1145 may be overlaid on visual object 1102. However, it is not limited to this.

For another example, in state 1135, the processor 120 provides a visual effect (1131) to indicate that the car's door can be opened or the car can be started using a communication circuit for the UWB communication method. ) can be displayed within the user interface 1130 along with the visual object 1102. While displaying the visual effect 1131, the processor 120 transmits a signal for opening the door of the car or starting the car to the external electronic device using the communication circuit for the UWB communication method. You can. The external electronic device controls the car to open the door of the car or start the car based on the signal, and then transmits a message to the electronic device 101 to indicate that the service is provided. You can. Processor 120 may transition state 1135 to state 1140 based on receiving the message.

As described above, the electronic device 101 identifies the environment in which the electronic device 101 is located based on a user input requesting use of a service registered with a plurality of authentication methods available, and One authentication method among the plurality of authentication methods may be adaptively identified according to the identified environment, and operations for authenticating the user may be performed through the identified authentication method. The electronic device 101 can enhance the user experience for services requiring authentication through these operations.

FIG. 18 is a flowchart illustrating a method of authenticating a user through an identified authentication method among a plurality of authentication methods, according to an embodiment. This method may be executed by the electronic device 101 shown in FIG. 1 or the processor 120 of the electronic device 101.

Operations 1802 to 1806 of FIG. 18 may be related to operation 1010 of FIG. 10 .

Referring to FIG. 18, in operation 1802, the processor 120, based on receiving the at least one second user input, defined through the description of operation 1010, performs a function for the at least one second user input. Information can be transmitted to the external electronic device. For example, the information about the at least one second user input may include data acquired through a sensor of the electronic device 101 while receiving the at least one second user input.

In operation 1804, the processor 120 receives information about a result of comparison between the information and reference information stored in the external electronic device or another external electronic device connected to the external electronic device. can do. For example, the external electronic device may receive the information transmitted from the electronic device 101 in operation 1802 and compare the received information with reference information stored in the external electronic device. For example, the reference information may be information obtained by and provided from the electronic device 101 while registering the service. However, it is not limited to this. For another example, the external electronic device receives the information transmitted from the electronic device 101 in operation 1802 and, based on receiving the information, requests to transmit the reference information to the other external electronic device. can be transmitted. The external electronic device may receive the reference information from the other external electronic device in response to the request and compare the information with the reference information. The external electronic device may transmit information about the result of the comparison to the electronic device 101.

In operation 1806, the processor 120 may authenticate the user based on information about the result. For example, the information about the result may include data indicating that the information about the at least one second user input corresponds to the reference information. The processor 120 may obtain the data from the information and authenticate the user based on the data.

As described above, the electronic device 101 can not only authenticate the user within the electronic device 101 but also authenticate the user through communication between the electronic device 101 and the external electronic device.

FIG. 19 is a flowchart illustrating a method of identifying another authentication method among a plurality of authentication methods according to an embodiment. This method may be executed by the electronic device 101 shown in FIG. 1 or the processor 120 of the electronic device 101.

Figure 20 shows an example of another visual object in a screen displayed while performing user authentication for use of a service, according to one embodiment.

Referring to FIG. 19, in operation 1902, processor 120 may identify a failure to authenticate a user of the service requested to use based on the at least one second user input received in operation 1010. there is. For example, if the password is entered incorrectly due to the at least one second user input, the processor 120 may identify that authenticating the user has failed. In one embodiment, the processor 120 may display information to guide that authentication of the user has failed based on the identification through the display of the electronic device 101. For example, referring to FIG. 20, as in state 2000, processor 120, based on the identification, fails to authenticate a user of the service within user interface 1130. Information (2001) can be displayed. In one embodiment, the processor 120, within state 2000, displays a visual effect 2002 on a visual object 1102 along with information 2001 to guide a failure to authenticate a user of the service. ) can be displayed within the user interface 1130. For example, visual effect 2002 may be to bounce visual object 1102. However, it is not limited to this.

At operation 1904, processor 120 may identify another of the plurality of authentication methods in response to identifying a failure to authenticate a user of the service. For example, the processor 120 identifies the priority of each of the remaining authentication methods, excluding the authentication method identified in operation 1006, among the plurality of authentication methods, and selects the other authentication method based on the priority. can be identified.

At operation 1906, processor 120, based on identifying the different authentication method, may display another visual object to guide the user to authenticate via the different authentication method. For example, referring to Figure 20, processor 120 may transition state 2000 to state 2010 in response to identifying the different authentication method within state 2000. Within the state 2010, the processor 120 may display, together with the visual object 1102, another visual object 2012 for guiding the authentication method through pattern input, which is the other authentication method.

Although not shown in Figure 19, in one embodiment, processor 120 identifies a failure to authenticate the user via the authentication method identified in operation 1006 based on the at least one second user input. In response, the priority of the authentication method identified in operation 1006 may be adjusted. The processor 120 may update past authentication heuristics used to identify the priorities of each of the plurality of authentication methods based on the information about the adjusted priorities.

As described above, when authenticating the user through an authentication method corresponding to the environment in which the electronic device 101 is located fails, the electronic device 101 identifies another authentication method that is distinct from the authentication method. , the convenience of user authentication for use of the service can be strengthened.

21 is a flow diagram illustrating a method for displaying different visual objects based on identifying different authentication methods, according to one embodiment. This method may be executed by the electronic device 101 shown in FIG. 1 or the processor 120 of the electronic device 101.

Referring to FIG. 21, in operation 2102, the processor 120 may receive a user input requesting the use of a service provided through user authentication based on interworking with an external electronic device. For example, operation 2102 may correspond to operation 1002 of FIG. 10 .

In operation 2104, the processor 120 may identify whether connection to the external electronic device is possible using the communication circuit of the electronic device 101, based on receiving the user input. For example, in response to receiving the user input, the processor 120 may broadcast a signal for scanning the external electronic device through the communication circuit. For example, because the external electronic device is a device that has a history of being connected to the electronic device 101 when registering the service, the signal is transmitted to the external electronic device to execute operations for establishing a connection with the electronic device 101. can cause For example, under conditions in which the external electronic device receives the signal, the external electronic device sends the signal to the electronic device 101 to establish a connection between the electronic device 101 and the external electronic device. A response signal can be transmitted. For example, the response signal may be resource information about signals to be provided from the electronic device 101 to the external electronic device through the connection or information to be provided from the external electronic device to the electronic device 101 through the connection. It may include at least one of resource information about signals. However, it is not limited to this.

In operation 2106, the processor 120 uses a first authentication method among a plurality of authentication methods registered for the service to authenticate the user, based on identifying that the external electronic device can be connected to the service. A first visual object for guiding authentication of the user may be displayed through the display of the electronic device 101. For example, the first authentication method may be an authentication method performed based on the connection between the electronic device 101 and the external electronic device. For example, the processor 120 may identify that connection with the external electronic device is possible based on receiving the response signal and display the first visual object based on the identification.

In operation 2108, the processor 120 generates a second authentication method for guiding the user to authenticate using a second authentication method among the plurality of authentication methods, based on identifying that connection with the external electronic device is not possible. A visual object may be displayed through the display of the electronic device 101. For example, the second authentication method may be an authentication method performed without the connection between the electronic device 101 and the external electronic device. For example, the processor 120 determines that connection with the external electronic device is unavailable based on identifying that the response signal is not received for a specified period of time after transmitting the signal as illustrated in the description of operation 2104. identification, and display the second visual object based on the identification.

Although not shown in FIG. 21, processor 120 identifies whether at least one user input is received while displaying the first visual object or the second visual object, and determines whether the at least one user input is The user may be authenticated through the first authentication method or the second authentication method based on the at least one user input under received conditions. The processor 120 may provide the service based on linkage with the external electronic device in response to authenticating the user.

As described above, the electronic device 101 identifies the environment in which the electronic device 101 is located by identifying whether connection is possible with an external electronic device based on receiving a user input requesting use of a service, Different visual objects can be adaptively displayed according to the identified environment. The adaptive display of different visual objects may mean that different authentication methods are adaptively provided depending on the environment. In other words, the electronic device 101 can enhance the quality of services requiring user authentication.

As described above, an electronic device (e.g., electronic device 101) includes a display (e.g., display module 160), a plurality of communication circuits (e.g., communication module 190), At least one memory (e.g., memory 130) configured to store instructions, and when executing the instructions, use of services provided through user authentication based on interworking with an external electronic device. Receive a first user input requesting, and based on receiving the first user input, identify the status of the electronic device using at least one of the plurality of communication circuits, and authenticate the user. Identify the authentication method corresponding to the situation among a plurality of authentication schemes registered for the service, and use the display to display a visual object to guide the user of the service to be authenticated through the identified authentication method. and displaying the visual object, authenticating the user through the identified authentication method based on at least one second user input received while displaying the visual object, and in response to authenticating the user, the external electronic device It may include at least one processor (eg, processor 120) configured to provide the service based on interworking with.

In one embodiment, when executing the instructions, the at least one processor identifies the location of the electronic device based on signals received through at least one of the plurality of communication circuits, and stores the identified location. It may be configured to identify the situation based on.

In one embodiment, when executing the instructions, the at least one processor connects the electronic device and the external device based on the reception strength of a signal received from the external electronic device through at least one of the plurality of communication circuits. Can be configured to identify a distance between electronic devices and identify the situation based on the identified distance. For example, when executing the instructions, the at least one processor identifies one (a) communication method among a plurality of communication methods provided through the plurality of communication circuits, based on the distance, In response to authenticating the user, it may be further configured to provide the service by linking with the external electronic device through a channel between the external electronic device and the electronic device established based on the identified communication method. .

In one embodiment, the electronic device may further include an illumination sensor (e.g., sensor module 176), and when executing the instructions, the at least one processor may operate around the electronic device through the illumination sensor. It may be further configured to identify the brightness of and, based on the brightness, identify the situation.

In one embodiment, when executing the instructions, the at least one processor identifies an authentication method with the highest priority for the situation among the plurality of authentication methods as the authentication method corresponding to the situation, It may be configured, and the priority of each of the plurality of authentication methods may be determined based on a past authentication heuristic including a history in which each of the plurality of authentication methods has been used to authenticate the user while the electronic device is in the situation. It can be identified based on past authentication heuristics. For example, the at least one processor, when executing the instructions, in response to identifying a failure to authenticate the user via the identified authentication method based on the at least one second user input, It may be further configured to adjust the priority of the identified authentication method and update the past authentication heuristics based on information about the adjusted priority.

In one embodiment, when executing the instructions, the at least one processor determines the received signal strength of each of the plurality of signals respectively received through the plurality of communication circuits, based on receiving the first user input. It may be further configured to identify the situation based on received signal strength.

In one embodiment, when executing the instructions, the at least one processor transmits information about the at least one second user input to the external electronic device, and the external electronic device or another device connected to the external electronic device It may be configured to receive information about a result of a comparison between reference information stored in the external electronic device and the information from the external electronic device, and to authenticate the user based on the information about the result.

In one embodiment, the at least one processor, when executing the instructions, is in response to identifying a failure to authenticate the user via the identified authentication method based on the at least one second user input. , further configured to identify another authentication method among the plurality of authentication methods and display another visual object using the display to guide the user to authenticate the user through the other authentication method. It can be.

As described above, an electronic device (e.g., electronic device 101) has at least one memory (e.g., memory 130) configured to store instructions, and, when executing the instructions, interoperates with an external electronic device. Based on this, receive a user input requesting registration of a service provided through user authentication, and based on the type of the service, identify authentication methods to be used for user authentication required when using the service, and identify the authentication methods to be used for the user authentication required when using the service. When receiving a user input requesting use of the service, data for providing an authentication method corresponding to the situation of the electronic device among the authentication methods for user authentication is associated with data on the service. It may include at least one processor (eg, processor 120) configured to register the service based on storage.

In one embodiment, when executing the instructions, the at least one processor identifies a storage method of data for the service based on the type of the service, and configures the data for the service based on the type of the service. Can be configured to identify a security method for data and, based on the storage method and the security method, identify the authentication methods.

In one embodiment, the electronic device may further include a display (e.g., display module 160), and the at least one processor may, when executing the instructions, based on identifying the authentication methods, It may be further configured to display information for guiding whether the service is available through the user authentication through each of the authentication methods through the display. For example, the information may include first visual objects for representing each of the authentication methods, and when the at least one processor executes the instructions, the user requesting use of the registered service. and display each of the first visual objects via the display, overlaid on a second visual object for representing the service displayed in response to receiving input. For example, the electronic device may further include a plurality of communication circuits (e.g., a communication module 190), and the at least one processor may, when executing the instructions, use the registered service. In response to receiving the requesting user input, identify the situation using at least one of the plurality of communication circuits, identify an authentication method corresponding to the situation among the authentication methods, and identify the identified authentication method. displaying a third visual object on the display for guiding a user of the service to authenticate through a method, and based on at least one user input received while displaying the third visual object, authenticating the identified It may be configured to authenticate the user through a method and, in response to authenticating the user, provide the service based on interworking with the external electronic device. For example, a visual object representing the identified authentication method among the first visual objects may be highlighted relative to the remaining visual objects among the first visual objects.

In one embodiment, the electronic device may further include a display, and the at least one processor may perform authentication in which the reference information for user authentication among the authentication methods is unregistered when executing the instructions. It may be further configured to display, through the display, a visual object for identifying a method and guiding input of the reference information.

In one embodiment, when executing the instructions, the at least one processor sends data for identifying the priority of each of the identified authentication methods to the service for each of the candidate situations defined for the electronic device. It can be configured to be stored in conjunction with data about the priority, and the data about the priority can be updated based on the authentication method used when using the service among the authentication methods.

As described above, the electronic device (e.g., electronic device 101) includes a display (e.g., display module 160), a communication circuit (e.g., communication module 190), and at least one configured to store instructions. memory (e.g., memory 130), and when executing the instructions, a user input requesting the use of a service provided through user authentication is received based on interworking with an external electronic device. Based on receiving the user input, identifying whether connection is possible with the external electronic device using the communication circuit, and identifying whether connection is possible with the external electronic device using the communication circuit, For user authentication, a first visual object is displayed on the display to guide the user of the service to be authenticated using a first authentication method among a plurality of authentication methods registered for the service, and the communication circuit Based on identifying the inability to connect to the external electronic device using, a second visual object for guiding the user to authenticate using a second authentication method among the plurality of authentication methods is displayed through the display. It may include at least one processor (eg, processor 120) configured to display.

In one embodiment, the at least one processor, when executing the instructions, performs the first authentication method or It may be further configured to authenticate the user through the second authentication method and provide the service based on interworking with the external electronic device in response to authenticating the user.

Electronic devices according to various embodiments disclosed in this document may be of various types. Electronic devices may include, for example, portable communication devices (e.g., smartphones), computer devices, portable multimedia devices, portable medical devices, cameras, wearable devices, or home appliances. Electronic devices according to embodiments of this document are not limited to the above-described devices.

The various embodiments of this document and the terms used herein are not intended to limit the technical features described in this document to specific embodiments, but should be understood to include various changes, equivalents, or replacements of the embodiments. In connection with the description of the drawings, similar reference numbers may be used for similar or related components. The singular form of a noun corresponding to an item may include one or more of the above items, unless the relevant context clearly indicates otherwise. As used herein, “A or B”, “at least one of A and B”, “at least one of A or B”, “A, B or C”, “at least one of A, B and C”, and “A Each of phrases such as “at least one of , B, or C” may include any one of the items listed together in the corresponding phrase, or any possible combination thereof. Terms such as "first", "second", or "first" or "second" may be used simply to distinguish one element from another, and may be used to distinguish such elements in other respects, such as importance or order) is not limited. One (e.g. first) component is said to be "coupled" or "connected" to another (e.g. second) component, with or without the terms "functionally" or "communicatively". Where mentioned, it means that any of the components can be connected to the other components directly (e.g. wired), wirelessly, or through a third component.

The term “module” used in various embodiments of this document may include a unit implemented in hardware, software, or firmware, and is interchangeable with terms such as logic, logic block, component, or circuit, for example. It can be used as A module may be an integrated part or a minimum unit of the parts or a part thereof that performs one or more functions. For example, according to one embodiment, the module may be implemented in the form of an application-specific integrated circuit (ASIC).

Various embodiments of the present document are one or more instructions stored in a storage medium (e.g., built-in memory 136 or external memory 138) that can be read by a machine (e.g., electronic device 101). It may be implemented as software (e.g., program 140) including these. For example, a processor (e.g., processor 120) of a device (e.g., electronic device 101) may call at least one command among one or more commands stored from a storage medium and execute it. This allows the device to be operated to perform at least one function according to the at least one instruction called. The one or more instructions may include code generated by a compiler or code that can be executed by an interpreter. A storage medium that can be read by a device may be provided in the form of a non-transitory storage medium. Here, 'non-transitory' only means that the storage medium is a tangible device and does not contain signals (e.g. electromagnetic waves). This term refers to cases where data is stored semi-permanently in the storage medium. There is no distinction between temporary storage cases.

According to one embodiment, methods according to various embodiments disclosed in this document may be included and provided in a computer program product. Computer program products are commodities and can be traded between sellers and buyers. A computer program product may be distributed in the form of a machine-readable storage medium (e.g., compact disc read only memory (CD-ROM)), or through an application store (e.g., Play Store??), or on two user devices. It can be distributed (e.g. downloaded or uploaded) directly between smartphones (e.g. smartphones) or online. In the case of online distribution, at least a portion of the computer program product may be at least temporarily stored or temporarily created in a machine-readable storage medium, such as the memory of a manufacturer's server, an application store's server, or a relay server.

According to various embodiments, each component (e.g., module or program) of the above-described components may include a single or plural entity, and some of the plurality of entities may be separately placed in other components. there is. According to various embodiments, one or more of the components or operations described above may be omitted, or one or more other components or operations may be added. Alternatively or additionally, multiple components (eg, modules or programs) may be integrated into a single component. In this case, the integrated component may perform one or more functions of each component of the plurality of components identically or similarly to those performed by the corresponding component of the plurality of components prior to the integration. . According to various embodiments, operations performed by a module, program, or other component may be executed sequentially, in parallel, iteratively, or heuristically, or one or more of the operations may be executed in a different order, or omitted. Alternatively, one or more other operations may be added.

Claims (20)

In an electronic device,
display;
a plurality of communication circuits;
at least one memory configured to store instructions; and
Comprising at least one processor, when the at least one processor executes the instructions,
Receiving a first user input requesting use of a service provided through user authentication based on interworking with an external electronic device,
Based on receiving the first user input, identify the context of the electronic device using at least one of the plurality of communication circuits,
To authenticate the user, identify an authentication method corresponding to the situation among a plurality of authentication schemes registered for the service,
Displaying a visual object using the display to guide a user of the service to be authenticated through the identified authentication method,
authenticate the user via the identified authentication method based on at least one second user input received while displaying the visual object;
In response to authenticating the user, configured to provide the service based on interworking with the external electronic device,
Electronic devices.
The method of claim 1, wherein the at least one processor, when executing the instructions,
Identifying the location of the electronic device based on signals received through at least one of the plurality of communication circuits,
configured to identify the situation based on the identified location,
Electronic devices.
The method of claim 1, wherein the at least one processor, when executing the instructions,
Identifying a distance between the electronic device and the external electronic device based on the reception strength of a signal received from the external electronic device through at least one of the plurality of communication circuits,
configured to identify the situation based on the identified distance,
Electronic devices.
The method of claim 3, wherein when executing the instructions, the at least one processor:
Based on the distance, identify one (a) communication method among a plurality of communication methods each provided through the plurality of communication circuits,
In response to authenticating the user, further configured to provide the service by linking with the external electronic device through a channel between the external electronic device and the electronic device established based on the identified communication method,
Electronic devices.
In claim 1,
Further comprising an illuminance sensor,
When the at least one processor executes the instructions,
Identifying brightness around the electronic device through the illuminance sensor,
further configured to identify the situation based further on the brightness,
Electronic devices.
The method of claim 1, wherein the at least one processor, when executing the instructions,
configured to identify the authentication method with the highest priority for the situation among the plurality of authentication methods as the authentication method corresponding to the situation,
The priorities of each of the plurality of authentication methods are:
Identified based on past authentication heuristics including a history of how each of the plurality of authentication methods has been used to authenticate the user while the electronic device is in the context,
Electronic devices.
The method of claim 6, wherein when executing the instructions, the at least one processor:
In response to identifying a failure to authenticate the user via the identified authentication method based on the at least one second user input, adjust the priority of the identified authentication method;
further configured to update the past authentication heuristics based on information about the adjusted priority,
Electronic devices.
The method of claim 1, wherein the at least one processor, when executing the instructions,
further configured to identify the situation based on receiving the first user input, based on a received signal strength of each of a plurality of signals each received through the plurality of communication circuits,
Electronic devices.
The method of claim 1, wherein the at least one processor, when executing the instructions,
Transmitting information about the at least one second user input to the external electronic device,
Receiving information about a result of a comparison between the information and reference information stored in the external electronic device or another external electronic device connected to the external electronic device, from the external electronic device,
configured to authenticate the user based on information about the result,
Electronic devices.
The method of claim 1, wherein the at least one processor, when executing the instructions,
In response to identifying a failure to authenticate the user through the identified authentication method based on the at least one second user input, identify another authentication method among the plurality of authentication methods,
further configured to use the display to display another visual object for guiding authenticating the user through the different authentication method,
Electronic devices.
In an electronic device,
at least one memory configured to store instructions; and
Comprising at least one processor, when the at least one processor executes the instructions,
Receive user input requesting registration of services provided through user authentication based on linkage with external electronic devices,
Based on the type of the service, identify authentication methods to be used to authenticate the user required when using the service,
When receiving a user input requesting use of the service, data for providing an authentication method corresponding to the situation of the electronic device among the authentication methods for user authentication is associated with data on the service. configured to register the service, based on (with) storing,
Electronic devices.
The method of claim 11, wherein the at least one processor, when executing the instructions,
Based on the type of the service, identify the storage method of data for the service,
Based on the type of service, identify a data security method for the service,
configured to identify the authentication methods based on the storage method and the security method,
Electronic devices.
In claim 11,
further comprising a display,
When the at least one processor executes the instructions,
further configured to display, through the display, information for guiding that the service is available through authentication of the user through each of the authentication methods, based on identifying the authentication methods,
Electronic devices.
The method of claim 13, wherein the information is:
Includes first visual objects for representing each of the authentication methods,
When the at least one processor executes the instructions,
display, through the display, each of the first visual objects overlaid on a second visual object for representing the service displayed in response to receiving the user input requesting use of the registered service, more composed,
Electronic devices.
In claim 14,
Further comprising a plurality of communication circuits,
When the at least one processor executes the instructions,
In response to receiving the user input requesting use of the registered service, identify the situation using at least one of the plurality of communication circuits,
Identifying an authentication method among the authentication methods that corresponds to the identified situation,
Displaying a third visual object on the display to guide the user of the service to authenticate through the identified authentication method,
authenticate the user via the identified authentication method based on at least one user input received while displaying the third visual object;
In response to authenticating the user, configured to provide the service based on interworking with the external electronic device,
Electronic devices.
The method of claim 15, wherein the visual object for representing the identified authentication method among the first visual objects is:
relative to the remaining visual objects among the first visual objects, highlighted,
Electronic devices.
In claim 11,
further comprising a display,
When the at least one processor executes the instructions,
Among the authentication methods, identify an authentication method in which standard information for user authentication is unregistered,
Further configured to display a visual object for guiding input of the reference information through the display,
Electronic devices.
The method of claim 11, wherein the at least one processor, when executing the instructions,
configured to store data for identifying the priority of each of the identified authentication methods for each of the candidate situations defined for the electronic device in connection with data about the service,
Data on the above priorities are:
Among the authentication methods, updated based on the authentication method used when using the service,
Electronic devices.
In an electronic device,
display;
communication circuit;
at least one memory configured to store instructions; and
Comprising at least one processor, when the at least one processor executes the instructions,
Receive user input requesting use of the service provided through user authentication based on interworking with an external electronic device,
Based on receiving the user input, identify whether connection is possible with the external electronic device using the communication circuit,
Based on identifying that connection to the external electronic device is possible using the communication circuit, the user of the service is authenticated using a first authentication method among a plurality of authentication methods registered for the service for user authentication. Displaying a first visual object for guiding what to do through the display,
Based on identifying the inability to connect to the external electronic device using the communication circuit, a second visual object for guiding authentication of the user using a second authentication method among the plurality of authentication methods is displayed. configured to be displayed via a display,
Electronic devices.
The method of claim 19, wherein the at least one processor, when executing the instructions,
Authenticate the user through the first authentication method or the second authentication method based on at least one user input received while displaying the first visual object or the second visual object,
In response to authenticating the user, further configured to provide the service based on interworking with the external electronic device,
Electronic devices.

Images