WO2017071498A1 - Identity authentication method and device - Google Patents

Identity authentication method and device Download PDF

Info

Publication number
WO2017071498A1
WO2017071498A1 PCT/CN2016/102368 CN2016102368W WO2017071498A1 WO 2017071498 A1 WO2017071498 A1 WO 2017071498A1 CN 2016102368 W CN2016102368 W CN 2016102368W WO 2017071498 A1 WO2017071498 A1 WO 2017071498A1
Authority
WO
WIPO (PCT)
Prior art keywords
operation gesture
character
character string
string
data
Prior art date
Application number
PCT/CN2016/102368
Other languages
French (fr)
Chinese (zh)
Inventor
杨霞
林陆一
郝允允
李轶峰
Original Assignee
腾讯科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Publication of WO2017071498A1 publication Critical patent/WO2017071498A1/en
Priority to US15/817,014 priority Critical patent/US10657244B2/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to an identity verification method and apparatus.
  • Information security is not only related to people's personal privacy, but also has a great relationship with people's personal property security. Therefore, how to ensure information security has always been a concern of people.
  • authentication is generally used to ensure information security.
  • the prior art in the case of a mobile phone, the prior art generally sets a corresponding lock screen password for the mobile phone. To unlock, the corresponding authentication information is provided to prevent strangers from using the mobile phone.
  • the user In the existing authentication method, the user generally inputs the corresponding password through the keyboard to provide authentication information.
  • this method is not very secure, and authentication information is easily stolen by illegal intruders, such as stealing passwords through keyboard hooks, and so on. Therefore, the prior art also proposes a scheme for authenticating using biometric features such as fingerprints, irises, or faces.
  • the user may collect biometric information such as a fingerprint, an iris, or a face through a fingerprint acquisition module, an iris acquisition module, or a camera, and then use the biometric information to encrypt an object that needs to be encrypted, such as a lock screen, or a pair.
  • biometric information such as a fingerprint, an iris, or a face
  • a fingerprint acquisition module such as a fingerprint acquisition module
  • iris acquisition module such as a camera
  • the album is encrypted, etc., if you want to access the object later, you only need to scan the fingerprint, iris or face.
  • the inventors of the present invention found that existing Although the method of using biometrics for identity verification can improve security, the device needs to configure corresponding acquisition modules, such as a fingerprint collection module or an iris acquisition module, and the algorithms involved are more complicated, and the processing efficiency is low.
  • the embodiment of the invention provides an identity verification method and device, which can simplify operation and improve processing efficiency while ensuring security.
  • An embodiment of the present invention provides an identity verification method, including:
  • the data access request indicating data that needs to be accessed
  • the authentication interface includes an authentication information input interface
  • the data is allowed to be accessed.
  • An embodiment of the present invention further provides an identity verification apparatus, including:
  • a receiving unit configured to receive a data access request, where the data access request indicates data that needs to be accessed
  • Activating unit configured to start an authentication interface of the data according to the data access request, where the authentication interface includes an authentication information input interface;
  • An acquiring unit configured to acquire a first operation gesture of the user on the touch panel when the authentication information input interface is activated
  • a generating unit configured to generate a corresponding first character string according to the preset rule according to the first operation gesture
  • a processing unit configured to: when the first string is matched with preset verification information, Allow access to the data.
  • the technical solution provided by the embodiment of the present invention does not need to receive the character input by the user through the keyboard, but acquires the operation gesture of the user through the touchpad, thereby avoiding theft of the authentication information by the keyboard hook.
  • the solution does not need to be equipped with an additional fingerprint or iris acquisition module, and does not require complicated processing, thereby greatly simplifying the operation and improving the processing efficiency.
  • FIG. 1 is a schematic diagram of a scenario of an identity verification method according to an embodiment of the present invention
  • FIG. 1b is a flowchart of an identity verification method according to an embodiment of the present invention.
  • FIG. 1c is a flowchart of a data encryption method according to an embodiment of the present invention.
  • FIG. 3 is still another flowchart of an identity verification method according to an embodiment of the present invention.
  • FIG. 4a is a schematic structural diagram of an identity verification apparatus according to an embodiment of the present invention.
  • FIG. 4b is another schematic structural diagram of an identity verification apparatus according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of hardware of an identity verification apparatus according to an embodiment of the present invention.
  • FIG. 5b is a schematic diagram of another hardware structure of an identity verification apparatus according to an embodiment of the present invention.
  • the embodiments of the present invention provide an identity verification method and apparatus, which are respectively described in detail below.
  • FIG. 1 is a schematic diagram of a scenario of an identity verification method according to an embodiment of the present invention.
  • the scenarios applied by the method include a touch panel of the terminal and the terminal.
  • the terminal stores data that the user wants to access, and the touchpad can be used for the user to perform tap or click operations.
  • a data access request can be sent to the terminal where the file is located.
  • the terminal may initiate an authentication interface of the data according to the data access request.
  • the authentication interface includes an authentication information input interface.
  • the terminal acquires a first operation gesture of the user on the touch panel, such as tapping or tapping, and then, according to the first operation gesture, generates a corresponding according to a preset rule.
  • the first string and use the first string for authentication. For example, it is determined whether the first string matches the preset verification information. If it matches, the user is allowed to access the data, such as accessing the file; otherwise, the user is denied access to the data.
  • an identity verification device which may be integrated in a terminal or other device that needs to be authenticated.
  • the identity verification device may be integrated in a tablet or a laptop, etc. Wait.
  • a touch panel which may be a hardware device of the terminal or the device itself, or an external device.
  • FIG. 1b is a flowchart of an identity verification method according to an embodiment of the present invention. As shown in FIG. 1b, the specific process of the identity verification method may include the following steps:
  • Step 101 Receive a data access request.
  • a data access request triggered by a user is received, or a data access request sent by another device is received, where the data access request indicates data that needs to be accessed, and the data may include specific information, a file, and a terminal application.
  • the data access request may specifically be a screen unlock request, an application access request or a file access request, and the like.
  • Step 102 Start an authentication interface of the data according to the data access request, where the authentication interface includes an authentication information input interface.
  • the screen unlocking interface of the terminal may be activated according to the unlocking request of the screen, wherein the screen unlocking interface may further include an authentication information input interface, such as a password input box or an input area.
  • an authentication information input interface such as a password input box or an input area.
  • Step 103 Acquire an operation gesture of the user on the touch panel when the authentication information input interface is activated. For example, touch the touchpad or click on the touchpad, etc., simply tap or tap.
  • the embodiment of the present invention refers to the operation gesture as a first operation gesture.
  • the manner of activating the authentication information input interface may be various. For example, when determining a user selection, such as clicking or sliding, the authentication information input interface may determine the authentication information input interface. It is activated; or, when the input cursor is flashing at the authentication information input interface, such as the password input box, it can be determined that the authentication information input interface is activated.
  • the touch panel refers to an input device that uses a sliding operation of a finger on the board to move the cursor.
  • the touch method may include a pressure touch (Force Touch) or other touch.
  • Step 104 Generate a corresponding character string according to the preset rule according to the first operation gesture.
  • the embodiment of the present invention refers to the character string as the first character string.
  • the first character string may be a binary string, a decimal string, or a hexadecimal string.
  • the preset rule can be set according to the needs of the actual application. For example, you can set the tap to indicate “1”, click to indicate “0”, or set Tap to indicate “0”, tap to indicate “1”, or alternatively, to correspond to other operation gestures and characters, such as circle to indicate “A”, and so on.
  • the first character string is a binary character string
  • the operation gesture taps to indicate “1”, and the tap “0” is taken as an example.
  • the step “generates the corresponding according to the preset operation rule according to the first operation gesture.
  • the first string can include:
  • the character 1 is generated; when the first operation gesture is determined to be a tap, the character 0 is generated; and the generated characters are arranged in the order of the first operation gesture to form a binary character string.
  • the first character string is a binary character string
  • the operation gesture taps to indicate “0”, and the click “1” is taken as an example.
  • the step “generates according to the preset operation rule according to the first operation gesture.
  • the corresponding first string may include:
  • the character 0 is generated; when the first operation gesture is determined to be a tap, the character 1 is generated; and the generated characters are arranged in the order of the first operation gesture to form a binary string.
  • decimal string or a hexadecimal string is similar, just set the correspondence between the operation gesture and each character in advance.
  • corresponding prompt information may also be generated and displayed on the authentication interface to indicate the correspondence between the operation gesture and the character.
  • Step 105 When the first string is determined to match the preset verification information, the data is allowed to be accessed, for example, the user or other device is allowed to access the data.
  • determining whether the first string matches the preset verification information There are a variety of ways, for example, you can use any of the following methods:
  • the first character string is consistent with the preset verification information, and if they are consistent, determining that the first character string matches the preset verification information; if not, determining The first string does not match the preset verification information.
  • the first character string and the verification information can be directly compared at this time. If they are consistent, it indicates that the decryption password is correct. Therefore, it can be determined that the authentication is passed, that is, the first string is determined to match the preset verification information; if not, the decryption password is incorrect, so it can be determined that the identity verification fails. That is, it is determined that the first character string does not match the preset verification information.
  • the first character string is calculated according to a preset algorithm, and a calculation result is obtained, determining whether the calculation result is consistent with the preset verification information, and if the agreement is consistent, determining the first A string matches the preset verification information; if not, it is determined that the first string does not match the preset verification information.
  • the encrypted password is not directly saved as the verification information, but the encrypted password is calculated according to a preset algorithm, and the calculation result is saved as the verification information.
  • the first character string needs to be calculated according to the preset algorithm, and then the calculation result is compared with the verification information. If the calculation result is consistent with the verification information, it indicates that the decryption password is correct. Therefore, it may be determined that the identity verification is passed, that is, the first character string is determined to match the preset verification information; if the calculation result is inconsistent with the verification information, the decryption is performed.
  • the password is incorrect, so you can be sure that the authentication is not passed, that is, OK
  • the first string does not match the preset verification information.
  • the preset algorithm may be determined according to the requirements of the actual application.
  • the data access request may be rejected, for example, returning prompt information indicating that the verification fails, and the like.
  • FIG. 1c is a flowchart of a data encryption method according to an embodiment of the present invention. As shown in FIG. 1c, the method includes the following steps:
  • Step S1 Receive a data encryption request indicating data that needs to be encrypted.
  • the data encryption request may specifically be a lock screen password setting request, a file encryption request, or an application encryption request, and the like.
  • Step S2 Acquire an encrypted password according to the data encryption request.
  • the operation gesture of the user on the touch panel (referred to as a second operation gesture for convenience of description) may be acquired according to the data encryption request, and corresponding to the second operation gesture according to the preset rule.
  • the second string is converted into an encrypted password.
  • the second string may be a binary string, a decimal string, or a hexadecimal string.
  • the preset rule can be based on the needs of the actual application. Make settings, for example, you can set a tap to indicate “1”, a tap to indicate “0”, or a tap to indicate “0”, a tap to indicate “1”, or another operation gesture and character Correspondence, such as circle means "A", and so on.
  • the second character string is a binary character string
  • the operation gesture taps to indicate “1”, and the tap “0” is taken as an example.
  • the step “generates the corresponding according to the preset operation rule according to the second operation gesture.
  • the second string can include:
  • the character 1 is generated; when the second operation gesture is determined to be a tap, the character 0 is generated; and the generated characters are arranged in the order of the first operation gesture to form a binary character string.
  • the second character string is a binary character string
  • the operation gesture taps to indicate “0”, and the click “1” is taken as an example.
  • the step “generates according to the second operation gesture according to the preset rule.
  • the corresponding second string may include:
  • the character 0 is generated; when the second operation gesture is determined to be a tap, the character 1 is generated; and the generated characters are arranged in the order of the first operation gesture to form a binary character string.
  • decimal string or a hexadecimal string is similar, just set the correspondence between the operation gesture and each character in advance.
  • the second character string when the second character string is converted into an encrypted password, the second character string may be directly used as a password, or the second character string may be converted according to a certain rule, and the converted Two strings are used as passwords.
  • the subsequent conversion of the second character string is also required after the subsequent identity verification. Can be used as a decryption password.
  • Step S3 Encrypt the data by using the encrypted password, and convert the encrypted password into verification information for storage.
  • the encrypted password may be directly saved as the verification information, or the encrypted password may be calculated according to a preset algorithm, and then the calculation result is saved as the verification information.
  • the preset algorithm and the algorithm used in subsequent authentication should be consistent.
  • encryption rules and the decryption rules should be consistent.
  • the technical solution provided by the embodiment of the present invention does not need to receive the characters input by the user through the keyboard, but acquires the operation gesture of the user through the touchpad, thereby avoiding being stolen by the keyboard hook.
  • the possibility of authenticating information and improving information security does not need to be equipped with an additional fingerprint or iris acquisition module, and does not require complicated processing, thereby greatly simplifying the operation and improving the processing efficiency.
  • the identity verification device is specifically integrated in a terminal having a touch panel, and the data access request is specifically a screen unlock request as an example.
  • FIG. 2 is another flowchart of an identity verification method according to an embodiment of the present invention. As shown in FIG. 2, the specific process of the identity verification method may include the following steps:
  • Step 201 The terminal receives a screen unlock request about the terminal triggered by the user.
  • the user can trigger the screen unlock request by sliding or clicking the unlock trigger button.
  • Step 202 The terminal starts the screen unlocking interface according to the screen unlocking request.
  • the screen unlocking interface includes an authentication information input interface, such as a password input box or an input area.
  • Step 203 When the authentication information input interface is activated, the terminal acquires a first operation gesture of the user on the touch panel, such as an operation gesture such as tapping or tapping.
  • the authentication information input interface may be activated in various manners. For example, when determining a user selection, such as clicking or sliding, the authentication information input interface may determine the authentication information input interface. It is activated; or, when the input cursor is flashing at the authentication information input interface, such as the password input box, it can be determined that the authentication information input interface is activated or the like.
  • Step 204 The terminal generates a corresponding first character string according to the preset rule according to the first operation gesture. For example, when the terminal determines that the first operation gesture is a tap, the terminal generates the character 1, and determines that the first operation gesture is a tap. The character 0 is generated, and the generated characters are arranged in the order of the first operation gesture to form a binary string.
  • the user inputs an operation gesture four times in succession. If the operation gesture input by the user for the first time is “tap”, the character “1” can be generated at this time, if the operation gesture input by the user for the second time and the operation gesture input for the third time are “tap” ", then it can be determined that the second and third characters are all "0". If the operation gesture input by the user for the fourth time is "tap”, it can be determined that the fourth character is "1", according to these operation gestures The order of these characters is arranged to determine that the binary string is "1001".
  • corresponding prompt information may also be generated and displayed on the screen unlocking interface to indicate the correspondence between the operation gesture and the character. For example, the user may be prompted: “1 indicates a tap, 0 means tap, please enter gestures in order.
  • the correspondence between the first operation gesture and each character may be other than the case described in the foregoing embodiment, and the first operation gesture may be converted into a binary string, or may be converted into Strings in other formats can be set according to the needs of the actual application.
  • Step 205 The terminal determines whether the first string matches the preset verification information. If yes, step 206 is performed. If not, the screen unlock request is rejected, for example, returning. Verify that the message does not pass, and so on.
  • the lock screen password is directly saved as the verification information when the lock screen password is set, the first character string and the verification information can be directly compared at this time. If the first string is consistent with the verification information, it indicates that the decryption password is correct. Therefore, it can be determined that the identity verification is passed, that is, the first string is determined to match the preset verification information; if not, the decryption password is incorrect, therefore, It can be determined that the authentication fails, that is, the first string is determined to not match the preset verification information.
  • the lock screen password is not directly saved as the verification information, but the lock screen password is calculated according to the preset algorithm.
  • the calculation result is saved as the verification information.
  • the first character string needs to be calculated according to the preset algorithm, and then the calculation result and the verification are performed. Information is compared. If the calculation result is consistent with the verification information, it indicates that the decryption password is correct, and the first character string is determined to match the preset verification information; otherwise, the decryption password is incorrect, and the first character string and the preset verification information are determined not to be determined. match.
  • the calculation result is saved as the verification information, that is, if "10100” is used as the verification information, then the first string is used. For "1010”, it is also necessary to add a "0" after the first string to compare the calculation result with the verification information.
  • the preset algorithm may be determined according to the needs of the actual application.
  • Step 206 The terminal unlocks the terminal screen.
  • the setting may also be performed by an operation gesture on the touch panel, for example, Use the following method to set the lock screen password:
  • Receiving a lock screen request triggered by the user, and acquiring a lock screen password according to the lock screen request for example, acquiring a second operation gesture of the user on the touch panel, and generating a corresponding second character according to the preset rule according to the second operation gesture String, convert the second string into a lock screen password, and then use the lock screen password to lock the screen.
  • the terminal when receiving the screen unlocking request, the terminal may start the screen unlocking interface according to the screen unlocking request, and when the authentication information input interface on the interface is activated, acquiring the user's touch
  • the first operation gesture on the board generates a corresponding first character string according to the preset rule according to the first operation gesture, and unlocks the screen when it is determined that the first character string matches the preset verification information. Since the solution does not need to receive the characters input by the user through the keyboard, but obtains the operation gesture of the user through the touchpad, the possibility of stealing the authentication information by the keyboard hook and improving the information security can be avoided. Sex. Moreover, the solution does not need to be equipped with an additional fingerprint or iris acquisition module, and does not require complicated processing, thereby greatly simplifying the operation and improving the processing efficiency.
  • the identity verification device is still specifically integrated in the terminal with the touch panel, but the data access request is specifically a file access request as an example.
  • FIG. 3 is still another flowchart of an identity verification method according to an embodiment of the present invention. As shown in FIG. 3, the specific process of the identity verification method may include the following steps:
  • Step 301 The terminal receives a file access request triggered by a user.
  • the user can trigger the file access request by sliding or clicking on the file icon.
  • Step 302 The terminal starts an authentication interface according to the file access request.
  • the authentication interface includes an authentication information input interface, such as a password input box or an input area.
  • Step 303 When the authentication information input interface is activated, the terminal acquires a first operation gesture of the user on the touch panel, such as an operation gesture such as tapping or tapping.
  • the authentication information input interface may be activated in various manners. For example, when determining a user selection, such as clicking or sliding, the authentication information input interface may determine the authentication information input interface. It is activated; or, when the input cursor is flashing at the authentication information input interface, such as the password input box, it can be determined that the authentication information input interface is activated or the like.
  • Step 304 The terminal generates a corresponding first character string according to the preset rule according to the first operation gesture. For example, when the terminal determines that the first operation gesture is a tap, the terminal generates a character 0, and determines that the first operation gesture is a tap. The character 1 is generated, and the generated characters are arranged in the order of the first operation gesture to form a binary character string.
  • the user inputs an operation gesture four times in succession. If the operation gesture input by the user for the first time is “tap”, the character “0” can be generated at this time, if the operation gesture input by the user for the second time and the operation gesture input for the third time are both “tap” ", then it can be determined that the second and third characters are all "1". If the operation gesture input by the user for the fourth time is "tap”, it can be determined that the fourth character is "0", according to these operation gestures The order of these characters is arranged to determine that the binary string is "0110".
  • corresponding prompt information may also be generated and displayed on the screen unlocking interface to indicate the correspondence between the operation gesture and the character. For example, the user may be prompted: “0 indicates a tap, 1 means tap, please enter gestures in order.
  • the correspondence between the first operation gesture and each character is described in addition to the above embodiment.
  • the first operation gesture can be converted into a string of other formats in addition to being converted into a binary string, which can be set according to the requirements of the actual application.
  • Step 305 The terminal determines whether the first string matches the preset verification information. If yes, step 306 is performed. If there is no match, the file access request is rejected, for example, returning the prompt information that the verification fails, and the like.
  • the first character string and the verification information may be directly compared at this time, and if they are consistent, the decryption password is correct. Therefore, it can be determined that the authentication is passed, that is, the first string is determined to match the preset verification information. If the first string is inconsistent with the verification information, the decryption password is incorrect. Therefore, it can be determined that the identity verification fails, that is, It is determined that the first string does not match the preset verification information.
  • the encrypted password of the file is set, in order to enhance the security of the information, the encrypted password is not directly saved as the verification information, but the encrypted password is calculated according to the preset algorithm, and then the calculation is performed. The result is saved as the verification information.
  • the first character string needs to be calculated according to the preset algorithm, and then the calculation result and the verification information are further calculated. Compare. If the calculation result is consistent with the verification information, it indicates that the decryption password is correct, and the first character string is determined to match the preset verification information; otherwise, the decryption password is incorrect, and the first character string and the preset verification information are determined not to be determined. match.
  • the calculation result is saved as verification information, that is, "01100" is used as the verification information. If the first character string is "0110”, it is also necessary to add a "0" after the first character string. The calculation result is compared with the verification information.
  • the preset algorithm may be determined according to the needs of the actual application.
  • Step 306 The terminal allows the user to access the file, such as opening and browsing the file, or copying the file, and the like.
  • the setting may also be performed by an operation gesture on the touch panel. For example, you can set the encrypted password for a file in the following way:
  • Receiving a file encryption request triggered by the user, and acquiring an encrypted password according to the file encryption request for example, acquiring a second operation gesture of the user on the touch panel, and generating a corresponding second string according to the preset rule according to the second operation gesture Converting the second string to a lock screen password, and then encrypting the file with the encrypted password.
  • the terminal when receiving the file access request, the terminal may start the authentication interface according to the file access request, and obtain the user's touch when the authentication information input interface on the interface is activated.
  • the first operation gesture on the board generates a corresponding first character string according to the preset rule according to the first operation gesture, and allows the user to access the file when determining that the first character string matches the preset verification information. Since the solution does not need to receive the characters input by the user through the keyboard, but obtains the operation gesture of the user through the touchpad, the possibility of stealing the authentication information by the keyboard hook and improving the information security can be avoided. Sex. Moreover, the solution does not need to be equipped with an additional fingerprint or iris acquisition module, and does not require complicated processing, thereby greatly simplifying the operation and improving the processing efficiency.
  • FIG. 4 is a schematic structural diagram of an identity verification apparatus according to an embodiment of the present invention.
  • the identity verification apparatus may include a receiving unit 401, a starting unit 402, an obtaining unit 403, a generating unit 404, and a processing unit 405.
  • the receiving unit 401 is configured to receive a data access request, where the data access request indicates data that needs to be accessed.
  • the receiving unit 401 may receive a data access request triggered by a user, or receive a data access request sent by another device, where the data access request indicates data that needs to be accessed, and the data may include specific information, The file and the terminal application, etc., for example, the data access request may specifically be a screen unlock request, an application access request or a file access request, and the like.
  • the activation unit 402 is configured to start an authentication interface of the data according to the data access request, where the authentication interface includes an authentication information input interface.
  • the activation unit 402 can start the screen unlocking interface of the terminal according to the unlocking request of the screen, wherein the screen unlocking interface can further include an authentication information input interface, such as a password input box or an input area.
  • an authentication information input interface such as a password input box or an input area.
  • the obtaining unit 403 is configured to acquire a first operation gesture of the user on the touch panel when the authentication information input interface is activated.
  • the manner of activating the authentication information input interface may be various. For example, when determining a user selection, such as clicking or sliding, the authentication information input interface may determine the authentication information input interface. It is activated; or, when the input cursor is flashing at the authentication information input interface, such as the password input box, it can be determined that the authentication information input interface is activated.
  • the generating unit 404 is configured to generate a corresponding first character string according to the preset rule according to the first operation gesture.
  • the processing unit 405 is configured to allow access to the first character string when it matches the preset verification information.
  • the first string may be a binary string, a decimal string, or a hexadecimal string.
  • the preset rule can be set according to the requirements of the actual application. For example, the tap can be set to indicate “1”, the tap to indicate “0”, or the tap to indicate “0”, and the tap to indicate “1”, and Alternatively, it may be a correspondence between other operation gestures and characters, such as a circle indicating "A", and the like.
  • the generating unit 404 may be specifically configured to: when the first operation gesture is a tap, generate a character 1; and when the first operation gesture is a click, Generates a character 0; the generated characters are arranged in the order of the first operation gesture to form a binary string.
  • the generating unit 404 may be specifically configured to: when the first operation gesture is a tap, generate a character 0; and determine that the first operation gesture is a point. On time, character 1 is generated; the generated characters are arranged in the order of the first operation gesture to form a binary string.
  • decimal string or a hexadecimal string is similar, just set the correspondence between the operation gesture and each character in advance.
  • the generating unit 404 may also generate corresponding prompt information, and display the corresponding prompt information on the authentication interface to indicate the correspondence between the operation gesture and the character.
  • the method for determining whether the first character string and the preset verification information match may be multiple, that is, the processing unit 405 may adopt any one of the following manners.
  • the processing unit 405 may be specifically configured to determine whether the first character string is consistent with the preset verification information, and if yes, determine that the first character string matches the preset verification information, and if not, determine the The first string does not match the preset verification information.
  • the processing unit 405 is specifically configured to calculate the first character string according to a preset algorithm, obtain a calculation result, and determine that the calculation result is consistent with the preset verification information, and if yes, determine the first character string. Matching with the preset verification information. If they are inconsistent, it is determined that the first character string does not match the preset verification information.
  • the preset algorithm may be determined according to the requirements of the actual application.
  • the processing unit 405 may further perform no operation or reject the data access request, for example, return a prompt indicating that the verification fails. Information, and so on.
  • the identity verification device may further include an encryption unit 406.
  • the receiving unit 401 is further configured to receive a data encryption request, where the data encryption request indicates data that needs to be encrypted.
  • the data encryption request may specifically be a lock screen password setting request, a file encryption request, or an application encryption request, and the like.
  • the encryption unit 406 can be configured to obtain an encrypted password according to the data encryption request, encrypt the data by using the encrypted password, and convert the encrypted password into verification information for storage.
  • the encryption unit 406 may be configured to acquire a second operation gesture of the user on the touch panel according to the data encryption request, and generate a corresponding second character according to the preset rule according to the second operation gesture. String, which converts the second string into an encrypted password.
  • the second string may be a binary string, a decimal string, or a hexadecimal string.
  • the preset rule can be set according to the requirements of the actual application.
  • the tap can be set to indicate “1”, the tap to indicate “0”, or the tap to indicate “0”, and the tap to indicate “1”, and Or, it can be other gestures and words Correspondence of characters, such as circle means "A", and so on.
  • the encryption unit 406 may be specifically configured to: when the second operation gesture is a tap, generate a character 1; and determine that the second operation gesture is a tap. , generating a character 0; arranging the generated characters in the order of the first operation gesture to form a binary string.
  • the encryption unit 406 may be specifically configured to: when the second operation gesture is a tap, generate a character 0; and determine that the second operation gesture is When clicked, the character 1 is generated; the generated characters are arranged in the order of the first operation gesture to form a binary string.
  • decimal string or a hexadecimal string is similar, just set the correspondence between the operation gesture and each character in advance.
  • the encryption unit 406 may directly use the second string as a password, or may convert the second string according to a certain rule, and convert the second string. After the second string as a password. However, it should be noted that if the second character string is converted and the converted second character string is used as the password, the subsequent conversion of the second character string is also required after the subsequent identity verification. Can be used as a decryption password.
  • the identity verification device may be specifically integrated in a terminal or other device that needs to perform identity verification.
  • the identity verification device may be specifically integrated in a tablet or a laptop, and the like.
  • These terminals or devices need to have a touch panel, which may be the terminal or the device itself or an external device.
  • each of the above units may be implemented as a separate entity, or may be implemented in any combination, as the same or several entities.
  • each of the above various units refer to the foregoing method embodiments.
  • the solution provided by the embodiment of the present invention does not need to obtain the authentication information.
  • the user inputs the characters through the keyboard, and the user's operation gesture is acquired through the touchpad. Therefore, the possibility of the keyboard hook stealing the authentication information can be avoided, and the information security is improved.
  • the solution does not need to be equipped with an additional fingerprint or iris acquisition module, and does not require complicated processing, thereby greatly simplifying the operation and improving the processing efficiency.
  • FIG. 5 is a schematic structural diagram of hardware of an identity verification apparatus according to an embodiment of the present invention. As shown in Figure 5a, the apparatus can include:
  • a processor 501 eg, a CPU
  • the non-volatile memory 502 is configured to store machine readable instructions, including receive instructions, start instructions, get instructions, generate instructions, and processing instructions that are executable by the processor 501.
  • the processor 501 is configured to read and execute a receiving instruction, a starting instruction, an obtaining instruction, a generating instruction, and a processing instruction stored in the non-volatile memory 502, to implement each of the identity verification devices shown in FIG. 4a.
  • the function of the module is configured to read and execute a receiving instruction, a starting instruction, an obtaining instruction, a generating instruction, and a processing instruction stored in the non-volatile memory 502, to implement each of the identity verification devices shown in FIG. 4a. The function of the module.
  • FIG. 5b is a schematic diagram of another hardware structure of an identity verification apparatus according to an embodiment of the present invention. As shown in Figure 5b, the apparatus can include:
  • a processor 501 eg, a CPU
  • the non-volatile memory 502 is configured to store machine readable instructions, including the received instructions, the start instructions, the get instructions, the generated instructions, and the instructions executable by the processor 501, as shown in FIG. 5a.
  • machine readable instructions including the received instructions, the start instructions, the get instructions, the generated instructions, and the instructions executable by the processor 501, as shown in FIG. 5a.
  • encrypted instructions that can be executed by the processor 501 are also included.
  • the processor 501 is configured to read and execute the receiving instruction, the starting instruction, the obtaining instruction, the generating instruction, the processing instruction, and the encryption instruction stored in the non-volatile memory 502 to implement the identity verification shown in FIG. 4b.
  • the storage medium may include a read only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • User Interface Of Digital Computer (AREA)
  • Collating Specific Patterns (AREA)
  • Telephone Function (AREA)

Abstract

An identity authentication method and device. The method comprises: receiving a data access request (101), enabling an authentication interface of the data according to the data access request, the authentication interface comprising an authentication information input interface (102), when the authentication information input interface is activated, acquiring a first operation gesture from a user on a touch pad (103), generating a corresponding first character string according to the first operation gesture in accordance with a pre-set rule (104), and allowing access to the data when it is determined that the first character string matches pre-set authentication information (105).

Description

一种身份验证方法和装置Identity verification method and device
本申请要求于2015年10月26日提交中国专利局、申请号为201510703477.0、发明名称为“一种身份验证方法和系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201510703477.0, the entire disclosure of which is incorporated herein by reference. .
技术领域Technical field
本发明涉及通信技术领域,具体涉及一种身份验证方法和装置。The present invention relates to the field of communications technologies, and in particular, to an identity verification method and apparatus.
发明背景Background of the invention
信息安全,不仅与人们的个人隐私息息相关相关,而且与人们的个人财产的安全也具有莫大的关系。因此,如何保障信息安全,一直都是人们所关注的一个问题。Information security is not only related to people's personal privacy, but also has a great relationship with people's personal property security. Therefore, how to ensure information security has always been a concern of people.
为了提高信息的安全性,在现有技术中,一般都会采用身份验证的方式来保障信息的安全。例如,以手机为例,现有技术一般会为手机设置相应的锁屏密码,若要解锁,则要提供相应的身份验证信息,从而防止陌生人使用该手机。现有的身份验证方式,一般都会由用户通过键盘输入相应的密码来提供鉴权信息。但是,这种方式安全性并不高,鉴权信息极易被非法入侵者盗取,比如通过键盘钩子来盗取密码,等等。因此,现有技术又提出了利用生物特征,比如指纹、虹膜或脸等信息来进行身份验证的方案。比如,可以通过指纹采集模块、虹膜采集模块或摄像头等设备采集用户的指纹、虹膜或脸等生物特征信息,然后利用这些生物特征信息对需要进行加密的对象进行加密,比如进行锁屏、或对相册进行加密等,后续若要访问该对象,则只需扫描下指纹、虹膜或脸等即可。In order to improve the security of information, in the prior art, authentication is generally used to ensure information security. For example, in the case of a mobile phone, the prior art generally sets a corresponding lock screen password for the mobile phone. To unlock, the corresponding authentication information is provided to prevent strangers from using the mobile phone. In the existing authentication method, the user generally inputs the corresponding password through the keyboard to provide authentication information. However, this method is not very secure, and authentication information is easily stolen by illegal intruders, such as stealing passwords through keyboard hooks, and so on. Therefore, the prior art also proposes a scheme for authenticating using biometric features such as fingerprints, irises, or faces. For example, the user may collect biometric information such as a fingerprint, an iris, or a face through a fingerprint acquisition module, an iris acquisition module, or a camera, and then use the biometric information to encrypt an object that needs to be encrypted, such as a lock screen, or a pair. The album is encrypted, etc., if you want to access the object later, you only need to scan the fingerprint, iris or face.
在对现有技术的研究和实践过程中,本发明的发明人发现,现有的 利用生物特征来进行身份验证的方式虽然可以提高安全性,但是需要设备配置相应的采集模块,比如指纹采集模块或虹膜采集模块等,而且涉及的算法较多,操作较为复杂,处理效率较低。In the course of research and practice of the prior art, the inventors of the present invention found that existing Although the method of using biometrics for identity verification can improve security, the device needs to configure corresponding acquisition modules, such as a fingerprint collection module or an iris acquisition module, and the algorithms involved are more complicated, and the processing efficiency is low.
发明内容Summary of the invention
本发明实施例提供一种身份验证方法和装置,可以在保障安全性的同时,简化操作,提高处理效率。The embodiment of the invention provides an identity verification method and device, which can simplify operation and improve processing efficiency while ensuring security.
本发明实施例提供一种身份验证方法,包括:An embodiment of the present invention provides an identity verification method, including:
接收数据访问请求,所述数据访问请求指示需要访问的数据;Receiving a data access request, the data access request indicating data that needs to be accessed;
根据所述数据访问请求启动所述数据的鉴权界面,所述鉴权界面包括鉴权信息输入接口;And starting an authentication interface of the data according to the data access request, where the authentication interface includes an authentication information input interface;
在所述鉴权信息输入接口被激活时,获取用户在触控板上的第一操作手势;Acquiring a first operation gesture of the user on the touch panel when the authentication information input interface is activated;
根据所述第一操作手势按照预设规则生成对应的第一字符串;Generating a corresponding first character string according to the preset rule according to the first operation gesture;
确定所述第一字符串与预置的验证信息匹配时,允许访问所述数据。When it is determined that the first character string matches the preset verification information, the data is allowed to be accessed.
本发明实施例还提供一种身份验证装置,包括:An embodiment of the present invention further provides an identity verification apparatus, including:
接收单元,用于接收数据访问请求,所述数据访问请求指示需要访问的数据;a receiving unit, configured to receive a data access request, where the data access request indicates data that needs to be accessed;
启动单元,用于根据所述数据访问请求启动所述数据的鉴权界面,所述鉴权界面包括鉴权信息输入接口;Activating unit, configured to start an authentication interface of the data according to the data access request, where the authentication interface includes an authentication information input interface;
获取单元,用于在所述鉴权信息输入接口被激活时,获取用户在触控板上的第一操作手势;An acquiring unit, configured to acquire a first operation gesture of the user on the touch panel when the authentication information input interface is activated;
生成单元,用于根据所述第一操作手势按照预设规则生成对应的第一字符串;a generating unit, configured to generate a corresponding first character string according to the preset rule according to the first operation gesture;
处理单元,用于确定所述第一字符串与预置的验证信息匹配时,允 许访问所述数据。a processing unit, configured to: when the first string is matched with preset verification information, Allow access to the data.
由于本发明实施例提供的技术方案在获取鉴权信息时,无需通过键盘接收用户输入的字符,而是通过触控板获取用户的操作手势,因此,可以避免被键盘钩子盗取鉴权信息的可能性,提高信息安全性。而且,该方案无需配备额外的指纹或虹膜等采集模块,也无需进行复杂的处理,因此,大大简化了操作,提高了处理效率。The technical solution provided by the embodiment of the present invention does not need to receive the character input by the user through the keyboard, but acquires the operation gesture of the user through the touchpad, thereby avoiding theft of the authentication information by the keyboard hook. The possibility to improve information security. Moreover, the solution does not need to be equipped with an additional fingerprint or iris acquisition module, and does not require complicated processing, thereby greatly simplifying the operation and improving the processing efficiency.
附图简要说明BRIEF DESCRIPTION OF THE DRAWINGS
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention. Other drawings can also be obtained from those skilled in the art based on these drawings without paying any creative effort.
图1a是本发明实施例提供的身份验证方法的场景示意图;FIG. 1 is a schematic diagram of a scenario of an identity verification method according to an embodiment of the present invention;
图1b是本发明实施例提供的身份验证方法的流程图;FIG. 1b is a flowchart of an identity verification method according to an embodiment of the present invention;
图1c是本发明实施例提供的数据加密方法的流程图;FIG. 1c is a flowchart of a data encryption method according to an embodiment of the present invention;
图2是本发明实施例提供的身份验证方法的另一流程图;2 is another flowchart of an identity verification method according to an embodiment of the present invention;
图3是本发明实施例提供的身份验证方法的又一流程图;FIG. 3 is still another flowchart of an identity verification method according to an embodiment of the present invention;
图4a是本发明实施例提供的身份验证装置的结构示意图;4a is a schematic structural diagram of an identity verification apparatus according to an embodiment of the present invention;
图4b是本发明实施例提供的身份验证装置的另一结构示意图;4b is another schematic structural diagram of an identity verification apparatus according to an embodiment of the present invention;
图5a是本发明实施例提供的身份验证装置的硬件结构示意图;FIG. 5 is a schematic structural diagram of hardware of an identity verification apparatus according to an embodiment of the present invention; FIG.
图5b是本发明实施例提供的身份验证装置的另一硬件结构示意图。FIG. 5b is a schematic diagram of another hardware structure of an identity verification apparatus according to an embodiment of the present invention.
实施本发明的方式Mode for carrying out the invention
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实 施例,而不是全部的实施例。基于本发明中的实施例,本领域技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the present invention. Example, not all embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明实施例提供一种身份验证方法和装置,以下将分别进行详细说明。The embodiments of the present invention provide an identity verification method and apparatus, which are respectively described in detail below.
图1a是本发明实施例提供的身份验证方法的场景示意图。该方法应用的场景包括终端和终端的触控板。其中,终端中存储有用户要访问的数据,触控板可用于用户在其上面进行轻触或点按等操作。参见图1a,当用户需要访问某一数据时,比如访问某个文件时,则可以向该文件所在的终端发送数据访问请求。该终端在接收到该数据访问请求后,便可以根据该数据访问请求启动该数据的鉴权界面。其中,该鉴权界面包括鉴权信息输入接口。然后,在该鉴权信息输入接口被激活时,终端获取用户在触控板上的第一操作手势,比如轻触或点按等,再然后,根据该第一操作手势按照预设规则生成对应的第一字符串,并利用该第一字符串进行鉴权。比如,确定该第一字符串与预置的验证信息是否匹配,若匹配,则允许用户访问该数据,比如访问该文件,否则,拒绝用户访问该数据。FIG. 1 is a schematic diagram of a scenario of an identity verification method according to an embodiment of the present invention. The scenarios applied by the method include a touch panel of the terminal and the terminal. The terminal stores data that the user wants to access, and the touchpad can be used for the user to perform tap or click operations. Referring to FIG. 1a, when a user needs to access a certain data, such as accessing a file, a data access request can be sent to the terminal where the file is located. After receiving the data access request, the terminal may initiate an authentication interface of the data according to the data access request. The authentication interface includes an authentication information input interface. Then, when the authentication information input interface is activated, the terminal acquires a first operation gesture of the user on the touch panel, such as tapping or tapping, and then, according to the first operation gesture, generates a corresponding according to a preset rule. The first string and use the first string for authentication. For example, it is determined whether the first string matches the preset verification information. If it matches, the user is allowed to access the data, such as accessing the file; otherwise, the user is denied access to the data.
本实施例将从身份验证装置的角度进行描述,该身份验证装置具体可以集成在终端或其他需要进行身份验证的设备中,比如,该身份验证装置具体可以集成在平板电脑或笔记本电脑中,等等。这些终端或设备需具有触控板,该触控板可以是该终端或设备本身具有的硬件设备,也可以是外置的设备。This embodiment will be described from the perspective of an identity verification device, which may be integrated in a terminal or other device that needs to be authenticated. For example, the identity verification device may be integrated in a tablet or a laptop, etc. Wait. These terminals or devices need to have a touch panel, which may be a hardware device of the terminal or the device itself, or an external device.
图1b是本发明实施例提供的身份验证方法的流程图。如图1b所示,该身份验证方法的具体流程可以包括如下步骤:FIG. 1b is a flowchart of an identity verification method according to an embodiment of the present invention. As shown in FIG. 1b, the specific process of the identity verification method may include the following steps:
步骤101、接收数据访问请求。 Step 101: Receive a data access request.
在本发明实施例中,接收用户触发的数据访问请求,或者,接收其他设备发送的数据访问请求,其中,该数据访问请求指示需要访问的数据,该数据可以包括具体的信息、文件和终端应用等,例如,该数据访问请求具体可以为屏幕解锁请求,应用访问请求或文件访问请求等。In the embodiment of the present invention, a data access request triggered by a user is received, or a data access request sent by another device is received, where the data access request indicates data that needs to be accessed, and the data may include specific information, a file, and a terminal application. For example, the data access request may specifically be a screen unlock request, an application access request or a file access request, and the like.
步骤102、根据该数据访问请求启动该数据的鉴权界面,该鉴权界面包括鉴权信息输入接口。Step 102: Start an authentication interface of the data according to the data access request, where the authentication interface includes an authentication information input interface.
例如,以屏幕的解锁为例,可以根据屏幕的解锁请求启动终端的屏幕解锁界面,其中,该屏幕解锁界面中还可以包括鉴权信息输入接口,比如密码输入框或输入区域等。For example, in the case of unlocking the screen, the screen unlocking interface of the terminal may be activated according to the unlocking request of the screen, wherein the screen unlocking interface may further include an authentication information input interface, such as a password input box or an input area.
步骤103、在该鉴权信息输入接口被激活时,获取用户在触控板上的操作手势。比如,轻触触控板或点按触控板等,简称轻触或点按。为了描述方便,本发明实施例将该操作手势称为第一操作手势。Step 103: Acquire an operation gesture of the user on the touch panel when the authentication information input interface is activated. For example, touch the touchpad or click on the touchpad, etc., simply tap or tap. For convenience of description, the embodiment of the present invention refers to the operation gesture as a first operation gesture.
在本发明实施例中,激活该鉴权信息输入接口的方式可以有多种,例如,当确定用户选择,比如点击或滑动,该鉴权信息输入接口时,便可以确定该鉴权信息输入接口被激活;或者,当输入光标在该鉴权信息输入接口,比如密码输入框闪动时,便可以确定该鉴权信息输入接口被激活。In the embodiment of the present invention, the manner of activating the authentication information input interface may be various. For example, when determining a user selection, such as clicking or sliding, the authentication information input interface may determine the authentication information input interface. It is activated; or, when the input cursor is flashing at the authentication information input interface, such as the password input box, it can be determined that the authentication information input interface is activated.
在本发明实施例中,该触控板指的是一种利用手指在板上的滑动操作来移动游标的输入装置。触控方式可以包括压感触控(Force Touch)或其他触控等。In the embodiment of the present invention, the touch panel refers to an input device that uses a sliding operation of a finger on the board to move the cursor. The touch method may include a pressure touch (Force Touch) or other touch.
步骤104、根据该第一操作手势按照预设规则生成对应的字符串。为了描述方便,本发明实施例将该字符串称为第一字符串。Step 104: Generate a corresponding character string according to the preset rule according to the first operation gesture. For convenience of description, the embodiment of the present invention refers to the character string as the first character string.
在本发明实施例中,该第一字符串具体可以为二进制字符串、十进制字符串或十六进制字符串等。而该预设规则可以根据实际应用的需求进行设置,比如,可以设置轻触表示“1”,点按表示“0”,或者,设置 轻触表示“0”,点按表示“1”,又或者,还可以是其他的操作手势与字符的对应关系,比如画圈表示“A”,等等。In the embodiment of the present invention, the first character string may be a binary string, a decimal string, or a hexadecimal string. The preset rule can be set according to the needs of the actual application. For example, you can set the tap to indicate "1", click to indicate "0", or set Tap to indicate “0”, tap to indicate “1”, or alternatively, to correspond to other operation gestures and characters, such as circle to indicate “A”, and so on.
例如,以该第一字符串为二进制字符串,且操作手势轻触表示“1”,点按表示“0”为例,则此时,步骤“根据该第一操作手势按照预设规则生成对应的第一字符串”可以包括:For example, the first character string is a binary character string, and the operation gesture taps to indicate “1”, and the tap “0” is taken as an example. At this time, the step “generates the corresponding according to the preset operation rule according to the first operation gesture. The first string "can include:
确定该第一操作手势为轻触时,生成字符1;确定该第一操作手势为点按时,生成字符0;将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。When it is determined that the first operation gesture is a tap, the character 1 is generated; when the first operation gesture is determined to be a tap, the character 0 is generated; and the generated characters are arranged in the order of the first operation gesture to form a binary character string.
又例如,以该第一字符串为二进制字符串,且操作手势轻触表示“0”,点按表示“1”为例,则此时,步骤“根据该第一操作手势按照预设规则生成对应的第一字符串”可以包括:For another example, the first character string is a binary character string, and the operation gesture taps to indicate “0”, and the click “1” is taken as an example. At this time, the step “generates according to the preset operation rule according to the first operation gesture. The corresponding first string "may include:
确定该第一操作手势为轻触时,生成字符0;确定该第一操作手势为点按时,生成字符1;将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。When it is determined that the first operation gesture is a tap, the character 0 is generated; when the first operation gesture is determined to be a tap, the character 1 is generated; and the generated characters are arranged in the order of the first operation gesture to form a binary string.
十进制字符串或十六进制字符串的实现与此类似,只需预先设置好操作手势与各字符之间的对应关系即可。The implementation of a decimal string or a hexadecimal string is similar, just set the correspondence between the operation gesture and each character in advance.
在本发明实施例中,为了便于用户操作,还可以生成相应的提示信息,并显示在该鉴权界面上,以指示操作手势与字符的对应关系。In the embodiment of the present invention, in order to facilitate the operation of the user, corresponding prompt information may also be generated and displayed on the authentication interface to indicate the correspondence between the operation gesture and the character.
例如,若“0”表示轻触,“1”表示点按,则可以提示用户:“0表示轻触,1表示点按,请按顺序输入手势”。For example, if “0” means tap, and “1” means tap, you can prompt the user: “0 means tap, 1 means tap, please input gestures in order”.
又例如,若“1”表示轻触,“0”表示点按,则可以提示用户:“其中,1表示轻触,0表示点按,请按顺序输入手势”。For another example, if "1" indicates a tap and "0" indicates a tap, the user can be prompted: "Where 1 indicates a tap, 0 indicates a tap, and the gesture is input in order."
步骤105、确定该第一字符串与预置的验证信息匹配时,允许访问该数据,比如允许用户或其他设备访问该数据。Step 105: When the first string is determined to match the preset verification information, the data is allowed to be accessed, for example, the user or other device is allowed to access the data.
在本发明实施例中,确定该第一字符串与预置的验证信息是否匹配 的方式可以有多种,例如,可以采用如下任意一种方式:In the embodiment of the present invention, determining whether the first string matches the preset verification information There are a variety of ways, for example, you can use any of the following methods:
在本发明实施例提供的一种方式中,确定该第一字符串与预置的验证信息是否一致,若一致,则确定该第一字符串与预置的验证信息匹配;若不一致,则确定该第一字符串与预置的验证信息不匹配。In a manner provided by the embodiment of the present invention, it is determined whether the first character string is consistent with the preset verification information, and if they are consistent, determining that the first character string matches the preset verification information; if not, determining The first string does not match the preset verification information.
例如,若在加密数据的时候,直接将加密密码作为验证信息进行保存,则此时可以直接将第一字符串与验证信息进行比较。若一致,则表明解密密码正确,因此,可以确定身份验证通过,即确定该第一字符串与预置的验证信息匹配;若不一致,则表明解密密码错误,因此,可以确定身份验证不通过,即确定该第一字符串与预置的验证信息不匹配。For example, if the encrypted password is directly saved as the verification information when encrypting the data, the first character string and the verification information can be directly compared at this time. If they are consistent, it indicates that the decryption password is correct. Therefore, it can be determined that the authentication is passed, that is, the first string is determined to match the preset verification information; if not, the decryption password is incorrect, so it can be determined that the identity verification fails. That is, it is determined that the first character string does not match the preset verification information.
比如,若采用“1010”作为加密密码对数据进行加密,并保存“1010”作为验证信息,则若该第一字符串为“1010”,则表明该第一字符串与预置的验证信息匹配,若该第一字符串不是“1010”,则确定该第一字符串与预置的验证信息不匹配。For example, if "1010" is used as the encryption password to encrypt the data, and "1010" is saved as the verification information, if the first string is "1010", it indicates that the first string matches the preset verification information. If the first character string is not "1010", it is determined that the first character string does not match the preset verification information.
在本发明实施例提供的另一种方式中,按照预设算法对该第一字符串进行计算,得到计算结果,确定该计算结果与预置的验证信息是否一致,若一致,则确定该第一字符串与预置的验证信息匹配;若不一致,则确定该第一字符串与预置的验证信息不匹配。In another mode provided by the embodiment of the present invention, the first character string is calculated according to a preset algorithm, and a calculation result is obtained, determining whether the calculation result is consistent with the preset verification information, and if the agreement is consistent, determining the first A string matches the preset verification information; if not, it is determined that the first string does not match the preset verification information.
例如,若在加密数据的时候,为了加强信息的安全性,没有将加密密码直接作为验证信息进行保存,而是对该加密密码按照预置算法进行计算后,将计算结果作为验证信息进行了保存,则此时,在将第一字符串与验证信息进行比较之前,需要对该第一字符串也按照该预置算法进行计算,然后再将计算结果与该验证信息进行比较。若计算结果与该验证信息一致,则表明解密密码正确,因此,可以确定身份验证通过,即确定该第一字符串与预置的验证信息匹配;若计算结果与该验证信息不一致,则表明解密密码错误,因此,可以确定身份验证不通过,即确定 该第一字符串与预置的验证信息不匹配。For example, when encrypting data, in order to enhance the security of the information, the encrypted password is not directly saved as the verification information, but the encrypted password is calculated according to a preset algorithm, and the calculation result is saved as the verification information. At this time, before comparing the first character string with the verification information, the first character string needs to be calculated according to the preset algorithm, and then the calculation result is compared with the verification information. If the calculation result is consistent with the verification information, it indicates that the decryption password is correct. Therefore, it may be determined that the identity verification is passed, that is, the first character string is determined to match the preset verification information; if the calculation result is inconsistent with the verification information, the decryption is performed. The password is incorrect, so you can be sure that the authentication is not passed, that is, OK The first string does not match the preset verification information.
比如,若采用“1010”作为加密密码对数据进行加密,并在“1010”后面加一个“0”之后,才将该计算结果保存为验证信息,即将“10100”作为验证信息,则若该第一字符串为“1010”,则同样也需要在该第一字符串后加一个“0”之后,才将该计算结果与验证信息进行比较。For example, if "1010" is used as the encryption password to encrypt the data, and after adding a "0" after "1010", the calculation result is saved as the verification information, that is, "10100" is used as the verification information. If a string is "1010", it is also necessary to add a "0" after the first string to compare the calculation result with the verification information.
在本发明实施例中,该预置算法可以根据实际应用的需求而定。In the embodiment of the present invention, the preset algorithm may be determined according to the requirements of the actual application.
在本发明实施例中,在确定该第一字符串与预置的验证信息不匹配时,可以不进行任何操作,或者拒绝该数据访问请求,比如返回表示验证不通过的提示信息,等等。In the embodiment of the present invention, when it is determined that the first character string does not match the preset verification information, no operation may be performed, or the data access request may be rejected, for example, returning prompt information indicating that the verification fails, and the like.
此外,在对数据进行加密时,可以直接通过键盘或其他输入方式输入加密密码,也可以通过在触控板上的操作手势来进行加密,即在步骤“接收数据访问请求”之前,该身份验证方法还可以包括对数据进行加密的处理。图1c是本发明实施例提供的数据加密方法的流程图。如图1c所示,该方法包括如下步骤:In addition, when encrypting data, you can enter the encrypted password directly through the keyboard or other input methods, or you can encrypt it by using the operation gesture on the touchpad, that is, before the step "Receive data access request", the identity verification The method can also include processing to encrypt the data. FIG. 1c is a flowchart of a data encryption method according to an embodiment of the present invention. As shown in FIG. 1c, the method includes the following steps:
步骤S1、接收数据加密请求,该数据加密请求指示需要进行加密的数据。Step S1: Receive a data encryption request indicating data that needs to be encrypted.
在本发明实施例中,该数据加密请求具体可以为锁屏密码设置请求、文件加密请求或应用加密请求,等等。In the embodiment of the present invention, the data encryption request may specifically be a lock screen password setting request, a file encryption request, or an application encryption request, and the like.
步骤S2、根据该数据加密请求获取加密密码。Step S2: Acquire an encrypted password according to the data encryption request.
在本发明实施例中,具体可以根据该数据加密请求获取用户在触控板上的操作手势(为了描述方便,称为第二操作手势),根据该第二操作手势按照预设规则生成对应的第二字符串,将该第二字符串转换为加密密码。In the embodiment of the present invention, the operation gesture of the user on the touch panel (referred to as a second operation gesture for convenience of description) may be acquired according to the data encryption request, and corresponding to the second operation gesture according to the preset rule. The second string is converted into an encrypted password.
在本发明实施例中,该第二字符串具体可以为二进制字符串、十进制字符串或十六进制字符串等。而该预设规则可以根据实际应用的需求 进行设置,比如,可以设置轻触表示“1”,点按表示“0”,或者,设置轻触表示“0”,点按表示“1”,又或者,还可以是其他的操作手势与字符的对应关系,比如画圈表示“A”,等等。In the embodiment of the present invention, the second string may be a binary string, a decimal string, or a hexadecimal string. And the preset rule can be based on the needs of the actual application. Make settings, for example, you can set a tap to indicate “1”, a tap to indicate “0”, or a tap to indicate “0”, a tap to indicate “1”, or another operation gesture and character Correspondence, such as circle means "A", and so on.
例如,以该第二字符串为二进制字符串,且操作手势轻触表示“1”,点按表示“0”为例,则此时,步骤“根据该第二操作手势按照预设规则生成对应的第二字符串”可以包括:For example, the second character string is a binary character string, and the operation gesture taps to indicate “1”, and the tap “0” is taken as an example. At this time, the step “generates the corresponding according to the preset operation rule according to the second operation gesture. The second string "can include:
确定该第二操作手势为轻触时,生成字符1;确定该第二操作手势为点按时,生成字符0;将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。When it is determined that the second operation gesture is a tap, the character 1 is generated; when the second operation gesture is determined to be a tap, the character 0 is generated; and the generated characters are arranged in the order of the first operation gesture to form a binary character string.
又例如,以该第二字符串为二进制字符串,且操作手势轻触表示“0”,点按表示“1”为例,则此时,步骤“根据该第二操作手势按照预设规则生成对应的第二字符串”可以包括:For another example, the second character string is a binary character string, and the operation gesture taps to indicate “0”, and the click “1” is taken as an example. At this time, the step “generates according to the second operation gesture according to the preset rule. The corresponding second string "may include:
确定该第二操作手势为轻触时,生成字符0;确定该第二操作手势为点按时,生成字符1;将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。When it is determined that the second operation gesture is a tap, the character 0 is generated; when the second operation gesture is determined to be a tap, the character 1 is generated; and the generated characters are arranged in the order of the first operation gesture to form a binary character string.
十进制字符串或十六进制字符串的实现与此类似,只需预先设置好操作手势与各字符之间的对应关系即可。The implementation of a decimal string or a hexadecimal string is similar, just set the correspondence between the operation gesture and each character in advance.
在本发明实施例中,在将第二字符串转换为加密密码时,可以直接将该第二字符串作为密码,也可以对该第二字符串按照一定的规则进行转换,将转换后的第二字符串作为密码。但是,需说明的而是,若对第二字符串进行了转换,将转换后的第二字符串作为密码,则在后续进行身份验证时,也需要对第二字符串进行同样的转换后,才可作为解密密码。In the embodiment of the present invention, when the second character string is converted into an encrypted password, the second character string may be directly used as a password, or the second character string may be converted according to a certain rule, and the converted Two strings are used as passwords. However, it should be noted that if the second character string is converted and the converted second character string is used as the password, the subsequent conversion of the second character string is also required after the subsequent identity verification. Can be used as a decryption password.
步骤S3、利用该加密密码对该数据进行加密,并将该加密密码转换为验证信息进行保存。 Step S3: Encrypt the data by using the encrypted password, and convert the encrypted password into verification information for storage.
在本发明实施例中,可以将该加密密码直接作为验证信息进行保存,或者,还可以对该加密密码按照预置算法进行计算后,将计算结果作为验证信息进行保存。其中,该预置算法与后续身份验证时所采用的算法应保持一致。In the embodiment of the present invention, the encrypted password may be directly saved as the verification information, or the encrypted password may be calculated according to a preset algorithm, and then the calculation result is saved as the verification information. The preset algorithm and the algorithm used in subsequent authentication should be consistent.
需说明的是,加密规则与解密规则(即身份验证时所采用的规则)应保持一致。It should be noted that the encryption rules and the decryption rules (that is, the rules used in the authentication) should be consistent.
由上可知,由于本发明实施例提供的技术方案在获取鉴权信息时,无需通过键盘接收用户输入的字符,而是通过触控板获取用户的操作手势,因此,可以避免被键盘钩子盗取鉴权信息的可能性,提高信息安全性。而且,该方案无需配备额外的指纹或虹膜等采集模块,也无需进行复杂的处理,因此,大大简化了操作,提高了处理效率。As can be seen from the above, the technical solution provided by the embodiment of the present invention does not need to receive the characters input by the user through the keyboard, but acquires the operation gesture of the user through the touchpad, thereby avoiding being stolen by the keyboard hook. The possibility of authenticating information and improving information security. Moreover, the solution does not need to be equipped with an additional fingerprint or iris acquisition module, and does not require complicated processing, thereby greatly simplifying the operation and improving the processing efficiency.
根据图1b对应的实施例所描述的方法,以下的实施例将对身份验证方法作进一步详细说明。According to the method described in the embodiment corresponding to FIG. 1b, the following embodiment will further explain the identity verification method in detail.
在本发明实施例中,将以该身份验证装置具体集成在具有触控板的终端中,且该数据访问请求具体为屏幕解锁请求为例进行说明。In the embodiment of the present invention, the identity verification device is specifically integrated in a terminal having a touch panel, and the data access request is specifically a screen unlock request as an example.
图2是本发明实施例提供的身份验证方法的另一流程图。如图2所示,该身份验证方法的具体流程可以包括如下步骤:FIG. 2 is another flowchart of an identity verification method according to an embodiment of the present invention. As shown in FIG. 2, the specific process of the identity verification method may include the following steps:
步骤201、终端接收用户触发的关于该终端的屏幕解锁请求。Step 201: The terminal receives a screen unlock request about the terminal triggered by the user.
在本实施例中,用户可以通过滑动或点击解锁触发键来触发该屏幕解锁请求。In this embodiment, the user can trigger the screen unlock request by sliding or clicking the unlock trigger button.
步骤202、终端根据该屏幕解锁请求启动屏幕解锁界面。Step 202: The terminal starts the screen unlocking interface according to the screen unlocking request.
在本实施例中,该屏幕解锁界面包括鉴权信息输入接口,比如密码输入框或输入区域等。In this embodiment, the screen unlocking interface includes an authentication information input interface, such as a password input box or an input area.
步骤203、终端在该鉴权信息输入接口被激活时,获取用户在触控板上的第一操作手势,比如轻触或点按等操作手势。 Step 203: When the authentication information input interface is activated, the terminal acquires a first operation gesture of the user on the touch panel, such as an operation gesture such as tapping or tapping.
在本实施例中,该鉴权信息输入接口被激活的方式可以有多种,例如,当确定用户选择,比如点击或滑动,该鉴权信息输入接口时,便可以确定该鉴权信息输入接口被激活;或者,当输入光标在该鉴权信息输入接口,比如密码输入框闪动时,便可以确定该鉴权信息输入接口被激活等等。In this embodiment, the authentication information input interface may be activated in various manners. For example, when determining a user selection, such as clicking or sliding, the authentication information input interface may determine the authentication information input interface. It is activated; or, when the input cursor is flashing at the authentication information input interface, such as the password input box, it can be determined that the authentication information input interface is activated or the like.
步骤204、终端根据该第一操作手势按照预设规则生成对应的第一字符串,例如,终端确定该第一操作手势为轻触时,生成字符1,确定该第一操作手势为点按时,生成字符0,将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。Step 204: The terminal generates a corresponding first character string according to the preset rule according to the first operation gesture. For example, when the terminal determines that the first operation gesture is a tap, the terminal generates the character 1, and determines that the first operation gesture is a tap. The character 0 is generated, and the generated characters are arranged in the order of the first operation gesture to form a binary string.
例如,以该二进制字符串为四位数为例,则用户连续四次输入操作手势。如果用户第一次所输入的操作手势为“轻触”,则此时可以生成字符“1”,如果用户第二次所输入的操作手势和第三次所输入的操作手势均为“点按”,则可以确定第二和第三个字符均为“0”,如果用户第四次所输入的操作手势为“轻触”,则可确定第四个字符为“1”,按照这些操作手势的顺序对这些字符进行排列,便可以确定该二进制字符串为“1001”。For example, taking the binary string as a four-digit example, the user inputs an operation gesture four times in succession. If the operation gesture input by the user for the first time is “tap”, the character “1” can be generated at this time, if the operation gesture input by the user for the second time and the operation gesture input for the third time are “tap” ", then it can be determined that the second and third characters are all "0". If the operation gesture input by the user for the fourth time is "tap", it can be determined that the fourth character is "1", according to these operation gestures The order of these characters is arranged to determine that the binary string is "1001".
在本实施例中,为了便于用户操作,还可以生成相应的提示信息,并显示在该屏幕解锁界面上,以指示操作手势与字符的对应关系,比如,可以提示用户:“1表示轻触,0表示点按,请按顺序输入手势”。In this embodiment, in order to facilitate the operation of the user, corresponding prompt information may also be generated and displayed on the screen unlocking interface to indicate the correspondence between the operation gesture and the character. For example, the user may be prompted: “1 indicates a tap, 0 means tap, please enter gestures in order.
当然,第一操作手势与各字符的对应关系除了上述实施例所描述的情况之外,也可以有其他的方式,而且,第一操作手势除了可以转换成二进制字符串之外,也可以转换为其他格式的字符串,具体可根据实际应用的需求进行设置。Certainly, the correspondence between the first operation gesture and each character may be other than the case described in the foregoing embodiment, and the first operation gesture may be converted into a binary string, or may be converted into Strings in other formats can be set according to the needs of the actual application.
步骤205、终端确定该第一字符串与预置的验证信息是否匹配,若匹配,则执行步骤206,若不匹配,则拒绝该屏幕解锁请求,比如返回 验证不通过的提示信息,等等。Step 205: The terminal determines whether the first string matches the preset verification information. If yes, step 206 is performed. If not, the screen unlock request is rejected, for example, returning. Verify that the message does not pass, and so on.
在本实施例中,若在设置锁屏密码的时候,直接将锁屏密码作为验证信息进行保存,则此时可以直接将第一字符串与验证信息进行比较。若第一字符串与验证信息一致,则表明解密密码正确,因此,可以确定身份验证通过,即确定该第一字符串与预置的验证信息匹配;若不一致,则表明解密密码错误,因此,可以确定身份验证不通过,即确定该第一字符串与预置的验证信息不匹配。In this embodiment, if the lock screen password is directly saved as the verification information when the lock screen password is set, the first character string and the verification information can be directly compared at this time. If the first string is consistent with the verification information, it indicates that the decryption password is correct. Therefore, it can be determined that the identity verification is passed, that is, the first string is determined to match the preset verification information; if not, the decryption password is incorrect, therefore, It can be determined that the authentication fails, that is, the first string is determined to not match the preset verification information.
比如,若采用“1001”作为锁屏密码,并保存“1001”作为验证信息,则若该第一字符串为“1001”,则表明该第一字符串与预置的验证信息匹配,若该第一字符串不是“1001”,则确定该第一字符串与预置的验证信息不匹配。For example, if "1001" is used as the lock screen password and "1001" is saved as the verification information, if the first character string is "1001", it indicates that the first character string matches the preset verification information, if If the first character string is not "1001", it is determined that the first character string does not match the preset verification information.
在本实施例中,若在设置锁屏密码的时候,为了加强信息的安全性,没有将锁屏密码直接作为验证信息进行保存,而是对该锁屏密码按照预置算法进行计算后,将计算结果作为验证信息进行了保存,则此时,在将第一字符串与验证信息进行比较之前,需要对该第一字符串也按照该预置算法进行计算,然后再将计算结果与该验证信息进行比较。若计算结果与该验证信息一致,则表明解密密码正确,确定该第一字符串与预置的验证信息匹配,否则,则表明解密密码错误,确定该第一字符串与预置的验证信息不匹配。In this embodiment, if the lock screen password is set, in order to enhance the security of the information, the lock screen password is not directly saved as the verification information, but the lock screen password is calculated according to the preset algorithm. The calculation result is saved as the verification information. At this time, before comparing the first character string with the verification information, the first character string needs to be calculated according to the preset algorithm, and then the calculation result and the verification are performed. Information is compared. If the calculation result is consistent with the verification information, it indicates that the decryption password is correct, and the first character string is determined to match the preset verification information; otherwise, the decryption password is incorrect, and the first character string and the preset verification information are determined not to be determined. match.
比如,若采用“1001”作为锁屏密码,并在“1001”后面加一个“0”之后,才将该计算结果保存为验证信息,即将“10100”作为验证信息,则若该第一字符串为“1010”,则同样也需要在该第一字符串后加一个“0”之后,才将该计算结果与验证信息进行比较。For example, if "1001" is used as the lock screen password and a "0" is added after "1001", the calculation result is saved as the verification information, that is, if "10100" is used as the verification information, then the first string is used. For "1010", it is also necessary to add a "0" after the first string to compare the calculation result with the verification information.
在本实施例中,该预置算法可以根据实际应用的需求而定。In this embodiment, the preset algorithm may be determined according to the needs of the actual application.
步骤206、终端对终端屏幕进行解锁。 Step 206: The terminal unlocks the terminal screen.
在本实施例中,在对该终端设置锁屏密码时,除了可以采用键盘或其他输入方式来设置锁屏密码之外,也可以通过在触控板上的操作手势来进行设置,例如,可以采用如下的方式来设置锁屏密码:In this embodiment, when the lock screen password is set to the terminal, in addition to setting the lock screen password by using a keyboard or other input manner, the setting may also be performed by an operation gesture on the touch panel, for example, Use the following method to set the lock screen password:
接收用户触发的锁屏请求,根据该锁屏请求获取锁屏密码,比如,可以获取用户在触控板上的第二操作手势,根据该第二操作手势按照预设规则生成对应的第二字符串,将该第二字符串转换为锁屏密码,然后利用该锁屏密码进行锁屏。Receiving a lock screen request triggered by the user, and acquiring a lock screen password according to the lock screen request, for example, acquiring a second operation gesture of the user on the touch panel, and generating a corresponding second character according to the preset rule according to the second operation gesture String, convert the second string into a lock screen password, and then use the lock screen password to lock the screen.
其中,根据该第二操作手势按照预设规则生成对应的第二字符串的方式具体可参见上述图1b对应的实施例。For the specific manner of generating the corresponding second character string according to the preset rule according to the second operation gesture, refer to the corresponding embodiment of FIG. 1b.
由上可知,在本实施例中,终端在接收到屏幕解锁请求时,可以根据该屏幕解锁请求启动该屏幕解锁界面,在该界面上的鉴权信息输入接口被激活时,获取用户在触控板上的第一操作手势,根据该第一操作手势按照预设规则生成对应的第一字符串,并在确定该第一字符串与预置的验证信息匹配时,对屏幕进行解锁。由于该方案在获取鉴权信息时,无需通过键盘接收用户输入的字符,而是通过触控板获取用户的操作手势,因此,可以避免被键盘钩子盗取鉴权信息的可能性,提高信息安全性。而且,该方案无需配备额外的指纹或虹膜等采集模块,也无需进行复杂的处理,因此,大大简化了操作,提高了处理效率。As shown in the above, in the embodiment, when receiving the screen unlocking request, the terminal may start the screen unlocking interface according to the screen unlocking request, and when the authentication information input interface on the interface is activated, acquiring the user's touch The first operation gesture on the board generates a corresponding first character string according to the preset rule according to the first operation gesture, and unlocks the screen when it is determined that the first character string matches the preset verification information. Since the solution does not need to receive the characters input by the user through the keyboard, but obtains the operation gesture of the user through the touchpad, the possibility of stealing the authentication information by the keyboard hook and improving the information security can be avoided. Sex. Moreover, the solution does not need to be equipped with an additional fingerprint or iris acquisition module, and does not require complicated processing, thereby greatly simplifying the operation and improving the processing efficiency.
在下面的实施例中,仍然以该身份验证装置具体集成在具有触控板的终端中,但以该数据访问请求具体为文件访问请求为例进行说明。In the following embodiments, the identity verification device is still specifically integrated in the terminal with the touch panel, but the data access request is specifically a file access request as an example.
图3是本发明实施例提供的身份验证方法的又一流程图。如图3所示,该身份验证方法的具体流程可以包括如下步骤:FIG. 3 is still another flowchart of an identity verification method according to an embodiment of the present invention. As shown in FIG. 3, the specific process of the identity verification method may include the following steps:
步骤301、终端接收用户触发的文件访问请求。Step 301: The terminal receives a file access request triggered by a user.
在本实施例中,用户可以通过滑动或点击文件图标来触发该文件访问请求。 In this embodiment, the user can trigger the file access request by sliding or clicking on the file icon.
步骤302、终端根据该文件访问请求启动鉴权界面。Step 302: The terminal starts an authentication interface according to the file access request.
在本实施例中,该鉴权界面包括鉴权信息输入接口,比如密码输入框或输入区域等。In this embodiment, the authentication interface includes an authentication information input interface, such as a password input box or an input area.
步骤303、终端在该鉴权信息输入接口被激活时,获取用户在触控板上的第一操作手势,比如轻触或点按等操作手势。Step 303: When the authentication information input interface is activated, the terminal acquires a first operation gesture of the user on the touch panel, such as an operation gesture such as tapping or tapping.
在本实施例中,该鉴权信息输入接口被激活的方式可以有多种,例如,当确定用户选择,比如点击或滑动,该鉴权信息输入接口时,便可以确定该鉴权信息输入接口被激活;或者,当输入光标在该鉴权信息输入接口,比如密码输入框闪动时,便可以确定该鉴权信息输入接口被激活等等。In this embodiment, the authentication information input interface may be activated in various manners. For example, when determining a user selection, such as clicking or sliding, the authentication information input interface may determine the authentication information input interface. It is activated; or, when the input cursor is flashing at the authentication information input interface, such as the password input box, it can be determined that the authentication information input interface is activated or the like.
步骤304、终端根据该第一操作手势按照预设规则生成对应的第一字符串,例如,终端确定该第一操作手势为轻触时,生成字符0,确定该第一操作手势为点按时,生成字符1,将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。Step 304: The terminal generates a corresponding first character string according to the preset rule according to the first operation gesture. For example, when the terminal determines that the first operation gesture is a tap, the terminal generates a character 0, and determines that the first operation gesture is a tap. The character 1 is generated, and the generated characters are arranged in the order of the first operation gesture to form a binary character string.
例如,以该二进制字符串为四位数为例,则用户连续四次输入操作手势。如果用户第一次所输入的操作手势为“轻触”,则此时可以生成字符“0”,如果用户第二次所输入的操作手势和第三次所输入的操作手势均为“点按”,则可以确定第二和第三个字符均为“1”,如果用户第四次所输入的操作手势为“轻触”,则可确定第四个字符为“0”,按照这些操作手势的顺序对这些字符进行排列,便可以确定该二进制字符串为“0110”。For example, taking the binary string as a four-digit example, the user inputs an operation gesture four times in succession. If the operation gesture input by the user for the first time is “tap”, the character “0” can be generated at this time, if the operation gesture input by the user for the second time and the operation gesture input for the third time are both “tap” ", then it can be determined that the second and third characters are all "1". If the operation gesture input by the user for the fourth time is "tap", it can be determined that the fourth character is "0", according to these operation gestures The order of these characters is arranged to determine that the binary string is "0110".
在本实施例中,为了便于用户操作,还可以生成相应的提示信息,并显示在该屏幕解锁界面上,以指示操作手势与字符的对应关系,比如,可以提示用户:“0表示轻触,1表示点按,请按顺序输入手势”。In this embodiment, in order to facilitate the operation of the user, corresponding prompt information may also be generated and displayed on the screen unlocking interface to indicate the correspondence between the operation gesture and the character. For example, the user may be prompted: “0 indicates a tap, 1 means tap, please enter gestures in order.
当然,第一操作手势与各字符的对应关系除了上述实施例所描述的 情况之外,也可以有其他的方式,而且,第一操作手势除了可以转换成二进制字符串之外,也可以转换为其他格式的字符串,具体可根据实际应用的需求进行设置。Of course, the correspondence between the first operation gesture and each character is described in addition to the above embodiment. In addition to the situation, there may be other ways, and the first operation gesture can be converted into a string of other formats in addition to being converted into a binary string, which can be set according to the requirements of the actual application.
步骤305、终端确定该第一字符串与预置的验证信息是否匹配,若匹配,则执行步骤306,若不匹配,则拒绝该文件访问请求,比如返回验证不通过的提示信息,等等。Step 305: The terminal determines whether the first string matches the preset verification information. If yes, step 306 is performed. If there is no match, the file access request is rejected, for example, returning the prompt information that the verification fails, and the like.
在本实施例中,若在设置文件的加密密码的时候,直接将加密密码作为验证信息进行保存,则此时可以直接将第一字符串与验证信息进行比较,若一致,则表明解密密码正确,因此,可以确定身份验证通过,即确定该第一字符串与预置的验证信息匹配,若第一字符串与验证信息不一致,则表明解密密码错误,因此,可以确定身份验证不通过,即确定该第一字符串与预置的验证信息不匹配。In this embodiment, if the encrypted password is directly saved as the verification information when setting the encrypted password of the file, the first character string and the verification information may be directly compared at this time, and if they are consistent, the decryption password is correct. Therefore, it can be determined that the authentication is passed, that is, the first string is determined to match the preset verification information. If the first string is inconsistent with the verification information, the decryption password is incorrect. Therefore, it can be determined that the identity verification fails, that is, It is determined that the first string does not match the preset verification information.
比如,若采用“0110”作为加密密码,并保存“0110”作为验证信息,则若该第一字符串为“0110”,则表明该第一字符串与预置的验证信息匹配,若该第一字符串不是“0110”,则确定该第一字符串与预置的验证信息不匹配,等等。For example, if "0110" is used as the encryption password and "0110" is saved as the verification information, if the first character string is "0110", it indicates that the first character string matches the preset verification information, if the first If a string is not "0110", it is determined that the first string does not match the preset verification information, and so on.
在本实施例中,若在设置文件的加密密码的时候,为了加强信息的安全性,没有将加密密码直接作为验证信息进行保存,而是对该加密密码按照预置算法进行计算后,将计算结果作为验证信息进行了保存,则此时,在将第一字符串与验证信息进行比较之前,需要对该第一字符串也按照该预置算法进行计算,然后再将计算结果与该验证信息进行比较。若计算结果与该验证信息一致,则表明解密密码正确,确定该第一字符串与预置的验证信息匹配,否则,则表明解密密码错误,确定该第一字符串与预置的验证信息不匹配。In this embodiment, if the encrypted password of the file is set, in order to enhance the security of the information, the encrypted password is not directly saved as the verification information, but the encrypted password is calculated according to the preset algorithm, and then the calculation is performed. The result is saved as the verification information. At this time, before comparing the first character string with the verification information, the first character string needs to be calculated according to the preset algorithm, and then the calculation result and the verification information are further calculated. Compare. If the calculation result is consistent with the verification information, it indicates that the decryption password is correct, and the first character string is determined to match the preset verification information; otherwise, the decryption password is incorrect, and the first character string and the preset verification information are determined not to be determined. match.
比如,若采用“0110”作为加密密码,并在“0110”后面加一个“0” 之后,才将该计算结果保存为验证信息,即将“01100”作为验证信息,则若该第一字符串为“0110”,则同样也需要在该第一字符串后加一个“0”之后,才将该计算结果与验证信息进行比较。For example, if "0110" is used as the encryption password, and a "0" is added after "0110". After that, the calculation result is saved as verification information, that is, "01100" is used as the verification information. If the first character string is "0110", it is also necessary to add a "0" after the first character string. The calculation result is compared with the verification information.
在本实施例中,该预置算法可以根据实际应用的需求而定。In this embodiment, the preset algorithm may be determined according to the needs of the actual application.
步骤306、终端允许用户访问该文件,比如打开并浏览该文件,或复制该文件等等。Step 306: The terminal allows the user to access the file, such as opening and browsing the file, or copying the file, and the like.
在本实施例中,在对该终端设置文件的加密密码时,除了可以采用键盘或其他输入方式来设置文件的加密密码之外,同样也可以通过在触控板上的操作手势来进行设置,例如,可以采用如下的方式来设置文件的加密密码:In this embodiment, when the encrypted password of the file is set to the terminal, in addition to setting the encrypted password of the file by using a keyboard or other input manner, the setting may also be performed by an operation gesture on the touch panel. For example, you can set the encrypted password for a file in the following way:
接收用户触发的文件加密请求,根据该文件加密请求获取加密密码,比如,可以获取用户在触控板上的第二操作手势,根据该第二操作手势按照预设规则生成对应的第二字符串,将该第二字符串转换为锁屏密码,然后利用该加密密码对文件进行加密。Receiving a file encryption request triggered by the user, and acquiring an encrypted password according to the file encryption request, for example, acquiring a second operation gesture of the user on the touch panel, and generating a corresponding second string according to the preset rule according to the second operation gesture Converting the second string to a lock screen password, and then encrypting the file with the encrypted password.
其中,根据该第二操作手势按照预设规则生成对应的第二字符串的方式具体可参见上述图1b对应的实施例。For the specific manner of generating the corresponding second character string according to the preset rule according to the second operation gesture, refer to the corresponding embodiment of FIG. 1b.
由上可知,在本实施例中,终端在接收到文件访问请求时,可以根据该文件访问请求启动该鉴权界面,在该界面上的鉴权信息输入接口被激活时,获取用户在触控板上的第一操作手势,根据该第一操作手势按照预设规则生成对应的第一字符串,并在确定该第一字符串与预置的验证信息匹配时,允许用户对文件进行访问。由于该方案在获取鉴权信息时,无需通过键盘接收用户输入的字符,而是通过触控板获取用户的操作手势,因此,可以避免被键盘钩子盗取鉴权信息的可能性,提高信息安全性。而且,该方案无需配备额外的指纹或虹膜等采集模块,也无需进行复杂的处理,因此,大大简化了操作,提高了处理效率。 As shown in the above, in the embodiment, when receiving the file access request, the terminal may start the authentication interface according to the file access request, and obtain the user's touch when the authentication information input interface on the interface is activated. The first operation gesture on the board generates a corresponding first character string according to the preset rule according to the first operation gesture, and allows the user to access the file when determining that the first character string matches the preset verification information. Since the solution does not need to receive the characters input by the user through the keyboard, but obtains the operation gesture of the user through the touchpad, the possibility of stealing the authentication information by the keyboard hook and improving the information security can be avoided. Sex. Moreover, the solution does not need to be equipped with an additional fingerprint or iris acquisition module, and does not require complicated processing, thereby greatly simplifying the operation and improving the processing efficiency.
为了实施以上的身份验证方法,本发明实施例还提供一种身份验证装置。图4a是本发明实施例提供的身份验证装置的结构示意图。如图4a所示,该身份验证装置可以包括接收单元401、启动单元402、获取单元403、生成单元404和处理单元405。In order to implement the above identity verification method, an embodiment of the present invention further provides an identity verification apparatus. FIG. 4 is a schematic structural diagram of an identity verification apparatus according to an embodiment of the present invention. As shown in FIG. 4a, the identity verification apparatus may include a receiving unit 401, a starting unit 402, an obtaining unit 403, a generating unit 404, and a processing unit 405.
接收单元401,用于接收数据访问请求,该数据访问请求指示需要访问的数据。The receiving unit 401 is configured to receive a data access request, where the data access request indicates data that needs to be accessed.
在本发明实施例中,接收单元401可以接收用户触发的数据访问请求,或者,接收其他设备发送的数据访问请求,其中,该数据访问请求指示需要访问的数据,该数据可以包括具体的信息、文件和终端应用等,例如,该数据访问请求具体可以为屏幕解锁请求,应用访问请求或文件访问请求等。In the embodiment of the present invention, the receiving unit 401 may receive a data access request triggered by a user, or receive a data access request sent by another device, where the data access request indicates data that needs to be accessed, and the data may include specific information, The file and the terminal application, etc., for example, the data access request may specifically be a screen unlock request, an application access request or a file access request, and the like.
启动单元402,用于根据该数据访问请求启动该数据的鉴权界面,该鉴权界面包括鉴权信息输入接口。The activation unit 402 is configured to start an authentication interface of the data according to the data access request, where the authentication interface includes an authentication information input interface.
例如,以屏幕的解锁为例,启动单元402可以根据屏幕的解锁请求启动终端的屏幕解锁界面,其中,该屏幕解锁界面中还可以包括鉴权信息输入接口,比如密码输入框或输入区域等。For example, in the case of the unlocking of the screen, the activation unit 402 can start the screen unlocking interface of the terminal according to the unlocking request of the screen, wherein the screen unlocking interface can further include an authentication information input interface, such as a password input box or an input area.
获取单元403,用于在该鉴权信息输入接口被激活时,获取用户在触控板上的第一操作手势。The obtaining unit 403 is configured to acquire a first operation gesture of the user on the touch panel when the authentication information input interface is activated.
在本发明实施例中,激活该鉴权信息输入接口的方式可以有多种,例如,当确定用户选择,比如点击或滑动,该鉴权信息输入接口时,便可以确定该鉴权信息输入接口被激活;或者,当输入光标在该鉴权信息输入接口,比如密码输入框闪动时,便可以确定该鉴权信息输入接口被激活。In the embodiment of the present invention, the manner of activating the authentication information input interface may be various. For example, when determining a user selection, such as clicking or sliding, the authentication information input interface may determine the authentication information input interface. It is activated; or, when the input cursor is flashing at the authentication information input interface, such as the password input box, it can be determined that the authentication information input interface is activated.
生成单元404,用于根据该第一操作手势按照预设规则生成对应的第一字符串。 The generating unit 404 is configured to generate a corresponding first character string according to the preset rule according to the first operation gesture.
处理单元405,用于确定该第一字符串与预置的验证信息匹配时,允许访问该数据。The processing unit 405 is configured to allow access to the first character string when it matches the preset verification information.
其中,该第一字符串具体可以为二进制字符串、十进制字符串或十六进制字符串等。而该预设规则可以根据实际应用的需求进行设置,比如,可以设置轻触表示“1”,点按表示“0”,或者,设置轻触表示“0”,点按表示“1”,又或者,还可以是其他的操作手势与字符的对应关系,比如画圈表示“A”,等等。The first string may be a binary string, a decimal string, or a hexadecimal string. The preset rule can be set according to the requirements of the actual application. For example, the tap can be set to indicate “1”, the tap to indicate “0”, or the tap to indicate “0”, and the tap to indicate “1”, and Alternatively, it may be a correspondence between other operation gestures and characters, such as a circle indicating "A", and the like.
例如,如果以该第一字符串为二进制字符串为例,则生成单元404,具体可以用于确定该第一操作手势为轻触时,生成字符1;确定该第一操作手势为点按时,生成字符0;将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。For example, if the first character string is a binary string, the generating unit 404 may be specifically configured to: when the first operation gesture is a tap, generate a character 1; and when the first operation gesture is a click, Generates a character 0; the generated characters are arranged in the order of the first operation gesture to form a binary string.
又例如,如果仍然以该第一字符串为二进制字符串为例,则生成单元404,具体可以用于确定该第一操作手势为轻触时,生成字符0;确定该第一操作手势为点按时,生成字符1;将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。For example, if the first character string is still a binary string, the generating unit 404 may be specifically configured to: when the first operation gesture is a tap, generate a character 0; and determine that the first operation gesture is a point. On time, character 1 is generated; the generated characters are arranged in the order of the first operation gesture to form a binary string.
十进制字符串或十六进制字符串的实现与此类似,只需预先设置好操作手势与各字符之间的对应关系即可。The implementation of a decimal string or a hexadecimal string is similar, just set the correspondence between the operation gesture and each character in advance.
在本发明实施例中,为了便于用户操作,生成单元404还可以生成相应的提示信息,并显示在该鉴权界面上,以指示操作手势与字符的对应关系。In the embodiment of the present invention, the generating unit 404 may also generate corresponding prompt information, and display the corresponding prompt information on the authentication interface to indicate the correspondence between the operation gesture and the character.
在本发明实施例中,确定该第一字符串与预置的验证信息是否匹配的方式可以有多种,即处理单元405可以采用如下任意一种方式。In the embodiment of the present invention, the method for determining whether the first character string and the preset verification information match may be multiple, that is, the processing unit 405 may adopt any one of the following manners.
例如,该处理单元405,具体可以用于确定该第一字符串与预置的验证信息是否一致,若一致,则确定该第一字符串与预置的验证信息匹配,若不一致,则确定该第一字符串与预置的验证信息不匹配。 For example, the processing unit 405 may be specifically configured to determine whether the first character string is consistent with the preset verification information, and if yes, determine that the first character string matches the preset verification information, and if not, determine the The first string does not match the preset verification information.
又例如,处理单元405,具体可以用于按照预设算法对该第一字符串进行计算,得到计算结果,确定该计算结果与预置的验证信息一致,若一致,则确定该第一字符串与预置的验证信息匹配,若不一致,则确定该第一字符串与预置的验证信息不匹配。For example, the processing unit 405 is specifically configured to calculate the first character string according to a preset algorithm, obtain a calculation result, and determine that the calculation result is consistent with the preset verification information, and if yes, determine the first character string. Matching with the preset verification information. If they are inconsistent, it is determined that the first character string does not match the preset verification information.
在本发明实施例中,该预置算法可以根据实际应用的需求而定。In the embodiment of the present invention, the preset algorithm may be determined according to the requirements of the actual application.
在本发明实施例中,在确定该第一字符串与预置的验证信息不匹配时,则处理单元405还可以不进行任何操作,或者拒绝该数据访问请求,比如返回表示验证不通过的提示信息,等等。In the embodiment of the present invention, when it is determined that the first character string does not match the preset verification information, the processing unit 405 may further perform no operation or reject the data access request, for example, return a prompt indicating that the verification fails. Information, and so on.
此外,在对数据进行加密时,可以直接通过键盘或其他输入方式输入加密密码,也可以通过在触控板上的操作手势来进行加密。例如,如图4b所示,该身份验证装置还可以包括加密单元406。In addition, when encrypting data, you can enter the encrypted password directly through the keyboard or other input methods, or you can encrypt it by operating gestures on the touchpad. For example, as shown in FIG. 4b, the identity verification device may further include an encryption unit 406.
接收单元401,还可以用于接收数据加密请求,该数据加密请求指示需要进行加密的数据。The receiving unit 401 is further configured to receive a data encryption request, where the data encryption request indicates data that needs to be encrypted.
在本发明实施例中,该数据加密请求具体可以为锁屏密码设置请求、文件加密请求或应用加密请求,等等。In the embodiment of the present invention, the data encryption request may specifically be a lock screen password setting request, a file encryption request, or an application encryption request, and the like.
加密单元406,可以用于根据该数据加密请求获取加密密码,利用该加密密码对该数据进行加密,并将该加密密码转换为验证信息进行保存。The encryption unit 406 can be configured to obtain an encrypted password according to the data encryption request, encrypt the data by using the encrypted password, and convert the encrypted password into verification information for storage.
在本发明实施例中,该加密单元406,具体可以用于根据该数据加密请求获取用户在触控板上的第二操作手势,根据该第二操作手势按照预设规则生成对应的第二字符串,将该第二字符串转换为加密密码。In the embodiment of the present invention, the encryption unit 406 may be configured to acquire a second operation gesture of the user on the touch panel according to the data encryption request, and generate a corresponding second character according to the preset rule according to the second operation gesture. String, which converts the second string into an encrypted password.
在本发明实施例中,该第二字符串具体可以为二进制字符串、十进制字符串或十六进制字符串等。而该预设规则可以根据实际应用的需求进行设置,比如,可以设置轻触表示“1”,点按表示“0”,或者,设置轻触表示“0”,点按表示“1”,又或者,还可以是其他的操作手势与字 符的对应关系,比如画圈表示“A”,等等。In the embodiment of the present invention, the second string may be a binary string, a decimal string, or a hexadecimal string. The preset rule can be set according to the requirements of the actual application. For example, the tap can be set to indicate “1”, the tap to indicate “0”, or the tap to indicate “0”, and the tap to indicate “1”, and Or, it can be other gestures and words Correspondence of characters, such as circle means "A", and so on.
例如,如果以该第二字符串为二进制字符串为例,则该加密单元406,具体可以用于确定该第二操作手势为轻触时,生成字符1;确定该第二操作手势为点按时,生成字符0;将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。For example, if the second character string is a binary string, the encryption unit 406 may be specifically configured to: when the second operation gesture is a tap, generate a character 1; and determine that the second operation gesture is a tap. , generating a character 0; arranging the generated characters in the order of the first operation gesture to form a binary string.
又例如,如果仍然以该第二字符串为二进制字符串为例,则该加密单元406,具体可以用于确定该第二操作手势为轻触时,生成字符0;确定该第二操作手势为点按时,生成字符1;将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。For example, if the second character string is still taken as an example, the encryption unit 406 may be specifically configured to: when the second operation gesture is a tap, generate a character 0; and determine that the second operation gesture is When clicked, the character 1 is generated; the generated characters are arranged in the order of the first operation gesture to form a binary string.
十进制字符串或十六进制字符串的实现与此类似,只需预先设置好操作手势与各字符之间的对应关系即可。The implementation of a decimal string or a hexadecimal string is similar, just set the correspondence between the operation gesture and each character in advance.
在本发明实施例中,加密单元406在将第二字符串转换为加密密码时,可以直接将该第二字符串作为密码,也可以对该第二字符串按照一定的规则进行转换,将转换后的第二字符串作为密码。但是,需说明的而是,若对第二字符串进行了转换,将转换后的第二字符串作为密码,则在后续进行身份验证时,也需要对第二字符串进行同样的转换后,才可作为解密密码。In the embodiment of the present invention, when the second string is converted into an encrypted password, the encryption unit 406 may directly use the second string as a password, or may convert the second string according to a certain rule, and convert the second string. After the second string as a password. However, it should be noted that if the second character string is converted and the converted second character string is used as the password, the subsequent conversion of the second character string is also required after the subsequent identity verification. Can be used as a decryption password.
在本发明实施例中,该身份验证装置具体可以集成在终端或其他需要进行身份验证的设备中,比如,该身份验证装置具体可以集成在平板电脑或笔记本电脑中,等等。这些终端或设备需具有触控板,该触控板可以是该终端或设备本身具有的,也可以是外置的设备。In the embodiment of the present invention, the identity verification device may be specifically integrated in a terminal or other device that needs to perform identity verification. For example, the identity verification device may be specifically integrated in a tablet or a laptop, and the like. These terminals or devices need to have a touch panel, which may be the terminal or the device itself or an external device.
具体实施时,以上各个单元可以作为独立的实体来实现,也可以进行任意组合,作为同一或若干个实体来实现,以上各个单元的具体实施可参见前面的方法实施例。In the specific implementation, each of the above units may be implemented as a separate entity, or may be implemented in any combination, as the same or several entities. For the specific implementation of the above various units, refer to the foregoing method embodiments.
由上可知,由于本发明实施例提供的方案在获取鉴权信息时,无需 通过键盘接收用户输入的字符,而是通过触控板获取用户的操作手势,因此,可以避免被键盘钩子盗取鉴权信息的可能性,提高信息安全性。而且,该方案无需配备额外的指纹或虹膜等采集模块,也无需进行复杂的处理,因此,大大简化了操作,提高了处理效率。It can be seen from the above that the solution provided by the embodiment of the present invention does not need to obtain the authentication information. The user inputs the characters through the keyboard, and the user's operation gesture is acquired through the touchpad. Therefore, the possibility of the keyboard hook stealing the authentication information can be avoided, and the information security is improved. Moreover, the solution does not need to be equipped with an additional fingerprint or iris acquisition module, and does not require complicated processing, thereby greatly simplifying the operation and improving the processing efficiency.
图5a是本发明实施例提供的身份验证装置的硬件结构示意图。如图5a所示,所述装置可包括:FIG. 5 is a schematic structural diagram of hardware of an identity verification apparatus according to an embodiment of the present invention. As shown in Figure 5a, the apparatus can include:
处理器501(例如,CPU)和非易失性存储器502。A processor 501 (eg, a CPU) and a non-volatile memory 502.
所述非易失性存储器502,用于存储机器可读指令,包括可以由处理器501执行的接收指令、启动指令、获取指令、生成指令和处理指令。The non-volatile memory 502 is configured to store machine readable instructions, including receive instructions, start instructions, get instructions, generate instructions, and processing instructions that are executable by the processor 501.
所述处理器501,用于读取和执行所述非易失性存储器502中存储的接收指令、启动指令、获取指令、生成指令和处理指令,以实现图4a所示的身份验证装置中各模块的功能。The processor 501 is configured to read and execute a receiving instruction, a starting instruction, an obtaining instruction, a generating instruction, and a processing instruction stored in the non-volatile memory 502, to implement each of the identity verification devices shown in FIG. 4a. The function of the module.
图5b是本发明实施例提供的身份验证装置的另一硬件结构示意图。如图5b所示,所述装置可包括:FIG. 5b is a schematic diagram of another hardware structure of an identity verification apparatus according to an embodiment of the present invention. As shown in Figure 5b, the apparatus can include:
处理器501(例如,CPU)和非易失性存储器502。A processor 501 (eg, a CPU) and a non-volatile memory 502.
所述非易失性存储器502,用于存储机器可读指令,所述机器可读指令除了包括图5a所示的、可以由处理器501执行的接收指令、启动指令、获取指令、生成指令和处理指令外,还包括可以由处理器501执行的加密指令。The non-volatile memory 502 is configured to store machine readable instructions, including the received instructions, the start instructions, the get instructions, the generated instructions, and the instructions executable by the processor 501, as shown in FIG. 5a. In addition to the processing instructions, encrypted instructions that can be executed by the processor 501 are also included.
所述处理器501,用于读取和执行所述非易失性存储器502中存储的接收指令、启动指令、获取指令、生成指令、处理指令和加密指令,以实现图4b所示的身份验证装置中各模块的功能。The processor 501 is configured to read and execute the receiving instruction, the starting instruction, the obtaining instruction, the generating instruction, the processing instruction, and the encryption instruction stored in the non-volatile memory 502 to implement the identity verification shown in FIG. 4b. The function of each module in the device.
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一 计算机可读存储介质中,存储介质可以包括:只读存储器(ROM,Read Only Memory)、随机存取记忆体(RAM,Random Access Memory)、磁盘或光盘等。A person of ordinary skill in the art can understand that all or part of the steps of the foregoing embodiments can be completed by a program to instruct related hardware, and the program can be stored in a In the computer readable storage medium, the storage medium may include a read only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like.
以上对本发明实施例所提供的一种身份验证方法和装置进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。 The foregoing describes an identity verification method and apparatus provided by the embodiments of the present invention. The principles and implementation manners of the present invention are described in detail herein. The description of the foregoing embodiments is only for helping to understand the present invention. The method and its core idea; at the same time, those skilled in the art, according to the idea of the present invention, there will be changes in the specific embodiments and application scope. In summary, the content of this specification should not be construed as Limitations of the invention.

Claims (19)

  1. 一种身份验证方法,其特征在于,包括:An authentication method, comprising:
    接收数据访问请求,所述数据访问请求指示需要访问的数据;Receiving a data access request, the data access request indicating data that needs to be accessed;
    根据所述数据访问请求启动所述数据的鉴权界面,所述鉴权界面包括鉴权信息输入接口;And starting an authentication interface of the data according to the data access request, where the authentication interface includes an authentication information input interface;
    在所述鉴权信息输入接口被激活时,获取用户在触控板上的第一操作手势;Acquiring a first operation gesture of the user on the touch panel when the authentication information input interface is activated;
    根据所述第一操作手势按照预设规则生成对应的第一字符串;Generating a corresponding first character string according to the preset rule according to the first operation gesture;
    确定所述第一字符串与预置的验证信息匹配时,允许访问所述数据。When it is determined that the first character string matches the preset verification information, the data is allowed to be accessed.
  2. 根据权利要求1所述的方法,其特征在于,所述第一字符串为二进制字符串,则所述根据所述第一操作手势按照预设规则生成对应的第一字符串,包括:The method according to claim 1, wherein the first character string is a binary character string, and the generating the corresponding first character string according to the preset rule according to the first operation gesture comprises:
    确定所述第一操作手势为轻触时,生成字符1;Determining that the first operation gesture is a tap, generating a character 1;
    确定所述第一操作手势为点按时,生成字符0;Determining that the first operation gesture is a click, generating a character 0;
    将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。The generated characters are arranged in the order of the first operation gesture to form a binary string.
  3. 根据权利要求1所述的方法,其特征在于,所述第一字符串为二进制字符串,则所述根据所述第一操作手势按照预设规则生成对应的第一字符串,包括:The method according to claim 1, wherein the first character string is a binary character string, and the generating the corresponding first character string according to the preset rule according to the first operation gesture comprises:
    确定所述第一操作手势为轻触时,生成字符0;Determining that the first operation gesture is a tap, generating a character 0;
    确定所述第一操作手势为点按时,生成字符1;Determining that the first operation gesture is a tap, generating a character 1;
    将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。The generated characters are arranged in the order of the first operation gesture to form a binary string.
  4. 根据权利要求1所述的方法,其特征在于,还包括: The method of claim 1 further comprising:
    确定所述第一字符串与预置的验证信息不匹配时,拒绝所述数据访问请求。When it is determined that the first character string does not match the preset verification information, the data access request is rejected.
  5. 根据权利要求1至4任一项所述的方法,其特征在于,所述确定所述第一字符串与预置的验证信息是否匹配,包括:The method according to any one of claims 1 to 4, wherein the determining whether the first character string matches the preset verification information comprises:
    确定所述第一字符串与预置的验证信息是否一致;Determining whether the first character string is consistent with preset verification information;
    若一致,则确定所述第一字符串与预置的验证信息匹配;If they are consistent, determining that the first character string matches the preset verification information;
    若不一致,则确定所述第一字符串与预置的验证信息不匹配。If not, it is determined that the first character string does not match the preset verification information.
  6. 根据权利要求1至4任一项所述的方法,其特征在于,所述确定所述第一字符串与预置的验证信息是否匹配,包括:The method according to any one of claims 1 to 4, wherein the determining whether the first character string matches the preset verification information comprises:
    按照预设算法对所述第一字符串进行计算,得到计算结果;Calculating the first character string according to a preset algorithm to obtain a calculation result;
    确定所述计算结果与预置的验证信息是否一致;Determining whether the calculation result is consistent with the preset verification information;
    若一致,则确定所述第一字符串与预置的验证信息匹配;If they are consistent, determining that the first character string matches the preset verification information;
    若不一致,则确定所述第一字符串与预置的验证信息不匹配。If not, it is determined that the first character string does not match the preset verification information.
  7. 根据权利要求1至4任一项所述的方法,其特征在于,所述接收数据访问请求之前,还包括:The method according to any one of claims 1 to 4, further comprising: before receiving the data access request,
    接收数据加密请求,所述数据加密请求指示需要进行加密的数据;Receiving a data encryption request, the data encryption request indicating data that needs to be encrypted;
    根据所述数据加密请求获取加密密码;Obtaining an encrypted password according to the data encryption request;
    利用所述加密密码对所述数据进行加密,并将所述加密密码转换为验证信息进行保存。The data is encrypted using the encrypted password, and the encrypted password is converted into verification information for storage.
  8. 根据权利要求7所述的方法,其特征在于,所述根据所述数据加密请求获取加密密码,包括:The method according to claim 7, wherein the obtaining the encrypted password according to the data encryption request comprises:
    根据所述数据加密请求获取用户在触控板上的第二操作手势;Obtaining a second operation gesture of the user on the touch panel according to the data encryption request;
    根据所述第二操作手势按照预设规则生成对应的第二字符串;Generating a corresponding second character string according to the preset rule according to the second operation gesture;
    将所述第二字符串转换为加密密码。Converting the second string to an encrypted password.
  9. 根据权利要求8所述的方法,其特征在于,所述第二字符串为二 进制字符串,则所述根据所述第二操作手势按照预设规则生成对应的第二字符串,包括:The method of claim 8 wherein said second string is two And generating a corresponding second character string according to the preset rule according to the second operation gesture, including:
    确定所述第二操作手势为轻触时,生成字符1;Determining that the second operation gesture is a tap, generating a character 1;
    确定所述第二操作手势为点按时,生成字符0;Determining that the second operation gesture is a tap, generating a character 0;
    将生成的字符按照第二操作手势的顺序进行排列,组成二进制字符串。The generated characters are arranged in the order of the second operation gesture to form a binary string.
  10. 根据权利要求8所述的方法,其特征在于,所述第二字符串为二进制字符串,则所述根据所述第二操作手势按照预设规则生成对应的第二字符串,包括:The method according to claim 8, wherein the second character string is a binary character string, and the generating the corresponding second character string according to the preset rule according to the second operation gesture comprises:
    确定所述第二操作手势为轻触时,生成字符0;Determining that the second operation gesture is a tap, generating a character 0;
    确定所述第二操作手势为点按时,生成字符1;Determining that the second operation gesture is a tap, generating a character 1;
    将生成的字符按照第二操作手势的顺序进行排列,组成二进制字符串。The generated characters are arranged in the order of the second operation gesture to form a binary string.
  11. 一种身份验证装置,其特征在于,包括:An identity verification device, comprising:
    接收单元,用于接收数据访问请求,所述数据访问请求指示需要访问的数据;a receiving unit, configured to receive a data access request, where the data access request indicates data that needs to be accessed;
    启动单元,用于根据所述数据访问请求启动所述数据的鉴权界面,所述鉴权界面包括鉴权信息输入接口;Activating unit, configured to start an authentication interface of the data according to the data access request, where the authentication interface includes an authentication information input interface;
    获取单元,用于在所述鉴权信息输入接口被激活时,获取用户在触控板上的第一操作手势;An acquiring unit, configured to acquire a first operation gesture of the user on the touch panel when the authentication information input interface is activated;
    生成单元,用于根据所述第一操作手势按照预设规则生成对应的第一字符串;a generating unit, configured to generate a corresponding first character string according to the preset rule according to the first operation gesture;
    处理单元,用于确定所述第一字符串与预置的验证信息匹配时,允许访问所述数据。The processing unit is configured to allow access to the data when the first string is matched with the preset verification information.
  12. 根据权利要求11所述的装置,其特征在于,所述第一字符串为 二进制字符串,则:The apparatus according to claim 11, wherein said first character string is Binary string, then:
    所述生成单元,具体用于确定所述第一操作手势为轻触时,生成字符1;确定所述第一操作手势为点按时,生成字符0;将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。The generating unit is specifically configured to: when the first operation gesture is a tap, generate a character 1; when the first operation gesture is determined to be a tap, generate a character 0; and the generated character is in the order of the first operation gesture Arrange to form a binary string.
  13. 根据权利要求11所述的装置,其特征在于,所述第一字符串为二进制字符串,则:The apparatus according to claim 11, wherein said first character string is a binary string, then:
    所述生成单元,具体用于确定所述第一操作手势为轻触时,生成字符0;确定所述第一操作手势为点按时,生成字符1;将生成的字符按照第一操作手势的顺序进行排列,组成二进制字符串。The generating unit is specifically configured to: when the first operation gesture is a tap, generate a character 0; when the first operation gesture is determined to be a tap, generate a character 1; and the generated character is in the order of the first operation gesture Arrange to form a binary string.
  14. 根据权利要求11至13任一项所述的装置,其特征在于,Apparatus according to any one of claims 11 to 13, wherein
    所述处理单元,具体用于在确定所述第一字符串与预置的验证信息一致时,允许访问所述数据。The processing unit is specifically configured to allow access to the data when determining that the first character string is consistent with preset verification information.
  15. 根据权利要求11至13任一项所述的装置,其特征在于,Apparatus according to any one of claims 11 to 13, wherein
    所述处理单元,具体用于按照预设算法对所述第一字符串进行计算,得到计算结果,确定所述计算结果与预置的验证信息一致时,允许访问所述数据。The processing unit is configured to calculate the first character string according to a preset algorithm, obtain a calculation result, and determine that the calculation result is consistent with the preset verification information, and allows access to the data.
  16. 根据权利要求11至13任一项所述的装置,其特征在于,还包括加密单元;The apparatus according to any one of claims 11 to 13, further comprising an encryption unit;
    所述接收单元,还用于接收数据加密请求,所述数据加密请求指示需要进行加密的数据;The receiving unit is further configured to receive a data encryption request, where the data encryption request indicates data that needs to be encrypted;
    所述加密单元,用于根据所述数据加密请求获取加密密码,利用所述加密密码对所述数据进行加密,并将所述加密密码转换为验证信息进行保存。The encryption unit is configured to acquire an encrypted password according to the data encryption request, encrypt the data by using the encrypted password, and convert the encrypted password into verification information for saving.
  17. 根据权利要求16所述的装置,其特征在于,The device of claim 16 wherein:
    所述加密单元,具体用于根据所述数据加密请求获取用户在触控板 上的第二操作手势,根据所述第二操作手势按照预设规则生成对应的第二字符串,将所述第二字符串转换为加密密码。The encryption unit is specifically configured to acquire a user on the touchpad according to the data encryption request And generating, by the second operation gesture, a corresponding second character string according to the preset operation rule, and converting the second character string into an encrypted password.
  18. 根据权利要求17所述的装置,其特征在于,所述第二字符串为二进制字符串,则:The apparatus according to claim 17, wherein said second character string is a binary string, then:
    所述加密单元,具体用于确定所述第二操作手势为轻触时,生成字符1;确定所述第二操作手势为点按时,生成字符0;将生成的字符按照第二操作手势的顺序进行排列,组成二进制字符串。The encryption unit is specifically configured to: when the second operation gesture is a tap, generate a character 1; when the second operation gesture is determined to be a tap, generate a character 0; and the generated character is in the order of the second operation gesture Arrange to form a binary string.
  19. 根据权利要求17所述的装置,其特征在于,所述第二字符串为二进制字符串,则:The apparatus according to claim 17, wherein said second character string is a binary string, then:
    所述加密单元,具体用于确定所述第二操作手势为轻触时,生成字符0;确定所述第二操作手势为点按时,生成字符1;将生成的字符按照第二操作手势的顺序进行排列,组成二进制字符串。 The encryption unit is specifically configured to: when the second operation gesture is a tap, generate a character 0; when the second operation gesture is determined to be a tap, generate a character 1; and the generated character is in the order of the second operation gesture Arrange to form a binary string.
PCT/CN2016/102368 2015-10-26 2016-10-18 Identity authentication method and device WO2017071498A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/817,014 US10657244B2 (en) 2015-10-26 2017-11-17 Identity authentication method and apparatus

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510703477.0A CN106611110A (en) 2015-10-26 2015-10-26 Identity verification method and system
CN201510703477.0 2015-10-26

Related Child Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/083305 Continuation-In-Part WO2017084288A1 (en) 2015-10-26 2016-05-25 Method and device for verifying identity

Publications (1)

Publication Number Publication Date
WO2017071498A1 true WO2017071498A1 (en) 2017-05-04

Family

ID=58612916

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/102368 WO2017071498A1 (en) 2015-10-26 2016-10-18 Identity authentication method and device

Country Status (2)

Country Link
CN (1) CN106611110A (en)
WO (1) WO2017071498A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110673491A (en) * 2019-09-02 2020-01-10 北京安博智信教育科技有限公司 Office area equipment automatic management method, office area equipment automatic management device, office area equipment automatic management medium and electronic equipment
US11630884B2 (en) 2017-09-18 2023-04-18 Siemens Aktiengesellschaft Method for managing access to a device, and access system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108229139A (en) * 2018-01-24 2018-06-29 维沃移动通信有限公司 A kind of cipher-code input method and mobile terminal
CN109753786A (en) * 2018-12-29 2019-05-14 维沃移动通信有限公司 A kind of unlocking method and mobile terminal

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101848276A (en) * 2010-04-16 2010-09-29 中山大学 Method and system for locking and unlocking mobile phone screens
CN102455842A (en) * 2010-10-21 2012-05-16 北京创新方舟科技有限公司 Method and equipment for unlocking screen according to clicking operation of user
US20130314336A1 (en) * 2012-05-23 2013-11-28 Wistron Corporation Methods of rhythm touch unlock and related electronic device
CN104281389A (en) * 2014-10-24 2015-01-14 广州三星通信技术研究有限公司 Screen unlocking method and device
CN104598786A (en) * 2015-01-20 2015-05-06 广东欧珀移动通信有限公司 Password inputting method and device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9223952B2 (en) * 2012-09-28 2015-12-29 Intel Corporation Allowing varied device access based on different levels of unlocking mechanisms
CN103235903B (en) * 2013-04-12 2015-12-23 广东欧珀移动通信有限公司 A kind of mobile terminal concealing program disposal route and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101848276A (en) * 2010-04-16 2010-09-29 中山大学 Method and system for locking and unlocking mobile phone screens
CN102455842A (en) * 2010-10-21 2012-05-16 北京创新方舟科技有限公司 Method and equipment for unlocking screen according to clicking operation of user
US20130314336A1 (en) * 2012-05-23 2013-11-28 Wistron Corporation Methods of rhythm touch unlock and related electronic device
CN104281389A (en) * 2014-10-24 2015-01-14 广州三星通信技术研究有限公司 Screen unlocking method and device
CN104598786A (en) * 2015-01-20 2015-05-06 广东欧珀移动通信有限公司 Password inputting method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11630884B2 (en) 2017-09-18 2023-04-18 Siemens Aktiengesellschaft Method for managing access to a device, and access system
CN110673491A (en) * 2019-09-02 2020-01-10 北京安博智信教育科技有限公司 Office area equipment automatic management method, office area equipment automatic management device, office area equipment automatic management medium and electronic equipment
CN110673491B (en) * 2019-09-02 2022-07-05 北京安博智信教育科技有限公司 Office area equipment automatic management method, office area equipment automatic management device, office area equipment automatic management medium and electronic equipment

Also Published As

Publication number Publication date
CN106611110A (en) 2017-05-03

Similar Documents

Publication Publication Date Title
US11093626B2 (en) Security systems and methods for continuous authorized access to restricted access locations
US10182040B2 (en) Systems and methods for single device authentication
US9985993B2 (en) Query system and method to determine authentication capabilities
EP2939166B1 (en) Query system and method to determine authentication capabilities
TWI770422B (en) Method and system for operating IoT devices
WO2016110101A1 (en) Fingerprint authentication method and device, intelligent terminal, and computer storage medium
WO2017020427A1 (en) Application program access method and terminal
WO2015188424A1 (en) Key storage device and method for using same
US20230267193A1 (en) Verification application, method, electronic device and computer program
KR20160097323A (en) Near field communication authentication mechanism
WO2017054304A1 (en) Method and apparatus for storing fingerprint template information, and performing authentication by adopting fingerprint information
WO2017071498A1 (en) Identity authentication method and device
US11449586B2 (en) Authenticated intention
US10474804B2 (en) Login mechanism for operating system
US10437971B2 (en) Secure authentication of a user of a device during a session with a connected server
KR101052294B1 (en) Apparatus and method for contents security
CN106156549B (en) application program authorization processing method and device
WO2017185683A1 (en) Authentication method and authentication system based on biological identification information, and electronic device
WO2016165537A1 (en) Method for controlling intelligent terminal and apparatus for controlling intelligent terminal
KR102633314B1 (en) method and apparatus for processing authentication information and user terminal including the same
US10460094B2 (en) Method, apparatus, and storage medium for data processing
US11500976B2 (en) Challenge-response method for biometric authentication
US9405891B1 (en) User authentication
KR20230124434A (en) User authenticiation method of electronic device and electronic device performing the same

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16858933

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20/09/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16858933

Country of ref document: EP

Kind code of ref document: A1