WO2017190577A1 - 一种认证、用于认证的信息生成方法及装置 - Google Patents

一种认证、用于认证的信息生成方法及装置 Download PDF

Info

Publication number
WO2017190577A1
WO2017190577A1 PCT/CN2017/079862 CN2017079862W WO2017190577A1 WO 2017190577 A1 WO2017190577 A1 WO 2017190577A1 CN 2017079862 W CN2017079862 W CN 2017079862W WO 2017190577 A1 WO2017190577 A1 WO 2017190577A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
picture
feature
information
interaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/079862
Other languages
English (en)
French (fr)
Chinese (zh)
Inventor
孙小凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to MYPI2018001825A priority Critical patent/MY192160A/en
Priority to KR1020187032616A priority patent/KR20190005870A/ko
Priority to JP2018558116A priority patent/JP7046006B2/ja
Priority to SG11201808945UA priority patent/SG11201808945UA/en
Priority to EP17792404.0A priority patent/EP3454244B1/en
Publication of WO2017190577A1 publication Critical patent/WO2017190577A1/zh
Priority to US16/176,766 priority patent/US11416598B2/en
Priority to PH12018502324A priority patent/PH12018502324A1/en
Anticipated expiration legal-status Critical
Priority to US16/721,663 priority patent/US11392680B2/en
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0487Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser
    • G06F3/0488Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures
    • G06F3/04883Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures for inputting data by handwriting, e.g. gesture or text
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/68Gesture-dependent or behaviour-dependent
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T1/00General purpose image data processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present application relates to the field of information security technologies, and in particular, to an authentication, information generation method and apparatus for authentication.
  • the first user may preset standard information (such as a password, etc.) for authentication. After setting the standard information, the terminal may perform any on the terminal according to the standard information.
  • the user performing the specific operation (referred to as: the second user) performs authentication. If the second user can correctly input the standard information, the terminal can authenticate the second user as the first user. Otherwise, the terminal can determine that the second user is not the first user. A user, but an attacker who wants to impersonate the first user, can then refuse the second user to perform the specific operation, thereby improving the information security of the first user at the terminal.
  • the specific operation may be: a screen unlocking operation, a login operation, a personal information modification operation, a payment operation, and the like.
  • the standard information may be a gesture password, in which case the authentication may be based on the gesture password.
  • the gesture password input interface provided by the operating system or application on the terminal, and the nine key node areas are distributed according to the form of the nine-square grid, as shown in the gesture password input interface in FIG.
  • the first user can set the gesture password by setting a two-dimensional trajectory connecting at least two key node areas.
  • the second user needs to pass the In the gesture password input interface, the key node area is connected to reproduce the gesture corresponding to the gesture password to pass the authentication.
  • the gesture and password input interface adopted in the prior art is single, and the attacker is generally familiar with the gesture password input interface, which will reduce the attacker's peek and memory first.
  • the embodiment of the present invention provides an authentication method and device, which are used to solve the problem that the gesture password input interface used in the prior art is single, resulting in low authentication reliability.
  • the embodiment of the present application provides a method and an apparatus for generating information for authentication.
  • a display module displaying a picture pre-designated by the first user
  • a detecting module detecting an interaction operation of the second user with respect to the picture
  • a generating module configured to generate interaction operation information of the second user according to the detected interaction operation of the second user
  • the authentication module is configured to match whether the second user is the first user by matching the interaction information of the second user with the standard information, where the standard information is according to the first user for the picture. Generated by interaction.
  • Obtaining a module acquiring a picture specified by the first user
  • a detecting module detecting an interaction operation of the first user with the one or more feature regions
  • a generating module configured to generate, according to the detected interaction operation of the first user, standard information for authenticating whether the second user is the first user.
  • the first user-specified picture can be used as the first user-defined gesture password input interface
  • the interaction operation can include a gesture, thereby achieving
  • the diversification of the gesture password input interface because the location of the feature area of the gesture password input interface corresponding to different pictures is generally different, the location of the feature area of the gesture password input interface corresponding to the picture specified by the first user and the gesture password in the prior art
  • the location of the feature area of the input interface is generally different. Therefore, the attacker may not be familiar with the gesture password input interface corresponding to the picture, which may increase the difficulty for the attacker to peek and memorize the gesture password input by the first user, and/or increase the attacker.
  • the difficulty of cracking the gesture password set by the first user is solved in an exhaustive manner, thereby improving the reliability of the authentication. Therefore, the present application can solve the problems in the prior art in part or in whole.
  • FIG. 1 is a schematic diagram of a gesture password input interface in the prior art
  • FIG. 2 is a schematic flowchart of an authentication method provided by an embodiment of the present application.
  • FIG. 3 is a schematic flowchart of generating standard information in FIG. 2 according to an embodiment of the present disclosure
  • FIG. 4 is two examples of a specific picture provided by an embodiment of the present application.
  • FIG. 5 is a schematic diagram of a feature area determined and marked in a specific picture according to an embodiment of the present application.
  • FIG. 6 is a schematic diagram of a specific picture of the case where the feature area is marked or not according to an embodiment of the present application
  • FIG. 7 is a schematic flowchart of a method for generating information for authentication according to an embodiment of the present application.
  • FIG. 8 is a schematic flowchart of a process for generating standard information in an actual application scenario according to an embodiment of the present disclosure
  • FIG. 9 is a schematic diagram of another standard information input interface used in the prior art.
  • FIG. 10 is a schematic structural diagram of an authentication apparatus according to an embodiment of the present application.
  • FIG. 11 is a schematic structural diagram of an information generating apparatus for authentication according to an embodiment of the present application.
  • the solution of the present application can be used for authentication, for example, for authenticating a second user when a second user (ie, a user to be authenticated) performs a specific operation.
  • the specific operation may be: a screen unlocking operation, a login operation, a personal information modification operation, a payment operation, and the like.
  • the solution of the present application can partially or completely solve the problems in the prior art, and the following describes the solution of the present application. Bright.
  • FIG. 2 is a schematic flowchart of an authentication method according to an embodiment of the present disclosure, where an execution subject of the process may be an authentication related device.
  • the device includes, but is not limited to, a mobile phone, a tablet computer, a smart watch, a car mobile station, a personal computer, etc., a large and medium-sized computer, a computer cluster, and the like.
  • the executive body does not constitute a limitation on the present application.
  • the process in Figure 2 can include the following steps:
  • S201 Display a picture specified by the first user in advance.
  • the “picture specified in advance by the first user” in step S201 may be referred to as a specific picture.
  • the standard information for the authentication may be generated based on the operation of the first user in advance. Further, the flow in FIG. 2 is based on the standard information, and the second User authenticated.
  • the second user may be the first user; the second user may also be other users than the first user, for example, an attacker who wants to impersonate the first user. Through the flow in FIG. 2, it can be authenticated whether the second user is the first user.
  • the standard information may be generated based on the specific picture, and the specific picture is specified by the first user.
  • the first user may designate a certain image pre-saved locally or in the cloud as a specific image, or may newly acquire a certain image by a specific route as a specific image, for example, for an execution subject having a camera, A photo is specified as a specific image, and so on.
  • step S102 the interaction operation of the second user with any area on the picture may be detected, or only the interaction operation of the second user with one or more feature areas on the picture may be detected.
  • S203 Generate interaction operation information of the second user according to the detected interaction operation of the second user.
  • the interaction operation may be one or more of operations such as clicking, sliding, pressing, etc.
  • the interaction operation information may reflect the corresponding interaction operation content.
  • the enumerated operations are only examples of interaction operations, and the interaction operations may be other operations than these operations.
  • operations such as clicking, sliding, pressing, and the like may be further subdivided to describe the interactive operation content with more specific features (the interaction content is more specific), for example, according to the click strength, Clicking on the contact time, clicks, click frequency and other features to further subdivide the click operation, the sliding operation can be further subdivided according to the characteristics of the sliding track, the sliding contact time, the sliding contact force, the sliding distance, etc., according to the pressing time and pressing Features such as velocity are further subdivided by the pressing operation.
  • the specific degree of the interactive operation content is not limited in this application. Generally, when the specific content of the interactive operation content is higher, the corresponding interactive operation information may be more detailed, and the authentication based on the interaction operation information is strict. The degree can also be higher, and the specific degree of the interactive operation content can be defined in advance according to actual needs.
  • the interaction is a click operation.
  • the specific degree of the definition is low, only the number of clicks may be detected, and the click strength, the click contact time, and the like may be detected; when the specific degree of the definition is high, the click count and the click strength may be detected. , click contact time, etc.
  • the interaction is a sliding operation.
  • the specific degree of the definition is low, only the sliding track can be detected, and the sliding contact time, the sliding contact force, and the like can be detected; when the specific degree of the definition is high, both the sliding track and the sliding can be detected. Contact time, sliding contact strength, etc.
  • S204 Authenticate whether the second user is the first user by matching the interaction information of the second user with the standard information, where the standard information is based on the interaction of the first user with the picture. The operation is generated.
  • the picture on which the standard standard information is generated may be generated (that is, the The specific picture is displayed (corresponding to step S201), and the second user needs to reproduce the interactive operation corresponding to the standard information for the displayed specific picture, so that the authentication can be passed (corresponding to steps S202 to S204).
  • the interaction operation corresponding to the standard information is: an interaction operation of the first user for the picture based on the generated standard information.
  • a specific picture may be used as the first user-defined gesture password input interface.
  • the interaction operation of the first user for one or more feature areas on a specific picture may be regarded as a gesture, and the set standard information. It can be regarded as a gesture password.
  • a specific picture is displayed, and the second user needs to perform an interaction operation for one or more feature areas on the specific picture to reproduce the gesture of the first user before passing the authentication.
  • the interaction information of the second user may reflect the interaction content of the second user for the specific picture
  • the standard information may reflect the interaction content of the first user for the specific picture. Therefore, by matching the interaction information of the second user with the standard information, it can be determined or estimated whether the second user reproduces the operation of the first user, and thus can be used as the authentication basis to authenticate whether the second user is the first user.
  • the specific detection manner used for detecting the interaction operation of the second user is generally the same as or similar to the specific detection method used to detect the interaction operation of the first user when generating standard information (otherwise, it may be inconvenient to The interaction information of the second user is matched with the standard information, because the interoperability information of the second user may be inferior to the standard information at this time, so that the interaction information and standard information of the second user are facilitated.
  • the matching can also improve the reliability of the authentication method in which the present application performs authentication based on the matching of the interactive operation information.
  • the picture specified by the first user may be used as the first user-defined gesture password input interface, and the interaction operation may include a gesture, so that the gesture can be implemented.
  • Diversification of the code input interface because the location of the feature area of the gesture password input interface corresponding to different pictures is generally different, the position of the feature area of the gesture password input interface corresponding to the picture specified by the first user and the gesture password input in the prior art The location of the feature area of the interface is generally different. Therefore, the attacker may not be familiar with the gesture password input interface corresponding to the picture, which may increase the difficulty for the attacker to peek and memorize the gesture password input by the first user, and/or increase the attacker.
  • the exhaustive way to crack the difficulty of the gesture password set by the first user can further improve the reliability of the authentication. Therefore, the present application can solve the problems in the prior art in part or in whole.
  • the above method has more advantages than the prior art.
  • the corresponding operation types of the gestures in the prior art are also relatively small, and the degree of specificity is also low.
  • the corresponding generated gesture information is generally limited to describing the sliding track, and does not describe such as More feature information such as sliding time, sliding contact time, and sliding contact force.
  • the interaction operations described in the present application may include more types of operations (eg, click operations, push operations, etc.), and for various operations included.
  • the specificity of the interactive operation content generated by the corresponding operations may be customized, so that the generated interactive operation information (compared to the gesture information in the prior art) may be more detailed, thereby improving the strictness of the authentication. Thereby improving the information security of the first user.
  • the single gesture password input interface in the prior art can be used, but the favorite picture can be freely selected to generate a corresponding customized gesture password input interface, and the customization can be performed. Better, it is beneficial to improve the user experience.
  • execution bodies of the steps of the flow in FIG. 2 may all be the same device, or the steps may also be performed by different devices.
  • the execution body of step 201 may be device 1
  • the execution body of steps 202-204 may be device 2
  • the execution body of steps 201-203 may be device 1
  • the execution body of step 204 may be device 2; Wait.
  • the embodiment of the present application further provides some specific implementation manners of the authentication method, and an extended solution, which will be described below.
  • the standard information in FIG. 2 may be generated according to the interaction operation of the first user for the picture.
  • the following describes the process of generating the standard information in FIG. 2 .
  • Figure 3 For explanation, as shown in Figure 3.
  • FIG. 3 is a schematic diagram of a process for generating standard information in FIG. 2 according to an embodiment of the present disclosure.
  • the execution body of the process in FIG. 3 and the execution body of the process in FIG. 2 may be the same device, or may be different devices.
  • the process in Figure 3 can include the following steps:
  • S301 Acquire the picture (that is, a specific picture) specified by the first user.
  • information about the content, format, and the like of a specific picture is not limited.
  • the embodiment of the present application provides two examples of a specific picture, as shown in FIG.
  • FIG. 4 is two examples of a specific picture provided by the present application, which are a picture of a dog on the left side in FIG. 4 and a picture of a cat on the right side in FIG. 4, respectively.
  • a specific picture provided by the present application, which are a picture of a dog on the left side in FIG. 4 and a picture of a cat on the right side in FIG. 4, respectively.
  • the following embodiments are also explained based on the specific picture example in FIG.
  • S302 Display the picture, and determine one or more feature areas on the picture.
  • feature detection may be performed on a specific picture based on a specific image feature area detection algorithm to determine the one or more feature areas on a specific picture, where the feature area may be performed by The subject specifies it or is specified by the first user.
  • This way of determining the feature area has the advantage of reducing the user's operation and intervention and increasing the automation of the solution of the present application.
  • the image feature region detection algorithm is not limited in this application. Several algorithms are listed as examples.
  • the image feature region detection algorithm may be: Scale-invariant feature transform (SIFT) algorithm, SURF algorithm. , FAST algorithm, ORB algorithm, Harris algorithm, BRISK algorithm, etc. Due to different image feature area detection The features of interest in the law may be different. Therefore, the feature regions detectable by different image feature region detection algorithms may also be different.
  • the SURF algorithm can generally detect a circular area in a specific picture.
  • Harris algorithm can generally detect an angular area in a specific picture as a feature area, and the like.
  • one or more image feature region detection algorithms may be selected according to actual needs as the specific image feature region detection algorithm.
  • the number of feature regions that can be determined may also be different. When there are too many feature regions (for example, a dozen or even dozens of feature regions are determined on a specific picture) It may not be conducive to subsequent operations. When the feature area is too small (for example, only one or two feature areas are determined on a particular picture), the degree of strictness of the authentication may not be as expected. For such a problem, it may be allowed to define the number of determined feature regions or the number of feature regions for authentication, for example, the first user may be allowed to limit the number of feature regions determined on each particular picture. For 9 or other numbers, if the number exceeds the limit, a part may be removed. If the limit is not reached, a part may be added, so that the feature area is neither too much nor too small.
  • the feature region may not be determined based on the specific image feature region detection algorithm, but the first user may directly designate one or more regions on the specific image as the feature region.
  • the advantage of this way of determining the feature area is that the first user has strong controllability to the feature area, and since the feature area is specified by the first user, it is also convenient for the first user to memorize the feature area.
  • determining one or more feature areas on the picture may include: performing feature detection on the picture, The feature detecting, determining the one or more feature regions on the particular picture; and/or determining one or more regions specified by the first user on the particular picture as the feature region.
  • the determined feature may also be marked on the displayed specific picture. region.
  • the labeling may be performed in a manner of text and/or graphics and/or color, etc., which may be used to indicate that its corresponding area is a feature area.
  • the embodiment of the present application provides a schematic diagram of a feature area determined and marked in a specific picture, as shown in FIG. 5 , specifically taking a specific picture in FIG. 4 as an example.
  • each feature area determined in a specific picture is respectively marked with a circular figure, wherein five characteristic areas are indicated in a specific picture on the left side in FIG. 5, and the specific part on the right side in FIG. Three feature areas are indicated in the picture.
  • S303 Detect an interaction operation of the first user for the one or more feature areas.
  • S304 Generate the standard information according to the detected interaction operation of the first user.
  • the execution of the authentication process may be triggered when the preset condition is met.
  • the setting in order to adjust the strictness of the authentication, before the authentication (for example, before performing step S101), the setting may be performed for the one or more feature areas, where the setting is used to determine whether: The one or more feature areas are marked on the pre-designated picture of the first user.
  • the second user can directly know the feature area on the specific picture by using the identifier, which is beneficial for the second user to reproduce the first user for the feature area. Interoperability, in which case the degree of rigor of authentication is relatively low.
  • the second user cannot directly know the feature area on the specific picture. If the second user is not the first user, the second user is difficult to determine the specific picture. The feature area on the top, and then it is difficult to reproduce the interaction operation for the feature area. The strictness of the authentication is relatively high, and the information of the first user can be improved. safety.
  • the embodiment of the present application provides a specific picture diagram of the case where the feature area is marked or not, as shown in FIG. 6 , specifically, the specific picture on the left side in FIG. 4 is taken as an example.
  • the left side in FIG. 6 is a schematic diagram of a specific picture indicated by the feature area, and the right side in FIG. 6 is a specific picture diagram not marked on the feature area.
  • the interaction operation information may reflect the corresponding interaction operation content, and the specific manners for implementing the reflection may be various. The following two specific manners are listed as examples.
  • the order of operations for each feature region on a particular picture may be part of the interactive content.
  • the interworking information may only reflect this portion of the corresponding interworking content.
  • corresponding identification information may also be generated for each feature region, and the identification information may be used on a specific image.
  • the feature area corresponding to the identification information is uniquely determined.
  • the identification information may be coordinate information of the corresponding feature area, or may be a character or a character string of a number, a letter, or the like that uniquely associates with the coordinate information of the corresponding feature area, and the like.
  • the generating the standard information according to the detected interaction operation of the first user may include: determining, according to the detected interaction operation of the first user, An operation sequence of the first user for the one or more feature regions; generating, according to the operation sequence and the identification information corresponding to the one or more feature regions, a feature region identification information sequence for indicating the operation sequence, As the standard information.
  • the identification information corresponding to the three feature regions is generated, which are numbers "1", “2", and "3", respectively.
  • the user's interaction operation for the three feature areas is: performing a click operation on the three feature areas in sequence.
  • the operation sequence of the first user for the three feature areas is from front to back: the first feature area, the second Feature area, third feature area.
  • the operation sequence is expressed by the identification information of the feature area, that is, the feature area identification information sequence "1, 2, 3” or "123” is generated as standard information.
  • “1, 2, 3” and “123” in this example are examples of the feature region identification information sequence, and are not limited. In practical applications, the feature region identification information sequence may also be other than the digital sequence. Formal representation, which can indicate the order of operation of the first user for each feature area.
  • the first specific manner may also be adopted to generate interaction information of the second user.
  • step 103 generating the interaction operation information of the second user according to the detected interaction operation of the second user, which may include: determining, according to the detected interaction operation of the second user, The interaction operation of the second user includes an operation sequence of the second user for the one or more feature regions when the second user interacts with the one or more feature regions; according to the operation sequence
  • the identification information corresponding to the one or more feature areas generates a sequence of feature area identification information indicating the operation sequence as the interaction operation information of the second user.
  • the interactive operation information can reflect more specific interactive operation content in addition to the above-mentioned operation sequence.
  • the interactive operation is a sliding operation
  • the sliding contact strength can also be reflected.
  • the generating the standard information according to the detected interaction operation of the first user may include: determining, according to the detected interaction operation of the first user, An operational sequence of the first user for the one or more feature regions, and an operational feature representation value of the one or more feature regions, the operational feature representation value being used to characterize: the first user for the operation An operation feature when the feature region corresponding to the feature representation value performs the interaction operation; according to the operation sequence, the identifier information corresponding to the one or more feature regions, and the operation feature representation value of the one or more feature regions Generating feature region identification information and operation specificity for indicating the operation sequence and the operation feature The sequence of characterization values is used as the standard information.
  • the identification information corresponding to the three feature regions is generated, which are numbers “1", “2", and "3", respectively.
  • the user's interaction operation for the three feature regions is: sliding from the first feature region to the second feature region, and then sliding from the second feature region to the third feature region.
  • the first user's operation sequence for the three feature regions is from the front to the back: the first feature region, the second feature region, and the third feature region.
  • the operating feature is the sliding contact force, and the sliding contact force is divided into "A" file and "B” file according to the magnitude of the force, that is, the operation feature representation value may be "A" or "B".
  • the feature area identification information and the operation characteristic representation value sequence can be generated as standard information.
  • “1, A, 2, B, 3” and “1A2B3” in this example are examples of the feature region identification information and the operation feature representation value sequence, and are not limited.
  • the feature region identifier information The sequence of operational feature characterization values may also be represented in other forms than the sequence of alphanumeric characters, and may indicate the operational sequence and operational characteristics of the first user for each feature region.
  • the second specific manner may also be used to generate the interaction information of the second user. I will not repeat them here.
  • the first user may be allowed to perform a re-confirmation operation on the generated standard information (referred to as: standard information secondary confirmation).
  • standard information secondary confirmation a re-confirmation operation on the generated standard information
  • the standard information can be regenerated once, and the standard information generated twice before and after is compared. If the comparison result is the same, it is determined that the generated standard information can be used for authentication.
  • the information generation method can generate standard information by executing the information generation method, and the flow of the information generation method is as shown in FIG. 7.
  • the flow in Figure 7 can include the following steps:
  • S701 Acquire a picture specified by the first user.
  • S702 Display the picture, and determine one or more feature areas on the picture.
  • S703 Detect an interaction operation of the first user for the one or more feature regions.
  • S704 Generate standard information according to the detected interaction operation of the first user, to be used to authenticate whether the second user is the first user.
  • determining one or more feature regions on the image may specifically include: performing feature detection on the image, and determining, by using the feature detection, on the specific image. And the one or more feature regions; and/or determining one or more regions specified by the first user on the specific image as the feature regions.
  • the embodiment of the present application further provides a detailed flow diagram of generating standard information in an actual application scenario, as shown in FIG. 8 .
  • the foregoing interaction operation is a click operation.
  • the flow in Figure 8 can include the following steps:
  • S801 Receive a customized picture uploaded by the first user.
  • S802 Determine a picture feature detection algorithm specified by the first user, and determine, according to the picture feature detection algorithm, a plurality of feature areas on the received picture.
  • S803 Display the picture, mark the feature area, and generate corresponding identification information for the feature area.
  • S804 Detect a click operation performed by the first user on the feature area.
  • S805 Generate, according to the identification information of the feature area, and the detected click order of the first user click feature area, a feature area identification information sequence for indicating the click order, as Standard information.
  • S806 Receive a second confirmation of the standard information by the first user.
  • S807 According to the instruction of the first user, set whether to mark the feature area on the displayed picture based on the standard information authentication.
  • the second user may be determined or estimated to reproduce the interaction of the first user. operating.
  • the method may include: The interaction information of the second user is matched with the standard information, and it is determined whether the interaction information of the second user is the same as the standard information; if yes, the second user is authenticated as the first user; Otherwise, the second user may not be authenticated as the first user.
  • the standard information and the interaction information of the second user are not necessarily required to authenticate the second user as the first user, but the interaction between the standard information and the second user may be The operation information is matched, and it is determined whether the interaction operation of the second user is the same as or similar to the interaction operation of the first user, and the authentication is performed based on the determination result.
  • the method may include: The interaction information of the second user is matched with the standard information, and it is determined whether the interaction operation corresponding to the interaction operation information of the second user is the same as the interaction operation corresponding to the standard information, and if so, the second authentication is performed.
  • the user is the first user; or, by matching the interaction operation information of the second user with the standard information, determining that the interaction operation corresponding to the interaction operation information of the second user corresponds to the standard information Whether the degree of similarity of the interaction is not less than a predetermined similarity threshold, and if so, the second user is authenticated as the first user; otherwise, the second user may not be authenticated as the first user.
  • the interaction operation for the picture may include: a click operation performed in one or more feature areas on the picture; and/or when there are multiple features on the picture A sliding operation for sliding from one feature area to another.
  • a pressing operation performed in one or more feature areas on the specific picture, and the like may be included.
  • FIG. 9 is a schematic diagram of a password input interface used in the other prior art.
  • the password is a preset sequence of numbers, and the second user needs to input the password by clicking on each digit area in the password input interface to pass the authentication.
  • the password input interface in Figure 9 is single, and the attacker is generally familiar with the password input interface, which may result in lower authentication reliability.
  • the first user can customize the password input interface by using the solution of the present application, and the password can be the standard information mentioned above, thereby realizing the customizable password input interface.
  • the attacker may not be familiar with the first user-defined password input interface, it may increase the difficulty for the attacker to peek and remember the password entered by the first user, and/or increase the attacker to crack the first in an exhaustive manner.
  • the difficulty of the password set by the user can further improve the reliability of the authentication. Therefore, the present application may also solve the problem of the other prior art in part or in whole.
  • the embodiment of the present application further provides a corresponding authentication device and an information generating device for authentication, as shown in FIG. 10 and FIG. 11 . Show.
  • FIG. 10 is a schematic structural diagram of an authentication apparatus according to an embodiment of the present disclosure, including:
  • the display module 1001 displays a picture specified by the first user in advance
  • the detecting module 1002 is configured to detect an interaction operation of the second user with respect to the picture
  • the generating module 1003 is configured to generate interaction operation information of the second user according to the detected interaction operation of the second user.
  • the authentication module 1004 by matching the interaction information of the second user with the standard information, to authenticate whether the second user is the first user, and the standard information is according to the first user for the picture. The interaction is generated.
  • the device further includes:
  • the standard information module 1005 generates the standard information according to the interaction operation of the first user with the picture according to the following manner:
  • the standard information module 1005 performs feature detection on the image, and the feature detection determines the one or more feature regions on the specific image; and/or,
  • the standard information module 1005 is configured to set the one or more feature areas before the display module 1001 displays the picture specified by the first user, where the setting is used to determine whether the first one is displayed.
  • the one or more feature areas are marked on a picture designated by the user in advance.
  • the standard information module 1005 after determining the one or more feature areas on the picture, generating corresponding identification information for each of the feature areas; according to the detected interaction of the first user Determining an operation sequence of the first user for the one or more feature regions; and according to the operation sequence and the identification information corresponding to the one or more feature regions, Generating a feature area identification information sequence for indicating the operation sequence as the standard information;
  • the authentication module 1004 determines whether the interaction information of the second user is the same as the standard information by matching the interaction information of the second user with the standard information; if yes, authenticating the The second user is the first user.
  • the authentication module 1004 determines, by matching the interaction operation information of the second user with the standard information, whether the interaction operation corresponding to the interaction operation information of the second user is the same as the interaction operation corresponding to the standard information. If yes, the second user is authenticated as the first user; or, by matching the interaction information of the second user with the standard information, determining interaction information of the second user Whether the degree of similarity of the interaction operation corresponding to the standard information is not less than a predetermined similarity threshold, and if so, authenticating the second user as the first user.
  • the interaction operation for the picture includes:
  • the device in Figure 10 can be specifically located on a device associated with authentication.
  • FIG. 11 is a schematic structural diagram of an information generating apparatus for authentication according to an embodiment of the present disclosure, including:
  • the obtaining module 1101 is configured to obtain a picture specified by the first user
  • Display determination module 1102 displaying the picture, and determining one or more feature areas on the picture;
  • the detecting module 1103 is configured to detect an interaction operation of the first user with the one or more feature regions;
  • the generating module 1104 is configured to generate, according to the detected interaction operation of the first user, standard information for authenticating whether the second user is the first user.
  • the display determining module 1102 performs feature detection on the image, and the feature detection determines the one or more feature regions on the specific image; and/or determines the first user One or more areas specified on the specific picture as the feature area.
  • the device in Figure 11 can be specifically located on a device associated with authentication.
  • the device provided by the present application is in one-to-one correspondence with the method provided by the present application. Therefore, the device also has similar beneficial technical effects as the method, since the beneficial technical effects of the method have been described in detail above. Therefore, the beneficial technical effects of the device will not be described again here.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
  • a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory.
  • RAM random access memory
  • ROM read only memory
  • Memory is an example of a computer readable medium.
  • Computer readable media includes both permanent and non-persistent, removable and non-removable media.
  • Information storage can be implemented by any method or technology.
  • the information can be computer readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, read only A compact disk read only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, magnetic tape cartridge, magnetic tape storage or other magnetic storage device or any other non-transportable medium that can be used to store computing devices Access to information.
  • computer readable media does not include temporary storage of computer readable media, such as modulated data signals and carrier waves.
  • embodiments of the present application can be provided as a method, system, or computer program product.
  • the present application can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment in combination of software and hardware.
  • the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Animal Behavior & Ethology (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • User Interface Of Digital Computer (AREA)
  • Collating Specific Patterns (AREA)
PCT/CN2017/079862 2016-05-05 2017-04-10 一种认证、用于认证的信息生成方法及装置 Ceased WO2017190577A1 (zh)

Priority Applications (8)

Application Number Priority Date Filing Date Title
MYPI2018001825A MY192160A (en) 2016-05-05 2017-04-10 Authentication method and device, and method and device for generating information for authentication
KR1020187032616A KR20190005870A (ko) 2016-05-05 2017-04-10 인증 방법 및 디바이스, 인증용 정보를 생성하기 위한 방법 및 디바이스
JP2018558116A JP7046006B2 (ja) 2016-05-05 2017-04-10 認証方法及びデバイス並びに認証用情報を生成する方法及びデバイス
SG11201808945UA SG11201808945UA (en) 2016-05-05 2017-04-10 Authentication method and device, method and device for generating information for authentication
EP17792404.0A EP3454244B1 (en) 2016-05-05 2017-04-10 Authentication method and device, method and device for generating information for authentication
US16/176,766 US11416598B2 (en) 2016-05-05 2018-10-31 Authentication and generation of information for authentication
PH12018502324A PH12018502324A1 (en) 2016-05-05 2018-11-05 Authentication method and device, method and device for generating information for authentication
US16/721,663 US11392680B2 (en) 2016-05-05 2019-12-19 Authentication and generation of information for authentication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610292695.4A CN107346386A (zh) 2016-05-05 2016-05-05 一种认证、用于认证的信息生成方法及装置
CN201610292695.4 2016-05-05

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/176,766 Continuation US11416598B2 (en) 2016-05-05 2018-10-31 Authentication and generation of information for authentication

Publications (1)

Publication Number Publication Date
WO2017190577A1 true WO2017190577A1 (zh) 2017-11-09

Family

ID=60202694

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/079862 Ceased WO2017190577A1 (zh) 2016-05-05 2017-04-10 一种认证、用于认证的信息生成方法及装置

Country Status (10)

Country Link
US (2) US11416598B2 (enExample)
EP (1) EP3454244B1 (enExample)
JP (1) JP7046006B2 (enExample)
KR (1) KR20190005870A (enExample)
CN (1) CN107346386A (enExample)
MY (1) MY192160A (enExample)
PH (1) PH12018502324A1 (enExample)
SG (1) SG11201808945UA (enExample)
TW (1) TW201740301A (enExample)
WO (1) WO2017190577A1 (enExample)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107346386A (zh) 2016-05-05 2017-11-14 阿里巴巴集团控股有限公司 一种认证、用于认证的信息生成方法及装置
US10523606B2 (en) 2018-01-02 2019-12-31 Snap Inc. Generating interactive messages with asynchronous media content
US10567321B2 (en) * 2018-01-02 2020-02-18 Snap Inc. Generating interactive messages with asynchronous media content
CN109215197B (zh) * 2018-09-17 2021-09-03 广州小鹏汽车科技有限公司 一种鉴权方法、电子设备及计算机可读存储介质
KR102619558B1 (ko) * 2018-11-16 2024-01-02 현대모비스 주식회사 자율주행차의 제어시스템 및 그 제어방법
US11265274B1 (en) 2020-02-28 2022-03-01 Snap Inc. Access and routing of interactive messages
KR20230168859A (ko) * 2022-06-08 2023-12-15 현대모비스 주식회사 자동차 조명 장치 및 그 작동 방법

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102243754A (zh) * 2010-05-11 2011-11-16 汤姆森特许公司 生成秘密值的方法和装置
CN104156654A (zh) * 2013-05-13 2014-11-19 中兴通讯股份有限公司 一种解密方法及装置
CN104200150A (zh) * 2014-09-01 2014-12-10 湖北盛天网络技术股份有限公司 验证码处理方法和装置

Family Cites Families (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW299410B (enExample) * 1994-04-04 1997-03-01 At & T Corp
TW510954B (en) 2000-04-08 2002-11-21 Motovario S P A Reduction gear comprising a crown gear and worm screw first stage and a second stage with an epicycloidal group
US7243239B2 (en) * 2002-06-28 2007-07-10 Microsoft Corporation Click passwords
US20040230843A1 (en) 2003-08-20 2004-11-18 Wayne Jansen System and method for authenticating users using image selection
JP4360871B2 (ja) * 2003-09-10 2009-11-11 富士通テン株式会社 情報端末における入力装置
US9058765B1 (en) 2008-03-17 2015-06-16 Taaz, Inc. System and method for creating and sharing personalized virtual makeovers
US8683582B2 (en) * 2008-06-16 2014-03-25 Qualcomm Incorporated Method and system for graphical passcode security
US8458485B2 (en) * 2009-06-17 2013-06-04 Microsoft Corporation Image-based unlock functionality on a computing device
US9146669B2 (en) * 2009-12-29 2015-09-29 Bizmodeline Co., Ltd. Password processing method and apparatus
JP5367169B2 (ja) * 2010-06-18 2013-12-11 シャープ株式会社 情報端末装置およびこれを利用した個人認証方法
JP5782783B2 (ja) * 2011-03-31 2015-09-24 カシオ計算機株式会社 タッチ処理装置及びプログラム
AU2011202415B1 (en) * 2011-05-24 2012-04-12 Microsoft Technology Licensing, Llc Picture gesture authentication
US9250801B2 (en) 2011-11-30 2016-02-02 Novatek Microelectronics Corp. Unlocking method, portable electronic device and touch-sensitive device
JP2013190992A (ja) * 2012-03-14 2013-09-26 Hitachi Consumer Electronics Co Ltd 情報処理端末、その認証方法、及び認証プログラム
US8819812B1 (en) * 2012-08-16 2014-08-26 Amazon Technologies, Inc. Gesture recognition for device input
CA3202407A1 (en) 2012-08-24 2014-02-27 Samsung Electronics Co., Ltd. Apparatus and method for providing interaction information by using image on device display
CN103729130A (zh) 2012-10-12 2014-04-16 华为技术有限公司 触敏设备解锁的方法及触敏设备
US9311472B2 (en) * 2012-12-21 2016-04-12 Abbott Laboratories Methods and apparatus for authenticating user login
KR20150003957A (ko) 2013-07-01 2015-01-12 삼성전자주식회사 전자 장치의 잠금 화면 운용 방법 및 장치
JP6248478B2 (ja) * 2013-08-30 2017-12-20 富士通株式会社 情報処理装置、認証方法、及び認証プログラム
CN103488404B (zh) 2013-09-22 2016-03-02 华为技术有限公司 一种解除电子设备锁定的方法及其装置
US9607138B1 (en) * 2013-12-18 2017-03-28 Amazon Technologies, Inc. User authentication and verification through video analysis
US10489912B1 (en) 2013-12-20 2019-11-26 Amazon Technologies, Inc. Automated rectification of stereo cameras
EP3134841A2 (en) * 2014-04-22 2017-03-01 Antique Books Inc. Method and system of providing a picture password for relatively smaller displays
JP6448767B2 (ja) * 2014-04-24 2019-01-09 ナント・ホールデイングス・アイ・ピー・エル・エル・シー 画像物体認識におけるロバスト特徴特定
TWI528213B (zh) 2014-05-30 2016-04-01 由田新技股份有限公司 手持式身分驗證裝置、身分驗證方法與身分驗證系統
CN104869562A (zh) 2015-04-24 2015-08-26 小米科技有限责任公司 一种进行信息传输的方法、装置和系统
KR102355039B1 (ko) 2015-06-11 2022-01-25 삼성전자주식회사 잠금 화면 출력 제어 방법 및 이를 지원하는 전자 장치
US11042288B2 (en) 2016-02-04 2021-06-22 Huawei Technologies Co., Ltd. Information processing method and electronic device for obtaining a touch gesture operation on a suspended button
JP2017151556A (ja) * 2016-02-22 2017-08-31 富士通株式会社 電子機器、認証方法および認証プログラム
CN105809017A (zh) * 2016-03-03 2016-07-27 联发科技(新加坡)私人有限公司 电子设备及其屏幕解锁方法
CN107346386A (zh) 2016-05-05 2017-11-14 阿里巴巴集团控股有限公司 一种认证、用于认证的信息生成方法及装置

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102243754A (zh) * 2010-05-11 2011-11-16 汤姆森特许公司 生成秘密值的方法和装置
CN104156654A (zh) * 2013-05-13 2014-11-19 中兴通讯股份有限公司 一种解密方法及装置
CN104200150A (zh) * 2014-09-01 2014-12-10 湖北盛天网络技术股份有限公司 验证码处理方法和装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3454244A4 *

Also Published As

Publication number Publication date
US11416598B2 (en) 2022-08-16
US20190065729A1 (en) 2019-02-28
JP7046006B2 (ja) 2022-04-01
EP3454244A1 (en) 2019-03-13
EP3454244B1 (en) 2022-09-14
EP3454244A4 (en) 2019-11-20
JP2019515394A (ja) 2019-06-06
SG11201808945UA (en) 2018-11-29
PH12018502324A1 (en) 2019-03-25
KR20190005870A (ko) 2019-01-16
CN107346386A (zh) 2017-11-14
TW201740301A (zh) 2017-11-16
MY192160A (en) 2022-08-03
US11392680B2 (en) 2022-07-19
US20200134161A1 (en) 2020-04-30

Similar Documents

Publication Publication Date Title
WO2017190577A1 (zh) 一种认证、用于认证的信息生成方法及装置
US10313882B2 (en) Dynamic unlock mechanisms for mobile devices
US10218506B1 (en) Cross-device authentication
US11057948B2 (en) Method and apparatus for connecting to wireless access point
US9264419B1 (en) Two factor authentication with authentication objects
CN111651797B (zh) 一种信息展示方法及装置
KR102258430B1 (ko) 신원 인증을 위한 방법 및 장치
US10296162B2 (en) User authentication security system
KR102135998B1 (ko) 바코드 생성 및 바코드에 기초한 인증
US10587594B1 (en) Media based authentication
US9202035B1 (en) User authentication based on biometric handwriting aspects of a handwritten code
KR20190085543A (ko) 보안 질문들을 생성하고 아이덴티티들을 검증하기 위한 방법 및 장치
CN104636715A (zh) 动态手写验证和基于手写的用户认证
US9576123B2 (en) Pattern-based password with dynamic shape overlay
US20160335611A1 (en) User attribute value transfer method and terminal
WO2019165875A1 (zh) 一种交易处理方法、服务器、客户端及系统
WO2016101813A1 (zh) 用户界面解锁的方法及装置
WO2017008630A1 (zh) 隐藏设置方法及装置、应用程序内容处理方法及装置
CN112685725B (zh) 一种安全验证的方法与设备
CN110880023A (zh) 一种检测证件图片的方法及装置
WO2017129068A1 (zh) 事件执行方法和装置及系统
HK1246434A1 (zh) 一种认证、用於认证的资讯生成方法及装置
JP2020046998A (ja) 認証装置、認証方法および認証プログラム
TW201734713A (zh) 資訊輸入方法、設備和系統
Escalante et al. MyLock

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2018558116

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 20187032616

Country of ref document: KR

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17792404

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2017792404

Country of ref document: EP

Effective date: 20181205