WO2019011109A1 - 权限控制方法及相关产品 - Google Patents

权限控制方法及相关产品 Download PDF

Info

Publication number
WO2019011109A1
WO2019011109A1 PCT/CN2018/091874 CN2018091874W WO2019011109A1 WO 2019011109 A1 WO2019011109 A1 WO 2019011109A1 CN 2018091874 W CN2018091874 W CN 2018091874W WO 2019011109 A1 WO2019011109 A1 WO 2019011109A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
user
biometric
template
iris
Prior art date
Application number
PCT/CN2018/091874
Other languages
English (en)
French (fr)
Inventor
周意保
张学勇
周海涛
唐城
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to EP18832015.4A priority Critical patent/EP3637289B1/en
Priority to US16/630,796 priority patent/US11176235B2/en
Publication of WO2019011109A1 publication Critical patent/WO2019011109A1/zh

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/40User authentication by quorum, i.e. whereby two or more security principals are required
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/031Protect user input by software means

Definitions

  • the present invention relates to the field of mobile terminal technologies, and in particular, to a rights control method and related products.
  • the fingerprint recognition technology is applied to the mobile terminal. After the fingerprint verification is passed, the user can perform operations such as paying and checking the mailbox, and the security level of the mobile terminal is improved to some extent.
  • fingerprint recognition is insufficient to ensure the security of user mobile terminals.
  • the embodiment of the invention provides a permission control method and related products, which can improve the security of the mobile terminal and avoid information leakage or property loss caused by the malicious operation of the mobile terminal.
  • a first aspect of the embodiment of the present invention discloses a mobile terminal, where the mobile terminal includes a processor and more than one biometric module, and the processor is connected to the more than one biometric module, wherein
  • the processor is configured to notify the more than one biometric module to acquire biometric information of the user if it is determined that the operation requested by the user is a preset operation type;
  • the more than one biometric module is configured to acquire N biometric information of the user, and transmit the N biometric information to the processor; the N is a positive integer greater than 1.
  • the processor is further configured to match the N pieces of biological information with a preset biometric information template, and if the N pieces of biometric information are successfully matched with the preset biometric information template, perform the operation requested by the user.
  • a second aspect of the embodiments of the present invention discloses a method for controlling rights, including:
  • the operation requested by the user is a preset operation type, acquiring N pieces of biological information of the user; the N is a positive integer greater than 1.
  • a third aspect of the embodiment of the present invention discloses a mobile terminal, including:
  • a processing unit configured to notify more than one biometric unit to acquire biometric information of the user if it is determined that the operation requested by the user is a preset operation type
  • the more than one biometric unit is configured to acquire N biometric information of the user, and transmit the N biometric information to the processing unit; the N is a positive integer greater than 1.
  • the processing unit is further configured to match the N pieces of biological information with a preset biometric information template, and if the N pieces of biometric information are successfully matched with the preset biometric information template, perform the operation requested by the user.
  • a fourth aspect of the embodiments of the present invention discloses a mobile terminal, including a processor, a memory, a communication interface, and one or more programs, wherein the one or more programs are stored in the memory and configured to Executed by the processor, the program includes instructions for performing the steps in the method disclosed in the second aspect above.
  • a fifth aspect of an embodiment of the present invention discloses a computer readable storage medium storing a computer program for electronic data exchange, wherein the computer program causes a computer to execute the method of the second aspect, the computer Including mobile terminals.
  • a sixth aspect of the embodiments of the present invention provides a computer program product, where the computer program product includes a non-transitory computer readable storage medium storing a computer program, the computer program being operable
  • the computer is caused to perform some or all of the steps as described in any of the methods of the second aspect of the embodiments of the present invention.
  • the computer program product can be a software installation package, the computer comprising a mobile terminal.
  • the mobile terminal when the mobile terminal determines that the operation requested by the user is the preset operation type, the mobile terminal notifies the more than one biometric module of the mobile terminal to acquire the N pieces of biological information of the user; The biometric information is matched with the preset biometric information template. If the N biometric information is successfully matched with the preset biometric information template, the operation requested by the user is performed. Therefore, in the case that the N biometric information is successfully matched, the user can perform the operation of the preset operation type. It can be seen that the implementation of the embodiment of the present invention can improve the security of the mobile terminal and prevent the mobile terminal from being maliciously operated. Information disclosure or property damage.
  • FIG. 1 is a schematic structural diagram of a mobile terminal according to an embodiment of the present invention.
  • FIG. 2 is a schematic structural diagram of another mobile terminal according to an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram of another mobile terminal according to an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of an interface for performing biometric identification according to an embodiment of the present invention.
  • FIG. 5 is a schematic flowchart diagram of a method for controlling rights according to an embodiment of the present disclosure
  • FIG. 6 is a schematic flowchart diagram of another permission control method according to an embodiment of the present invention.
  • FIG. 7 is a schematic flowchart diagram of still another method for controlling rights according to an embodiment of the present invention.
  • FIG. 8 is a structural block diagram of a functional unit of a mobile terminal according to an embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of another mobile terminal according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic structural diagram of another mobile terminal according to an embodiment of the present invention.
  • the mobile terminal involved in the embodiments of the present invention may include various handheld devices, wireless devices, wearable devices, computing devices, or other processing devices connected to the wireless modem, and various forms of user equipment (User Equipment, UE), mobile station (MS), terminal device, and the like.
  • UE User Equipment
  • MS mobile station
  • terminal device and the like.
  • the devices mentioned above are collectively referred to as mobile terminals.
  • the embodiments of the present invention are described below with reference to the accompanying drawings.
  • the embodiment of the invention provides a permission control method and related products, which can improve the security of the mobile terminal and avoid information leakage or property loss caused by the malicious operation of the mobile terminal. The details are described below separately.
  • FIG. 1 is a schematic structural diagram of a mobile terminal 100 according to an embodiment of the present invention.
  • the mobile terminal 100 includes a processor 110 and a biometric module 120.
  • the number of the biometric modules 120 is at least two, and the biometric module 120 can be a fingerprint recognition module, a face recognition module, and an iris recognition module. Group, voiceprint recognition module, vein recognition module, etc.
  • the processor 110 connects the at least two biometric modules 120 through the bus 140, and the processor 110 and the biometric module 120 can communicate with each other through the bus 140.
  • the processor may be a central processing unit (CPU). In some embodiments, it may also be referred to as an application processor (AP) to distinguish from the baseband processor.
  • CPU central processing unit
  • AP application processor
  • the processor 110 is configured to notify the biometric module 120 to acquire biometric information of the user, if the operation requested by the user is determined to be a preset operation type.
  • the biometric module 120 is configured to acquire N biometric information of the user, and transmit the N biometric information to the processor 110.
  • the processor 110 is further configured to match the N pieces of biometric information with the preset biometric information template, and if the N biometric information is successfully matched with the preset biometric information template, perform the operation requested by the user.
  • the mobile terminal 100 can receive the input of the user through the touch display screen, the physical button, and the like, and parse the input of the user to determine the operation requested by the user.
  • the operation requested by the user may be to unlock the screen, open the application, pay for the order, and the like.
  • the above preset operation types may be operations that require high security, such as paying for an order, viewing an album, opening a chat application, and viewing a chat history. Open your mailbox, etc.
  • the characteristics of these operations are that they involve the user's private or property information, so the security requirements are high.
  • the user may set some operations to the preset operation type according to their own needs; or, the mobile terminal may preset the system settings, and in the system setting, some operations have been set to pre- Set the type of operation.
  • the biometric module 120 acquires N pieces of biological information of the user, wherein the N pieces of biological information are different types of biological information.
  • the preset biometric information template corresponding to the type of the biometric module is pre-stored in the memory of the mobile terminal 100.
  • the mobile terminal 100 includes two biometric modules, namely a fingerprint identification module and a voiceprint recognition module
  • the mobile terminal 100 stores a fingerprint information template and a voiceprint information template in advance for the user.
  • the entered biometric information is matched to verify whether the user is a legitimate user and has permission to perform operations of a preset operation type.
  • FIG. 2 is a schematic structural diagram of another mobile terminal 200 according to an embodiment of the present invention.
  • the mobile terminal shown in FIG. 2 can be obtained on the basis of the mobile terminal shown in FIG. 1.
  • the mobile terminal shown in FIG. 2 further includes a display screen 130 and a brightness sensor 150;
  • the at least two biometric modules 120 include a fingerprint recognition module 121, a face recognition module 122, and an iris recognition module 123.
  • the at least two biometric modules 120 include only the fingerprint recognition module 121, the face recognition module 122, and the iris recognition module 123 as an example. It can be understood that in other implementations.
  • the vein recognition module, the voiceprint recognition module, and the like may be included in the embodiment of the present invention.
  • the processor 110, the fingerprint recognition module 121, the face recognition module 122, the iris recognition module 123, the display screen 130, and the brightness sensor 150 are all connected to the bus 140, so that the above parts can communicate with each other. .
  • one of the biological information may not be successfully verified due to a certain reason, and thus the desired operation cannot be completed.
  • the user may be in a darker environment, resulting in insufficient facial illumination to verify face recognition; or the user's fingers are too wet to verify fingerprint recognition; or the user wears contact lenses, The verification that the iris recognition could not be completed.
  • the biometric information verification may be replaced by using a password or a secret question verification to ensure that the operation that the user wants to perform can be performed smoothly.
  • the mobile terminal 200 performs the foregoing operations in the following manner:
  • the processor 110 is further configured to notify the display screen 130 to output a password input interface if the N-1 biometric information is successfully matched in the N pieces of biometric information, and if the biometric information is unsuccessful.
  • the display screen 130 is configured to output the password input interface.
  • the processor 110 is further configured to verify password information input by the user, and if the password information input by the user is successfully verified, perform the operation requested by the user.
  • the biometric module included in the mobile terminal 200 is the fingerprint recognition module 121, the face recognition module 122, and the iris recognition module 123
  • the acquired N pieces of biological information are fingerprint information and a face.
  • the information and the iris information are the preset biometric information templates in the embodiment of the present invention, which are a fingerprint information template, a face information template, and an iris information template.
  • FIG. 3 is a schematic structural diagram of a mobile terminal 200 according to an embodiment of the present invention.
  • the face recognition module 122 and the iris recognition module 123 can be located above the display screen 130, and the fingerprint recognition module 121 can be located below the display screen 130 and can be integrated with the HOME key.
  • the face recognition module 122 can be a front camera. In addition to the face recognition function, the function of a conventional camera such as a photograph or a video can be realized.
  • the iris recognition module 123 can be composed of an infrared fill light 1231 and an infrared camera 1232.
  • the infrared fill light 1231 emits infrared light on the iris, and is reflected back to the infrared camera 1232 through the iris, so that the infrared camera 1232 can collect the iris image.
  • the iris recognition module 123 recognizes by infrared rays, the iris recognition can be successfully completed even when the ambient light intensity is weak or even in a dark environment.
  • FIG. 4 is a schematic diagram of an interface for performing fingerprint recognition, face recognition, and iris recognition by the mobile terminal 200 according to an embodiment of the present invention.
  • the user can put the finger on the fingerprint recognition module for fingerprint recognition, and look at the upper part of the mobile terminal 200, so that the front camera and the infrared camera located at the upper part of the mobile terminal 200 can acquire the color of the user.
  • the face image and the black-and-white eye image simultaneously perform fingerprint recognition, face recognition, and iris recognition to improve the execution speed of various biological information recognition.
  • the display screen of the mobile terminal 200 may be illuminated, and the facial image of the user acquired by the front camera is displayed on the display screen, and is displayed on the display screen.
  • the appropriate position of the eye region for iris recognition is identified by a dotted line frame, so that the user can adjust the angle and the distance of the face information and the iris information input according to the image on the display screen, thereby quickly completing iris recognition and face recognition.
  • the fingerprint information and the fingerprint information template may be successfully matched, and the face information and the face information template are successfully matched, and the iris information and the iris are successfully generated.
  • the situation where the information template match is unsuccessful :
  • the processor 110 is further configured to analyze the iris information acquired by the iris recognition module 123 to determine whether the user wears the contact lens; and in the case that the user wears the contact lens, acquire the texture feature information of the contact lens, and the history of the buffer cached by the processor 110.
  • the texture feature information is compared to determine whether the texture feature information of the contact lens is consistent with the historical texture feature information; and when the texture feature information of the contact lens is consistent with the historical texture feature information, the historical password information corresponding to the historical texture feature information is confirmed. Whether the verification is successful or not, if the historical password information is successfully verified, the operation requested by the user is performed.
  • the mobile terminal 200 can acquire the historical texture feature information of the contact lens and the historical password information input due to the failure of the iris recognition verification when the user last wears the contact lens for verification; if the current contact lens pattern of the user is consistent with the historical texture feature information, It is presumed that the current user is the same person as the user who last verified the contact lens.
  • the secondary verification can skip the password verification and directly perform the operation requested by the user, reduce the time required for the user's identity verification, improve the execution efficiency of the mobile terminal, and bring a smoother and faster user experience.
  • the brightness sensor 150 is configured to acquire ambient light brightness of the mobile terminal 200 and transmit the ambient light brightness to the processor 110.
  • the processor 110 is further configured to: when the ambient light brightness is lower than the light intensity threshold, perform an operation of notifying the display screen 130 to output the password input interface; and, on the other hand, the ambient light brightness is equal to or higher than the light intensity threshold.
  • the processor 110 notifies the display screen 130 to output prompt information to prompt the user that there is no right to perform the operation of the preset operation type.
  • the display screen 130 is also used to output the above prompt information.
  • the ambient light brightness may be insufficient, and the feature information collected by the face recognition may be insufficient to be verified. Therefore, when only the face recognition is not verified, the ambient light brightness is obtained by using the light sensor. If the ambient light brightness is too low, the password input interface is output to prompt the user to input the password to complete the identity verification; on the other hand, if the environment The brightness is sufficient to complete the face recognition, but the face recognition is not verified. In order to improve the security of the operation of the mobile terminal, the operation requested by the user may be rejected, and the prompt information may be output to prompt the user to perform the operation of the preset operation type. .
  • the mobile terminal 200 described in FIG. 2 can obtain the password input by the user and verify the password to determine whether the user has the right to perform the preset operation type when only one of the plurality of biometric information cannot be successfully verified. operating. Therefore, while ensuring the security of the operation of the mobile terminal, the operation that the authorized user wants to perform can be smoothly executed.
  • FIG. 5 is a schematic flowchart diagram of a method for controlling rights according to an embodiment of the present invention.
  • the permission control method can be performed by the mobile terminal.
  • the permission control method may include:
  • the mobile terminal acquires an operation requested by the user, and determines whether the operation requested by the user is a preset operation type.
  • the mobile terminal can receive the input of the user through the touch display screen, the physical button, and the like, and parse the input of the user to determine the operation requested by the user.
  • the operation requested by the user may be to unlock the screen, open the application, pay for the order, and the like.
  • the above preset operation types may be operations that require high security, such as paying for an order, viewing an album, opening a chat application, and viewing a chat history. Open your mailbox, etc.
  • the characteristics of these operations are that they involve the user's private or property information, so the security requirements are high.
  • the mobile terminal acquires N pieces of biological information of the user, where the N pieces of biological information are different types of biological information.
  • the mobile terminal includes two biometric modules, namely a fingerprint recognition module and a voiceprint recognition module, the two biometric modules acquire two biometric information (fingerprint information and voiceprint information).
  • N the number of biometric modules, namely a fingerprint recognition module and a voiceprint recognition module, the two biometric modules acquire two biometric information (fingerprint information and voiceprint information).
  • N 2.
  • the preset biometric information template corresponding to the type of the biometric module is pre-stored in the memory of the mobile terminal. For example, if the mobile terminal includes two biometric modules, namely a fingerprint identification module and a voiceprint recognition module, the mobile terminal pre-stores a fingerprint information template and a voiceprint information template for inputting the user. The biometric information is matched to verify whether the user is a legitimate user and whether there is permission to perform an operation of a preset operation type.
  • FIG. 6 is a schematic flowchart diagram of another permission control method according to an embodiment of the present invention. As shown in FIG. 6, the permission control method may include:
  • the biometric information verification may be replaced by using a password or a secret question verification to ensure that the operation that the user wants to perform can be performed smoothly.
  • FIG. 7 is a schematic flowchart diagram of still another method for controlling rights according to an embodiment of the present invention.
  • the privilege control method can be applied to a mobile terminal including a processor, a biometric module, and a display screen.
  • the permission control method may include the following steps:
  • the processor notifies the biometric module to acquire biometric information of the user, if the operation that is requested by the user is determined to be a preset operation type.
  • the biometric module acquires N biometric information of the user, and transmits the N biometric information to the processor.
  • the biometric identification module may be an integrated hardware device, and has the functions of identifying various biological information such as fingerprint recognition, iris recognition, and face recognition.
  • the biometric module acquires N pieces of biological information of the user.
  • the biometric module may also be a separately disposed biometric module with different functions.
  • the processor matches the N pieces of biological information with the preset biometric information template.
  • the processor If N-1 biometric information in the N pieces of biometric information is successfully matched, and 1 biometric information is unsuccessful, the processor notifies the display screen to output a password input interface.
  • the display screen outputs the above password input interface.
  • the processor verifies the password information input by the user through the password input interface, and if the verification succeeds, performing the operation requested by the user.
  • FIG. 8 is a structural block diagram of a functional unit of a mobile terminal 800 according to an embodiment of the present invention.
  • the mobile terminal 800 may include a processing unit 801, a biometric unit 802, and a display unit 803, where:
  • the processing unit 801 is configured to notify the biometric identification unit 802 to acquire the biometric information of the user if it is determined that the operation requested by the user is the preset operation type.
  • the biometric identification unit 802 is configured to acquire N biometric information of the user, and transmit the N biometric information to the processing unit 801.
  • the processing unit 801 is further configured to match the N pieces of biometric information with the preset biometric information template, and if the N biometric information is successfully matched with the preset biometric information template, perform the operation requested by the user.
  • the processing unit 801 is further configured to: when the N-1 pieces of biometric information are successfully matched in the N pieces of biometric information, and the one biometric information is unsuccessful, the notification display unit 803 outputs a password input interface.
  • the display unit 803 is configured to output the password input interface.
  • the processing unit 801 is further configured to verify password information input by the user, and if the password information input by the user is successfully verified, perform the operation requested by the user.
  • the mobile terminal includes corresponding hardware structures and/or software modules for performing various functions.
  • the present invention can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
  • the embodiment of the present invention may divide the functional unit into the mobile terminal according to the foregoing method example.
  • each functional unit may be divided according to each function, or two or more functions may be integrated into one processing unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit. It should be noted that the division of the unit in the embodiment of the present invention is schematic, and is only a logical function division, and the actual implementation may have another division manner.
  • the processing unit 801 can be a central processing unit (CPU), a general-purpose processor, a digital signal processor (DSP), and an application-specific integrated circuit. , ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, transistor logic device, hardware component, or any combination thereof.
  • the biometric unit 802 can be a combination of a fingerprint recognition sensor, a camera, and an iris recognition module.
  • the display unit 803 can be a display screen, a touch display screen, or the like.
  • FIG. 9 is a schematic structural diagram of another mobile terminal according to an embodiment of the present invention.
  • the mobile terminal includes a processor 901, a memory 902, a communication interface 903, and one or more programs, wherein the one or more programs are stored in a memory and configured to be executed by a processor, the program Instructions are included for performing the steps in the above method embodiments.
  • the program includes instructions for performing the following steps:
  • the operation requested by the user is a preset operation type, acquiring N pieces of biological information of the user; the N is a positive integer greater than 1.
  • the program further includes instructions for performing the following steps:
  • N-1 pieces of biological information in the N pieces of biological information are successfully matched, and if one piece of biological information is unsuccessful, the password input interface is output;
  • the password information input by the user through the password input interface is verified, and if the password information input by the user is successfully verified, the operation requested by the user is performed.
  • the more than one biometric module includes: a fingerprint recognition module, a face recognition module, and an iris recognition module; and the N pieces of biological information include: iris information and face information.
  • the fingerprint information; the preset bio-information template includes: an iris information template, a face information template, and a fingerprint information template.
  • the N-1 biometric information of the N pieces of biometric information is successfully matched, and the matching of the biometric information is unsuccessful, including: the fingerprint information is successfully matched with the fingerprint information template, The matching of the face information with the face information template is successful, and the matching of the iris information with the iris information template is unsuccessful;
  • the program also includes instructions to perform the following steps:
  • the face information is successfully matched with the face information template, and the iris is analyzed if the iris information and the iris information template are unsuccessful.
  • the texture feature information of the contact lens and the historical texture feature information are consistent, it is confirmed whether the historical password information corresponding to the historical texture feature information is successfully verified, and if the historical password information is successfully verified, the execution is performed. The operation requested by the user.
  • the N-1 biometric information of the N pieces of biometric information is successfully matched, and the matching of the biometric information is unsuccessful, including: the fingerprint information is successfully matched with the fingerprint information template, The iris information is successfully matched with the iris information template, and the matching of the face information with the face information template is unsuccessful;
  • the program also includes instructions to perform the following steps:
  • the iris information is successfully matched with the iris information template, and if the face information and the face information template are not successfully matched, the mobile is acquired.
  • the operation of outputting the password input interface is performed; if the ambient light brightness is equal to or higher than the light intensity threshold, the prompt information is output to prompt the user that the user does not have permission to execute the The operation of the preset operation type.
  • FIG. 10 is a schematic structural diagram of another mobile terminal according to an embodiment of the present invention. As shown in FIG. 10, for the convenience of description, only parts related to the embodiment of the present invention are shown. Without specific details, please refer to the method part of the embodiment of the present invention.
  • the terminal can be any mobile terminal including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), an in-vehicle computer, and the mobile terminal is used as a mobile phone as an example:
  • FIG. 10 is a block diagram showing a partial structure of a mobile phone related to a mobile terminal provided by an embodiment of the present invention.
  • the mobile phone includes: a radio frequency (RF) circuit 1001, a memory 1002, an input unit 1003, a display unit 1004, a sensor 1005, an audio circuit 1006, a wireless fidelity (WiFi) module 1007, and a processor 1008. And power supply 1009 and other components.
  • RF radio frequency
  • the RF circuit 1001 can be used for receiving and transmitting signals during the transmission or reception of information or during a call. Specifically, after receiving the downlink information of the base station, it is processed by the processor 1008. In addition, the uplink data is designed to be sent to the base station. Generally, the RF circuit 1001 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, the RF circuit 1001 can also communicate with the network and other devices through wireless communication. The above wireless communication may use any communication standard or protocol, including but not limited to Global System of Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (Code Division). Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), E-mail, Short Messaging Service (SMS), and the like.
  • GSM Global System of Mobile communication
  • GPRS General Packet Radio Service
  • the memory 1002 can be used to store software programs and modules, and the processor 1008 executes various functional applications and data processing of the mobile phone by running software programs and modules stored in the memory 1002.
  • the memory 1002 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to Data created by the use of the mobile phone (such as audio data, phone book, etc.).
  • memory 1002 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
  • the input unit 1003 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function controls of the handset.
  • the input unit 1003 may include a touch panel 10031, an iris recognition module 10032, a fingerprint recognition module 10033, and a face recognition module 10034.
  • the touch panel 10031 also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 10031 or near the touch panel 10031. Operation), and drive the corresponding connecting device according to a preset program.
  • the touch panel 10031 may include two parts: a touch detection device and a touch controller.
  • the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
  • the processor 1008 is provided and can receive commands from the processor set 1008 and execute them.
  • the touch panel 10031 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
  • the input unit 1003 may further include an iris recognition module 10032, a fingerprint recognition module 10033, and a face recognition module 10034, for receiving iris information, fingerprint information, and face information input by the user to identify the user. Identity, thereby controlling the use of the mobile terminal.
  • the display unit 1004 can be used to display information input by the user or information provided to the user as well as various menus of the mobile phone.
  • the display unit 1004 can include a display panel 10041.
  • the display panel 10041 can be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like.
  • the touch panel 10031 can cover the display panel 10041. After the touch panel 10031 detects a touch operation on or near it, the touch panel 10031 transmits to the processor set 1008 to determine the type of the touch event, and then the processor set 1008 is based on the touch. The type of event provides a corresponding visual output on display panel 10041.
  • touch panel 10031 and the display panel 10041 are used as two independent components to implement the input and input functions of the mobile phone in FIG. 10, in some embodiments, the touch panel 10031 and the display panel 10041 may be integrated. Realize the input and output functions of the phone.
  • the handset may also include at least one type of sensor 1005, such as a light sensor, motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 10041 according to the brightness of the ambient light, and the proximity sensor may close the display panel 10041 and/or when the mobile phone moves to the ear. Or backlight.
  • the accelerometer sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity.
  • the mobile phone can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; as for the mobile phone can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, no longer Narration.
  • the gesture of the mobile phone such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration
  • vibration recognition related functions such as pedometer, tapping
  • the mobile phone can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, no longer Narration.
  • An audio circuit 1006, a speaker 10061, and a microphone 10062 can provide an audio interface between the user and the handset.
  • the audio circuit 1006 can transmit the converted electrical data of the received audio data to the speaker 10061, and convert it into a sound signal output by the speaker 10061.
  • the microphone 10062 converts the collected sound signal into an electrical signal, and the audio circuit 1006. After receiving, it is converted into audio data, and then processed by the audio data output processor set 1008, sent to, for example, another mobile phone via the RF circuit 1001, or outputted to the memory 1002 for further processing.
  • WiFi is a short-range wireless transmission technology.
  • the mobile phone can help users to send and receive emails, browse web pages and access streaming media through the WiFi module 1007. It provides users with wireless broadband Internet access.
  • FIG. 10 shows the WiFi module 1007, it can be understood that it does not belong to the essential configuration of the mobile phone, and can be omitted as needed within the scope of not changing the essence of the invention.
  • the processor 1008 is a control center for the handset, and the processor 1008 connects various portions of the entire handset using various interfaces and lines, by running or executing software programs and/or modules stored in the memory 1002, and recalling stored in the memory 1002. Data, perform various functions of the mobile phone and process data to monitor the mobile phone as a whole.
  • the processor 1008 may include one or more processing units; preferably, the processor 1008 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
  • the modem processor primarily handles wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 1008.
  • the mobile phone also includes a power source 1009 (such as a battery) for powering various components.
  • a power source 1009 such as a battery
  • the power source can be logically coupled to the processor 1008 through a power management system to manage functions such as charging, discharging, and power management through the power management system.
  • the mobile phone may further include a camera, a Bluetooth module, and the like, and details are not described herein again.
  • each step method flow can be implemented based on the structure of the mobile phone.
  • each unit function can be implemented based on the structure of the mobile phone.
  • the embodiment of the present invention further provides a computer storage medium, wherein the computer storage medium stores a computer program for electronic data exchange, the computer program causing the computer to perform some or all of the steps of any of the methods described in the foregoing method embodiments.
  • the computer includes a mobile terminal.
  • a computer readable storage medium having stored therein a computer program for electronic data exchange, wherein the computer program causes the computer to perform the following operations:
  • the operation requested by the user is a preset operation type, acquiring N pieces of biological information of the user; the N is a positive integer greater than 1.
  • the computer program further causes the computer to perform the following operations:
  • N-1 pieces of biological information in the N pieces of biological information are successfully matched, and if one piece of biological information is unsuccessful, the password input interface is output;
  • the password information input by the user through the password input interface is verified, and if the password information input by the user is successfully verified, the operation requested by the user is performed.
  • the more than one biometric module includes: a fingerprint recognition module, a face recognition module, and an iris recognition module; the N pieces of biological information include: iris information, face information, and fingerprint information;
  • the preset biometric information template includes: an iris information template, a face information template, and a fingerprint information template.
  • the N-1 biometric information of the N pieces of biometric information is successfully matched, and the matching of the biometric information is unsuccessful, including: the fingerprint information is successfully matched with the fingerprint information template, and the face information and the location information are The matching of the face information template is successful, and the matching of the iris information with the iris information template is unsuccessful;
  • the face information is successfully matched with the face information template, and the iris is analyzed if the iris information and the iris information template are unsuccessful.
  • the texture feature information of the contact lens and the historical texture feature information are consistent, it is confirmed whether the historical password information corresponding to the historical texture feature information is successfully verified, and if the historical password information is successfully verified, the execution is performed. The operation requested by the user.
  • the N-1 biometric information of the N pieces of biometric information is successfully matched, and the one biometric information is unsuccessful, including: the fingerprint information is successfully matched with the fingerprint information template, and the iris information is The matching of the iris information template is successful, and the matching of the face information with the face information template is unsuccessful;
  • the iris information is successfully matched with the iris information template, and if the face information and the face information template are not successfully matched, the mobile is acquired.
  • the operation of outputting the password input interface is performed; if the ambient light brightness is equal to or higher than the light intensity threshold, the prompt information is output to prompt the user that the user does not have permission to execute the The operation of the preset operation type.
  • the preset operation type includes an operation involving a user's private information or property information.
  • the operations related to the user's private information or property information specifically include: paying for an order, viewing an album, opening a chat application, viewing a chat log, and opening a mailbox.
  • the computer program causes the computer to perform the following operations:
  • the user's input is received through a touch display or physical button, and the user's input is parsed to determine the operation requested by the user.
  • Embodiments of the present invention also provide a computer program product comprising a non-transitory computer readable storage medium storing a computer program, the computer program being operative to cause a computer to perform the operations as recited in the above method embodiments Part or all of the steps of either method.
  • the computer program product can be a software installation package, the computer comprising a mobile terminal.
  • the disclosed apparatus may be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or may be Integrate into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical or otherwise.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present invention may contribute to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a memory. A number of instructions are included to cause a computer device (which may be a personal computer, server or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing memory includes: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and the like, which can store program codes.
  • ROM Read-Only Memory
  • RAM Random Access Memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephone Function (AREA)

Abstract

一种权限控制方法及相关产品, 涉及移动终端技术领域。其中,该方法包括:移动终端(200)通过处理器(110)在确定用户请求的操作为预设操作类型的情况下,通知移动终端的多于一个生物识别模组获取用户的N个生物信息;之后处理器(110)将N个生物信息与预设生物信息模板匹配,若N个生物信息均与预设生物信息模板匹配成功,则执行用户请求的操作。因此,在N个生物信息均匹配成功的情况下,用户才能执行预设操作类型的操作,可以提高移动终端的安全性,避免移动终端(200)被恶意操作而造成的信息泄露或财产损失。

Description

权限控制方法及相关产品 技术领域
本发明涉及移动终端技术领域,尤其涉及一种权限控制方法及相关产品。
背景技术
随着移动终端技术的发展,移动终端已经在人们生活中起到越来越重要的作用。在生活中,利用移动终端进行支付、办公等活动已经越来越方便。
然而,在移动终端为人们的生活带来方便的同时,也带来了信息安全的威胁与财产安全的威胁。为了提高移动终端的安全程度,指纹识别的技术被应用到了移动终端之中,在指纹验证通过后,用户才能进行支付、查阅邮箱等操作,一定程度上提高了移动终端的安全程度。
然而,随着指纹识别技术的广泛应用,也出现了针对指纹识别的安全漏洞,比如假手指、指纹膜等;因此,指纹识别已不足以保障用户移动终端的安全。
发明内容
本发明实施例提供了一种权限控制方法及相关产品,可以提高移动终端的安全性,避免移动终端被恶意操作而造成的信息泄露或财产损失。
本发明实施例第一方面公开了一种移动终端,所述移动终端包括处理器和多于一个生物识别模组,所述处理器连接所述多于一个生物识别模组,其中,
所述处理器,用于在确定用户请求的操作为预设操作类型的情况下,通知所述多于一个生物识别模组获取用户的生物信息;
所述多于一个生物识别模组,用于获取用户的N个生物信息,将所述N个生物信息传输至所述处理器;所述N为大于1的正整数;
所述处理器,还用于将所述N个生物信息与预设生物信息模板匹配,若所述N个生物信息与所述预设生物信息模板匹配成功,则执行所述用户请求的操作。
本发明实施例第二方面公开了一种权限控制方法,包括:
获取用户请求的操作,确定所述用户请求的操作是否为预设操作类型;
所述用户请求的操作为预设操作类型的情况下,获取用户的N个生物信息;所述N为大于1的正整数;
将所述N个生物信息与预设生物信息模板匹配,若所述N个生物信息与所述预设生物信息模板匹配成功,则执行所述用户请求的操作。
本发明实施例第三方面公开了一种移动终端,包括:
处理单元,用于在确定用户请求的操作为预设操作类型的情况下,通知多于一个生物识别单元获取用户的生物信息;
所述多于一个生物识别单元,用于获取用户的N个生物信息,将所述N个生物信息传输至所述处理单元;所述N为大于1的正整数;
所述处理单元,还用于将所述N个生物信息与预设生物信息模板匹配,若所述N个生物信息与所述预设生物信息模板匹配成功,则执行所述用户请求的操作。
本发明实施例第四方面公开了一种移动终端,包括处理器、存储器、通信接口以及一个或多个程序,其中,所述一个或多个程序被存储在所述存储器中,并且被配置为由所述处理器执行,所述程序包括用于执行上述第二方面所公开的方法中的步骤的指令。
本发明实施例第五方面公开了一种计算机可读存储介质,其存储用于电子数据交换的计算机程序,其中,所述计算机程序使得计算机执行如上述第二方面所述的方法,所述计算机包括移动终端。
本发明实施例第六方面公开了本发明实施例提供了一种计算机程序产品,其中,所述计算机程序产品包括存储了计算机程序的非瞬时性计算机可读存储介质,所述计算机程序可操作来使计算机执行如本发明实施例第二方面任一方法中所描述的部分或全部步骤。该计算机程序产品可以为一个软件安装包,所述计算机包括移动终端。
本发明实施例中,移动终端通过处理器在确定用户请求的操作为预设操作类型的情况下,通知移动终端的多于一个生物识别模组获取用户的N个生物信息;之后处理器将N个生物信息与预设生物信息模板匹配,若N个生物信息均与预设生物信息模板匹配成功,则执行用户请求的操作。因此,在N个生物信息均匹配成功的情况下,用户才能执行预设操作类型的操作,由此可见,实施本发明实施例,可以提高移动终端的安全性,避免移动终端被恶意操作而造成的信息泄露或财产损失。
附图说明
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。
图1为本发明实施例公开的一种移动终端的结构示意图;
图2为本发明实施例公开的另一种移动终端的结构示意图;
图3为本发明实施例公开的另一种移动终端的结构示意图;
图4为本发明实施例公开的一种执行生物识别的界面示意图;
图5为本发明实施例公开的一种权限控制方法的流程示意图;
图6为本发明实施例公开的另一种权限控制方法的流程示意图;
图7为本发明实施例公开的又一种权限控制方法的流程示意图;
图8为本发明实施例公开的一种移动终端的功能单元组成框图;
图9为本发明实施例公开的另一种移动终端的结构示意图;
图10为本发明实施例公开的另一种移动终端的结构示意图。
具体实施方式
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明一部份实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。
本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别不同的对象,而不是用于描述特定顺序。此外,术语“包括”和“具有”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法或设备固有的其他步骤或单元。
本发明实施例所涉及到的移动终端可以包括各种具有无线通信功能的手持设备、车载设备、可穿戴设备、计算设备或连接到无线调制解调器的其他处理设备,以及各种形式的用户设备(User Equipment,UE),移动台(Mobile Station,MS),终端设备(terminal device)等等。为方便描述,上面提到的设备统称为移动终端。下面结合附图对本发明实施例进行介绍。
本发明实施例提供了一种权限控制方法及相关产品,可以提高移动终端的安全性,避免移动终端被恶意操作而造成的信息泄露或财产损失。以下分别进行详细说明。
请参阅图1,图1为本发明实施例公开的一种移动终端100的结构示意图。移动终端100包括处理器110和生物识别模组120,其中,生物识别模组120的数目为至少两个,且生物识别模组120可为指纹识别模组、人脸识别模组、虹膜识别模组、声纹识别模组、静脉识别模组等。
本发明实施例中,处理器110通过总线140连接上述至少两个生物识别模组120,并且通过总线140,处理器110和生物识别模组120可以相互通信。
本发明实施例中,处理器可为中央处理器(Central Processing Unit,CPU),在一些实施方式中,还可以被称为应用处理器(Application processor,AP),以与基带处理器进行区分。
本发明实施例中,处理器110,用于在确定用户请求的操作为预设操作类型的情况下,通知生物识别模组120获取用户的生物信息。
生物识别模组120,用于获取用户的N个生物信息,将N个生物信息传输至处理器110。
处理器110,还用于将上述N个生物信息与预设生物信息模板匹配,若N个生物信息与预设生物信息模板匹配成功,则执行上述用户请求的操作。
本发明实施例中,移动终端100可以通过触控显示屏、物理按键等接收用 户的输入,并解析用户的输入以确定用户请求的操作。举例来说,用户请求的操作可为解锁屏幕、打开应用、对订单进行支付等。而上述预设操作类型,可为对安全性要求较高的操作,例如:对订单进行支付、查看相册、打开聊天应用、查看聊天记录。打开邮箱等。这些操作的特点是,会涉及用户的隐私信息或财产信息,因此对安全性的要求较高。
作为一种可选的实施方式,用户可以根据自身的需求将某些操作设置为预设操作类型;或者,移动终端可以预置系统设定,在系统设定中,已经将部分操作设置为预设操作类型。
本发明实施例中,生物识别模组120获取用户的N个生物信息,其中,N个生物信息为不同类型的生物信息。举例来说,若移动终端100包含2个生物识别模组,分别为指纹识别模组和声纹识别模组,则2个生物识别模组获取2个生物信息(指纹信息和声纹信息),此时N=2。
本发明实施例中,根据移动终端100具备的生物识别模组的类型,移动终端100的存储器中预先存储有对应生物识别模组的类型的预设生物信息模板。举例来说,若移动终端100包含2个生物识别模组,分别为指纹识别模组和声纹识别模组,则移动终端100中预先存储有指纹信息模板和声纹信息模板,用于对用户输入的生物信息进行匹配,以验证用户是否为合法用户,是否有进行预设操作类型的操作的权限。
当用户的N个生物信息均与预设生物信息模板匹配成功,则确定用户有执行预设操作类型的操作权限,从而移动终端100完成用户请求的操作。
由此可见,图1所描述的移动终端,在N个生物信息均匹配成功的情况下,用户才能执行预设操作类型的操作,因此,可以提高移动终端的安全性,避免移动终端被恶意操作而造成的信息泄露或财产损失。
请参阅图2,图2为本发明实施例公开的另一种移动终端200的结构示意图。图2所示的移动终端可以在图1所示的移动终端的基础上获得,与图1所描述的移动终端相比,图2所示的移动终端还包括显示屏130和亮度传感器150;除此之外,至少两个生物识别模组120包括:指纹识别模组121、人脸识别模组122以及虹膜识别模组123。在本发明实施例中,以至少两个生物识别模组120仅包括指纹识别模组121、人脸识别模组122以及虹膜识别模组123为例来进行说明,可以理解的是,在其他实施例中,还可以包括静脉识别模组、声纹识别模组等,本发明实施例不做限定。
本发明实施例中,处理器110、指纹识别模组121、人脸识别模组122、虹膜识别模组123、显示屏130以及亮度传感器150均与总线140连接,因而以上各个部分可以实现相互通信。
本发明实施例中,当用户需要验证多个生物信息才能执行某操作时,可能由于一定的原因,导致其中一个生物信息无法验证成功,从而无法完成想要进行的操作。举例来说,用户可能处于较黑暗的环境,导致面部光照不足,而无法完成人脸识别的验证;或者,用户的手指过于湿润,造成无法完成指纹识别 的验证;或者,用户佩戴了隐形眼镜,导致无法完成虹膜识别的验证。
因此,在提高移动终端操作的安全性的同时,也需要考虑用户的操作的执行成功率。本发明实施例中,当多个生物信息中仅有一个生物信息没有验证成功时,可以利用密码或密保问题验证来替代该生物信息验证,保障用户想要执行的操作能够顺利执行。
本发明实施例中,移动终端200具体通过如下方式完成上述操作:
处理器110,还用于在N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功的情况下,通知显示屏130输出密码输入界面。
显示屏130,用于输出上述密码输入界面。
处理器110,还用于验证用户输入的密码信息,若用户输入的密码信息验证成功,则执行上述用户请求的操作。
本发明实施例中,若移动终端200包含的生物识别模组为指纹识别模组121、人脸识别模组122、虹膜识别模组123,则获取到的N个生物信息为指纹信息、人脸信息和虹膜信息,则上述本发明实施例中的预设生物信息模板为指纹信息模板、人脸信息模板和虹膜信息模板。
请参阅图3,图3为本发明实施例公开的一种移动终端200的结构示意图。如图3所示,人脸识别模组122和虹膜识别模组123可位于显示屏130上方,而指纹识别模组121可位于显示屏130下方,且可与HOME键集成设置。
其中,人脸识别模组122可为前置摄像头,在完成人脸识别功能之外,还可以实现拍照、视频等常规摄像头的功能。
而虹膜识别模组123可由红外补光灯1231和红外摄像头1232组成。在进行虹膜识别时,红外补光灯1231发出红外光照射在虹膜上,经过虹膜反射回红外摄像头1232,从而红外摄像头1232可以采集到虹膜图像。
由虹膜识别模组123通过红外光线进行识别的原理可知,在环境光强度弱、甚至处于黑暗环境的情况下,也可以顺利完成虹膜识别。
请参阅图4,图4为本发明实施例公开的一种移动终端200同时执行指纹识别、人脸识别和虹膜识别的界面示意图。由图4可以看出,用户可以将手指放在指纹识别模组上进行指纹识别的同时,平视移动终端200的上部,从而,位于移动终端200上部的前置摄像头和红外摄像头可以获取用户的彩色人脸图像和黑白眼部图像,从而同时进行指纹识别、人脸识别和虹膜识别,以提高多种生物信息识别时的执行速度。
作为一种可选的实施方式,在同时进行上述三种生物识别时,可以点亮移动终端200的显示屏,在显示屏上显示出前置摄像头获取到的用户的面部图像,并在显示屏上以虚线框的方式标识出进行虹膜识别时眼部区域的合适位置,以便于用户根据显示屏上的图像调整人脸信息和虹膜信息输入的角度和远近,从而快速完成虹膜识别和人脸识别。
当执行预设操作类型的操作,需要同时验证指纹信息、虹膜信息和人脸信息时,可能出现“指纹信息与指纹信息模板匹配成功,人脸信息与人脸信息模 板匹配成功,虹膜信息与虹膜信息模板匹配不成功”的情况:
处理器110,还用于分析虹膜识别模组123获取到的虹膜信息以确定用户是否佩戴隐形眼镜;在用户佩戴隐形眼镜的情况下,获取隐形眼镜的纹路特征信息,与处理器110缓存的历史纹路特征信息进行比较,以确定隐形眼镜的纹路特征信息是否与历史纹路特征信息一致;在隐形眼镜的纹路特征信息与历史纹路特征信息一致的情况下,确认与历史纹路特征信息对应的历史密码信息是否验证成功,若历史密码信息验证成功,则执行用户请求的操作。
在上述实施方式中,针对用户的生物信息中仅有虹膜信息没有验证成功的情况,分析用户当前是否佩戴隐形眼镜;若用户当前佩戴了隐形眼镜,则说明,可能是由于隐形眼镜的花纹造成虹膜识别验证失败。因此,移动终端200可以获取用户上次佩戴隐形眼镜进行验证时隐形眼镜的历史纹路特征信息和由于虹膜识别验证失败而输入的历史密码信息;若用户当前的隐形眼镜花纹与历史纹路特征信息一致,则推测当前用户与上次佩戴隐形眼镜进行验证的用户为同一人,因此,若上次用户输入的历史密码信息通过了验证,则可以推测当前用户也有权限进行预设操作类型的操作,从而此次验证可以跳过密码验证直接执行用户请求的操作,降低用户的身份验证所需要的时间,提高移动终端的执行效率,带给用户更流畅快速的使用体验。
当执行预设操作类型的操作,需要同时验证指纹信息、虹膜信息和人脸信息时,可能出现“指纹信息与指纹信息模板匹配成功,虹膜信息与虹膜信息模板匹配成功,人脸信息与人脸信息模板匹配不成功”的情况:
亮度传感器150,用于获取移动终端200的环境光亮度,将环境光亮度传输至处理器110。
处理器110,还用于在环境光亮度低于光线强度阈值的情况下,执行通知显示屏130输出密码输入界面的操作;而另一方面,环境光亮度等于或高于光线强度阈值的情况下,处理器110通知显示屏130输出提示信息以提示用户没有权限执行预设操作类型的操作。
显示屏130,还用于输出上述提示信息。
在上述实施方式中,若仅有人脸识别没有通过验证,则可能是由于环境光亮度不足,造成人脸识别采集到的特征信息不足而无法验证通过。因此,可以当仅有人脸识别没有验证通过时,利用光线传感器获取环境光亮度,若环境光亮度过低,则输出密码输入界面以提示用户输入密码来完成身份验证;而另一方面,若环境光亮度足够完成人脸识别,人脸识别却没哟通过验证,则为了提高移动终端操作的安全性,可以拒绝用户请求的操作,并输出提示信息以提示用户没有权限执行预设操作类型的操作。
由此可见,图2所描述的移动终端200,可以当多个生物信息中仅有一个生物信息不能验证成功时,获取用户输入的密码并验证密码以确定用户是否具有权限执行预设操作类型的操作。从而,在保证移动终端操作的安全性的同时,保障具有权限的用户想要执行的操作能够顺利执行。
请参阅图5,图5为本发明实施例公开的一种权限控制方法的流程示意图。其中,该权限控制方法可以由移动终端执行。由图5所示,该权限控制方法可以包括:
501、移动终端获取用户请求的操作,确定用户请求的操作是否为预设操作类型。
本发明实施例中,移动终端可以通过触控显示屏、物理按键等接收用户的输入,并解析用户的输入以确定用户请求的操作。举例来说,用户请求的操作可为解锁屏幕、打开应用、对订单进行支付等。而上述预设操作类型,可为对安全性要求较高的操作,例如:对订单进行支付、查看相册、打开聊天应用、查看聊天记录。打开邮箱等。这些操作的特点是,会涉及用户的隐私信息或财产信息,因此对安全性的要求较高。
502、用户请求的操作为预设操作类型的情况下,获取用户的N个生物信息。
本发明实施例中,移动终端获取用户的N个生物信息,其中,N个生物信息为不同类型的生物信息。举例来说,若移动终端包含2个生物识别模组,分别为指纹识别模组和声纹识别模组,则2个生物识别模组获取2个生物信息(指纹信息和声纹信息),此时N=2。
503、将上述N个生物信息与预设生物信息模板匹配,若N个生物信息与预设生物信息模板匹配成功,则执行上述用户请求的操作。
本发明实施例中,根据移动终端具备的生物识别模组的类型,移动终端的存储器中预先存储有对应生物识别模组的类型的预设生物信息模板。举例来说,若移动终端包含2个生物识别模组,分别为指纹识别模组和声纹识别模组,则移动终端中预先存储有指纹信息模板和声纹信息模板,用于对用户输入的生物信息进行匹配,以验证用户是否为合法用户,是否有进行预设操作类型的操作的权限。
由此可见,利用图5所描述的方法,在N个生物信息均匹配成功的情况下,用户才能执行预设操作类型的操作,因此,可以提高移动终端的安全性,避免移动终端被恶意操作而造成的信息泄露或财产损失。
请参阅图6,图6为本发明实施例公开的另一种权限控制方法的流程示意图。由图6所示,该权限控制方法可以包括:
601、获取用户请求的操作,确定用户请求的操作是否为预设操作类型。
602、用户请求的操作为预设操作类型的情况下,获取用户的N个生物信息。
603、若上述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功的情况下,输出密码输入界面。
本发明实施例中,当多个生物信息中仅有一个生物信息没有验证成功时,可以利用密码或密保问题验证来替代该生物信息验证,保障用户想要执行的操作能够顺利执行。
604、验证用户通过密码输入界面输入的密码信息,若用户输入的密码信息验证成功,则执行上述用户请求的操作。
由此可见,利用图6所描述的方法,可以当多个生物信息中仅有一个生物信息不能验证成功时,获取用户输入的密码并验证密码以确定用户是否具有权限执行预设操作类型的操作。从而,在保证移动终端操作的安全性的同时,保障具有权限的用户想要执行的操作能够顺利执行。
请参阅图7,图7为本发明实施例公开的又一种权限控制方法的流程示意图。该权限控制方法可以应用于包括处理器、生物识别模组和显示屏的移动终端。由图7所示,该权限控制方法可以包括如下步骤:
701、处理器在确定用户请求的操作为预设操作类型的情况下,通知生物识别模组获取用户的生物信息。
702、生物识别模组获取用户的N个生物信息,将N个生物信息传输至处理器。
本发明实施例中,上述生物识别模组可为集成化的硬件装置,同时具备指纹识别、虹膜识别、人脸识别等多种生物信息的识别功能。对应生物识别模组可以识别的N种生物信息,本发明实施例中,生物识别模组获取用户的N个生物信息。
作为一种可选的实施方式,上述生物识别模组也可为分离设置的、不同功能的生物识别模组。
703、处理器将N个生物信息与预设生物信息模板匹配。
704、若上述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功,则处理器通知显示屏输出密码输入界面。
705、显示屏输出上述密码输入界面。
706、处理器验证用户通过上述密码输入界面输入的密码信息,若验证成功,则执行上述用户请求的操作。
由此可见,利用图7所描述的方法,可以当多个生物信息中仅有一个生物信息不能验证成功时,获取用户输入的密码并验证密码以确定用户是否具有权限执行预设操作类型的操作。从而,在保证移动终端操作的安全性的同时,保障具有权限的用户想要执行的操作能够顺利执行。
请参阅图8,图8为本发明实施例公开的一种移动终端800的功能单元组成框图。如图8所示,移动终端800可以包括处理单元801、生物识别单元802以及显示单元803,其中:
处理单元801,用于在确定用户请求的操作为预设操作类型的情况下,通知生物识别单元802获取用户的生物信息。
生物识别单元802,用于获取用户的N个生物信息,将N个生物信息传输至处理单元801。
处理单元801,还用于将上述N个生物信息与预设生物信息模板匹配,若N个生物信息与预设生物信息模板匹配成功,则执行上述用户请求的操作。
处理单元801,还用于在上述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功的情况下,通知显示单元803输出密码输入界面。
显示单元803,用于输出上述密码输入界面。
处理单元801,还用于验证用户输入的密码信息,若用户输入的密码信息验证成功,则执行上述用户请求的操作。
可以理解的是,移动终端为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,本发明能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。
本发明实施例可以根据上述方法示例对移动终端进行功能单元的划分,例如,可以对应各个功能划分各个功能单元,也可以将两个或两个以上的功能集成在一个处理单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。需要说明的是,本发明实施例中对单元的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。
作为一种可选的实施方式,处理单元801可为中央处理器(Central Processing Unit,CPU),通用处理器,数字信号处理器(Digital Signal Processor,DSP),专用集成电路(Application-Specific Integrated Circuit,ASIC),现场可编程门阵列(Field Programmable Gate Array,FPGA)或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。生物识别单元802可以为指纹识别传感器、摄像头以及虹膜识别模组的组合。显示单元803可以为显示屏、触控显示屏等。
由此可见,利用图8描述的移动终端,可以当多个生物信息中仅有一个生物信息不能验证成功时,获取用户输入的密码并验证密码以确定用户是否具有权限执行预设操作类型的操作。从而,在保证移动终端操作的安全性的同时,保障具有权限的用户想要执行的操作能够顺利执行。
请参阅图9,图9为本发明实施例公开的另一种移动终端的结构示意图。如图所示,该移动终端包括处理器901、存储器902、通信接口903以及一个或多个程序,其中,上述一个或多个程序被存储在存储器中,并且被配置为由处理器执行,程序中包括用于执行上述方法实施例中的步骤的指令。
举例来说,程序包括用于执行以下步骤的指令:
获取用户请求的操作,确定所述用户请求的操作是否为预设操作类型;
所述用户请求的操作为预设操作类型的情况下,获取用户的N个生物信息;所述N为大于1的正整数;
将所述N个生物信息与预设生物信息模板匹配,若所述N个生物信息与所述预设生物信息模板匹配成功,则执行所述用户请求的操作。
作为一种可选的实施方式,程序还包括用于执行以下步骤的指令:
所述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功的情况下,输出密码输入界面;
验证用户通过所述密码输入界面输入的密码信息,若所述用户输入的密码信息验证成功,则执行所述用户请求的操作。
作为一种可选的实施方式,所述多于一个生物识别模组包括:指纹识别模组、人脸识别模组和虹膜识别模组;所述N个生物信息包括:虹膜信息、人脸信息和指纹信息;所述预设生物信息模板包括:虹膜信息模板、人脸信息模板和指纹信息模板。
作为一种可选的实施方式,所述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功,包括:所述指纹信息与所述指纹信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配不成功;
程序中还包括执行以下步骤的指令:
在所述指纹信息与所述指纹信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配不成功的情况下,分析所述虹膜信息以确定用户是否佩戴隐形眼镜;
用户佩戴隐形眼镜的情况下,获取所述隐形眼镜的纹路特征信息,与所述移动终端缓存的历史纹路特征信息进行比较,以确定所述隐形眼镜的纹路特征信息是否与所述历史纹路特征信息一致;
在所述隐形眼镜的纹路特征信息与所述历史纹路特征信息一致的情况下,确认与所述历史纹路特征信息对应的历史密码信息是否验证成功,若所述历史密码信息验证成功,则执行所述用户请求的操作。
作为一种可选的实施方式,所述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功,包括:所述指纹信息与所述指纹信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配不成功;
程序中还包括执行以下步骤的指令:
在所述指纹信息与所述指纹信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配不成功的情况下,获取所述移动终端的环境光亮度;
所述环境光亮度低于光线强度阈值的情况下,执行所述输出密码输入界面的操作;所述环境光亮度等于或高于光线强度阈值的情况下,输出提示信息以提示用户没有权限执行所述预设操作类型的操作。
由此可见,利用图9所描述的移动终端,可以当多个生物信息中仅有一个生物信息不能验证成功时,获取用户输入的密码并验证密码以确定用户是否具有权限执行预设操作类型的操作。从而,在保证移动终端操作的安全性的同时,保障具有权限的用户想要执行的操作能够顺利执行。
请参阅图10,图10为本发明实施例公开的另一种移动终端的结构示意图。如图10所示,为了便于说明,仅示出了与本发明实施例相关的部分,具体技术细节未揭示的,请参照本发明实施例方法部分。该终端可以为包括手机、平板电脑、PDA(Personal Digital Assistant,个人数字助理)、POS(Point of Sales,销售终端)、车载电脑等任意移动终端,以移动终端为手机为例:
图10示出的是与本发明实施例提供的移动终端相关的手机的部分结构的框图。参考图10,手机包括:射频(Radio Frequency,RF)电路1001、存储器1002、输入单元1003、显示单元1004、传感器1005、音频电路1006、无线保真(wireless fidelity,WiFi)模块1007、处理器1008、以及电源1009等部件。本领域技术人员可以理解,图10中示出的手机结构并不构成对手机的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。
下面结合图10对手机的各个构成部件进行具体的介绍:
RF电路1001可用于收发信息或通话过程中,信号的接收和发送,特别地,将基站的下行信息接收后,给处理器1008处理;另外,将设计上行的数据发送给基站。通常,RF电路1001包括但不限于天线、至少一个放大器、收发信机、耦合器、低噪声放大器(Low Noise Amplifier,LNA)、双工器等。此外,RF电路1001还可以通过无线通信与网络和其他设备通信。上述无线通信可以使用任一通信标准或协议,包括但不限于全球移动通讯系统(Global System of Mobile communication,GSM)、通用分组无线服务(General Packet Radio Service,GPRS)、码分多址(Code Division Multiple Access,CDMA)、宽带码分多址(Wideband Code Division Multiple Access,WCDMA)、长期演进(LongTerm Evolution,LTE)、电子邮件、短消息服务(Short Messaging Service,SMS)等。
存储器1002可用于存储软件程序以及模块,处理器1008通过运行存储在存储器1002的软件程序以及模块,从而执行手机的各种功能应用以及数据处理。存储器1002可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据手机的使用所创建的数据(比如音频数据、电话本等)等。此外,存储器1002可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。
输入单元1003可用于接收输入的数字或字符信息,以及产生与手机的用户设置以及功能控制有关的键信号输入。具体地,输入单元1003可包括触控面板10031、虹膜识别模组10032、指纹识别模组10033以及人脸识别模组10034。触控面板10031,也称为触摸屏,可收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触控面板10031上或在触控面板10031附近的操作),并根据预先设定的程式驱动相应的连接装置。 可选的,触控面板10031可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器1008,并能接收处理器集合1008发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表面声波等多种类型实现触控面板10031。除了触控面板10031,输入单元1003还可以包括虹膜识别模组10032、指纹识别模组10033以及人脸识别模组10034,用于接收用户输入的虹膜信息、指纹信息以及人脸信息以识别用户的身份,从而进行移动终端的使用权限控制。
显示单元1004可用于显示由用户输入的信息或提供给用户的信息以及手机的各种菜单。显示单元1004可包括显示面板10041,可选的,可以采用液晶显示器(Liquid Crystal Display,LCD)、有机发光二极管(Organic Light-Emitting Diode,OLED)等形式来配置显示面板10041。进一步的,触控面板10031可覆盖显示面板10041,当触控面板10031检测到在其上或附近的触摸操作后,传送给处理器集合1008以确定触摸事件的类型,随后处理器集合1008根据触摸事件的类型在显示面板10041上提供相应的视觉输出。虽然在图10中,触控面板10031与显示面板10041是作为两个独立的部件来实现手机的输入和输入功能,但是在某些实施例中,可以将触控面板10031与显示面板10041集成而实现手机的输入和输出功能。
手机还可包括至少一种传感器1005,比如光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示面板10041的亮度,接近传感器可在手机移动到耳边时,关闭显示面板10041和/或背光。作为运动传感器的一种,加速计传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别手机姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;至于手机还可配置的陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。
音频电路1006、扬声器10061,传声器10062可提供用户与手机之间的音频接口。音频电路1006可将接收到的音频数据转换后的电信号,传输到扬声器10061,由扬声器10061转换为声音信号输出;另一方面,传声器10062将收集的声音信号转换为电信号,由音频电路1006接收后转换为音频数据,再将音频数据输出处理器集合1008处理后,经RF电路1001以发送给比如另一手机,或者将音频数据输出至存储器1002以便进一步处理。
WiFi属于短距离无线传输技术,手机通过WiFi模块1007可以帮助用户收发电子邮件、浏览网页和访问流式媒体等,它为用户提供了无线的宽带互联网访问。虽然图10示出了WiFi模块1007,但是可以理解的是,其并不属于手机的必须构成,完全可以根据需要在不改变发明的本质的范围内而省略。
处理器1008是手机的控制中心,处理器1008利用各种接口和线路连接整个手机的各个部分,通过运行或执行存储在存储器1002内的软件程序和/或模块,以及调用存储在存储器1002内的数据,执行手机的各种功能和处理数据,从而对手机进行整体监控。可选的,处理器1008可包括一个或多个处理单元;优选的,处理器1008可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器1008中。
手机还包括给各个部件供电的电源1009(比如电池),优选的,电源可以通过电源管理系统与处理器1008逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。
尽管未示出,手机还可以包括摄像头、蓝牙模块等,在此不再赘述。
前述图5至图7所示的实施例中,各步骤方法流程可以基于该手机的结构实现。
前述图8所示的实施例中,各单元功能可以基于该手机的结构实现。
由此可见,利用图10所描述的移动终端,可以当多个生物信息中仅有一个生物信息不能验证成功时,获取用户输入的密码并验证密码以确定用户是否具有权限执行预设操作类型的操作。从而,在保证移动终端操作的安全性的同时,保障具有权限的用户想要执行的操作能够顺利执行。
本发明实施例还提供一种计算机存储介质,其中,该计算机存储介质存储用于电子数据交换的计算机程序,该计算机程序使得计算机执行如上述方法实施例中记载的任一方法的部分或全部步骤,所述计算机包括移动终端。
具体的,在本发明的一个实施例中,提供了一种计算机可读存储介质,该介质中存储有用于电子数据交换的计算机程序,其中,所述计算机程序使得计算机执行如下操作:
获取用户请求的操作,确定所述用户请求的操作是否为预设操作类型;
所述用户请求的操作为预设操作类型的情况下,获取用户的N个生物信息;所述N为大于1的正整数;
将所述N个生物信息与预设生物信息模板匹配,若所述N个生物信息与所述预设生物信息模板匹配成功,则执行所述用户请求的操作。
可选的,所述计算机程序还使得计算机执行如下操作:
所述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功的情况下,输出密码输入界面;
验证用户通过所述密码输入界面输入的密码信息,若所述用户输入的密码信息验证成功,则执行所述用户请求的操作。
可选的,所述多于一个生物识别模组包括:指纹识别模组、人脸识别模组和虹膜识别模组;所述N个生物信息包括:虹膜信息、人脸信息和指纹信息;所述预设生物信息模板包括:虹膜信息模板、人脸信息模板和指纹信息模板。
可选的,所述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹 配不成功,包括:所述指纹信息与所述指纹信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配不成功;
在所述指纹信息与所述指纹信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配不成功的情况下,分析所述虹膜信息以确定用户是否佩戴隐形眼镜;
用户佩戴隐形眼镜的情况下,获取所述隐形眼镜的纹路特征信息,与所述移动终端缓存的历史纹路特征信息进行比较,以确定所述隐形眼镜的纹路特征信息是否与所述历史纹路特征信息一致;
在所述隐形眼镜的纹路特征信息与所述历史纹路特征信息一致的情况下,确认与所述历史纹路特征信息对应的历史密码信息是否验证成功,若所述历史密码信息验证成功,则执行所述用户请求的操作。
可选的,所述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功,包括:所述指纹信息与所述指纹信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配不成功;
在所述指纹信息与所述指纹信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配不成功的情况下,获取所述移动终端的环境光亮度;
所述环境光亮度低于光线强度阈值的情况下,执行所述输出密码输入界面的操作;所述环境光亮度等于或高于光线强度阈值的情况下,输出提示信息以提示用户没有权限执行所述预设操作类型的操作。
可选的,所述预设操作类型包括涉及用户的隐私信息或财产信息的操作。
具体的,所述涉及用户的隐私信息或财产信息的操作具体包括:对订单进行支付、查看相册、打开聊天应用、查看聊天记录以及打开邮箱。
可选的,所述计算机程序使得计算机执行如下操作:
通过触控显示屏或物理按键接收用户的输入,并解析用户的输入以确定用户请求的操作。
本发明实施例还提供一种计算机程序产品,所述计算机程序产品包括存储了计算机程序的非瞬时性计算机可读存储介质,所述计算机程序可操作来使计算机执行如上述方法实施例中记载的任一方法的部分或全部步骤。该计算机程序产品可以为一个软件安装包,所述计算机包括移动终端。
需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为依据本发明,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本发明所必须的。
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详 述的部分,可以参见其他实施例的相关描述。
在本申请所提供的几个实施例中,应该理解到,所揭露的装置,可通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储器中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储器中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储器包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读存储器中,存储器可以包括:闪存盘、只读存储器(英文:Read-Only Memory,简称:ROM)、随机存取器(英文:Random Access Memory,简称:RAM)、磁盘或光盘等。
以上对本发明实施例进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。

Claims (19)

  1. 一种移动终端,其特征在于,所述移动终端包括处理器和多于一个生物识别模组,所述处理器连接所述多于一个生物识别模组,其中,
    所述处理器,用于在确定用户请求的操作为预设操作类型的情况下,通知所述多于一个生物识别模组获取用户的生物信息;
    所述多于一个生物识别模组,用于获取用户的N个生物信息,将所述N个生物信息传输至所述处理器;所述N为大于1的正整数;
    所述处理器,还用于将所述N个生物信息与预设生物信息模板匹配,若所述N个生物信息与所述预设生物信息模板匹配成功,则执行所述用户请求的操作。
  2. 根据权利要求1所述的移动终端,其特征在于,所述移动终端还包括显示屏,所述显示屏连接所述处理器;
    所述处理器,还用于在所述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功的情况下,通知所述显示屏输出密码输入界面;
    所述显示屏,用于输出所述密码输入界面;
    所述处理器,还用于验证用户输入的密码信息,若所述用户输入的密码信息验证成功,则执行所述用户请求的操作。
  3. 根据权利要求2所述的移动终端,其特征在于,所述多于一个生物识别模组包括:指纹识别模组、人脸识别模组和虹膜识别模组;所述N个生物信息包括:虹膜信息、人脸信息和指纹信息;所述预设生物信息模板包括:虹膜信息模板、人脸信息模板和指纹信息模板。
  4. 根据权利要求3所述的移动终端,其特征在于,所述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功,包括:所述指纹信息与所述指纹信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配不成功;
    所述处理器,还用于在所述指纹信息与所述指纹信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配不成功的情况下,分析所述虹膜信息以确定用户是否佩戴隐形眼镜;
    所述处理器,还用于用户佩戴隐形眼镜的情况下,获取所述隐形眼镜的纹路特征信息,与所述处理器缓存的历史纹路特征信息进行比较,以确定所述隐形眼镜的纹路特征信息是否与所述历史纹路特征信息一致;
    所述处理器,还用于在所述隐形眼镜的纹路特征信息与所述历史纹路特征信息一致的情况下,确认与所述历史纹路特征信息对应的历史密码信息是否验证成功,若所述历史密码信息验证成功,则执行所述用户请求的操作。
  5. 根据权利要求3或4所述的移动终端,其特征在于,所述移动终端还包括亮度传感器,所述亮度传感器连接所述处理器;
    所述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功, 包括:所述指纹信息与所述指纹信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配不成功;
    所述亮度传感器,用于在所述指纹信息与所述指纹信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配不成功的情况下,获取所述移动终端的环境光亮度,将所述环境光亮度传输至所述处理器;
    所述处理器,还用于在所述环境光亮度低于光线强度阈值的情况下,执行所述通知所述显示屏输出密码输入界面的操作;所述环境光亮度等于或高于光线强度阈值的情况下,通知所述显示屏输出提示信息以提示用户没有权限执行所述预设操作类型的操作;
    所述显示屏,还用于输出所述提示信息。
  6. 根据权利要求1至5任一所述的移动终端,其特征在于,所述预设操作类型包括涉及用户的隐私信息或财产信息的操作。
  7. 根据权利要求1至6任一所述的移动终端,其特征在于,所述N个生物信息为不同类型的生物信息。
  8. 根据权利要求1所述的移动终端,其特征在于,当所述N个生物信息为下述信息中的至少两个信息:指纹信息、人脸信息、虹膜信息、静脉信息以及声纹信息。
  9. 根据权利要求8所述的移动终端,其特征在于,所述多于一个生物识别模组为下述模组中的至少两个模组:指纹识别模组、人脸识别模组、虹膜识别模组、静脉识别模组以及声纹识别模组。
  10. 一种权限控制方法,其特征在于,包括:
    获取用户请求的操作,确定所述用户请求的操作是否为预设操作类型;
    所述用户请求的操作为预设操作类型的情况下,获取用户的N个生物信息;所述N为大于1的正整数;
    将所述N个生物信息与预设生物信息模板匹配,若所述N个生物信息与所述预设生物信息模板匹配成功,则执行所述用户请求的操作。
  11. 根据权利要求10所述的方法,其特征在于,所述方法还包括:
    所述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功的情况下,输出密码输入界面;
    验证用户通过所述密码输入界面输入的密码信息,若所述用户输入的密码信息验证成功,则执行所述用户请求的操作。
  12. 根据权利要求11所述的方法,其特征在于,所述多于一个生物识别模组包括:指纹识别模组、人脸识别模组和虹膜识别模组;所述N个生物信息包括:虹膜信息、人脸信息和指纹信息;所述预设生物信息模板包括:虹膜信息模板、人脸信息模板和指纹信息模板。
  13. 根据权利要求12所述的方法,其特征在于,所述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功,包括:所述指纹信息与 所述指纹信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配不成功;
    在所述指纹信息与所述指纹信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配不成功的情况下,分析所述虹膜信息以确定用户是否佩戴隐形眼镜;
    用户佩戴隐形眼镜的情况下,获取所述隐形眼镜的纹路特征信息,与所述移动终端缓存的历史纹路特征信息进行比较,以确定所述隐形眼镜的纹路特征信息是否与所述历史纹路特征信息一致;
    在所述隐形眼镜的纹路特征信息与所述历史纹路特征信息一致的情况下,确认与所述历史纹路特征信息对应的历史密码信息是否验证成功,若所述历史密码信息验证成功,则执行所述用户请求的操作。
  14. 根据权利要求12或13所述的方法,其特征在于,所述N个生物信息中N-1个生物信息匹配成功,1个生物信息匹配不成功,包括:所述指纹信息与所述指纹信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配不成功;
    在所述指纹信息与所述指纹信息模板匹配成功,所述虹膜信息与所述虹膜信息模板匹配成功,所述人脸信息与所述人脸信息模板匹配不成功的情况下,获取所述移动终端的环境光亮度;
    所述环境光亮度低于光线强度阈值的情况下,执行所述输出密码输入界面的操作;所述环境光亮度等于或高于光线强度阈值的情况下,输出提示信息以提示用户没有权限执行所述预设操作类型的操作。
  15. 根据权利要求10至14任一所述的方法,其特征在于,所述预设操作类型包括涉及用户的隐私信息或财产信息的操作。
  16. 根据权利要求10至15任一所述的方法,其特征在于,所述N个生物信息为不同类型的生物信息。
  17. 根据权利要求10所述的方法,其特征在于,当所述N个生物信息为下述信息中的至少两个信息:指纹信息、人脸信息、虹膜信息、静脉信息以及声纹信息。
  18. 根据权利要求17所述的方法,其特征在于,所述多于一个生物识别模组为下述模组中的至少两个模组:指纹识别模组、人脸识别模组、虹膜识别模组、静脉识别模组以及声纹识别模组。
  19. 一种计算机可读存储介质,其特征在于,其存储用于电子数据交换的计算机程序,其中,所述计算机程序使得计算机执行权利要求10至18任一所述的方法。
PCT/CN2018/091874 2017-07-14 2018-06-19 权限控制方法及相关产品 WO2019011109A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP18832015.4A EP3637289B1 (en) 2017-07-14 2018-06-19 Permission control method and related product
US16/630,796 US11176235B2 (en) 2017-07-14 2018-06-19 Permission control method and related product

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710580192.1 2017-07-14
CN201710580192.1A CN107437009B (zh) 2017-07-14 2017-07-14 权限控制方法及相关产品

Publications (1)

Publication Number Publication Date
WO2019011109A1 true WO2019011109A1 (zh) 2019-01-17

Family

ID=60461283

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/091874 WO2019011109A1 (zh) 2017-07-14 2018-06-19 权限控制方法及相关产品

Country Status (4)

Country Link
US (1) US11176235B2 (zh)
EP (1) EP3637289B1 (zh)
CN (1) CN107437009B (zh)
WO (1) WO2019011109A1 (zh)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107437009B (zh) * 2017-07-14 2020-01-14 Oppo广东移动通信有限公司 权限控制方法及相关产品
EP3678090B1 (en) 2017-08-30 2024-10-02 Nec Corporation Iris matching system, iris matching method, and storage medium
US10997446B2 (en) * 2018-02-16 2021-05-04 Fingerprint Cards Ab Enrollment scheme for an electronic device
CN108415564B (zh) * 2018-02-26 2020-08-18 Oppo广东移动通信有限公司 电子装置、设备控制方法及相关产品
CN108363916A (zh) * 2018-02-28 2018-08-03 上海爱优威软件开发有限公司 一种身份识别处理方法及系统
CN108830062B (zh) * 2018-05-29 2022-10-04 浙江水科文化集团有限公司 人脸识别方法、移动终端及计算机可读存储介质
CN108769410B (zh) * 2018-05-29 2021-12-24 维沃移动通信有限公司 一种信息发送方法及移动终端
CN109544424B (zh) * 2018-10-27 2024-06-28 平安医疗健康管理股份有限公司 一种基于生物特征识别的住院监管方法及相关设备
CN109960920A (zh) * 2019-03-29 2019-07-02 联想(北京)有限公司 信息处理方法及电子设备
CN110704862A (zh) * 2019-08-23 2020-01-17 中国平安财产保险股份有限公司 基于区块链的个人档案管理方法、装置、电子设备及介质
CN110851803B (zh) * 2019-11-08 2022-03-29 北京明略软件系统有限公司 一种批量注册用户信息的系统及方法
WO2022014001A1 (ja) * 2020-07-16 2022-01-20 日本電気株式会社 情報処理装置、情報処理方法、及び、記録媒体
CN112632505A (zh) * 2020-12-18 2021-04-09 中国南方电网有限责任公司 一种基于大数据分析、人脸识别电网调度员登录认证系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927658A (zh) * 2014-04-08 2014-07-16 深圳市中兴移动通信有限公司 移动支付方法和移动支付终端
CN105389703A (zh) * 2015-11-10 2016-03-09 陈雷 多模式生物识别混合认证支付系统
CN105530267A (zh) * 2016-02-15 2016-04-27 上海斐讯数据通信技术有限公司 一种基于生物特征的软件登录方法、终端、服务器及系统
CN106570370A (zh) * 2016-03-18 2017-04-19 深圳市全智达科技有限公司 一种用户身份识别方法及装置
CN107437009A (zh) * 2017-07-14 2017-12-05 广东欧珀移动通信有限公司 权限控制方法及相关产品

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8536976B2 (en) * 2008-06-11 2013-09-17 Veritrix, Inc. Single-channel multi-factor authentication
US8370640B2 (en) * 2008-12-01 2013-02-05 Research In Motion Limited Simplified multi-factor authentication
CN102810154B (zh) * 2011-06-02 2016-05-11 国民技术股份有限公司 一种基于可信模块的生物特征采集融合方法和系统
US9076048B2 (en) * 2012-03-06 2015-07-07 Gary David Shubinsky Biometric identification, authentication and verification using near-infrared structured illumination combined with 3D imaging of the human ear
US8798332B2 (en) 2012-05-15 2014-08-05 Google Inc. Contact lenses
US10567376B2 (en) 2012-08-24 2020-02-18 Sensible Vision, Inc. System and method for providing secure access to an electronic device using multifactor authentication
WO2015103226A2 (en) * 2013-12-31 2015-07-09 Digit Security, LLC Biometric access system
CN103886283A (zh) 2014-03-03 2014-06-25 天津科技大学 用于移动用户的多生物特征图像信息融合方法及其应用
US11487855B2 (en) * 2015-07-15 2022-11-01 Nec Corporation Authentication device, authentication system, authentication method, and program
CN105590045B (zh) * 2015-09-14 2018-09-04 中国银联股份有限公司 一种环境自适应的身份认证方法和终端
CN105224936B (zh) * 2015-10-28 2017-11-17 广东欧珀移动通信有限公司 一种虹膜特征信息提取方法和装置
US10262123B2 (en) * 2015-12-30 2019-04-16 Motorola Mobility Llc Multimodal biometric authentication system and method with photoplethysmography (PPG) bulk absorption biometric
US20180004924A1 (en) * 2016-06-30 2018-01-04 Synaptics Incorporated Systems and methods for detecting biometric template aging
US11115408B2 (en) * 2016-08-09 2021-09-07 Daon Holdings Limited Methods and systems for determining user liveness and verifying user identities
US10122764B1 (en) * 2017-04-25 2018-11-06 T-Mobile Usa, Inc. Multi-factor and context sensitive biometric authentication system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927658A (zh) * 2014-04-08 2014-07-16 深圳市中兴移动通信有限公司 移动支付方法和移动支付终端
CN105389703A (zh) * 2015-11-10 2016-03-09 陈雷 多模式生物识别混合认证支付系统
CN105530267A (zh) * 2016-02-15 2016-04-27 上海斐讯数据通信技术有限公司 一种基于生物特征的软件登录方法、终端、服务器及系统
CN106570370A (zh) * 2016-03-18 2017-04-19 深圳市全智达科技有限公司 一种用户身份识别方法及装置
CN107437009A (zh) * 2017-07-14 2017-12-05 广东欧珀移动通信有限公司 权限控制方法及相关产品

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3637289A4 *

Also Published As

Publication number Publication date
EP3637289A1 (en) 2020-04-15
EP3637289B1 (en) 2021-01-13
US20200167452A1 (en) 2020-05-28
CN107437009A (zh) 2017-12-05
EP3637289A4 (en) 2020-04-15
CN107437009B (zh) 2020-01-14
US11176235B2 (en) 2021-11-16

Similar Documents

Publication Publication Date Title
US11176235B2 (en) Permission control method and related product
US11269981B2 (en) Information displaying method for terminal device and terminal device
KR102135681B1 (ko) 서비스 처리 방법, 기기 및 시스템
WO2017118412A1 (zh) 一种更新密钥的方法、装置和系统
KR102162955B1 (ko) 생체 정보를 이용한 인증 방법 및 이를 지원하는 휴대형 전자장치
WO2017185711A1 (zh) 控制智能设备的方法、装置、系统和存储介质
CN106778175B (zh) 一种界面锁定方法、装置和终端设备
CN107483213B (zh) 一种安全认证的方法、相关装置及系统
WO2018161743A1 (zh) 指纹识别方法及相关产品
WO2015055095A1 (en) Identity authentication method and device and storage medium
CN107451450B (zh) 生物识别方法及相关产品
US11017066B2 (en) Method for associating application program with biometric feature, apparatus, and mobile terminal
CN106548144B (zh) 一种虹膜信息的处理方法、装置及移动终端
CN105468952A (zh) 身份验证方法及装置
WO2016078504A1 (zh) 身份鉴权方法和装置
CN108156537B (zh) 一种移动终端的远程操作方法及移动终端
WO2019019837A1 (zh) 生物识别方法及相关产品
WO2019011108A1 (zh) 虹膜识别方法及相关产品
WO2016192511A1 (zh) 远程删除信息的方法和装置
CN109544172B (zh) 一种显示方法及终端设备
CN106130735A (zh) 一种通信信息的处理方法、装置和移动终端
CN107480495B (zh) 移动终端的解锁方法及相关产品
KR20200106550A (ko) 인증 창 디스플레이 방법 및 장치
WO2019196655A1 (zh) 模式切换方法和装置、计算机可读存储介质、终端
CN107506628B (zh) 生物识别方法及相关产品

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18832015

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2018832015

Country of ref document: EP

Effective date: 20200107