WO2020133500A1 - Method and device for unlocking terminal device, and storage medium - Google Patents

Method and device for unlocking terminal device, and storage medium Download PDF

Info

Publication number
WO2020133500A1
WO2020133500A1 PCT/CN2018/125820 CN2018125820W WO2020133500A1 WO 2020133500 A1 WO2020133500 A1 WO 2020133500A1 CN 2018125820 W CN2018125820 W CN 2018125820W WO 2020133500 A1 WO2020133500 A1 WO 2020133500A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal device
user
information
card information
unlocking
Prior art date
Application number
PCT/CN2018/125820
Other languages
French (fr)
Chinese (zh)
Inventor
彭敏
李卓斐
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201880094787.9A priority Critical patent/CN112334896B/en
Priority to PCT/CN2018/125820 priority patent/WO2020133500A1/en
Publication of WO2020133500A1 publication Critical patent/WO2020133500A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit

Definitions

  • the present application relates to smart technology, and in particular to an unlocking method, device and storage medium of a terminal device.
  • the terminal devices may be locked.
  • Common locking scenarios include the following two types: the user enters the password incorrectly multiple times, or the user loses the device After that, log in to the designated website and lock the terminal device remotely through the retrieval function.
  • the common way is to unlock the terminal device by entering a specific unlock code, because the unlock interface can only enter numbers, that is to say, the unlock code is generally composed of several digits, the password is easier to crack, and the password is stored in the terminal device In the data area of the operating system, the password will be erased after the flashing operation.
  • the unlock code of the terminal device is easy to be erased or cracked, and it is also easy for a hacker to set a specific unlock code, which causes the user to be unable to use it normally and poses a threat to the safety of the user's data and property.
  • This application provides a method, device and storage medium for unlocking a terminal device, which is used to solve the problem that the unlock code of the terminal device is easy to be erased or cracked, and it is also easy for the hacker to set a specific unlock code that causes the user to not use it normally. Data and property security pose a threat.
  • the present application provides a method for unlocking a terminal device, including:
  • the terminal device is unlocked.
  • the acquiring ID information of the user includes:
  • an image of a physical ID card can also be obtained through a camera, and the image can be identified and processed to obtain ID card information.
  • the comparing whether the ID card information is consistent with the ID card information stored in the secure area of the terminal device includes:
  • this solution it is not limited to the comparison of ID card information through a watchdog program, but can also be compared with the system application of the terminal device or other application programs, and this solution is not limited.
  • the method further includes:
  • the first prompt information is used to prompt the user whether to use the ID card information to unlock the terminal device urgently;
  • the setting process may be a setting process that is triggered during the process of opening an electronic ID card using an application program that requires an electronic ID card, or a setting that is directly triggered by a user in the operating system without restriction.
  • the method further includes:
  • the biometric feature information includes: at least one of facial images, fingerprints, voiceprint information, and iris information;
  • the biometric feature information is stored in the secure area.
  • the unlocking of the terminal device includes:
  • the terminal device is unlocked.
  • the acquiring biometric feature information of the user who performs the unlocking operation includes:
  • the fingerprint of the user who performs the unlocking operation is acquired through a fingerprint sensor.
  • the method further includes:
  • the ID card information is stored in the safe area.
  • the method further includes:
  • the terminal device If it is detected that the number of input unlock password errors reaches a preset number of times, the terminal device is locked.
  • the method further includes:
  • the locking of the terminal device also includes a scenario in which the terminal device is not operated for locking beyond the preset duration in daily application scenarios.
  • this application provides a terminal device, including:
  • the first obtaining module is used to obtain the user's ID card information
  • the processing module is used to compare whether the identity card information is consistent with the identity card information stored in the safe area of the terminal device;
  • the processing module is also used to unlock the terminal device.
  • the first obtaining module specifically includes:
  • the NFC module is used to identify the user's physical ID card through NFC and obtain the user's ID card information.
  • processing module is specifically used to:
  • the terminal device further includes:
  • a receiving module configured to receive a first operation instruction input by a user, and the first operation instruction is used to instruct to activate an electronic ID card function
  • the processing module is further configured to push first prompt information according to the first operation instruction, and the first prompt information is used to prompt the user whether to use the ID card information to unlock the terminal device urgently;
  • the receiving module is further configured to receive a second operation instruction input by the user according to the first prompt information
  • the processing module is also used to store the ID card information in the secure area and install it in the secure area Watchdog for identity authentication.
  • the terminal device further includes: a second acquisition module, configured to acquire biometric feature information of the user if the second operation instruction also indicates that the user must be unlocked, the biometric feature information includes: At least one of facial images, fingerprints, voiceprint information, and iris information;
  • the processing module is also used to store the biometric feature information in the secure area.
  • the second obtaining module is also used to obtain biometric feature information of the user who performs the unlocking operation;
  • the processing module is specifically configured to unlock the terminal device if the biometric feature information of the user performing the unlocking operation matches the biometric feature information of the user stored in the secure area.
  • the second obtaining module is specifically used to:
  • the fingerprint of the user who performs the unlocking operation is acquired through a fingerprint sensor.
  • processing module is also used to:
  • the ID card information is stored in the safe area.
  • processing module is also used to:
  • the terminal device If it is detected that the number of input unlock password errors reaches a preset number of times, the terminal device is locked.
  • processing module is also used to:
  • this application provides a terminal device, including:
  • a processor a memory, and a security area, where the security area includes SE or TEE;
  • the memory is used to store a computer program, ID card information is stored in the secure area, and the processor executes the computer program to enable the terminal device to implement the terminal device unlocking method of any one of the first aspects .
  • the security area includes the security chip SE or TEE.
  • the terminal device further includes:
  • the NFC module of short-range wireless communication technology.
  • the NFC module is used to identify a user's ID card in the house and obtain ID information of the user.
  • the terminal device further includes at least one biological information acquisition device:
  • the present application provides a storage medium, including: a readable storage medium and a computer program, where the computer program is stored in the readable storage medium, and the computer program is used to implement any one of the first aspect The unlocking method of the terminal device described above.
  • the present application provides a program product, the program product includes a computer program, the computer program is stored in a readable storage medium, and at least one processor of a terminal device reads the computer from the readable storage medium Program, at least one processor executing the computer program to cause the terminal device to implement the method for unlocking the terminal device according to any one of the first aspect.
  • the present application provides a chip that is applied to a terminal device.
  • the chip includes: at least one communication interface, at least one processor, the processor is coupled to a memory via the communication interface, and the processing The device calls the computer program stored in the memory to execute the unlocking method of the terminal device according to any one of the first aspect.
  • the unlocking method, device and storage medium of the terminal device provided in this application, the terminal device obtains the ID card information of the user's physical ID card, and compares it with the ID card information stored in the secure area to determine whether they are consistent.
  • the terminal device is unlocked to provide a more secure and reliable unlocking solution, and the ID card information in the safe area cannot be erased by flashing, ensuring the safety of the data stored in the terminal device and further ensuring the safety of the user's property.
  • FIG. 1 is a schematic structural diagram of a terminal device provided by this application.
  • FIG. 2 is a schematic diagram of an unlocking function module of a terminal device provided by this application.
  • Embodiment 3 is a flowchart of Embodiment 1 of a method for unlocking a terminal device provided by this application;
  • Embodiment 4 is a flowchart of Embodiment 2 of a method for unlocking a terminal device provided by this application;
  • FIG. 5 is a schematic diagram of the process of setting ID card information to unlock when opening an electronic ID card provided by the application
  • FIG. 6 is a flowchart of separately enabling the ID unlocking function provided by the application.
  • Embodiment 8 is a schematic structural diagram of Embodiment 1 of a terminal device provided by this application.
  • Embodiment 9 is a schematic structural diagram of Embodiment 2 of a terminal device provided by this application.
  • Embodiment 3 of a terminal device provided by this application.
  • Embodiment 11 is a schematic structural diagram of Embodiment 4 of a terminal device provided in this application.
  • the current main method is to enter a specific unlock code to unlock the terminal device, and the current terminal device can only input numbers, which is easy to be cracked, and the terminal device is flashed After that, the password will be cleared, and the terminal device can be automatically unlocked, posing a threat to the user's data and property security.
  • the electronic ID card is realized by storing the personal information authenticated and authorized by the public security organ on the mobile phone side or the network side. In certain occasions, the use of the electronic ID card and the physical ID card when using it has the same equivalent.
  • the ID card information is stored in the cloud and is bound to Alipay and WeChat accounts. When using it, the information is obtained from the cloud through Alipay and WeChat.
  • the premise of this method is the terminal device It can be used normally, and applications such as WeChat or Alipay are installed. Therefore, it can only be used for identity verification when the terminal device is normally used, and cannot be used on a locked device, nor can it be used for unlocking.
  • the ID card information is stored in a safe area in the terminal device such as a mobile phone, and the ID card information can be obtained locally when used.
  • This solution is based on near field communication technology (Near Field Communication, NFC) and secure chip (SE), which reads physical ID information through NFC and stores the identity information in a separate SE security chip. The contents of the SE security chip will not be cleared when the machine is flashed, and the security level is financial.
  • NFC Near Field Communication
  • SE secure chip
  • the present application provides a method for unlocking a terminal device, which is applied in a terminal device and uses ID card information to unlock or emergency unlock the terminal device.
  • the terminal equipment involved in this solution includes the user's mobile phone, tablet computer and other user equipment, which can be a wireless terminal or a wired terminal, or any other security chip (secure element), or a trusted in the system Execution environment (Trusted Execution Environment, TEE), and set the terminal form of the NFC module.
  • the user's mobile phone, tablet computer and other user equipment which can be a wireless terminal or a wired terminal, or any other security chip (secure element), or a trusted in the system Execution environment (Trusted Execution Environment, TEE), and set the terminal form of the NFC module.
  • FIG. 1 is a schematic structural diagram of a terminal device provided by this application.
  • the terminal device includes at least: a processor, a memory, a security chip (SE), or a TEE divided by a system.
  • SE and TEE can be collectively called a safe area, and the content stored in the safe area cannot be cleared by operations such as flashing.
  • the memory is used to store computer programs, and can also be used to store data of terminal devices, etc.
  • the security chip belongs to a separate chip, where the stored content cannot be cleared by operations such as flashing, so in this solution it is used to store the user's ID card information,
  • the processor executes the computer program in the memory to implement the technical solution of the unlocking method of the terminal device provided by the present application, compares the user's ID card information, and performs emergency unlocking on the terminal device.
  • the NFC module in order to be able to obtain the physical ID card information, can be configured in the terminal device to read the ID card near the terminal device to obtain the ID card information, so that the follow-up can be followed Compare the ID card information stored in the security chip.
  • the security chip can also store the user's biometric information, which is used to unlock the user
  • the biometric information may be at least one of the user's facial image, the user's iris information, fingerprint information, voiceprint information, etc. Therefore, the terminal device may further include one or more biometric information acquisition devices, the The biometric information acquisition device may be a voice acquisition module such as a camera, fingerprint sensor, or microphone.
  • FIG. 2 is a schematic diagram of an unlocking function module of a terminal device provided by the present application.
  • Unlocking requires the cooperation of the operating system (OS), interface layer, business layer, device management layer, and hardware of the terminal device.
  • OS operating system
  • interface layer interface layer
  • business layer business layer
  • device management layer hardware of the terminal device.
  • the unlocking priority processing module of the interface layer is used to raise the priority of unlocking the ID card information to the highest level when unlocking using the ID card information, and place the priority of unlocking the password or unlocking with a special PIN code after the ID card information. Or ignore the password to unlock or special PIN code to unlock.
  • the unlocking priority processing module is connected to the mobile phone OS interface.
  • the unlocking logic discrimination module of the interface layer calls the various modules of the service layer of the terminal device to compare the ID card information or the biometric information, and then notifies the result of the comparison to the operating system of the terminal device. Taking a mobile phone as an example, by calling various internal service modules to realize information comparison, the unlocked result is notified to the upper mobile phone OS.
  • the ID card information comparison module of the business layer compares the user's physical ID card information obtained through the NFC driver module with the electronic ID card information stored in the SE to determine whether the two match; if necessary, it can also be called
  • the biometric comparison module determines whether the operator is the same as the owner of the terminal device.
  • the biometrics comparison module of the service layer determines whether the biometrics of the user currently performing the unlocking operation match the biometrics information previously stored in the security chip (also referred to as the security area).
  • the NFC driver module of the device management layer mainly has two functions. After the ID card is configured to unlock and the terminal device lock is triggered, the NFC driver module turns on the NFC switch of the mobile phone, and at the same time ensures that only NFC reads are processed in the locked state ID card information.
  • the information storage module of the device management layer is mainly responsible for reading electronic ID card information or biometric information from TEE/SE.
  • TEE represents a safe area in this solution, similar to SE.
  • the storage area of information cannot be erased by brushing This is called a safe area.
  • FIG. 3 is a flowchart of Embodiment 1 of a method for unlocking a terminal device provided by the present application. As shown in FIG. 3, based on the structure and function modules of the terminal device, the method for unlocking the terminal device specifically includes the following steps:
  • the terminal device when the terminal device is locked and needs to be unlocked, the user's ID card information can be obtained so that the terminal device can be subsequently unlocked through the ID card information.
  • the locking generally refers to the terminal device being locked due to the incorrect unlock password entered multiple times, or the user loses or cannot find the system on the terminal device by operating on the designated website
  • the server sends a lock instruction to the terminal device, the terminal device is locked.
  • the terminal device can also be locked in the process of daily use, without using fingerprints, passwords, etc. to unlock, and directly using the ID card information to lock, this solution is not limited.
  • Obtaining the user's ID card information in this solution refers to obtaining the information of the user's physical ID card that is performing an unlocking operation on the terminal device or triggering the unlocking operation.
  • the user's physical ID card needs to be identified, and the specific identification to obtain the identity
  • the certification information includes at least the following two methods:
  • the first way is to identify the user's physical ID card through NFC at a short distance to obtain the user's ID card information.
  • tags or tag chips or other types of chips in the physical ID card.
  • the terminal device needs to be installed with an NFC module and the NFC technology is used to identify the physical ID card to obtain the user's ID card information.
  • the image of the physical ID card is acquired through the camera, and the image of the physical ID card is identified and processed to obtain the ID card information.
  • the main information in the physical ID card includes the name, ID card number, etc., so you can get the user's name, date of birth, ID card number and other information in the image, this plan does not limit.
  • S102 Compare whether the identity card information is consistent with the identity card information stored in the secure area of the terminal device.
  • the terminal device is preset with the function of unlocking using the ID card information.
  • the terminal device After acquiring the ID card information of the user who triggered the unlock operation, the terminal device needs to read the ID card information stored in the secure area, and then Compare the ID card information stored in the security area with the obtained ID card information to determine whether the two ID card information match, for example, determine whether the name is consistent, determine whether the ID card number is consistent, etc. If it is determined that the two ID card information are consistent , It is considered to be an unlock operation triggered by the owner of the terminal device. If they are inconsistent, the user is considered to be illegal, and the unlocking operation can be refused to continue to lock the terminal device.
  • positioning may be performed to obtain location information and report the location information to the server.
  • an alarm can be issued, an alarm prompt can be played, or the alarm information can be sent to other terminal devices.
  • the terminal device needs to first read the ID card information from the secure area, and then compare it.
  • the process can be performed by the guard program set in the secure area
  • the terminal device can start the watchdog program set in the secure area to read the ID card information stored in the secure area;
  • the guard program compares whether the identity card information read in the secure area is consistent with the identity card information obtained through NFC.
  • the watchdog program cannot be cleared by flashing, etc., to ensure that when the terminal device is rooted and other applications and data are cleared, the data in the secure area (that is, SE/TEE) can still be read. And carry out the information comparison process to avoid the problem that the data in the safe area cannot be applied due to operations such as flashing.
  • the terminal device determines that the identity card information of the user in the unlocking operation is consistent with the identity card information stored in the security area, the terminal device is unlocked to realize the function of unlocking using the identity card information.
  • the terminal device obtains the identity card information of the user's physical ID card and compares it with the ID card information stored in the secure area to determine whether they are consistent. If they are consistent, the terminal device is unlocked , Provide a safer and more reliable unlocking scheme, and the ID card information in the safe area can not be erased by flashing, to ensure the safety of the data stored in the terminal device, and to further ensure the safety of the user’s property.
  • FIG. 4 is a flowchart of Embodiment 2 of the method for unlocking a terminal device provided by the present application.
  • the terminal device needs to implement the function of unlocking using ID card information in addition to setting it to
  • the default function may also be an optional function set according to the user's choice, and an interface for setting the function may be provided in the operating system of the terminal device, and the user may set according to actual needs.
  • the specific setting process includes:
  • S201 Receive a first operation instruction input by a user, where the first operation instruction is used to instruct the activation of an electronic ID card function.
  • the user can choose through the system settings, that is, the first operation instruction, to set the electronic ID function, or to open the electronic ID function in applications such as WeChat and Alipay.
  • the terminal device pushes the first prompt information to the user while enabling the electronic ID function according to the user's first operation instruction, for example, to display on the interface, the first prompt information is used to prompt the user whether to use the ID card information to the terminal
  • the device can be unlocked in an emergency, and the terminal device can also be unlocked by an ordinary system.
  • This solution is not limited.
  • the first prompt information can be pushed to the user through display or voice playback, sending information, etc.
  • the solution is not limited.
  • S203 Receive a second operation instruction input by the user according to the first prompt information.
  • the user can determine whether to use the electronic ID card information to unlock the terminal device according to his own choice, click to select on the operation interface of the terminal device, or use voice
  • a second operation instruction is input, and the second operation instruction is used to instruct the user that the user chooses to use the electronic identity card information for unlocking, or does not use the electronic identity card information for unlocking.
  • the terminal device stores the ID card information in a secure area, that is, a security chip, optionally, you can also install a guard program in the secure area, The guard program is used to read the information in the secure area and compare the ID card information.
  • the second operation instruction indicates that the ID card information is not used for emergency unlocking of the terminal device, the ID card information is stored in the secure area without installing a guard program.
  • FIG. 5 is a schematic diagram of the process of setting ID card information unlocking when opening an electronic ID card provided by this application.
  • a user opens an ID card, the user is prompted whether to enable ID card unlocking, that is, whether to unlock the electronic ID card information Used for emergency unlocking. If the customer chooses yes, in the normal activation process, in addition to storing the ID card information in the SE, the daemon will be installed in a safe area that will not be cleared when the machine is flashed, which is the SE in the figure.
  • the unlocking priority processing module in the terminal device also disables PIN unlocking, that is, ignoring PIN unlocking when using ID card information for unlocking, the meaning of this function is that after the emergency unlocking of the electronic ID card is activated, the original The PIN unlocking mechanism will be disabled, which can prevent the above-mentioned hacker from extorting the owner by controlling the PIN lock machine.
  • the user may be further prompted whether it must unlock itself, and if the user selects the option that must be unlocked by himself (ie Y), at the same time, when the user opens the ID card, other biometric information such as the face or fingerprints, iris information, voiceprint information, etc. entered are also stored in a safe area that will not be cleared, that is, stored in the SE/TEE in the figure. If it is selected that no personal unlocking is required, the process ends.
  • FIG. 6 is a flowchart of separately opening the ID card unlocking function provided by this application. If shown in 6, the process shown in the figure is different from that shown in FIG. 5 above, the terminal device is not in applications such as WeChat or Alipay.
  • the settings and selections made when the electronic ID card is opened are independent of the application process, and the electronic ID card unlocking function is enabled separately for the terminal device. Specifically, the selection operation is enabled through the system setting of the terminal device to enable the ID card To unlock, you need to determine whether the electronic ID card has been opened. If not, the ID card unlock function fails. If the electronic ID card has been opened, the electronic ID card unlock function is enabled. At the same time, the guards are installed and saved in SE/TEE The procedure is the same as the process shown in FIG. 5 described above. Specifically, after the electronic ID card is activated, the following actions are required:
  • the purpose of disabling PIN unlock is to ensure that after the phone is locked, it can only be unlocked by ID card to ensure security.
  • the purpose is to ensure that the care program will not be cleared after the subsequent flashing, and the ID card can still be operated to unlock.
  • biometric information such as face images and fingerprints entered when you open the electronic ID card into a safe area for storage.
  • the terminal device After the terminal device has unlocked the ID card information unlocking function according to the above methods, the terminal device can be unlocked using the ID card information in multiple scenarios.
  • the application of the terminal device unlocking scheme includes at least the following Scenes:
  • Scenario 1 Unlock after locking the screen of the terminal device in the daily application process.
  • Scenario 2 The user locks the terminal device remotely. Taking a mobile phone as an example, after a user loses his mobile phone, he can log in to the mobile phone manufacturer's website and turn on the mobile phone retrieval function. In the mobile phone retrieval interface, you can set a locked mobile phone. If the user has previously opened the electronic ID card according to the previous plan and set to use the ID card to unlock, the mobile phone will be locked remotely. In the future, even if the mobile phone is maliciously flashed, the key information such as electronic ID card information and guards will not be cleared during the flashing process. After the flashing, the mobile phone will still be locked.
  • Scenario 3 The user's misoperation causes the terminal device to lock. Taking a mobile phone as an example, when a user uses a mobile phone, if a password, gesture, or fingerprint is used to unlock, the mobile phone will be locked after multiple consecutive input errors. If the user has previously opened the electronic ID card according to the foregoing scheme and is set to use the ID card to unlock, the lock interface prompts the user to unlock the ID card instead of entering the PIN code.
  • FIG 7 is a schematic diagram of the process of unlocking using ID card information provided by this application.
  • the terminal device is a mobile phone and the security area is SE as an example. If unlocking by ID card is set, the NFC switch of the mobile phone will default Open, after the user uses the physical ID card to approach the NFC card reading area of the mobile phone, the ID card unlock daemon in the secure area will be activated. The daemon will read the information of the physical ID card and compare it with the electronic ID card information stored in the SE Yes, if the information of the two ID cards is the same, the ID card will pass the verification. If the user has not set it and needs to unlock it, he can directly unlock the mobile phone at this time.
  • the phone will start the biometric recognition process, for example, you can start the camera, take the user's facial image, compare it with the user image stored in the SE through the guard program, or start the fingerprint
  • the sensor obtains the user's fingerprint and compares it with the fingerprint stored in the SE, or collects the user's voice analysis to obtain the user's voiceprint information and compare it with the voiceprint information stored in the SE. To match the biometric information, if the match is successful, then complete the unlock.
  • the user Before comparing the biometric information of the user, the user can also perform a live detection on the user through the camera, to avoid other people taking pictures of the user, etc., to further improve the security of the terminal device.
  • the following uses a mobile phone as an example to illustrate the specific process of unlocking with an ID card.
  • the phone interface will prompt that the ID card needs to be unlocked, and the system will turn on the NFC switch by default.
  • the user brings the physical ID card close to the NFC sensing area of the mobile phone.
  • the NFC determines that the card type is the ID card, and obtains the ID card information of the physical ID card to activate the guard program for unlocking the ID card.
  • the caretaker program reads the electronic ID card information from the SE and compares it with the physical ID card information read by NFC. If the two ID card information are the same, different treatments will be done according to whether you need the option of unlocking yourself:
  • the ID card unlock function After the user deletes the electronic ID card on the mobile phone, the ID card unlock function will be automatically turned off; the user can also automatically turn off the ID card unlock function in the setting interface. Corresponding to when the ID unlock function is turned on, the closing action will trigger the following actions:
  • the unlocking solution of the terminal device provided in this application the unlocking comparison information is stored in a separate security chip, and the comparison information is encrypted ID card information approved by the Ministry of Public Security. It is extremely safe, and it also introduces photos when handling ID cards ( Or other biometric information) as the basis for the identification of the owner, to ensure that the mobile phone data is not leaked in a chain due to the leakage of the ID card.
  • the main comparison information in this solution is stored in the non-erasable area of the mobile phone, which can ensure that it continues to work normally after extreme operations such as flashing. At the same time, the solution does not rely on the network, users can complete the unlocking behavior by themselves, without relying on the assistance of the business hall, it is simple and convenient.
  • the ciphertext of this solution is more secure and will not be affected by operations such as flashing. And also has a user identity verification function, which can prevent others from booting after obtaining the password. At the same time, because the unlock uses a physical medium, it can also prevent the current PIN unlock mechanism from being ransomed by hackers and then extorting users.
  • the method of unlocking the terminal device provided in this application, the method of verifying the identity of the cardholder of the user's ID card is to compare the face.
  • the purpose of this verification is to verify whether the cardholder himself operates, so the verification method is in addition to the face
  • other biological characteristics such as infrared face, iris, fingerprint, voiceprint, etc., or a combination of several biological characteristics can also be used. Through various biometric identification schemes, it is guaranteed that only the ID card holder can unlock.
  • the main application scenario provided by the above embodiments is unlocking.
  • the premise of the implementation of the solution is as long as it can perform the security verification of the ID card information and assist the identification of the ID card holder. It is not limited to a mobile phone terminal, nor It is limited to unlocking this kind of operation scenario, and can be widely used in various scenarios that require authentication.
  • ID information stored in a secure area in advance and comparing it with a physical ID By using ID information stored in a secure area in advance and comparing it with a physical ID, various devices and various authentications can be realized For applications in scenarios, this solution is not limited.
  • FIG. 8 is a schematic structural diagram of Embodiment 1 of a terminal device provided by this application. As shown in FIG. 8, the terminal device 10 provided by this embodiment includes:
  • the first obtaining module 11 is used to obtain the ID card information of the user
  • the processing module 12 is used to compare whether the identity card information is consistent with the identity card information stored in the safe area of the terminal device;
  • the processing module 12 is also used to unlock the terminal device.
  • the terminal device provided in this embodiment is used to execute the technical solution in any of the foregoing method embodiments, and its implementation principle and technical effect are similar.
  • the terminal device obtains the ID information of the user’s physical ID card and stores it in a secure area. Compare the ID card information to determine whether they are consistent. If they are consistent, unlock the terminal device to provide a safer and more reliable unlocking solution, and the ID card information in the safe area cannot be erased by flashing to ensure the data stored in the terminal device Security, and further guarantee the safety of the user’s property.
  • FIG. 9 is a schematic structural diagram of Embodiment 2 of a terminal device provided by this application.
  • the first acquiring module 11 specifically includes:
  • the NFC module 111 is used to identify the user's physical ID card through NFC and obtain the ID card information of the user.
  • processing module 12 is specifically used to:
  • the terminal device 10 is a schematic structural diagram of Embodiment 3 of a terminal device provided by this application. As shown in FIG. 10, the terminal device 10 further includes:
  • the receiving module 13 is configured to receive a first operation instruction input by a user, and the first operation instruction is used to instruct to activate an electronic ID card function;
  • the processing module 12 is further configured to push first prompt information according to the first operation instruction, and the first prompt information is used to prompt the user whether to use the ID card information to unlock the terminal device urgently;
  • the receiving module 13 is further configured to receive a second operation instruction input by the user according to the first prompt information
  • the processing module 12 is further configured to store the ID card information in the safe area and in the safe area Install a watchdog for authentication.
  • FIG. 11 is a schematic structural diagram of Embodiment 4 of a terminal device provided by the present application.
  • the terminal device 10 further includes: a second obtaining module 14 for indicating that the second operation instruction must also be unlocked by himself , Then acquire the user's biometric feature information, the biometric feature information includes: at least one of facial images, fingerprints, voiceprint information and iris information;
  • the processing module 12 is also used to store the biometric feature information in the secure area.
  • the second obtaining module 14 is further used to obtain biometric feature information of the user who performs the unlocking operation;
  • the processing module 12 is specifically configured to unlock the terminal device if the biometric feature information of the user performing the unlocking operation matches the biometric feature information of the user stored in the secure area.
  • the second obtaining module 14 is specifically used to:
  • the fingerprint of the user who performs the unlocking operation is acquired through a fingerprint sensor.
  • processing module 12 is also used to:
  • the ID card information is stored in the safe area.
  • processing module 12 is also used to:
  • the terminal device If it is detected that the number of input unlock password errors reaches a preset number of times, the terminal device is locked.
  • processing module 12 is also used to:
  • the terminal device provided in any one of the foregoing implementation manners is used to execute any technical solution in the foregoing method embodiments, and its implementation principles and technical effects are similar, and are not described herein again.
  • This application also provides a storage medium, including:
  • a readable storage medium and a computer program and the computer program is stored in the readable storage medium, and the computer program is used to implement the unlocking method of the terminal device provided by any of the foregoing method embodiments.
  • the application also provides a program product, the program product includes a computer program, the computer program is stored in a readable storage medium, and at least one processor of the terminal device reads the computer program from the readable storage medium, at least A processor executes the computer program to cause the terminal device to implement the unlocking method of the terminal device provided in any of the foregoing method embodiments.
  • the present application also provides a chip applied to a terminal device, the chip includes: at least one communication interface, at least one processor, the processor is coupled to a memory via the communication interface, and the processor calls The computer program stored in the memory implements the unlocking method of the terminal device provided by any of the foregoing method embodiments.
  • the memory may be provided outside the chip or integrated in the chip.
  • the communication interface may be various interfaces that enable the processor to access the memory, such as an input interface, a processing device, and an output interface, and may also be a universal flash memory (UFS) interface, fast peripheral component interconnection (peripheral component interconnection express, PCIe) interface etc.
  • UFS universal flash memory
  • PCIe fast peripheral component interconnection express
  • the processor may be a central processing unit (English: Central Processing Unit, referred to as: CPU), or other general-purpose processors, digital signal processors (English: Digital Signal Processor, referred to as : DSP), Application Specific Integrated Circuit (English: Application Specific Integrated Circuit, ASIC for short), etc.
  • the general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in this application may be directly implemented and completed by a hardware processor, or may be implemented and completed by a combination of hardware and software modules in the processor.
  • the aforementioned program can be stored in a readable memory.
  • the steps including the above method embodiments are executed; and the aforementioned memory (storage medium) includes: read-only memory (English: read-only memory, abbreviation: ROM), RAM, flash memory, hard disk, Solid state hard disk, magnetic tape (English: magnetic), floppy disk (English: floppy disk), optical disk (English: optical) and any combination thereof.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephone Function (AREA)

Abstract

Provided are a method and device for unlocking a terminal device, and a storage medium. The method comprises: a terminal device acquiring identity card information of a physical identity card of a user; performing comparison to determine whether the identity card information is consistent with identity card information stored in a secure region; and if so, unlocking the terminal device. The invention provides a securer and more reliable unlocking solution. Moreover, the identity card information in the secure region cannot be erased during a firmware replacement, thereby ensuring security of data stored in the terminal device, and accordingly ensuring property safety of the user.

Description

终端设备的解锁方法、设备和存储介质Unlocking method, device and storage medium of terminal equipment 技术领域Technical field
本申请涉及智能技术,尤其涉及一种终端设备的解锁方法、设备和存储介质。The present application relates to smart technology, and in particular to an unlocking method, device and storage medium of a terminal device.
背景技术Background technique
随着智能终端设备的普及,终端设备中的各种应用程序应运而生,用户在使用过程中在终端设备中存储的信息也越来越多,因此终端设备的安全尤为重要。With the popularization of smart terminal devices, various application programs in the terminal device have emerged at the historic moment, and users store more and more information in the terminal device during use, so the security of the terminal device is particularly important.
目前,为了保证终端设备的按组去哪,在终端设备的使用过程中,可能会对终端设备进行锁定,常见的锁定场景包括以下两种:用户多次输入密码错误,或者,用户在设备丢失后,登录指定网站,通过找回功能远程对终端设备进行锁定。目前常用的方式是通过输入特定的解锁码对终端设备进行解锁的,因为解锁界面只能输入数字,也就是说解锁码一般由若干位数字组成,密码比较容易破解,并且密码是保存在终端设备操作系统的数据区域,在进行刷机操作后,密码会被擦除。At present, in order to ensure where the terminal devices go, in the process of using the terminal devices, the terminal devices may be locked. Common locking scenarios include the following two types: the user enters the password incorrectly multiple times, or the user loses the device After that, log in to the designated website and lock the terminal device remotely through the retrieval function. At present, the common way is to unlock the terminal device by entering a specific unlock code, because the unlock interface can only enter numbers, that is to say, the unlock code is generally composed of several digits, the password is easier to crack, and the password is stored in the terminal device In the data area of the operating system, the password will be erased after the flashing operation.
综上所述,终端设备的解锁码容易被擦除或者破解,也容易被黑客设定特定的解锁码导致用户不能正常使用,对用户的数据和财产安全造成威胁。In summary, the unlock code of the terminal device is easy to be erased or cracked, and it is also easy for a hacker to set a specific unlock code, which causes the user to be unable to use it normally and poses a threat to the safety of the user's data and property.
发明内容Summary of the invention
本申请提供一种终端设备的解锁方法、设备和存储介质,用于解决终端设备的解锁码容易被擦除或者破解,也容易被黑客设定特定的解锁码导致用户不能正常使用,对用户的数据和财产安全造成威胁的问题。This application provides a method, device and storage medium for unlocking a terminal device, which is used to solve the problem that the unlock code of the terminal device is easy to be erased or cracked, and it is also easy for the hacker to set a specific unlock code that causes the user to not use it normally. Data and property security pose a threat.
第一方面,本申请提供一种终端设备的解锁方法,包括:In a first aspect, the present application provides a method for unlocking a terminal device, including:
获取用户的身份证信息;Obtain the user's ID card information;
对比所述身份证信息和存储在终端设备的安全区域中的身份证信息是否一致;Compare whether the identity card information is consistent with the identity card information stored in the secure area of the terminal device;
若一致,则对所述终端设备进行解锁。If they match, the terminal device is unlocked.
在上述方案的一种具体实现中,所述获取用户的身份证信息,包括:In a specific implementation of the above solution, the acquiring ID information of the user includes:
通过NFC识别所述用户的物理身份证,获取所述用户的身份证信息。Identify the user's physical ID card through NFC to obtain the user's ID card information.
可选的,还可以通过摄像头拍摄获取物理身份证的图像,对该图像进行识别处理,得到身份证信息。Optionally, an image of a physical ID card can also be obtained through a camera, and the image can be identified and processed to obtain ID card information.
在另一种具体实现中,所述对比所述身份证信息和存储在终端设备的安全区域中的身份证信息是否一致,包括:In another specific implementation, the comparing whether the ID card information is consistent with the ID card information stored in the secure area of the terminal device includes:
启动设置在所述安全区域中的看守程序,读取存储在所述安全区域中的身份证信息;Start a watchdog program set in the secure area, and read the ID card information stored in the secure area;
通过所述看守程序,对比所述安全区域中读取到的身份证信息和通过NFC获取到的身份证信息是否一致。Through the guard program, compare whether the identity card information read in the security area is consistent with the identity card information obtained through NFC.
该方案的具体实现中,不限于通过看守程序进行身份证信息的对比,也可以是终端设备的系统应用或者其他的应用程序进行对比,对此本方案不做限制。In the specific implementation of this solution, it is not limited to the comparison of ID card information through a watchdog program, but can also be compared with the system application of the terminal device or other application programs, and this solution is not limited.
进一步地,所述方法还包括:Further, the method further includes:
接收用户输入的第一操作指令,所述第一操作指令用于指示开通电子身份证功能;Receiving a first operation instruction input by a user, where the first operation instruction is used to instruct to activate an electronic ID card function;
根据所述第一操作指令,推送第一提示信息,所述第一提示信息用于提示用户是否使用身份证信息对终端设备进行紧急解锁;Pushing first prompt information according to the first operation instruction, the first prompt information is used to prompt the user whether to use the ID card information to unlock the terminal device urgently;
接收用户根据所述第一提示信息输入的第二操作指令;Receiving a second operation instruction input by the user according to the first prompt information;
若所述第二操作指令指示使用所述身份证信息对终端设备进行紧急解锁,则将所述身份证信息存储至所述安全区域,并在所述安全区域中安装用于身份认证的看守程序。If the second operation instruction instructs to use the ID card information for emergency unlocking of the terminal device, store the ID card information in the secure area, and install a guard program for identity authentication in the secure area .
该设置过程可以在使用需要电子身份证的应用程序,开通电子身份证的过程中触发的设置过程,也可以是用户直接单独在操作系统中触发的设置,对此不做限制。The setting process may be a setting process that is triggered during the process of opening an electronic ID card using an application program that requires an electronic ID card, or a setting that is directly triggered by a user in the operating system without restriction.
可选的,所述方法还包括:Optionally, the method further includes:
若所述第二操作指令还指示必须本人解锁,则获取所述用户的生物识别特征信息,所述生物识别特征信息包括:面部图像、指纹、声纹信息以及虹膜信息中的至少一个;If the second operation instruction also indicates that the user must be unlocked, acquire the user's biometric feature information, the biometric feature information includes: at least one of facial images, fingerprints, voiceprint information, and iris information;
将所述生物识别特征信息存储在所述安全区域中。The biometric feature information is stored in the secure area.
进一步地,所述对所述终端设备进行解锁,包括:Further, the unlocking of the terminal device includes:
获取执行解锁操作的用户的生物识别特征信息;Obtain the biometric feature information of the user who performs the unlock operation;
若所述执行解锁操作的用户的生物识别特征信息与所述安全区域中存储的用户的生物识别特征信息匹配,则对所述终端设备进行解锁。If the biometric feature information of the user performing the unlocking operation matches the biometric feature information of the user stored in the secure area, the terminal device is unlocked.
可选的,所述获取执行解锁操作的用户的生物识别特征信息,包括:Optionally, the acquiring biometric feature information of the user who performs the unlocking operation includes:
启动摄像头拍摄获取执行解锁操作的用户的面部图像;Start the camera to capture the face image of the user who performs the unlock operation;
和/或,and / or,
采集所述执行解锁操作的用户的语音信息,对所述语音信息进行分析得到声纹信息;Collecting voice information of the user who performs the unlocking operation, and analyzing the voice information to obtain voiceprint information;
和/或,and / or,
启动摄像头拍摄获取执行解锁操作的用户的虹膜图像,并对所述虹膜图像进行处理得到虹膜信息;Start the camera to capture and obtain the iris image of the user who performs the unlocking operation, and process the iris image to obtain iris information;
和/或,and / or,
通过指纹传感器获取所述执行解锁操作的用户的指纹。The fingerprint of the user who performs the unlocking operation is acquired through a fingerprint sensor.
可选的,所述方法还包括:Optionally, the method further includes:
若所述第二操作指令指示不使用所述身份证信息对终端设备进行紧急解锁,则将所述身份证信息存储至所述安全区域。If the second operation instruction indicates that the ID card information is not used for emergency unlocking of the terminal device, the ID card information is stored in the safe area.
可选的,所述方法还包括:Optionally, the method further includes:
若检测到输入的解锁密码错误的次数达到预设次数,则将所述终端设备进行锁定。If it is detected that the number of input unlock password errors reaches a preset number of times, the terminal device is locked.
可选的,所述方法还包括:Optionally, the method further includes:
根据服务器发送的锁定指示,将所述终端设备进行锁定。Lock the terminal device according to the lock instruction sent by the server.
可选的,终端设备的锁定还包括日常应用场景中,超过预设时长未操作终端设备进行锁定的场景。Optionally, the locking of the terminal device also includes a scenario in which the terminal device is not operated for locking beyond the preset duration in daily application scenarios.
第二方面,本申请提供一种终端设备,包括:In a second aspect, this application provides a terminal device, including:
第一获取模块,用于获取用户的身份证信息;The first obtaining module is used to obtain the user's ID card information;
处理模块,用于对比所述身份证信息和存储在终端设备的安全区域中的身份证信息是否一致;The processing module is used to compare whether the identity card information is consistent with the identity card information stored in the safe area of the terminal device;
若一致,则所述处理模块还用于对所述终端设备进行解锁。If they are consistent, the processing module is also used to unlock the terminal device.
可选的,所述第一获取模块具体包括:Optionally, the first obtaining module specifically includes:
NFC模块,用于通过NFC识别所述用户的物理身份证,获取所述用户的身份证信息。The NFC module is used to identify the user's physical ID card through NFC and obtain the user's ID card information.
可选的,所述处理模块具体用于:Optionally, the processing module is specifically used to:
启动设置在所述安全区域中的看守程序,读取存储在所述安全区域中的身份证信息;Start a watchdog program set in the secure area, and read the ID card information stored in the secure area;
通过所述看守程序,对比所述安全区域中读取到的身份证信息和通过NFC获取到的身份证信息是否一致。Through the guard program, compare whether the identity card information read in the security area is consistent with the identity card information obtained through NFC.
可选的,所述终端设备还包括:Optionally, the terminal device further includes:
接收模块,用于接收用户输入的第一操作指令,所述第一操作指令用于指示开通电子身份证功能;A receiving module, configured to receive a first operation instruction input by a user, and the first operation instruction is used to instruct to activate an electronic ID card function;
所述处理模块还用于根据所述第一操作指令,推送第一提示信息,所述第一提示信息用于提示用户是否使用身份证信息对终端设备进行紧急解锁;The processing module is further configured to push first prompt information according to the first operation instruction, and the first prompt information is used to prompt the user whether to use the ID card information to unlock the terminal device urgently;
所述接收模块还用于接收用户根据所述第一提示信息输入的第二操作指令;The receiving module is further configured to receive a second operation instruction input by the user according to the first prompt information;
若所述第二操作指令指示使用所述身份证信息对终端设备进行紧急解锁,则所述处理模块还用于将所述身份证信息存储至所述安全区域,并在所述安全区域中安装用于身份认证的看守程序。If the second operation instruction instructs to use the ID card information for emergency unlocking of the terminal device, the processing module is also used to store the ID card information in the secure area and install it in the secure area Watchdog for identity authentication.
可选的,所述终端设备还包括:第二获取模块,用于若所述第二操作指令还指示必须本人解锁,则获取所述用户的生物识别特征信息,所述生物识别特征信息包括:面部图像、指纹、声纹信息以及虹膜信息中的至少一个;Optionally, the terminal device further includes: a second acquisition module, configured to acquire biometric feature information of the user if the second operation instruction also indicates that the user must be unlocked, the biometric feature information includes: At least one of facial images, fingerprints, voiceprint information, and iris information;
所述处理模块还用于将所述生物识别特征信息存储在所述安全区域中。The processing module is also used to store the biometric feature information in the secure area.
可选的,所述第二获取模块还用于获取执行解锁操作的用户的生物识别特征信息;Optionally, the second obtaining module is also used to obtain biometric feature information of the user who performs the unlocking operation;
所述处理模块具体用于若所述执行解锁操作的用户的生物识别特征信息与所述安全区域中存储的用户的生物识别特征信息匹配,则对所述终端设备进行解锁。The processing module is specifically configured to unlock the terminal device if the biometric feature information of the user performing the unlocking operation matches the biometric feature information of the user stored in the secure area.
可选的,所述第二获取模块具体用于:Optionally, the second obtaining module is specifically used to:
启动摄像头拍摄获取执行解锁操作的用户的面部图像;Start the camera to capture the face image of the user who performs the unlock operation;
和/或,and / or,
采集所述执行解锁操作的用户的语音信息,对所述语音信息进行分析得到声纹信息;Collecting voice information of the user who performs the unlocking operation, and analyzing the voice information to obtain voiceprint information;
和/或,and / or,
启动摄像头拍摄获取执行解锁操作的用户的虹膜图像,并对所述虹膜图像进行处理得到虹膜信息;Start the camera to capture and obtain the iris image of the user who performs the unlocking operation, and process the iris image to obtain iris information;
和/或,and / or,
通过指纹传感器获取所述执行解锁操作的用户的指纹。The fingerprint of the user who performs the unlocking operation is acquired through a fingerprint sensor.
可选的,所述处理模块还用于:Optionally, the processing module is also used to:
若所述第二操作指令指示不使用所述身份证信息对终端设备进行紧急解锁,则将所述身份证信息存储至所述安全区域。If the second operation instruction indicates that the ID card information is not used for emergency unlocking of the terminal device, the ID card information is stored in the safe area.
可选的,所述处理模块还用于:Optionally, the processing module is also used to:
若检测到输入的解锁密码错误的次数达到预设次数,则将所述终端设备进行锁定。If it is detected that the number of input unlock password errors reaches a preset number of times, the terminal device is locked.
可选的,所述处理模块还用于:Optionally, the processing module is also used to:
根据服务器发送的锁定指示,将所述终端设备进行锁定。Lock the terminal device according to the lock instruction sent by the server.
第三方面,本申请提供一种终端设备,包括:In a third aspect, this application provides a terminal device, including:
处理器、存储器以及安全区域,所述安全区域包括SE或者TEE;A processor, a memory, and a security area, where the security area includes SE or TEE;
所述存储器用于存储计算机程序,所述安全区域中存储有身份证信息,所述处理器执行所述计算机程序以使所述终端设备实现第一方面任一项所述的终端设备的解锁方法。The memory is used to store a computer program, ID card information is stored in the secure area, and the processor executes the computer program to enable the terminal device to implement the terminal device unlocking method of any one of the first aspects .
该安全区域包括安全芯片SE或者TEE。The security area includes the security chip SE or TEE.
可选的,所述终端设备还包括:Optionally, the terminal device further includes:
近距离无线通讯技术NFC模块,所述NFC模块用于识别用户的屋里身份证,获取所述用户的身份证信息。NFC module of short-range wireless communication technology. The NFC module is used to identify a user's ID card in the house and obtain ID information of the user.
可选的,所述终端设备还包括以下至少一个生物信息获取装置:Optionally, the terminal device further includes at least one biological information acquisition device:
摄像头、指纹传感器、语音采集模块。Camera, fingerprint sensor, voice acquisition module.
第四方面,本申请提供一种存储介质,包括:可读存储介质和计算机程序,所述计算机程序存储在所述可读存储介质中,所述计算机程序用于实现第一方面任一项所述的终端设备的解锁方法。In a fourth aspect, the present application provides a storage medium, including: a readable storage medium and a computer program, where the computer program is stored in the readable storage medium, and the computer program is used to implement any one of the first aspect The unlocking method of the terminal device described above.
第五方面,本申请提供一种程序产品,所述程序产品包括计算机程序,所述计算机程序存储在可读存储介质中,终端设备的至少一个处理器从可读存储介质中读取所述计算机程序,至少一个处理器执行所述计算机程序使得终端设备实现第一方面任一项所述的终端设备的解锁方法。According to a fifth aspect, the present application provides a program product, the program product includes a computer program, the computer program is stored in a readable storage medium, and at least one processor of a terminal device reads the computer from the readable storage medium Program, at least one processor executing the computer program to cause the terminal device to implement the method for unlocking the terminal device according to any one of the first aspect.
第六方面,本申请提供一种芯片,所述芯片应用于终端设备,所述芯片包括:至少一个通信接口,至少一个处理器,所述处理器经由所述通信接口与存储器耦合,所述处理器调用所述存储器中存储的计算机程序,以执行第一方面任一项所述的终端设备的解锁方法。According to a sixth aspect, the present application provides a chip that is applied to a terminal device. The chip includes: at least one communication interface, at least one processor, the processor is coupled to a memory via the communication interface, and the processing The device calls the computer program stored in the memory to execute the unlocking method of the terminal device according to any one of the first aspect.
本申请提供的终端设备的解锁方法、设备和存储介质,终端设备通过获取用户的物理身份证的身份证信息,与存储在安全区域中的身份证信息进行对比,确定是否一致,若一致时对终端设备进行解锁,提供一种更安全可靠的解锁方案,并且安全区域中的身份证信息不能被刷机刷掉,保证终端设备中存储的数据的安全,并进一步保证用户的财产安全。The unlocking method, device and storage medium of the terminal device provided in this application, the terminal device obtains the ID card information of the user's physical ID card, and compares it with the ID card information stored in the secure area to determine whether they are consistent. The terminal device is unlocked to provide a more secure and reliable unlocking solution, and the ID card information in the safe area cannot be erased by flashing, ensuring the safety of the data stored in the terminal device and further ensuring the safety of the user's property.
附图说明BRIEF DESCRIPTION
图1为本申请提供的终端设备的一种结构示意图;1 is a schematic structural diagram of a terminal device provided by this application;
图2为本申请提供的终端设备的解锁功能模块的示意图;2 is a schematic diagram of an unlocking function module of a terminal device provided by this application;
图3为本申请提供的终端设备的解锁方法实施例一的流程图;3 is a flowchart of Embodiment 1 of a method for unlocking a terminal device provided by this application;
图4为本申请提供的终端设备的解锁方法实施例二的流程图;4 is a flowchart of Embodiment 2 of a method for unlocking a terminal device provided by this application;
图5为本申请提供的开通电子身份证时设置身份证信息解锁的流程示意图;FIG. 5 is a schematic diagram of the process of setting ID card information to unlock when opening an electronic ID card provided by the application;
图6为本申请提供的单独开启身份证解锁功能的流程图;FIG. 6 is a flowchart of separately enabling the ID unlocking function provided by the application;
图7为本申请提供的使用身份证信息解锁的流程示意图;7 is a schematic diagram of the process of using the ID card information to unlock the application provided;
图8为本申请提供的终端设备实施例一的结构示意图;8 is a schematic structural diagram of Embodiment 1 of a terminal device provided by this application;
图9为本申请提供的终端设备实施例二的结构示意图;9 is a schematic structural diagram of Embodiment 2 of a terminal device provided by this application;
图10为本申请提供的终端设备实施例三的结构示意图;10 is a schematic structural diagram of Embodiment 3 of a terminal device provided by this application;
图11为本申请提供的终端设备实施例四的结构示意图。11 is a schematic structural diagram of Embodiment 4 of a terminal device provided in this application.
具体实施方式detailed description
由背景技术的内容可知,终端设备在被锁定之后,目前主要的方式是输入特定的解锁码对终端设备进行解锁,而目前的终端设备只能输入数字,容易被破解,并且在终端设备被刷机之后密码会被清除,终端设备可自动解锁,对用户的数据和财产安全造成威胁。It can be seen from the content of the background art that after the terminal device is locked, the current main method is to enter a specific unlock code to unlock the terminal device, and the current terminal device can only input numbers, which is easy to be cracked, and the terminal device is flashed After that, the password will be cleared, and the terminal device can be automatically unlocked, posing a threat to the user's data and property security.
随着智能手机等智能设备的普及和发展,电子身份证就是最新的一种应用。电子身份证是通过将公安机关认证授权的个人信息,存储在手机侧或网络侧来实现的,在一定场合,使用时出示电子身份证与物理身份证具有同等效用。With the popularization and development of smart devices such as smart phones, electronic ID cards are the latest application. The electronic ID card is realized by storing the personal information authenticated and authorized by the public security organ on the mobile phone side or the network side. In certain occasions, the use of the electronic ID card and the physical ID card when using it has the same equivalent.
电子身份证有两种实现思路:There are two ways to realize the electronic ID card:
一种是以支付宝、微信等互联网服务提供商为主的方案,身份证信息存储在云端,与支付宝、微信账号绑定,使用时通过支付宝、微信从云端获取信息,该方式的前提是终端设备能正常使用,并且安装有微信或者支付宝等应用。因此只能在终端设备正常使用的情况下用于身份验证,并不能在锁定的设备上使用,更无法用于解锁。One is based on Alipay, WeChat and other Internet service providers. The ID card information is stored in the cloud and is bound to Alipay and WeChat accounts. When using it, the information is obtained from the cloud through Alipay and WeChat. The premise of this method is the terminal device It can be used normally, and applications such as WeChat or Alipay are installed. Therefore, it can only be used for identity verification when the terminal device is normally used, and cannot be used on a locked device, nor can it be used for unlocking.
一种是以终端设备厂商(主要是手机厂商)为主的方案,身份证信息存储在手机等终端设备内的安全区域,使用时在本地即可实现身份证信息的获取。这种方案基于近距离无线通信技术(Near Field Communication,NFC)和安全芯片(secure element,SE)实现,通过NFC读取物理身份证信息,将身份信息存储在单独的SE安全芯片中。SE安全芯片中的内容不会在刷机时清除,安全等级为金融级。One is a solution mainly based on terminal equipment manufacturers (mainly mobile phone manufacturers). The ID card information is stored in a safe area in the terminal device such as a mobile phone, and the ID card information can be obtained locally when used. This solution is based on near field communication technology (Near Field Communication, NFC) and secure chip (SE), which reads physical ID information through NFC and stores the identity information in a separate SE security chip. The contents of the SE security chip will not be cleared when the machine is flashed, and the security level is financial.
基于上述,本申请提供一种终端设备的解锁方法,应用在终端设备中,使用身份证信息对终端设备进行解锁或者紧急解锁。Based on the above, the present application provides a method for unlocking a terminal device, which is applied in a terminal device and uses ID card information to unlock or emergency unlock the terminal device.
本方案中涉及的终端设备包括用户的手机、平板电脑等用户设备,可以是无线终端也可以是有线终端,也可以是任何其他具备安全芯片(secure element,SE)或者在系统中划分了可信执行环境(Trusted Execution Environment,TEE),以及设置NFC模块的终端形态。The terminal equipment involved in this solution includes the user's mobile phone, tablet computer and other user equipment, which can be a wireless terminal or a wired terminal, or any other security chip (secure element), or a trusted in the system Execution environment (Trusted Execution Environment, TEE), and set the terminal form of the NFC module.
图1为本申请提供的终端设备的一种结构示意图,如图1所示,该终端设备至少包括:处理器,存储器,安全芯片(secure element,SE)或者系统划分的TEE。SE和TEE可以统称为安全区域,该安全区域存储的内容不能被刷机等操作清除。FIG. 1 is a schematic structural diagram of a terminal device provided by this application. As shown in FIG. 1, the terminal device includes at least: a processor, a memory, a security chip (SE), or a TEE divided by a system. SE and TEE can be collectively called a safe area, and the content stored in the safe area cannot be cleared by operations such as flashing.
存储器用于存储计算机程序,还可以用来存储终端设备的数据等,安全芯片属于单独的芯片,其中存储的内容不能被刷机等操作清除,因此在本方案中用来存储用户的身份证信息,处理器执行存储器中的计算机程序实现本申请提供的终端设备的解锁方法的技术方案,对用户身份证信息的对比,对终端设备进行紧急解锁等操作。The memory is used to store computer programs, and can also be used to store data of terminal devices, etc. The security chip belongs to a separate chip, where the stored content cannot be cleared by operations such as flashing, so in this solution it is used to store the user's ID card information, The processor executes the computer program in the memory to implement the technical solution of the unlocking method of the terminal device provided by the present application, compares the user's ID card information, and performs emergency unlocking on the terminal device.
在该终端设备的一种具体实现中,为了能够对物理身份证信息进行获取,可以在终端设备中配置NFC模块,对靠近终端设备的身份证进行读取,获取身份证信息,以便后续能够跟安全芯片中存储的身份证信息进行对比。In a specific implementation of the terminal device, in order to be able to obtain the physical ID card information, the NFC module can be configured in the terminal device to read the ID card near the terminal device to obtain the ID card information, so that the follow-up can be followed Compare the ID card information stored in the security chip.
如果用户设置了终端设备的解锁还需要安全芯片中存储的身份证信息的持卡人本人解锁,该安全芯片中还可以存储用户的生物特征信息,该生物特征信息用来对进行解锁操作的用户进行识别,该生物特征信息可以是用户的面部图像,用户的虹膜信息,指纹信息, 声纹信息等中的至少一个,因此该终端设备还可以包括一个或者多个采集生物特征信息获取装置,该生物特征信息获取装置可以是摄像头、指纹传感器、麦克风等语音采集模块等。If the user sets the unlocking of the terminal device and the cardholder himself needs to unlock the identity card information stored in the security chip, the security chip can also store the user's biometric information, which is used to unlock the user For identification, the biometric information may be at least one of the user's facial image, the user's iris information, fingerprint information, voiceprint information, etc. Therefore, the terminal device may further include one or more biometric information acquisition devices, the The biometric information acquisition device may be a voice acquisition module such as a camera, fingerprint sensor, or microphone.
图2为本申请提供的终端设备的解锁功能模块的示意图,如图2所示,在本申请提供的技术方案中,为了能够通过存储在安全芯片中的身份证信息对终端设备进行快速或者紧急解锁,需要终端设备的操作系统(operating system,OS)、接口层、业务层、设备管理层以及硬件进行配合实现。FIG. 2 is a schematic diagram of an unlocking function module of a terminal device provided by the present application. As shown in FIG. 2, in the technical solution provided by the present application, in order to enable the terminal device to be quickly or urgently identified by the identity card information stored in the security chip Unlocking requires the cooperation of the operating system (OS), interface layer, business layer, device management layer, and hardware of the terminal device.
接口层的解锁优先级处理模块用来在使用身份证信息进行解锁时,将身份证信息解锁的优先级提到最高,将密码解锁或者特殊的PIN码解锁的优先级置于身份证信息之后,或者忽略密码解锁或者特殊的PIN码解锁。以手机为例,该解锁优先级处理模块与手机OS接口连接,在身份证解锁功能生效时,原有PIN解锁机制失效;在身份证解锁功能关闭后,原有PIN解锁机制恢复。The unlocking priority processing module of the interface layer is used to raise the priority of unlocking the ID card information to the highest level when unlocking using the ID card information, and place the priority of unlocking the password or unlocking with a special PIN code after the ID card information. Or ignore the password to unlock or special PIN code to unlock. Taking a mobile phone as an example, the unlocking priority processing module is connected to the mobile phone OS interface. When the ID card unlocking function takes effect, the original PIN unlocking mechanism becomes invalid; after the ID card unlocking function is turned off, the original PIN unlocking mechanism is restored.
接口层的解锁逻辑判别模块,通过调用终端设备的业务层的各个模块,对身份证信息或者生物特征信息进行对比完成之后,将对比的结果通告给终端设备的操作系统。以手机为例,通过调用内部各业务模块,实现信息比对后,将解锁的结果通告给上层手机OS。The unlocking logic discrimination module of the interface layer calls the various modules of the service layer of the terminal device to compare the ID card information or the biometric information, and then notifies the result of the comparison to the operating system of the terminal device. Taking a mobile phone as an example, by calling various internal service modules to realize information comparison, the unlocked result is notified to the upper mobile phone OS.
业务层的身份证信息对比模块,将通过NFC驱动模块获取的用户的物理身份证信息与存储在SE中的电子身份证信息进行比对,判断两者是否匹配;在必要的情况下还可以调用生物特征比对模块判别操作者是否与终端设备的主人为同一人。The ID card information comparison module of the business layer compares the user's physical ID card information obtained through the NFC driver module with the electronic ID card information stored in the SE to determine whether the two match; if necessary, it can also be called The biometric comparison module determines whether the operator is the same as the owner of the terminal device.
业务层的生物特征比对模块,判别当前执行解锁操作的用户的生物特征是否与之前保存在安全芯片(也称为安全区域)的生物特征信息匹配。The biometrics comparison module of the service layer determines whether the biometrics of the user currently performing the unlocking operation match the biometrics information previously stored in the security chip (also referred to as the security area).
设备管理层的NFC驱动模块,主要有两个功能,在配置了身份证解锁,且触发了终端设备锁定后,该NFC驱动模块打开手机的NFC开关,同时保证在锁定状态下,只处理NFC读取的身份证信息。The NFC driver module of the device management layer mainly has two functions. After the ID card is configured to unlock and the terminal device lock is triggered, the NFC driver module turns on the NFC switch of the mobile phone, and at the same time ensures that only NFC reads are processed in the locked state ID card information.
设备管理层的信息存储模块,主要负责从TEE/SE中读取电子的身份证信息或者生物特征信息等信息。The information storage module of the device management layer is mainly responsible for reading electronic ID card information or biometric information from TEE/SE.
涉及到的硬件主要是终端设备的NFC模块、安全芯片等,在该方案中应理解TEE表示的是本方案中的一个安全的区域,与SE类似,下文中将不能刷机擦除信息的存储区域称为安全区域。The hardware involved is mainly the NFC module, security chip, etc. of the terminal device. In this solution, it should be understood that TEE represents a safe area in this solution, similar to SE. In the following, the storage area of information cannot be erased by brushing This is called a safe area.
在上述的基础上,下面通过几个具体实施例对本申请提供的终端设备的解锁方法进行详细说明。Based on the above, the unlocking method of the terminal device provided by the present application will be described in detail below through several specific embodiments.
图3为本申请提供的终端设备的解锁方法实施例一的流程图,如图3所示,在上述终端设备的结构和功能模块的基础上,该终端设备的解锁方法具体包括以下步骤:FIG. 3 is a flowchart of Embodiment 1 of a method for unlocking a terminal device provided by the present application. As shown in FIG. 3, based on the structure and function modules of the terminal device, the method for unlocking the terminal device specifically includes the following steps:
S101:获取用户的身份证信息。S101: Obtain the user's ID card information.
在本步骤中,在终端设备被锁定需要解锁时候,可获取用户的身份证信息,以便后续通过身份证信息对终端设备进行解锁。在该方案中,应理解这里的锁定一般指的是终端设备在被多次输入错误的解锁密码导致的锁死,或者,用户在终端设备遗失或者找不到的系统通过在指定的网站进行操作,通过服务器向该终端设备发送锁定指示后,终端设备的锁死的情况。但是在实际应用过程中,也可以是在日常使用的过程中,对终端设备锁定,不采用指纹、密码等进行解锁,直接使用身份证信息进行锁定,对此本方案不做限制。In this step, when the terminal device is locked and needs to be unlocked, the user's ID card information can be obtained so that the terminal device can be subsequently unlocked through the ID card information. In this solution, it should be understood that the locking here generally refers to the terminal device being locked due to the incorrect unlock password entered multiple times, or the user loses or cannot find the system on the terminal device by operating on the designated website After the server sends a lock instruction to the terminal device, the terminal device is locked. However, in the actual application process, the terminal device can also be locked in the process of daily use, without using fingerprints, passwords, etc. to unlock, and directly using the ID card information to lock, this solution is not limited.
该方案中的获取用户的身份证信息,指的是获取正在对终端设备执行解锁操作或者触发解锁操作的用户的物理身份证的信息,需要对用户的物理身份证进行识别,具体的识别获取身份证信息的方式至少包括以下两种:Obtaining the user's ID card information in this solution refers to obtaining the information of the user's physical ID card that is performing an unlocking operation on the terminal device or triggering the unlocking operation. The user's physical ID card needs to be identified, and the specific identification to obtain the identity The certification information includes at least the following two methods:
第一种方式,通过近距离NFC识别用户的物理身份证,获取用户的身份证信息。The first way is to identify the user's physical ID card through NFC at a short distance to obtain the user's ID card information.
一般来说,物理身份证均存在标签或者标签芯片,或者其他类型的芯片,终端设备需要安装NFC模块,采用NFC技术对该物理身份证进行识别,才能得到用户的身份证信息。Generally speaking, there are tags or tag chips or other types of chips in the physical ID card. The terminal device needs to be installed with an NFC module and the NFC technology is used to identify the physical ID card to obtain the user's ID card information.
第二种方式,通过摄像头拍摄获取物理身份证的图像,对物理身份证的图像进行识别处理得到身份证信息。一般来说,物理身份证中主要的信息包括姓名、身份证号码等,因此可以获取图像中用户的姓名,出生日期,身份证号码等信息,对此本方案不做限制。In the second way, the image of the physical ID card is acquired through the camera, and the image of the physical ID card is identified and processed to obtain the ID card information. In general, the main information in the physical ID card includes the name, ID card number, etc., so you can get the user's name, date of birth, ID card number and other information in the image, this plan does not limit.
S102:对比身份证信息和存储在终端设备的安全区域中的身份证信息是否一致。S102: Compare whether the identity card information is consistent with the identity card information stored in the secure area of the terminal device.
在本步骤中,终端设备被预先设置了使用身份证信息进行解锁的功能,终端设备在获取到触发解锁操作的用户的身份证信息之后,需要读取存储在安全区域中的身份证信息,然后将安全区域中存储的身份证信息与获取到的身份证信息进行对比,确定两个身份证信息是否匹配,例如确定姓名是否一致,确定身份证号码是否一致等,如果确定两个身份证信息一致,则认为是终端设备主人触发的解锁操作。如果不一致,则认为是非法的用户,则可以拒绝解锁操作,继续将该终端设备锁定。可选的,还可以在身份证信息不一致时,进行定位,获取位置信息并将该位置信息向服务器上报。可选的,还可以在身份证信息不一致时,进行报警,播放报警提示或者向其他的终端设备发送报警信息。In this step, the terminal device is preset with the function of unlocking using the ID card information. After acquiring the ID card information of the user who triggered the unlock operation, the terminal device needs to read the ID card information stored in the secure area, and then Compare the ID card information stored in the security area with the obtained ID card information to determine whether the two ID card information match, for example, determine whether the name is consistent, determine whether the ID card number is consistent, etc. If it is determined that the two ID card information are consistent , It is considered to be an unlock operation triggered by the owner of the terminal device. If they are inconsistent, the user is considered to be illegal, and the unlocking operation can be refused to continue to lock the terminal device. Optionally, when the ID card information is inconsistent, positioning may be performed to obtain location information and report the location information to the server. Optionally, when the ID card information is inconsistent, an alarm can be issued, an alarm prompt can be played, or the alarm information can be sent to other terminal devices.
可选的,在该方案的一种具体实现中,终端设备需要首先从安全区域中读取出身份证信息,然后进行对比,在系统锁定时,该过程可以通过设置在安全区域中的看守程序来实现,在终端设备获取到了执行解锁操作的用户的物理身份证的身份证信息之后,可启动设置在该安全区域中的看守程序,读取存储在所述安全区域中的身份证信息;通过所述看守程序,对比所述安全区域中读取到的身份证信息和通过NFC获取到的身份证信息是否一致。Optionally, in a specific implementation of the solution, the terminal device needs to first read the ID card information from the secure area, and then compare it. When the system is locked, the process can be performed by the guard program set in the secure area To achieve that, after the terminal device obtains the identity card information of the user’s physical ID card that performs the unlocking operation, it can start the watchdog program set in the secure area to read the ID card information stored in the secure area; The guard program compares whether the identity card information read in the secure area is consistent with the identity card information obtained through NFC.
该方案中,看守程序也不能通过刷机等操作清除,保证终端设备在被root后,其他的应用和数据都被清除时候,依然能够对安全区域(也就是SE/TEE)中的数据进行读取,并进行信息对比过程,避免由于刷机等操作导致安全区域的数据无法应用的问题。In this solution, the watchdog program cannot be cleared by flashing, etc., to ensure that when the terminal device is rooted and other applications and data are cleared, the data in the secure area (that is, SE/TEE) can still be read. And carry out the information comparison process to avoid the problem that the data in the safe area cannot be applied due to operations such as flashing.
S103:若一致,则对终端设备进行解锁。S103: If they are consistent, unlock the terminal device.
在本步骤中,终端设备在确定解锁操作的用户的身份证信息与安全区域中存储的身份证信息一致,则将终端设备进行解锁,实现使用身份证信息进行解锁的功能。In this step, when the terminal device determines that the identity card information of the user in the unlocking operation is consistent with the identity card information stored in the security area, the terminal device is unlocked to realize the function of unlocking using the identity card information.
本实施例提供的终端设备的解锁方法,终端设备通过获取用户的物理身份证的身份证信息,与存储在安全区域中的身份证信息进行对比,确定是否一致,若一致时对终端设备进行解锁,提供一种更安全可靠的解锁方案,并且安全区域中的身份证信息不能被刷机刷掉,保证终端设备中存储的数据的安全,并进一步保证用户的财产安全。In the unlocking method of the terminal device provided in this embodiment, the terminal device obtains the identity card information of the user's physical ID card and compares it with the ID card information stored in the secure area to determine whether they are consistent. If they are consistent, the terminal device is unlocked , Provide a safer and more reliable unlocking scheme, and the ID card information in the safe area can not be erased by flashing, to ensure the safety of the data stored in the terminal device, and to further ensure the safety of the user’s property.
图4为本申请提供的终端设备的解锁方法实施例二的流程图,如图4所示,在上述实施例的基础上,终端设备要实现使用身份证信息进行解锁的功能除了将其设置成默认的功能,还可以是根据用户的选择设置的可选功能,可在终端设备的操作系统中提供设置该功能的接口,用户根据实际需求进行设置,具体的该设置过程包括:FIG. 4 is a flowchart of Embodiment 2 of the method for unlocking a terminal device provided by the present application. As shown in FIG. 4, on the basis of the foregoing embodiment, the terminal device needs to implement the function of unlocking using ID card information in addition to setting it to The default function may also be an optional function set according to the user's choice, and an interface for setting the function may be provided in the operating system of the terminal device, and the user may set according to actual needs. The specific setting process includes:
S201:接收用户输入的第一操作指令,第一操作指令用于指示开通电子身份证功能。S201: Receive a first operation instruction input by a user, where the first operation instruction is used to instruct the activation of an electronic ID card function.
在本步骤中,用户可以通过系统设置中进行选择,也就是第一操作指令,进行电子身份证功能的设置,或者在微信、支付宝等应用程序中选择进行电子身份证功能的开通。In this step, the user can choose through the system settings, that is, the first operation instruction, to set the electronic ID function, or to open the electronic ID function in applications such as WeChat and Alipay.
S202:根据第一操作指令,推送第一提示信息。S202: Push the first prompt information according to the first operation instruction.
终端设备在根据用户的第一操作指令进行电子身份证功能开通的同时,向用户推送第一提示信息,例如在界面上进行显示,该第一提示信息用于提示用户是否使用身份证信息对终端设备进行紧急解锁,也可以对终端设备进行普通的系统解锁,对此本方案不做限制。该第一提示信息可以通过显示或者语音播放、发送信息等方式推送给用户,本方案不做限制。The terminal device pushes the first prompt information to the user while enabling the electronic ID function according to the user's first operation instruction, for example, to display on the interface, the first prompt information is used to prompt the user whether to use the ID card information to the terminal The device can be unlocked in an emergency, and the terminal device can also be unlocked by an ordinary system. This solution is not limited. The first prompt information can be pushed to the user through display or voice playback, sending information, etc. The solution is not limited.
S203:接收用户根据第一提示信息输入的第二操作指令。S203: Receive a second operation instruction input by the user according to the first prompt information.
在本步骤中,终端设备推送了第一提示信息之后,用户可以根据自己的选择,确定是否需要使用电子身份证信息对终端设备进行解锁,在终端设备的操作界面上进行点击选择,或者通过语音等输入第二操作指令,该第二操作指令用于指示用户用户选择使用电子身份证信息进行解锁,或者不使用该电子身份证信息进行解锁。In this step, after the terminal device pushes the first prompt message, the user can determine whether to use the electronic ID card information to unlock the terminal device according to his own choice, click to select on the operation interface of the terminal device, or use voice A second operation instruction is input, and the second operation instruction is used to instruct the user that the user chooses to use the electronic identity card information for unlocking, or does not use the electronic identity card information for unlocking.
S204:若第二操作指令指示使用身份证信息对终端设备进行紧急解锁,则将身份证信息存储至所述安全区域,并在安全区域中安装用于身份认证的看守程序。S204: If the second operation instruction instructs to use the identity card information for emergency unlocking of the terminal device, store the identity card information in the secure area, and install a guard program for identity authentication in the secure area.
在本步骤中,若用户选择使用电子的身份证信息进行紧急解锁,则终端设备将身份证信息存储至安全区域,也就是安全芯片,可选的,还可以同时在安全区域中安装看守程序,该看守程序用于读取安全区域中的信息,并进行身份证信息进行对比。可选的,若所述第二操作指令指示不使用所述身份证信息对终端设备进行紧急解锁,则将所述身份证信息存储至所述安全区域,不需要安装看守程序。In this step, if the user chooses to use the electronic ID card information for emergency unlock, the terminal device stores the ID card information in a secure area, that is, a security chip, optionally, you can also install a guard program in the secure area, The guard program is used to read the information in the secure area and compare the ID card information. Optionally, if the second operation instruction indicates that the ID card information is not used for emergency unlocking of the terminal device, the ID card information is stored in the secure area without installing a guard program.
图5为本申请提供的开通电子身份证时设置身份证信息解锁的流程示意图,如图5所示,在用户开通身份证的同时,提示用户是否启用身份证解锁,即是否将电子身份证信息用于紧急解锁,如果客户选择是,则在正常开通流程中,除了将身份证信息储存到SE中,还会将守护程序安装到刷机时不会被清除的安全区域,也就是图中的SE/TEE中,同时,终端设备中的解锁优先级处理模块还会禁用PIN解锁,即在使用身份证信息进行解锁时候忽略PIN解锁,该功能的含义是,在开通电子身份证紧急解锁后,原有PIN解锁机制将失效,这样可以避免上文提到的黑客通过控制PIN锁机来勒索机主的事情发生。Figure 5 is a schematic diagram of the process of setting ID card information unlocking when opening an electronic ID card provided by this application. As shown in Fig. 5, when a user opens an ID card, the user is prompted whether to enable ID card unlocking, that is, whether to unlock the electronic ID card information Used for emergency unlocking. If the customer chooses yes, in the normal activation process, in addition to storing the ID card information in the SE, the daemon will be installed in a safe area that will not be cleared when the machine is flashed, which is the SE in the figure. /TEE, at the same time, the unlocking priority processing module in the terminal device also disables PIN unlocking, that is, ignoring PIN unlocking when using ID card information for unlocking, the meaning of this function is that after the emergency unlocking of the electronic ID card is activated, the original The PIN unlocking mechanism will be disabled, which can prevent the above-mentioned hacker from extorting the owner by controlling the PIN lock machine.
如果用户选择了否,则该流程结束。If the user selects No, the process ends.
可选的,在该方案的另一种实现中,用户选择了启用身份证信息解锁之后,还可以进一步提示用户,是否必须本身解锁,如果用户选择必须本人解锁的选项(即Y),还会同时将用户开通身份证时,录入的人脸或指纹、虹膜信息、声纹信息等其他生物特征信息也保存在不会被清除的安全区域,即保存在图中的SE/TEE中。如果选择了不需要本人解锁则该流程结束。Optionally, in another implementation of the solution, after the user chooses to enable ID card information unlocking, the user may be further prompted whether it must unlock itself, and if the user selects the option that must be unlocked by himself (ie Y), At the same time, when the user opens the ID card, other biometric information such as the face or fingerprints, iris information, voiceprint information, etc. entered are also stored in a safe area that will not be cleared, that is, stored in the SE/TEE in the figure. If it is selected that no personal unlocking is required, the process ends.
后续只有在用户删除本机电子身份证信息或者显式关闭电子身份证解锁功能时,上述保存在安全区域的守护程序和生物特征信息才会被清除。Later, only when the user deletes the local electronic ID card information or explicitly disables the electronic ID card unlock function, the above-mentioned daemon and biometric information stored in the safe area will be cleared.
图6为本申请提供的单独开启身份证解锁功能的流程图,如果6所示,图中所示的流程与上述图5所示的不同的是,终端设备不是在微信、支付宝等应用程序中进行电子身份证开通时候进行的设置和选择,而是独立于应用程序的过程,单独对终端设备开启电子身份证解锁功能,具体的,通过在终端设备的系统设置出进行选择操作,启用身份证解锁功 能,则需要判断是否已经开通电子身份证,如果没有,则启用身份证解锁功能失败,若已经开通了电子身份证,则启用电子身份证解锁功能,同时在SE/TEE中安装并保存看守程序,后续与前述图5所示的过程一致。具体的,在启动电子身份证后,需要做如下动作:FIG. 6 is a flowchart of separately opening the ID card unlocking function provided by this application. If shown in 6, the process shown in the figure is different from that shown in FIG. 5 above, the terminal device is not in applications such as WeChat or Alipay. The settings and selections made when the electronic ID card is opened are independent of the application process, and the electronic ID card unlocking function is enabled separately for the terminal device. Specifically, the selection operation is enabled through the system setting of the terminal device to enable the ID card To unlock, you need to determine whether the electronic ID card has been opened. If not, the ID card unlock function fails. If the electronic ID card has been opened, the electronic ID card unlock function is enabled. At the same time, the guards are installed and saved in SE/TEE The procedure is the same as the process shown in FIG. 5 described above. Specifically, after the electronic ID card is activated, the following actions are required:
禁用PIN解锁,目的是保证手机发生锁定后,只能通过身份证解锁,确保安全性。The purpose of disabling PIN unlock is to ensure that after the phone is locked, it can only be unlocked by ID card to ensure security.
将身份证解锁看护程序加载至安全区域,目的是确保后续刷机后,看护程序不会被清除,仍然能够操作身份证解锁。Load the ID card unlocking care program into a safe area, the purpose is to ensure that the care program will not be cleared after the subsequent flashing, and the ID card can still be operated to unlock.
如果开通电子身份证时选择本人解锁,需要将开通电子身份证时录入的人脸图像、指纹等生物特征信息加载至安全区域进行存储。If you choose to unlock when you open the electronic ID card, you need to load the biometric information such as face images and fingerprints entered when you open the electronic ID card into a safe area for storage.
如果后续单独启用身份证解锁时选择本人解锁,需要录入人脸,并由电子身份证程序校验录入人脸为身份证持卡人,然后将本次录入的人脸加载至安全区域。If you choose to unlock when the ID card is unlocked separately, you need to enter a face, and the electronic ID program verifies that the face is the ID card holder, and then loads the face you entered this time to a safe area.
在终端设备根据上述几种方式开通了身份证信息解锁功能之后,则在多个场景下均可以对终端设备使用身份证信息进行解锁,该终端设备的解锁方案在应用时,至少包括以下几个场景:After the terminal device has unlocked the ID card information unlocking function according to the above methods, the terminal device can be unlocked using the ID card information in multiple scenarios. The application of the terminal device unlocking scheme includes at least the following Scenes:
场景1,日常应用过程中终端设备的锁屏后进行解锁。Scenario 1. Unlock after locking the screen of the terminal device in the daily application process.
场景2,用户远程锁定终端设备。以手机为例,用户丢失手机后,可以登录手机厂商的网站,开启手机找回功能。在手机找回界面,可以设置锁定手机,如果之前用户已经按照前述的方案开通过电子身份证,并且设定使用身份证解锁,手机将被远程锁定。后续即使手机被恶意刷机,由于的电子身份证信息、看守程序等关键信息不会在刷机过程中被清除,在刷机后,手机仍然会被锁定。Scenario 2: The user locks the terminal device remotely. Taking a mobile phone as an example, after a user loses his mobile phone, he can log in to the mobile phone manufacturer's website and turn on the mobile phone retrieval function. In the mobile phone retrieval interface, you can set a locked mobile phone. If the user has previously opened the electronic ID card according to the previous plan and set to use the ID card to unlock, the mobile phone will be locked remotely. In the future, even if the mobile phone is maliciously flashed, the key information such as electronic ID card information and guards will not be cleared during the flashing process. After the flashing, the mobile phone will still be locked.
场景3,用户误操作导致终端设备的锁定。以手机为例,用户使用手机过程中,如果使用密码、手势、指纹解锁,在连续多次输入错误后,手机将被锁定。如果之前用户已经按照前述方案开通过电子身份证,并且设定使用身份证解锁,则锁定界面提示用户进行身份证解锁而不是通过输入PIN码解锁。Scenario 3: The user's misoperation causes the terminal device to lock. Taking a mobile phone as an example, when a user uses a mobile phone, if a password, gesture, or fingerprint is used to unlock, the mobile phone will be locked after multiple consecutive input errors. If the user has previously opened the electronic ID card according to the foregoing scheme and is set to use the ID card to unlock, the lock interface prompts the user to unlock the ID card instead of entering the PIN code.
基于上述几个场景,当终端设备被锁定,且已经开通了电子身份证信息解锁的功能之后,均可以使用身份证进行解锁。图7为本申请提供的使用身份证信息解锁的流程示意图,如图7所示,以终端设备为手机,安全区域为SE为例,如果设置过通过身份证解锁,则手机的NFC开关会默认打开,用户使用物理身份证靠近手机NFC读卡区域后,会激活安全区域中的身份证解锁守护程序,守护程序会读取物理身份证的信息,与存储在SE中的电子身份证信息进行比对,如果比对两个身份证信息一致,则身份证校验通过,如果用户没有设置需要本人解锁,则可以在此时直接对手机进行解锁。Based on the above scenarios, after the terminal device is locked and the electronic ID information unlocking function has been enabled, the ID card can be used for unlocking. Figure 7 is a schematic diagram of the process of unlocking using ID card information provided by this application. As shown in Figure 7, the terminal device is a mobile phone and the security area is SE as an example. If unlocking by ID card is set, the NFC switch of the mobile phone will default Open, after the user uses the physical ID card to approach the NFC card reading area of the mobile phone, the ID card unlock daemon in the secure area will be activated. The daemon will read the information of the physical ID card and compare it with the electronic ID card information stored in the SE Yes, if the information of the two ID cards is the same, the ID card will pass the verification. If the user has not set it and needs to unlock it, he can directly unlock the mobile phone at this time.
如果用户之前设置了必须本人解锁的安全性增强选项,则手机会启动生物特征识别流程,比如可以启动摄像头,拍摄用户的面部图像,通过看守程序与SE中存储的用户图像进行对比,或者启动指纹传感器获取用户的指纹,与SE中存储的指纹进行对比,或者采集用户的语音分析得到用户的声纹信息与SE中存储的声纹信息进行对比,即将当前操作用户与之前开通电子身份证时录入的生物特征信息进行匹配,如果匹配成功,则完成解锁。If the user has previously set a security enhancement option that must be unlocked by himself, the phone will start the biometric recognition process, for example, you can start the camera, take the user's facial image, compare it with the user image stored in the SE through the guard program, or start the fingerprint The sensor obtains the user's fingerprint and compares it with the fingerprint stored in the SE, or collects the user's voice analysis to obtain the user's voiceprint information and compare it with the voiceprint information stored in the SE. To match the biometric information, if the match is successful, then complete the unlock.
在对用户的生物特征信息进行对比之前,还可以通过摄像头对用户进行活体检测,避免是其他人拿着用户的照片等进行拍摄,进一步提高终端设备的安全性。Before comparing the biometric information of the user, the user can also perform a live detection on the user through the camera, to avoid other people taking pictures of the user, etc., to further improve the security of the terminal device.
下面以手机为例,对采用身份证进行解锁的具体过程进行举例说明。The following uses a mobile phone as an example to illustrate the specific process of unlocking with an ID card.
(一)身份证解锁(1) ID card unlock
在手机锁定后,手机界面会提示需要身份证解锁,此时系统会默认打开NFC开关。用户将物理身份证靠近手机NFC感应区域,NFC读取卡片后,判断卡片类型为身份证,并获取该物理身份证的身份证信息,激活身份证解锁的看守程序。After the phone is locked, the phone interface will prompt that the ID card needs to be unlocked, and the system will turn on the NFC switch by default. The user brings the physical ID card close to the NFC sensing area of the mobile phone. After reading the card, the NFC determines that the card type is the ID card, and obtains the ID card information of the physical ID card to activate the guard program for unlocking the ID card.
看守程序从SE中读取电子身份证信息,与NFC读取到的物理身份证信息做比较,如果两个身份证信息一致,根据是否需要本人解锁的选项,做不同处理:The caretaker program reads the electronic ID card information from the SE and compares it with the physical ID card information read by NFC. If the two ID card information are the same, different treatments will be done according to whether you need the option of unlocking yourself:
不需本人解锁,则直接通知上层OS解锁成功;If you do not need to unlock it, you will directly notify the upper OS to unlock successfully;
如果需要本人解锁,则使用系统支持的手段进行活体检测后,再从安全区域读取之前保存的身份证持卡人照片与本次采集的人脸比对,确认一致才通知上层OS解锁成功。If you need to unlock yourself, use the means supported by the system for live detection, and then read the previously saved ID cardholder photo from the secure area and compare it with the face collected this time, and confirm that they are consistent before notifying the upper OS to unlock successfully.
(二)身份证解锁功能的关闭(2) Disabling the ID unlock function
用户在手机上删除电子身份证后,身份证解锁功能将自动关闭;用户也能在设置界面自主的关闭身份证解锁功能。与开启身份证解锁功能时相对应,关闭行为将触发如下动作:After the user deletes the electronic ID card on the mobile phone, the ID card unlock function will be automatically turned off; the user can also automatically turn off the ID card unlock function in the setting interface. Corresponding to when the ID unlock function is turned on, the closing action will trigger the following actions:
启用PIN解锁;Enable PIN unlock;
可选的,还可以在安全区域卸载身份证解锁守护程序,删除用户生物识别特征信息;Optionally, you can also uninstall the ID card unlock daemon in a safe area and delete user biometric information;
本申请提供的终端设备的解锁方案,解锁比对信息保存在独立的安全芯片中,且比对信息为公安部认可的加密身份证信息,安全性极高,还引入办理身份证时的照片(或其它生物特征信息)作为机主身份识别的依据,保证不因为身份证泄露而连锁泄露手机数据。该方案中主要对比的信息保存在手机内的不可擦除区域,能保证在刷机等极端操作后继续正常工作。同时,该方案不依赖网络,用户可以自行完成解锁行为,无需依赖营业厅的辅助,简单方便。相对于现有的PIN解锁机制,本方案的密文安全性更高,还不会受刷机等操作影响。并且还具备用户身份校验功能,能防止别人获取密码后开机。同时因为解锁使用物理介质,所以还能避免当前PIN解锁机制存在的被黑客攻击后反过来勒索用户的情况发生。The unlocking solution of the terminal device provided in this application, the unlocking comparison information is stored in a separate security chip, and the comparison information is encrypted ID card information approved by the Ministry of Public Security. It is extremely safe, and it also introduces photos when handling ID cards ( Or other biometric information) as the basis for the identification of the owner, to ensure that the mobile phone data is not leaked in a chain due to the leakage of the ID card. The main comparison information in this solution is stored in the non-erasable area of the mobile phone, which can ensure that it continues to work normally after extreme operations such as flashing. At the same time, the solution does not rely on the network, users can complete the unlocking behavior by themselves, without relying on the assistance of the business hall, it is simple and convenient. Compared with the existing PIN unlocking mechanism, the ciphertext of this solution is more secure and will not be affected by operations such as flashing. And also has a user identity verification function, which can prevent others from booting after obtaining the password. At the same time, because the unlock uses a physical medium, it can also prevent the current PIN unlock mechanism from being ransomed by hackers and then extorting users.
本申请提供的终端设备的解锁方法,验证用户身份证持卡人身份的手段是比对人脸,其实这个校验的目的是为了验证是否持卡人本人操作,因此校验的手段除了人脸外,还可以其他生物特征,比如红外人脸、虹膜、指纹、声纹等,或者是几种生物特征的组合。通过多样的生物特征识别方案,保证是身份证持卡人才能进行解锁。The method of unlocking the terminal device provided in this application, the method of verifying the identity of the cardholder of the user's ID card is to compare the face. In fact, the purpose of this verification is to verify whether the cardholder himself operates, so the verification method is in addition to the face In addition, other biological characteristics, such as infrared face, iris, fingerprint, voiceprint, etc., or a combination of several biological characteristics can also be used. Through various biometric identification schemes, it is guaranteed that only the ID card holder can unlock.
上述各个实施例提供的主要应用场景是解锁,其实方案实施的前提只要能进行身份证信息的安全校验,并辅助身份证持卡人身份识别即可,并不限于手机一种终端,也不限于解锁这一种操作场景,可以广泛的用于各种需要鉴权的场景,利用预先保存在安全区域中的身份证信息,与物理身份证的比对,实现各种设备、各种鉴权场景下的应用,对此本方案不做限制。The main application scenario provided by the above embodiments is unlocking. In fact, the premise of the implementation of the solution is as long as it can perform the security verification of the ID card information and assist the identification of the ID card holder. It is not limited to a mobile phone terminal, nor It is limited to unlocking this kind of operation scenario, and can be widely used in various scenarios that require authentication. By using ID information stored in a secure area in advance and comparing it with a physical ID, various devices and various authentications can be realized For applications in scenarios, this solution is not limited.
图8为本申请提供的终端设备实施例一的结构示意图,如图8所示,本实施例提供的终端设备10包括:FIG. 8 is a schematic structural diagram of Embodiment 1 of a terminal device provided by this application. As shown in FIG. 8, the terminal device 10 provided by this embodiment includes:
第一获取模块11,用于获取用户的身份证信息;The first obtaining module 11 is used to obtain the ID card information of the user;
处理模块12,用于对比所述身份证信息和存储在终端设备的安全区域中的身份证信息是否一致;The processing module 12 is used to compare whether the identity card information is consistent with the identity card information stored in the safe area of the terminal device;
若一致,则所述处理模块12还用于对所述终端设备进行解锁。If they are consistent, the processing module 12 is also used to unlock the terminal device.
本实施例提供的终端设备用于执行前述任一方法实施例中的技术方案,其实现原理和 技术效果类似,终端设备通过获取用户的物理身份证的身份证信息,与存储在安全区域中的身份证信息进行对比,确定是否一致,若一致时对终端设备进行解锁,提供一种更安全可靠的解锁方案,并且安全区域中的身份证信息不能被刷机刷掉,保证终端设备中存储的数据的安全,并进一步保证用户的财产安全。The terminal device provided in this embodiment is used to execute the technical solution in any of the foregoing method embodiments, and its implementation principle and technical effect are similar. The terminal device obtains the ID information of the user’s physical ID card and stores it in a secure area. Compare the ID card information to determine whether they are consistent. If they are consistent, unlock the terminal device to provide a safer and more reliable unlocking solution, and the ID card information in the safe area cannot be erased by flashing to ensure the data stored in the terminal device Security, and further guarantee the safety of the user’s property.
在上述实施例的基础上,图9为本申请提供的终端设备实施例二的结构示意图,如图9所示,所述第一获取模块11具体包括:Based on the foregoing embodiments, FIG. 9 is a schematic structural diagram of Embodiment 2 of a terminal device provided by this application. As shown in FIG. 9, the first acquiring module 11 specifically includes:
NFC模块111,用于通过NFC识别所述用户的物理身份证,获取所述用户的身份证信息。The NFC module 111 is used to identify the user's physical ID card through NFC and obtain the ID card information of the user.
可选的,所述处理模块12具体用于:Optionally, the processing module 12 is specifically used to:
启动设置在所述安全区域中的看守程序,读取存储在所述安全区域中的身份证信息;Start a watchdog program set in the secure area, and read the ID card information stored in the secure area;
通过所述看守程序,对比所述安全区域中读取到的身份证信息和通过NFC获取到的身份证信息是否一致。Through the guard program, compare whether the identity card information read in the security area is consistent with the identity card information obtained through NFC.
图10为本申请提供的终端设备实施例三的结构示意图,如图10所示,所述终端设备10还包括:10 is a schematic structural diagram of Embodiment 3 of a terminal device provided by this application. As shown in FIG. 10, the terminal device 10 further includes:
接收模块13,用于接收用户输入的第一操作指令,所述第一操作指令用于指示开通电子身份证功能;The receiving module 13 is configured to receive a first operation instruction input by a user, and the first operation instruction is used to instruct to activate an electronic ID card function;
所述处理模块12还用于根据所述第一操作指令,推送第一提示信息,所述第一提示信息用于提示用户是否使用身份证信息对终端设备进行紧急解锁;The processing module 12 is further configured to push first prompt information according to the first operation instruction, and the first prompt information is used to prompt the user whether to use the ID card information to unlock the terminal device urgently;
所述接收模块13还用于接收用户根据所述第一提示信息输入的第二操作指令;The receiving module 13 is further configured to receive a second operation instruction input by the user according to the first prompt information;
若所述第二操作指令指示使用所述身份证信息对终端设备进行紧急解锁,则所述处理模块12还用于将所述身份证信息存储至所述安全区域,并在所述安全区域中安装用于身份认证的看守程序。If the second operation instruction indicates that the ID card information is used for emergency unlocking of the terminal device, the processing module 12 is further configured to store the ID card information in the safe area and in the safe area Install a watchdog for authentication.
图11为本申请提供的终端设备实施例四的结构示意图,如图11所示,所述终端设备10还包括:第二获取模块14,用于若所述第二操作指令还指示必须本人解锁,则获取所述用户的生物识别特征信息,所述生物识别特征信息包括:面部图像、指纹、声纹信息以及虹膜信息中的至少一个;FIG. 11 is a schematic structural diagram of Embodiment 4 of a terminal device provided by the present application. As shown in FIG. 11, the terminal device 10 further includes: a second obtaining module 14 for indicating that the second operation instruction must also be unlocked by himself , Then acquire the user's biometric feature information, the biometric feature information includes: at least one of facial images, fingerprints, voiceprint information and iris information;
所述处理模块12还用于将所述生物识别特征信息存储在所述安全区域中。The processing module 12 is also used to store the biometric feature information in the secure area.
可选的,所述第二获取模块14还用于获取执行解锁操作的用户的生物识别特征信息;Optionally, the second obtaining module 14 is further used to obtain biometric feature information of the user who performs the unlocking operation;
所述处理模块12具体用于若所述执行解锁操作的用户的生物识别特征信息与所述安全区域中存储的用户的生物识别特征信息匹配,则对所述终端设备进行解锁。The processing module 12 is specifically configured to unlock the terminal device if the biometric feature information of the user performing the unlocking operation matches the biometric feature information of the user stored in the secure area.
可选的,所述第二获取模块14具体用于:Optionally, the second obtaining module 14 is specifically used to:
启动摄像头拍摄获取执行解锁操作的用户的面部图像;Start the camera to capture the face image of the user who performs the unlock operation;
和/或,and / or,
采集所述执行解锁操作的用户的语音信息,对所述语音信息进行分析得到声纹信息;Collecting voice information of the user who performs the unlocking operation, and analyzing the voice information to obtain voiceprint information;
和/或,and / or,
启动摄像头拍摄获取执行解锁操作的用户的虹膜图像,并对所述虹膜图像进行处理得到虹膜信息;Start the camera to capture and obtain the iris image of the user who performs the unlocking operation, and process the iris image to obtain iris information;
和/或,and / or,
通过指纹传感器获取所述执行解锁操作的用户的指纹。The fingerprint of the user who performs the unlocking operation is acquired through a fingerprint sensor.
可选的,所述处理模块12还用于:Optionally, the processing module 12 is also used to:
若所述第二操作指令指示不使用所述身份证信息对终端设备进行紧急解锁,则将所述身份证信息存储至所述安全区域。If the second operation instruction indicates that the ID card information is not used for emergency unlocking of the terminal device, the ID card information is stored in the safe area.
可选的,所述处理模块12还用于:Optionally, the processing module 12 is also used to:
若检测到输入的解锁密码错误的次数达到预设次数,则将所述终端设备进行锁定。If it is detected that the number of input unlock password errors reaches a preset number of times, the terminal device is locked.
可选的,所述处理模块12还用于:Optionally, the processing module 12 is also used to:
根据服务器发送的锁定指示,将所述终端设备进行锁定。Lock the terminal device according to the lock instruction sent by the server.
上述任一实现方式提供的终端设备,用于执行前述方法实施例中的任一技术方案,其实现原理和技术效果类似,在此不再赘述。The terminal device provided in any one of the foregoing implementation manners is used to execute any technical solution in the foregoing method embodiments, and its implementation principles and technical effects are similar, and are not described herein again.
本申请还提供一种存储介质,包括:This application also provides a storage medium, including:
可读存储介质和计算机程序,所述计算机程序存储在所述可读存储介质中,所述计算机程序用于实现前述任一方法实施例提供的终端设备的解锁方法。A readable storage medium and a computer program, and the computer program is stored in the readable storage medium, and the computer program is used to implement the unlocking method of the terminal device provided by any of the foregoing method embodiments.
本申请还提供一种程序产品,所述程序产品包括计算机程序,所述计算机程序存储在可读存储介质中,终端设备的至少一个处理器从可读存储介质中读取所述计算机程序,至少一个处理器执行所述计算机程序使得终端设备实现前述任一方法实施例提供的终端设备的解锁方法。The application also provides a program product, the program product includes a computer program, the computer program is stored in a readable storage medium, and at least one processor of the terminal device reads the computer program from the readable storage medium, at least A processor executes the computer program to cause the terminal device to implement the unlocking method of the terminal device provided in any of the foregoing method embodiments.
本申请还提供一种芯片,所述芯片应用于终端设备,所述芯片包括:至少一个通信接口,至少一个处理器,所述处理器经由所述通信接口与存储器耦合,所述处理器调用所述存储器中存储的计算机程序,实现前述任一方法实施例提供的终端设备的解锁方法。The present application also provides a chip applied to a terminal device, the chip includes: at least one communication interface, at least one processor, the processor is coupled to a memory via the communication interface, and the processor calls The computer program stored in the memory implements the unlocking method of the terminal device provided by any of the foregoing method embodiments.
在该方案中,其中,存储器可设置在所述芯片之外,也可集成在所述芯片中。所述通信接口可以是能够实现处理器访问存储器的各种接口例如输入接口,处理设备,输出接口,还可以是通用闪存(universal flash storage,UFS)接口、快速外围组件互联(peripheral component interconnect express,PCIe)接口等。In this solution, the memory may be provided outside the chip or integrated in the chip. The communication interface may be various interfaces that enable the processor to access the memory, such as an input interface, a processing device, and an output interface, and may also be a universal flash memory (UFS) interface, fast peripheral component interconnection (peripheral component interconnection express, PCIe) interface etc.
在终端设备的具体实现中,应理解,处理器可以是中央处理单元(英文:Central Processing Unit,简称:CPU),还可以是其他通用处理器、数字信号处理器(英文:Digital Signal Processor,简称:DSP)、专用集成电路(英文:Application Specific Integrated Circuit,简称:ASIC)等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本申请所公开的方法的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。In the specific implementation of the terminal device, it should be understood that the processor may be a central processing unit (English: Central Processing Unit, referred to as: CPU), or other general-purpose processors, digital signal processors (English: Digital Signal Processor, referred to as : DSP), Application Specific Integrated Circuit (English: Application Specific Integrated Circuit, ASIC for short), etc. The general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in this application may be directly implemented and completed by a hardware processor, or may be implemented and completed by a combination of hardware and software modules in the processor.
实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一可读取存储器中。该程序在执行时,执行包括上述各方法实施例的步骤;而前述的存储器(存储介质)包括:只读存储器(英文:read-only memory,缩写:ROM)、RAM、快闪存储器、硬盘、固态硬盘、磁带(英文:magnetic tape)、软盘(英文:floppy disk)、光盘(英文:optical disc)及其任意组合。All or part of the steps for implementing the above method embodiments can be completed by the program instructing relevant hardware. The aforementioned program can be stored in a readable memory. When the program is executed, the steps including the above method embodiments are executed; and the aforementioned memory (storage medium) includes: read-only memory (English: read-only memory, abbreviation: ROM), RAM, flash memory, hard disk, Solid state hard disk, magnetic tape (English: magnetic), floppy disk (English: floppy disk), optical disk (English: optical) and any combination thereof.

Claims (26)

  1. 一种终端设备的解锁方法,其特征在于,包括:A method for unlocking a terminal device, characterized in that it includes:
    获取用户的身份证信息;Obtain the user's ID card information;
    对比所述身份证信息和存储在终端设备的安全区域中的身份证信息是否一致;Compare whether the identity card information is consistent with the identity card information stored in the secure area of the terminal device;
    若一致,则对所述终端设备进行解锁。If they match, the terminal device is unlocked.
  2. 根据权利要求1所述的方法,其特征在于,所述获取用户的身份证信息,包括:The method according to claim 1, wherein the acquiring ID information of the user includes:
    通过近距离无线通讯技术NFC识别所述用户的物理身份证,获取所述用户的身份证信息。The near-field wireless communication technology NFC identifies the user's physical ID card and obtains the user's ID card information.
  3. 根据权利要求2所述的方法,其特征在于,所述对比所述身份证信息和存储在终端设备的安全区域中的身份证信息是否一致,包括:The method according to claim 2, wherein the comparing whether the ID card information is consistent with the ID card information stored in the secure area of the terminal device includes:
    启动设置在所述安全区域中的看守程序,读取存储在所述安全区域中的身份证信息;Start a watchdog program set in the secure area, and read the ID card information stored in the secure area;
    通过所述看守程序,对比所述安全区域中读取到的身份证信息和通过NFC获取到的身份证信息是否一致。Through the guard program, compare whether the identity card information read in the security area is consistent with the identity card information obtained through NFC.
  4. 根据权利要求1至3任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 3, wherein the method further comprises:
    接收用户输入的第一操作指令,所述第一操作指令用于指示开通电子身份证功能;Receiving a first operation instruction input by a user, where the first operation instruction is used to instruct to activate an electronic ID card function;
    根据所述第一操作指令,推送第一提示信息,所述第一提示信息用于提示用户是否使用身份证信息对终端设备进行紧急解锁;Pushing first prompt information according to the first operation instruction, the first prompt information is used to prompt the user whether to use the ID card information to unlock the terminal device urgently;
    接收用户根据所述第一提示信息输入的第二操作指令;Receiving a second operation instruction input by the user according to the first prompt information;
    若所述第二操作指令指示使用所述身份证信息对终端设备进行紧急解锁,则将所述身份证信息存储至所述安全区域,并在所述安全区域中安装用于身份认证的看守程序。If the second operation instruction instructs to use the ID card information for emergency unlocking of the terminal device, store the ID card information in the secure area, and install a guard program for identity authentication in the secure area .
  5. 根据权利要求4所述的方法,其特征在于,所述方法还包括:The method according to claim 4, wherein the method further comprises:
    若所述第二操作指令还指示必须本人解锁,则获取所述用户的生物识别特征信息,所述生物识别特征信息包括:面部图像、指纹、声纹信息以及虹膜信息中的至少一个;If the second operation instruction also indicates that the user must be unlocked, acquire the user's biometric feature information, the biometric feature information includes: at least one of facial images, fingerprints, voiceprint information, and iris information;
    将所述生物识别特征信息存储在所述安全区域中。The biometric feature information is stored in the secure area.
  6. 根据权利要求5所述的方法,其特征在于,所述对所述终端设备进行解锁,包括:The method according to claim 5, wherein the unlocking of the terminal device comprises:
    获取执行解锁操作的用户的生物识别特征信息;Obtain the biometric feature information of the user who performs the unlock operation;
    若所述执行解锁操作的用户的生物识别特征信息与所述安全区域中存储的用户的生物识别特征信息匹配,则对所述终端设备进行解锁。If the biometric feature information of the user performing the unlocking operation matches the biometric feature information of the user stored in the secure area, the terminal device is unlocked.
  7. 根据权利要求6所述的方法,其特征在于,所述获取执行解锁操作的用户的生物识别特征信息,包括:The method according to claim 6, wherein the acquiring biometric feature information of the user who performs the unlocking operation includes:
    启动摄像头拍摄获取执行解锁操作的用户的面部图像;Start the camera to capture the face image of the user who performs the unlock operation;
    和/或,and / or,
    采集所述执行解锁操作的用户的语音信息,对所述语音信息进行分析得到声纹信息;Collecting voice information of the user who performs the unlocking operation, and analyzing the voice information to obtain voiceprint information;
    和/或,and / or,
    启动摄像头拍摄获取执行解锁操作的用户的虹膜图像,并对所述虹膜图像进行处理得到虹膜信息;Start the camera to capture and obtain the iris image of the user who performs the unlocking operation, and process the iris image to obtain iris information;
    和/或,and / or,
    通过指纹传感器获取所述执行解锁操作的用户的指纹。The fingerprint of the user who performs the unlocking operation is acquired through a fingerprint sensor.
  8. 根据权利要求4所述的方法,其特征在于,所述方法还包括:The method according to claim 4, wherein the method further comprises:
    若所述第二操作指令指示不使用所述身份证信息对终端设备进行紧急解锁,则将所述身份证信息存储至所述安全区域。If the second operation instruction indicates that the ID card information is not used for emergency unlocking of the terminal device, the ID card information is stored in the safe area.
  9. 根据权利要求1至8任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 8, wherein the method further comprises:
    若检测到输入的解锁密码错误的次数达到预设次数,则将所述终端设备进行锁定。If it is detected that the number of input unlock password errors reaches a preset number of times, the terminal device is locked.
  10. 根据权利要求1至8任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 8, wherein the method further comprises:
    根据服务器发送的锁定指示,将所述终端设备进行锁定。Lock the terminal device according to the lock instruction sent by the server.
  11. 一种终端设备,其特征在于,包括:A terminal device is characterized by comprising:
    第一获取模块,用于获取用户的身份证信息;The first obtaining module is used to obtain the user's ID card information;
    处理模块,用于对比所述身份证信息和存储在终端设备的安全区域中的身份证信息是否一致;The processing module is used to compare whether the identity card information is consistent with the identity card information stored in the safe area of the terminal device;
    若一致,则所述处理模块还用于对所述终端设备进行解锁。If they are consistent, the processing module is also used to unlock the terminal device.
  12. 根据权利要求11所述的终端设备,其特征在于,所述第一获取模块具体包括:The terminal device according to claim 11, wherein the first acquisition module specifically includes:
    近距离无线通讯NFC模块,用于通过NFC识别所述用户的物理身份证,获取所述用户的身份证信息。The short-range wireless communication NFC module is used to identify the user's physical ID card through NFC and obtain the user's ID card information.
  13. 根据权利要求12所述的终端设备,其特征在于,所述处理模块具体用于:The terminal device according to claim 12, wherein the processing module is specifically configured to:
    启动设置在所述安全区域中的看守程序,读取存储在所述安全区域中的身份证信息;Start a watchdog program set in the secure area, and read the ID card information stored in the secure area;
    通过所述看守程序,对比所述安全区域中读取到的身份证信息和通过NFC获取到的身份证信息是否一致。Through the guard program, compare whether the identity card information read in the security area is consistent with the identity card information obtained through NFC.
  14. 根据权利要求11至13任一项所述的终端设备,其特征在于,所述终端设备还包括:The terminal device according to any one of claims 11 to 13, wherein the terminal device further comprises:
    接收模块,用于接收用户输入的第一操作指令,所述第一操作指令用于指示开通电子身份证功能;A receiving module, configured to receive a first operation instruction input by a user, and the first operation instruction is used to instruct to activate an electronic ID card function;
    所述处理模块还用于根据所述第一操作指令,推送第一提示信息,所述第一提示信息用于提示用户是否使用身份证信息对终端设备进行紧急解锁;The processing module is further configured to push first prompt information according to the first operation instruction, and the first prompt information is used to prompt the user whether to use the ID card information to unlock the terminal device urgently;
    所述接收模块还用于接收用户根据所述第一提示信息输入的第二操作指令;The receiving module is further configured to receive a second operation instruction input by the user according to the first prompt information;
    若所述第二操作指令指示使用所述身份证信息对终端设备进行紧急解锁,则所述处理模块还用于将所述身份证信息存储至所述安全区域,并在所述安全区域中安装用于身份认证的看守程序。If the second operation instruction instructs to use the ID card information for emergency unlocking of the terminal device, the processing module is also used to store the ID card information in the secure area and install it in the secure area Watchdog for identity authentication.
  15. 根据权利要求14所述的终端设备,其特征在于,所述终端设备还包括:第二获取模块,用于若所述第二操作指令还指示必须本人解锁,则获取所述用户的生物识别特征信息,所述生物识别特征信息包括:面部图像、指纹、声纹信息以及虹膜信息中的至少一个;The terminal device according to claim 14, wherein the terminal device further comprises: a second acquisition module, configured to acquire the user's biometrics if the second operation instruction also indicates that the user must be unlocked Information, the biometric feature information includes: at least one of facial images, fingerprints, voiceprint information, and iris information;
    所述处理模块还用于将所述生物识别特征信息存储在所述安全区域中。The processing module is also used to store the biometric feature information in the secure area.
  16. 根据权利要求15所述的终端设备,其特征在于,所述第二获取模块还用于获取执行解锁操作的用户的生物识别特征信息;The terminal device according to claim 15, wherein the second acquiring module is further configured to acquire biometric feature information of a user who performs an unlocking operation;
    所述处理模块具体用于若所述执行解锁操作的用户的生物识别特征信息与所述安全区域中存储的用户的生物识别特征信息匹配,则对所述终端设备进行解锁。The processing module is specifically configured to unlock the terminal device if the biometric feature information of the user performing the unlocking operation matches the biometric feature information of the user stored in the secure area.
  17. 根据权利要求16所述的终端设备,其特征在于,所述第二获取模块具体用于:The terminal device according to claim 16, wherein the second acquisition module is specifically configured to:
    启动摄像头拍摄获取执行解锁操作的用户的面部图像;Start the camera to capture the face image of the user who performs the unlock operation;
    和/或,and / or,
    采集所述执行解锁操作的用户的语音信息,对所述语音信息进行分析得到声纹信息;Collecting voice information of the user who performs the unlocking operation, and analyzing the voice information to obtain voiceprint information;
    和/或,and / or,
    启动摄像头拍摄获取执行解锁操作的用户的虹膜图像,并对所述虹膜图像进行处理得到虹膜信息;Start the camera to capture and obtain the iris image of the user who performs the unlocking operation, and process the iris image to obtain iris information;
    和/或,and / or,
    通过指纹传感器获取所述执行解锁操作的用户的指纹。The fingerprint of the user who performs the unlocking operation is acquired through a fingerprint sensor.
  18. 根据权利要求14所述的终端设备,其特征在于,所述处理模块还用于:The terminal device according to claim 14, wherein the processing module is further configured to:
    若所述第二操作指令指示不使用所述身份证信息对终端设备进行紧急解锁,则将所述身份证信息存储至所述安全区域。If the second operation instruction indicates that the ID card information is not used for emergency unlocking of the terminal device, the ID card information is stored in the safe area.
  19. 根据权利要求11至18任一项所述的终端设备,其特征在于,所述处理模块还用于:The terminal device according to any one of claims 11 to 18, wherein the processing module is further configured to:
    若检测到输入的解锁密码错误的次数达到预设次数,则将所述终端设备进行锁定。If it is detected that the number of input unlock password errors reaches a preset number of times, the terminal device is locked.
  20. 根据权利要求11至18任一项所述的终端设备,其特征在于,所述处理模块还用于:The terminal device according to any one of claims 11 to 18, wherein the processing module is further configured to:
    根据服务器发送的锁定指示,将所述终端设备进行锁定。Lock the terminal device according to the lock instruction sent by the server.
  21. 一种终端设备,其特征在于,包括:A terminal device is characterized by comprising:
    处理器、存储器以及安全区域,所述安全区域包括安全芯片SE或者可信执行环境TEE;A processor, a memory, and a security area, where the security area includes a security chip SE or a trusted execution environment TEE;
    所述存储器用于存储计算机程序,所述安全区域中存储有身份证信息,所述处理器执行所述计算机程序以使所述终端设备实现权利要求1至10任一项所述的终端设备的解锁方法。The memory is used to store a computer program, ID card information is stored in the secure area, and the processor executes the computer program to enable the terminal device to implement the terminal device according to any one of claims 1 to 10. Unlock method.
  22. 根据权利要求21所述的终端设备,其特征在于,所述终端设备还包括:The terminal device according to claim 21, wherein the terminal device further comprises:
    近距离无线通讯技术NFC模块,所述NFC模块用于识别用户的屋里身份证,获取所述用户的身份证信息。NFC module of short-range wireless communication technology. The NFC module is used to identify a user's ID card in the house and obtain ID information of the user.
  23. 根据权利要求21或22所述的终端设备,其特征在于,所述终端设备还包括以下至少一个生物信息获取装置:The terminal device according to claim 21 or 22, wherein the terminal device further comprises at least one of the following biological information acquisition devices:
    摄像头、指纹传感器、语音采集模块。Camera, fingerprint sensor, voice acquisition module.
  24. 一种存储介质,其特征在于,包括:A storage medium, characterized in that it includes:
    可读存储介质和计算机程序,所述计算机程序存储在所述可读存储介质中,所述计算机程序用于实现权利要求1至10任一项所述的终端设备的解锁方法。A readable storage medium and a computer program stored in the readable storage medium, the computer program used to implement the unlocking method of the terminal device according to any one of claims 1 to 10.
  25. 一种程序产品,其特征在于,所述程序产品包括计算机程序,所述计算机程序存储在可读存储介质中,终端设备的至少一个处理器从可读存储介质中读取所述计算机程序,至少一个处理器执行所述计算机程序使得终端设备实现权利要求1至10任一项所述的终端设备的解锁方法。A program product, characterized in that the program product includes a computer program, the computer program is stored in a readable storage medium, and at least one processor of a terminal device reads the computer program from the readable storage medium, at least A processor executes the computer program to cause the terminal device to implement the unlocking method of the terminal device according to any one of claims 1 to 10.
  26. 一种芯片,其特征在于,所述芯片应用于终端设备,所述芯片包括:至少一个通信接口,至少一个处理器,所述处理器经由所述通信接口与存储器耦合,所述处理器调用所述存储器中存储的计算机程序,以执行权利要求1至10任一项所述的终端设备的解锁方法。A chip, characterized in that the chip is applied to a terminal device, the chip includes: at least one communication interface, at least one processor, the processor is coupled to a memory via the communication interface, and the processor calls A computer program stored in the memory to execute the unlocking method of the terminal device according to any one of claims 1 to 10.
PCT/CN2018/125820 2018-12-29 2018-12-29 Method and device for unlocking terminal device, and storage medium WO2020133500A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201880094787.9A CN112334896B (en) 2018-12-29 2018-12-29 Unlocking method and equipment of terminal equipment and storage medium
PCT/CN2018/125820 WO2020133500A1 (en) 2018-12-29 2018-12-29 Method and device for unlocking terminal device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/125820 WO2020133500A1 (en) 2018-12-29 2018-12-29 Method and device for unlocking terminal device, and storage medium

Publications (1)

Publication Number Publication Date
WO2020133500A1 true WO2020133500A1 (en) 2020-07-02

Family

ID=71127468

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/125820 WO2020133500A1 (en) 2018-12-29 2018-12-29 Method and device for unlocking terminal device, and storage medium

Country Status (2)

Country Link
CN (1) CN112334896B (en)
WO (1) WO2020133500A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111898104A (en) * 2020-07-20 2020-11-06 上海创功通讯技术有限公司 Method for unlocking electronic equipment, storage medium, electronic equipment and card holder
CN114255536A (en) * 2020-09-21 2022-03-29 浙江威欧希科技股份有限公司 Face recognition intelligent lock identity feature registration opening method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106023370A (en) * 2016-05-20 2016-10-12 北京小米移动软件有限公司 Unlocking method and device for NFC equipment
CN106657551A (en) * 2016-12-05 2017-05-10 惠州Tcl移动通信有限公司 Method and system for preventing mobile terminal from being unlocked
CN108389049A (en) * 2018-01-08 2018-08-10 北京握奇智能科技有限公司 Identity identifying method, device and mobile terminal

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105553919B (en) * 2014-10-28 2019-02-22 阿里巴巴集团控股有限公司 A kind of identity identifying method and device
WO2018000204A1 (en) * 2016-06-28 2018-01-04 宋英楠 Intelligent terminal and method for screen unlocking control thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106023370A (en) * 2016-05-20 2016-10-12 北京小米移动软件有限公司 Unlocking method and device for NFC equipment
CN106657551A (en) * 2016-12-05 2017-05-10 惠州Tcl移动通信有限公司 Method and system for preventing mobile terminal from being unlocked
CN108389049A (en) * 2018-01-08 2018-08-10 北京握奇智能科技有限公司 Identity identifying method, device and mobile terminal

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111898104A (en) * 2020-07-20 2020-11-06 上海创功通讯技术有限公司 Method for unlocking electronic equipment, storage medium, electronic equipment and card holder
CN111898104B (en) * 2020-07-20 2024-04-12 上海创功通讯技术有限公司 Method for unlocking electronic equipment, storage medium, electronic equipment and card holder
CN114255536A (en) * 2020-09-21 2022-03-29 浙江威欧希科技股份有限公司 Face recognition intelligent lock identity feature registration opening method

Also Published As

Publication number Publication date
CN112334896A (en) 2021-02-05
CN112334896B (en) 2023-09-01

Similar Documents

Publication Publication Date Title
JP7182924B2 (en) Mobile security measures
US11288352B1 (en) Efficient startup and logon
US8723643B2 (en) Method and computer program product of switching locked state of electronic device
KR101438869B1 (en) Systems and methods for accessing a tamperproof storage device in a wireless communication device using biometric data
CN104008321A (en) Judging method and judging system for identifying user right based on fingerprint for mobile terminal
EP2083398A1 (en) Biometric Smart Card for Mobile Devices
TW201712584A (en) Electronic device access control using biometric technologies
US11997087B2 (en) Mobile enrollment using a known biometric
WO2017166652A1 (en) Permission management method and system for application of mobile device
CN102110195A (en) Computer system and identification method and device for user
WO2016188230A1 (en) Unlocking method and device
WO2017036345A1 (en) Information input method and device
CN103870743A (en) Information processing apparatus, and lock execution method
JP6399605B2 (en) Authentication apparatus, authentication method, and program
WO2020133500A1 (en) Method and device for unlocking terminal device, and storage medium
CN105653918B (en) Method for safely carrying out, safe operating device and terminal
CN109873747A (en) Electronic device and its unlocking method
US20210303667A1 (en) Facilitating secure unlocking of a computing device
WO2018006325A1 (en) Method and system for verifying user entrance
WO2011050513A1 (en) Method for starting up computer by using user identification device
WO2018006328A1 (en) Method for managing intelligent entrance guard and intelligent entrance guard system
WO2022143056A1 (en) Identity card-based hardware wallet fingerprint authentication method and system, and hardware wallet
KR102303258B1 (en) Program Access management method and system using of biometric recognition
CN208589993U (en) A kind of password prompt device
KR100597753B1 (en) Computer and method for user recognition thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18945202

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18945202

Country of ref document: EP

Kind code of ref document: A1