WO2022022346A1 - Procédé et appareil d'interaction sécurisée - Google Patents

Procédé et appareil d'interaction sécurisée Download PDF

Info

Publication number
WO2022022346A1
WO2022022346A1 PCT/CN2021/107491 CN2021107491W WO2022022346A1 WO 2022022346 A1 WO2022022346 A1 WO 2022022346A1 CN 2021107491 W CN2021107491 W CN 2021107491W WO 2022022346 A1 WO2022022346 A1 WO 2022022346A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
electronic device
personal data
key
authority
Prior art date
Application number
PCT/CN2021/107491
Other languages
English (en)
Chinese (zh)
Inventor
杨长盛
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2022022346A1 publication Critical patent/WO2022022346A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Definitions

  • the present application relates to the field of artificial intelligence, and more specifically, to a secure interaction method and device.
  • intelligent devices such as intelligent robots have been gradually accepted by the public, and are widely used in scenarios such as homes, shopping malls, supermarkets, hospitals, subways, enterprises and schools.
  • the robot will save a large amount of the user's personal data, such as the user's personal information, photos, videos, recordings, family member relationships, friend relationships, schedules, and memos.
  • the mainstream intelligent robots on the market mainly include interactive modules and safety modules.
  • the user When the user needs to store the personal data X, the user will input the instruction A1 to store the personal data X to the interactive module, the interactive module will send the personal data X to the security module according to the instruction A1, and the security module will encrypt the personal data X and store it.
  • the user When the user needs to view the personal data X, the user will input the instruction A2 for viewing the personal data X to the interactive module, the interactive module will notify the security module to provide the personal data X according to the instruction A2, and the security module will decrypt the encrypted personal data X to obtain the personal data.
  • the interactive module outputs personal data X through the display screen or speaker.
  • the above-mentioned intelligent robot encrypts the stored data, which can prevent hackers from the external network from illegally obtaining the data in the intelligent robot, thereby ensuring that the data in the intelligent robot is safe.
  • each user can view, modify or delete other users' personal data, so the above intelligent robot cannot guarantee the privacy of each user's personal data and security.
  • Embodiments of the present application provide a secure interaction method and apparatus to ensure the privacy and security of each user's personal data.
  • an embodiment of the present application provides a secure interaction method, the method is applied to an electronic device, the method includes: the electronic device receives a first instruction issued by a user, and the first instruction is used to instruct the electronic device to respond to the first
  • the first personal data of the user performs the first operation
  • the first user is a user registered on the electronic device in advance.
  • the electronic device determines the user's user identity.
  • the electronic device obtains the operation authority of the first personal data, and the operation authority of the first personal data is used to indicate the identity of the user who is allowed to operate the first personal data.
  • the electronic device determines whether to perform the first operation on the first personal data according to the user identity of the user and the operation authority of the first personal data.
  • the electronic device when the electronic device receives the first instruction issued by the user, it indicates that the user wants the electronic device to perform the first operation on the first personal data of the first user, and the electronic device will obtain the first personal data , and determine the user's user identity. Then, the electronic device determines whether the user has the authority to perform the first operation according to the user's user identity and the operation authority of the first personal data. The first operation is performed on the personal data, otherwise, the electronic device will not perform the first operation on the first personal data. Therefore, the secure interaction method provided by the embodiments of the present application can ensure the privacy and security of each user's personal data.
  • the electronic device determining whether to perform the first operation on the first personal data according to the user's user identity and the operation authority of the first personal data includes: the electronic device determining the first Whether the operation authority of personal data includes the user's user identity. When the operation authority of the first personal data includes the user identity of the user, the electronic device performs the first operation on the first personal data. When the operation authority of the first personal data does not include the user identity of the user, the electronic device prohibits performing the first operation on the first personal data.
  • the electronic device can quickly determine whether to perform the first operation on the first personal data by determining whether the operation authority of the first personal data includes the user identity of the user, so the execution efficiency of the electronic device will be higher.
  • the electronic device performing the first operation on the first personal data includes: the electronic device determines whether there is a second user within a preset range of the electronic device, and the second user is a preset user in the electronic device. Users registered on electronic devices. When the second user exists within the preset range of the electronic device, the electronic device determines whether the access authority of the first personal data includes the second user. When the access right of the first personal data includes the second user, the electronic device performs the first operation on the first personal data. When the access authority of the first personal data does not include the second user, the electronic device prohibits performing the first operation on the first personal data. When the second user does not exist within the preset range of the electronic device, the electronic device performs the first operation on the first personal data.
  • the electronic device determines whether the access authority of the first personal data includes the second user. With regard to the access authority of the first personal data, the second user does not need to worry about the leakage of private information to the second user, then the electronic device can perform the first operation on the first personal data.
  • the electronic device prohibits the first operation on the first personal data, In order to avoid leaking the first personal data to the second user during the process of performing the first operation on the first personal data by the electronic device.
  • the electronic device performing the first operation on the first personal data includes: the electronic device determines whether there is a third user within a preset range of the electronic device, and the third user is not in the Users registered on electronic devices. When a third user exists within a preset range of the electronic device, the electronic device prohibits the electronic device from performing the first operation on the first personal data. When the third user does not exist within the preset range of the electronic device, the electronic device performs the first operation on the first personal data.
  • the electronic device prohibits the first operation on the first personal data to avoid During the process of performing the first operation on the first personal data by the electronic device, the first personal data is leaked to the third user.
  • the electronic device performing the first operation on the first personal data includes: the electronic device determines a first confidence level, the first confidence The degree is the degree of similarity between the user's current human body feature and the first user's human body feature pre-stored in the electronic device.
  • the electronic device acquires the first privacy level of the first personal data, where the first privacy level is used to indicate the degree of privacy of the first personal data.
  • the electronic device acquires a pre-established first mapping relationship between the confidence level and the privacy level.
  • the electronic device determines a privacy level set corresponding to the first confidence level according to the first mapping relationship, where the privacy level set includes at least one privacy level.
  • the electronic device determines whether the set of privacy levels includes the first privacy level. When the set of privacy levels includes the first privacy level, the electronic device performs the first operation on the first personal data. When the set of privacy levels does not include the first privacy level, the electronic device prohibits performing the first operation on the first personal data.
  • the electronic device determines the privacy level that can provide the user with personal data according to the first confidence level of the user. If the first confidence level is higher, it indicates that the user is very likely to be the first user, and the electronic device allows the user to operate personal data with a higher privacy level. If the first confidence level is lower, it means that the possibility of the user being the first user is very low, and the electronic device allows the user to operate personal data with a lower privacy level. Therefore, the embodiments of the present application can avoid leaking personal data with a higher privacy level to a user with a lower confidence level, thereby ensuring the security of the user's personal data.
  • the electronic device receives a second instruction sent by the user, where the second instruction is used to instruct the electronic device to delete all personal data of the first user.
  • the electronic device determines the user's user identity.
  • the electronic device determines a first storage area for storing the first key, which is a key for encrypting the personal data of the first user.
  • the electronic device deletes the first key in the first storage area by using a secure deletion method, and the secure deletion method is a deletion method that can prevent the recovery of the first key after the first key is deleted.
  • the electronic device deletes all personal data of the first user encrypted by the first key.
  • the electronic device avoids illegal users from obtaining the first key by eliminating the first key. Even if the illegal user restores all the deleted personal data of the first user encrypted by the first key to the storage area of the electronic device by illegal means, since the illegal user cannot obtain the first key, he cannot All personal data of the first user encrypted by the first key is decrypted. Therefore, the embodiment of the present application can prevent the user's privacy from being leaked.
  • the first operation is an input operation
  • the operation authority of the first personal data is the input authority
  • the user identity of the user is the first user.
  • the electronic device determining whether to perform the first operation on the first personal data according to the user identity of the user and the operation authority of the first personal data includes: the electronic device determining that the input authority of the first personal data includes the first user.
  • the electronic device acquires a first key corresponding to the first user, where the first key is a key for encrypting personal data of the first user.
  • the electronic device encrypts the first personal data with the first key to obtain encrypted first personal data.
  • the electronic device establishes a second mapping relationship between the first user, the second privacy level, and the encrypted first personal data, where the second privacy level is a privacy level corresponding to the first personal data.
  • the electronic device stores the second mapping relationship.
  • the embodiment of this application not only encrypts the personal data, but also stores the privacy level and user identity corresponding to the personal data, so that when reading personal data, the user identity can be read Personal data is found, and the privacy level corresponding to the personal data can be determined when the personal data is read.
  • the first operation is an input operation, an output operation, a modification operation or a deletion operation.
  • the electronic device receives a third instruction sent by the user, where the third instruction is used to instruct the electronic device to configure the access authority of the user set to the personal data set, and the personal data set includes the first user At least one personal data of the user set includes at least one user registered in the electronic device in advance.
  • the electronic device determines the user identity of the user as the first user.
  • the electronic device configures the access rights of each user in the user set to each personal data in the personal data set.
  • the first user can configure whether his personal data can be accessed by other registered users on the electronic device. If the first user allows other registered users to access his own personal data, then the first user can add the access rights of other registered users to his own personal data. If the first user does not allow other registered users to access his own personal data, the first user can delete the access rights of other registered users to his own personal data. Therefore, the embodiment of the present application can enable the first user to flexibly configure the access rights of other registered users to his own personal data.
  • configuring the access rights of the user set to each personal data in the personal data set by the electronic device includes: adding the electronic device to each user in the user set to each personal data in the personal data set access rights. Alternatively, the electronic device deletes the access rights of each user in the user set to each personal data in the personal data set.
  • an embodiment of the present application provides an electronic device, the electronic device includes: a receiving module configured to receive a first instruction sent by a user, where the first instruction is used to instruct the electronic device to respond to the first user's first
  • the first operation is performed on the personal data, and the first user is a user registered on the electronic device in advance.
  • the processing module is used to determine the user identity of the user.
  • the operation authority of the first personal data is obtained, and the operation authority of the first personal data is used to indicate the identity of the user who is allowed to operate the first personal data. Whether to perform the first operation on the first personal data is determined according to the user identity of the user and the operation authority of the first personal data.
  • the processing module is specifically configured to determine whether the operation authority of the first personal data includes the user identity of the user.
  • the electronic device performs the first operation on the first personal data.
  • the electronic device prohibits performing the first operation on the first personal data.
  • the processing module is specifically configured to determine whether there is a second user within a preset range of the electronic device, where the second user is a user registered on the electronic device in advance.
  • the electronic device determines whether the access authority of the first personal data includes the second user.
  • the electronic device performs the first operation on the first personal data.
  • the electronic device prohibits performing the first operation on the first personal data.
  • the electronic device performs the first operation on the first personal data.
  • the processing module is specifically configured to determine whether there is a third user within a preset range of the electronic device, where the third user is a user who has not been registered on the electronic device.
  • the electronic device prohibits the electronic device from performing the first operation on the first personal data.
  • the electronic device performs the first operation on the first personal data.
  • the processing module is specifically configured to determine a first confidence level, where the first confidence level is the difference between the user's current human body feature and the first user's human body feature pre-stored in the electronic device similarity between.
  • the first privacy level of the first personal data is obtained, where the first privacy level is used to indicate the privacy degree of the first personal data.
  • a pre-established first mapping relationship between confidence levels and privacy levels is acquired.
  • a privacy level set corresponding to the first confidence level is determined according to the first mapping relationship, where the privacy level set includes at least one privacy level. It is judged whether the set of privacy levels includes the first privacy level.
  • the electronic device performs the first operation on the first personal data.
  • the set of privacy levels does not contain the first privacy level, the electronic device prohibits performing the first operation on the first personal data.
  • the processing module is further configured to receive a second instruction sent by the user, where the second instruction is used to instruct the electronic device to delete all personal data of the first user.
  • the electronic device determines a first storage area for storing the first key, which is a key for encrypting the personal data of the first user.
  • the electronic device deletes the first key in the first storage area by using a secure deletion method, and the secure deletion method is a deletion method that can prevent the recovery of the first key after the first key is deleted. Delete all personal data of the first user encrypted by the first key.
  • the processing module is specifically configured to determine that the input authority of the first personal data includes the first user.
  • a first key corresponding to the first user is obtained, where the first key is a key for encrypting personal data of the first user.
  • the first personal data is encrypted by using the first key to obtain encrypted first personal data.
  • a second mapping relationship between the first user, the second privacy level, and the encrypted first personal data is established, where the second privacy level is a privacy level corresponding to the first personal data. The second mapping relationship is stored.
  • the first operation is an input operation, an output operation, a modification operation or a deletion operation.
  • the processing module is further configured to receive a third instruction sent by the user, where the third instruction is used to instruct the electronic device to configure the access authority of the user set to the personal data set, and the personal data set At least one personal data of the first user is included, and the user set includes at least one user registered in the electronic device in advance.
  • the user identity of the user is determined as the first user. Configure the access rights of each user in the user collection to each personal data in the personal data collection.
  • the processing module is specifically configured to add the access authority of each user in the user set to each personal data in the personal data set. Or, the processing module is specifically configured to delete the access rights of each user in the user set to each personal data in the personal data set.
  • an embodiment of the present application provides an electronic device, the electronic device includes a memory and a processor connected to the memory, and the memory is used for storing instructions.
  • the processor is used for executing the instruction, so that the computer device performs the following operations: receiving the first instruction issued by the user, the first instruction is used for instructing the electronic device to perform the first operation on the first personal data of the first user, and the first user is Users pre-registered on electronic devices. Determine the user's user identity.
  • the operation authority of the first personal data is obtained, and the operation authority of the first personal data is used to indicate the identity of the user who is allowed to operate the first personal data. Whether to perform the first operation on the first personal data is determined according to the user identity of the user and the operation authority of the first personal data.
  • FIG. 1 is a schematic diagram of a scenario provided by an embodiment of the present application.
  • FIG. 2 is a flowchart of a security interaction method provided by an embodiment of the present application
  • FIG. 3 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • FIG. 4 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • FIG. 5 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • FIG. 6 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • FIG. 7 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • FIG. 8 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • FIG. 9 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • FIG. 10 is a schematic diagram of an electronic device provided by an embodiment of the present application.
  • FIG. 11 is a schematic diagram of another electronic device provided by an embodiment of the present application.
  • FIG. 12 is a schematic diagram of yet another electronic device according to an embodiment of the present application.
  • FIG. 1 is a schematic diagram of a scenario provided by an embodiment of the present application.
  • the scenario diagram shown in FIG. 1 shows an intelligent robot 100, a smartphone 200, a cloud server 300, a user 400, and a network 500, wherein the intelligent robot 100 shown in FIG. 1 can execute the secure interaction method provided by the embodiment of the present application.
  • a communication connection can be established between the intelligent robot 100 , the smartphone 200 and the cloud server 300 through the network 500 .
  • the intelligent robot 100 and the smart phone 200 can also establish a communication connection by means of Bluetooth or the like.
  • the intelligent robot 100 may include a processor, a microphone, a camera, a touch display screen, a speaker, a sensor, and various communication interfaces, among others.
  • the intelligent robot 100 may be capable of speech recognition and face recognition, for example, speech synthesis (text to speech, TTS), automatic speech recognition (automatic speech recognition, ASR), voice print recognition (voice print recognition, VPR), natural language Processing (natural language processing, NLP), face recognition, sound source localization and face tracking capabilities.
  • the cloud server 300 includes an artificial intelligence server and a business server.
  • the artificial intelligence server may provide capabilities such as speech recognition and face recognition, and the service server may provide related services for the application software on the intelligent robot 100 and the application software on the smart phone 200 .
  • the smartphone 200 is installed with application software for controlling the intelligent robot 100 , so that the user 400 can send control commands to the intelligent robot 100 through the smartphone 200 , and can also input personal information of the user 400 to the intelligent robot 100 through the smartphone 200 .
  • FIG. 2 is a flowchart of a secure interaction method provided by an embodiment of the present application.
  • the security interaction method shown in FIG. 2 can be applied to electronic devices, and the electronic devices can be devices such as smart robots, smart screens, smart speakers, and smart security products.
  • the method shown in FIG. 2 includes the following steps S101 to S104.
  • the electronic device receives a first instruction sent by a user.
  • the first instruction is used to instruct the electronic device to perform a first operation on the first personal data of the first user, the first user is a user who has been registered on the electronic device in advance, and the first operation may be an input operation, an output operation, For modification operation or deletion operation, the user can be the first user, other registered users or unregistered users.
  • the user 400 can send the information to the intelligent robot 100 A voice command, the voice command may specifically be "please display the schedule within a week".
  • the user 400 is a user who has registered on the intelligent robot 100 in advance, and the user 400 wants to check the date of birth of the first user on the intelligent robot 100 , then the user 400 can ask the intelligent robot 100 Send a voice command, the voice command may specifically be "please display the date of birth of the first user".
  • the user 400 is a user who has not registered on the intelligent robot 100 , and the user 400 wants to check the phone number of the first user on the intelligent robot 100 , then the user 400 can ask the intelligent robot 100 Send a voice command, the voice command may specifically be "please display the phone number of the first user".
  • the electronic device determines the user identity of the user.
  • the user identity of the user refers to a user who is pre-registered in the electronic device or a user who has not been registered in the electronic device.
  • the electronic device can determine the user identity of the user by verifying the account and password input by the user.
  • the electronic device can also determine the user identity of the user by recognizing the fingerprint of the user's finger.
  • the electronic device can also determine the user identity of the user through face recognition, voiceprint recognition, or face recognition combined with voiceprint recognition.
  • the electronic device can use its own hardware to determine the user identity of the user, and can also use the cloud server to determine the user identity of the user. For example, after the electronic device obtains the user's face image and the user's voiceprint features, if the electronic device has the recognition capability of the face image and voiceprint features, the electronic device will preferentially use its own recognition capability to determine the user user identity. If the electronic device does not have the ability to recognize face images and voiceprint features, the electronic device will send the acquired user's face image and user's voiceprint features to the cloud server, and the cloud server will use its own recognition capabilities. The user's face image and the user's voiceprint feature are correspondingly recognized, and the cloud server will feed back the recognition result to the electronic device, so that the electronic device can determine the user's user identity according to the recognition result.
  • the following introduces a specific method for the electronic device to determine the user identity of the user, and the method includes A1021 to A1023.
  • the electronic device acquires the first voice sent by the user.
  • the first voice is the voice made by the user when speaking.
  • the electronic device extracts the sound feature of the first speech.
  • the sound features of the first speech specifically include acoustic features, lexical features, prosody features, language types, dialect features, accent features, and the like.
  • the electronic device uses a pre-generated voiceprint recognition model to determine the user identity of the user corresponding to the sound feature of the first voice.
  • the voiceprint recognition model mentioned in A1023 can be generated according to the following method.
  • the method includes: first, the electronic device acquires the voice made by the user through a microphone. Then, the electronic device extracts the sound features in the voice uttered by the user. Secondly, the electronic device uses a preset training method to train the sound features in the speech to obtain a voiceprint recognition model.
  • the preset training method may be a Markov model method, a clustering method, a neural network method, a nearest neighbor method, or a polynomial classifier method.
  • Each user using the electronic device needs to train the voiceprint recognition model according to the above method for training the voiceprint recognition model, so that the trained voiceprint recognition model can recognize the voice features of each user.
  • the following introduces another specific method for the electronic device to determine the user identity of the user, and the method includes B1021 to B1023.
  • the electronic device acquires a first face image of the user.
  • the electronic device can collect the first face image of the user through a camera, and the first face image needs to have an image of the user's facial features.
  • the electronic device extracts the first face feature in the first face image.
  • the first face features include but are not limited to histogram features, color features, template features, structural features, Haar-like features, and the like.
  • the electronic device uses a pre-generated face recognition model to determine the user identity of the user corresponding to the first face feature.
  • the face recognition model mentioned in B1023 can be generated according to the following method, and the method includes: first, the electronic device obtains the face image of the user through a camera. Then, the electronic device extracts the facial features in the facial image. Secondly, the electronic device uses a preset learning method to train the face features in the face image to obtain a face recognition model.
  • the preset learning method can be a deep learning algorithm, a neural network algorithm, or a support vector machine (support vector machine, SVM) algorithm, or the like.
  • Each user using the electronic device needs to train the face recognition model according to the above method for training the face recognition model, so that the trained face recognition model can recognize the face image of each user.
  • the following introduces another specific method for the electronic device to determine the user identity of the user, and the method includes C1021 to C1027.
  • the electronic device acquires the first face image of the user and the first voice uttered by the user.
  • the electronic device extracts the sound feature of the first voice.
  • the electronic device extracts the first face feature in the first face image.
  • the electronic device uses the pre-generated voiceprint recognition model to calculate the voiceprint confidence of the sound feature of the first speech.
  • the voiceprint confidence level is used to indicate the degree of similarity between the voice feature of the first voice and the voice feature of the first user.
  • the electronic device uses the pre-generated face recognition model to calculate the face confidence of the first face feature.
  • the face confidence level is used to indicate the degree of similarity between the first face feature and the face feature of the first user.
  • the electronic device calculates a comprehensive confidence level according to the voiceprint confidence level and the face confidence level.
  • the electronic device determines that the user identity of the user is the first user.
  • the comprehensive confidence level (V ⁇ S) ⁇ 1-[V ⁇ (1-S)+S ⁇ (1-V)] ⁇ , where V is the face confidence level, and S is the voiceprint confidence level.
  • the electronic device obtains the operation authority of the first personal data.
  • the operation authority of the first personal data is used to indicate the identity of the user who is allowed to operate the first personal data.
  • the operation authority can be input authority, access authority, modification authority or deletion authority, etc. Each operation corresponds to an operation permissions.
  • Table 1 is the correspondence table between personal data and various operation permissions.
  • user ID personal data Enter permissions access permission edit permission remove permission User A bank card information User A User A User A User A User A telephone number User A User A, User B User A User A User A User A birth place User A User A, User B, User C User A User A ... ... ... ... ... ... ... ... ... ...
  • the electronic device can output user A according to the first instruction bank card information. If the user is user B, user C or an unregistered user, the electronic device will not output user A's bank card information according to the first instruction, and the electronic device will remind the user that the access authority is insufficient to output user A's bank card information .
  • the electronic device can output the phone number according to the first instruction.
  • User A's phone number If the user is user C or an unregistered user, the electronic device will not output user A's phone number according to the first instruction, and the electronic device will remind the user that the access authority is insufficient to output user A's phone number.
  • the electronic device allows the user to modify the place of birth of user A. if the user is user B, user C, or an unregistered user, the electronic device does not allow the user to modify the birthplace of user A, and the electronic device will remind the user that the modification authority is insufficient to modify the birthplace of user A.
  • the electronic device determines whether to perform the first operation on the first personal data according to the user identity of the user and the operation authority of the first personal data.
  • the electronic device can determine whether to perform the first operation on the first personal data.
  • the electronic device when the electronic device receives the first instruction sent by the user, it indicates that the user wants the electronic device to perform the first operation on the first personal data of the first user, and the electronic device will obtain the first command.
  • the authority to operate on a person's data and determine the user identity of the user. Then, the electronic device determines whether the user has the authority to perform the first operation according to the user's user identity and the operation authority of the first personal data. The first operation is performed on the personal data, otherwise, the electronic device will not perform the first operation on the first personal data. Therefore, the secure interaction method provided by the embodiments of the present application can ensure the privacy and security of each user's personal data.
  • the electronic device when the first operation is an output manipulation, if the electronic device determines that the output operation can be performed on the first personal data according to the user's user identity and the operation authority of the first personal data, then The electronic device first obtains a first key corresponding to the first user, and the first key is a key for encrypting the personal data of the first user. Then, the electronic device will obtain the first personal data encrypted in advance by the first key. Secondly, the electronic device decrypts the encrypted first personal data by using the first key to obtain the first personal data. Finally, the electronic device can output the first personal data.
  • FIG. 3 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • the method shown in FIG. 3 is the refinement step of S104 in FIG. 2 , and is specifically the step of “the electronic device determines whether to perform the first operation on the first personal data according to the user’s user identity and the operation authority of the first personal data”. refinement steps.
  • the method shown in FIG. 3 includes the following steps S201 to S203.
  • step S201 The electronic device determines whether the operation authority of the first personal data includes the user identity of the user. If the operation authority of the first personal data includes the user identity of the user, step S202 is performed; otherwise, step S203 is performed.
  • the electronic device performs a first operation on the first personal data.
  • the electronic device prohibits performing the first operation on the first personal data.
  • the operation authority of the first personal data is access authority
  • the user's user identity is User A.
  • Table 1 you can see that the bank User A is included in the access authority of the card information, then the electronic device performs an output operation on the bank card information.
  • the operation authority of the first personal data is access authority
  • the user's user identity is User B.
  • Table 1 you can see that the bank If user B is not included in the access authority of the card information, the electronic device will prohibit the output operation of the bank card information.
  • the electronic device can quickly determine whether to perform the first operation on the first personal data by determining whether the operation authority of the first personal data includes the user identity of the user, so the electronic device can quickly determine whether to perform the first operation on the first personal data.
  • the device will perform more efficiently.
  • FIG. 4 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • the method shown in FIG. 4 is the refinement step of S202 in FIG. 3 , and is specifically the refinement step of “the electronic device performs the first operation on the first personal data”.
  • the method shown in FIG. 4 includes the following steps S301 to S304.
  • the electronic device determines whether there is a second user within the preset range of the electronic device, and when the second user exists within the preset range of the electronic device, perform step S302; otherwise, perform step S303.
  • the second user is a user registered on the electronic device in advance, and the electronic device can detect whether there is a second user within a preset range of the electronic device through hardware such as a camera, a microphone array, or a sensor.
  • the preset range of the electronic device can be defined by the user according to the actual situation. For example, the user can set the preset range of the electronic device to be within 3 meters with the electronic device as the center.
  • the electronic device determines whether the access authority of the first personal data includes the second user, and when the access authority of the first personal data includes the second user, execute step S303; otherwise, execute step S304.
  • the electronic device determines whether the access authority of the first personal data includes the second user. With regard to the access authority of the first personal data, the second user does not need to worry about the leakage of private information to the second user, then the electronic device can perform the first operation on the first personal data.
  • the electronic device prohibits the first operation on the first personal data, In order to avoid leaking the first personal data to the second user during the process of performing the first operation on the first personal data by the electronic device.
  • the electronic device performs a first operation on the first personal data.
  • the electronic device determines whether there is a second user within the preset range of the electronic device, and if there is a second user within the preset range of the electronic device and the second user is user B, then the electronic device determines the first personal data Whether the operation authority of user B is included. In Table 1, it can be seen that user B is not included in the access authority of bank card information, and the electronic device prohibits the output operation of bank card information to avoid leaking user A's bank card information to user B.
  • the electronic device determines whether there is a second user within the preset range of the electronic device, and if there is a second user within the preset range of the electronic device and the second user is user B, then the electronic device determines the first personal data Whether the access rights of user B are included.
  • Table 1 it can be seen that user B is included in the access authority of the phone number, and the electronic device performs an output operation on the phone number.
  • the electronic device determines whether the second user exists within the preset range of the electronic device, and if the second user does not exist within the preset range of the electronic device, the electronic device performs an output operation on the phone number.
  • FIG. 5 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • the method shown in FIG. 5 is the refinement step of S202 in FIG. 3 , and specifically is the refinement step of “the electronic device performs the first operation on the first personal data”.
  • the method shown in FIG. 5 includes the following steps S401 to S403.
  • the electronic device determines whether a third user exists within a preset range of the electronic device, and when a third user exists within the preset range of the electronic device, perform step S402; otherwise, perform step S403.
  • the third user is a user who has not registered on the electronic device, and the electronic device can detect whether there is a third user within a preset range of the electronic device through hardware such as a camera, a microphone array, or a sensor.
  • the preset range of the electronic device can be defined by the user according to the actual situation. For example, the user can set the preset range of the electronic device to be within 3 meters with the electronic device as the center.
  • the electronic device prohibits performing the first operation on the first personal data.
  • the electronic device performs a first operation on the first personal data.
  • the electronic device prohibits the first operation on the first personal data to avoid During the process of performing the first operation on the first personal data by the electronic device, the first personal data is leaked to the third user.
  • the electronic device determines whether there is a third user within the preset range of the electronic device, and if there is a third user within the preset range of the electronic device and the third user is an unregistered user, the electronic device prohibits the bank card information Execute the output operation to avoid leaking user A's bank card information to unregistered users.
  • FIG. 6 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • the method shown in FIG. 6 is the refinement step of S202 in FIG. 3 , specifically the refinement step of “the electronic device performs the first operation on the first personal data”, and the scenario of the embodiment of the present application is the user of the user The identity is the first user.
  • the method shown in FIG. 6 includes the following steps S501 to S507.
  • the electronic device determines a first confidence level.
  • the first confidence level is the degree of similarity between the current human body feature of the user and the human body feature of the first user pre-stored in the electronic device.
  • the current human body feature of the user refers to the human body features such as the user's face image, voiceprint feature, or eyeball iris feature, which are collected on-site by the electronic device when the user inputs the first instruction to the electronic device.
  • the human body feature of the first user refers to a face image, voiceprint feature or eye iris feature, etc. previously input by the first user to the electronic device, and the human body feature of the first user is used as a reference standard for identifying the user identity of the first user .
  • the calculation method of the first confidence level reference may be made to the calculation method of the comprehensive confidence level in the embodiment corresponding to FIG. 2 .
  • the calculation method of the first confidence level is the same as the calculation method of the comprehensive confidence level.
  • the electronic device acquires the first privacy level of the first personal data.
  • the first privacy level is used to indicate the privacy degree of the first personal data.
  • the electronic device can automatically assign the corresponding privacy level to the personal data according to the mapping relationship between the personal data and the privacy level, or the user can send an instruction to the electronic device to determine the corresponding privacy level of the personal data. privacy level.
  • Table 2 is a correspondence table between personal data and privacy levels pre-stored by the electronic device.
  • the electronic device pre-stores the mapping relationship table between personal data and privacy level as shown in Table 2, when the electronic device stores the bank card information of user A, the electronic device will be user A according to Table 2. 's bank card information is assigned a privacy level of high risk.
  • the electronic device acquires a pre-established first mapping relationship between the confidence level and the privacy level.
  • Table 3 is the correspondence table between confidence levels and privacy levels pre-established by the electronic device.
  • the electronic device determines a privacy level set corresponding to the first confidence level according to the first mapping relationship.
  • the privacy level set includes at least one privacy level.
  • the privacy level set corresponding to the first confidence level includes 3 privacy levels, namely high risk, medium risk and low risk.
  • the privacy level set corresponding to the first confidence level includes two privacy levels, which are medium risk and low risk.
  • step S505. The electronic device determines whether the privacy level set includes the first privacy level. When the privacy level set includes the first privacy level, step S506 is performed; when the privacy level set does not include the first privacy level, step S507 is performed.
  • the first personal data is bank card information
  • the first confidence level is 0.9
  • Table 2 it can be determined that the first privacy level corresponding to the bank card information is high risk
  • the set of privacy levels corresponding to the first confidence level of 0.9 includes high risk, medium risk and low risk.
  • the electronic device may determine that the set of privacy levels includes the first privacy level, and finally the electronic device performs the first operation on the first personal data.
  • the first personal data is bank card information
  • the first confidence level is 0.75
  • the first privacy level corresponding to the bank card information is high risk
  • the set of privacy levels corresponding to the first confidence level of 0.75 includes medium risk and low risk.
  • the electronic device may determine that the set of privacy levels does not contain the first privacy level, and finally the electronic device prohibits performing the first operation on the first personal data.
  • the electronic device performs a first operation on the first personal data.
  • the electronic device prohibits performing the first operation on the first personal data.
  • the electronic device determines, through the first confidence level of the user, the privacy level that can provide the user with personal data. If the first confidence level is higher, it indicates that the user is very likely to be the first user, and the electronic device allows the user to operate personal data with a higher privacy level. If the first confidence level is lower, it means that the possibility of the user being the first user is very low, and the electronic device allows the user to operate personal data with a lower privacy level. Therefore, the embodiments of the present application can avoid leaking personal data with a higher privacy level to a user with a lower confidence level, thereby ensuring the security of the user's personal data.
  • FIG. 7 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • the method shown in FIG. 7 is an extension of FIG. 2 , that is, the steps shown in FIG. 7 are further included on the basis of FIG. 2 .
  • the method shown in FIG. 7 includes the following steps S601 to S605.
  • the electronic device receives a second instruction sent by a user.
  • the second instruction is used to instruct the electronic device to delete all personal data of the first user.
  • the user can send a second instruction to the electronic device through a communication device such as a smartphone, so that the electronic device can send a second instruction to the electronic device. All personal data of the first user is deleted.
  • the user can also directly input the second instruction on the electronic device.
  • the electronic device determines the user identity of the user.
  • S602 in FIG. 7 is the same step as S102 in FIG. 2 .
  • S602 in FIG. 7 please refer to the detailed description of S102 in FIG. 2 .
  • the electronic device determines a first storage area for storing the first key.
  • the first key is a key for encrypting the personal data of the first user.
  • Each user registered on the electronic device corresponds to a key, and each user's key can be generated based on a secure random number generator, so each user's key is unique, and the password between users is unique.
  • the keys are not the same.
  • the electronic device After the electronic device receives the second instruction sent by the user, the electronic device will confirm the user identity of the user. When the user identity of the user is the first user or the administrator, it means that the user has the authority to delete all personal data of the first user, then the electronic device will determine the first storage area for storing the first key, so that the electronic device The first key may be destroyed within the first storage area.
  • the electronic device deletes the first key in the first storage area by using a secure deletion method.
  • the safe deletion method is a deletion method that can prevent the recovery of the first key after the first key is deleted.
  • the electronic device may write target data for a preset number of times in the first storage area, so as to prevent the recovery of the first key after the electronic device deletes the first key.
  • the preset number of times is a preset number of times, for example, 3 times, 5 times, and the like.
  • the target data can be pre-generated random numbers.
  • the purpose of repeatedly writing the target data in the first storage area is to completely delete the first key in the first storage area, so as to prevent an illegal user from recovering the first key from the first storage area through some technical means.
  • the electronic device deletes all personal data of the first user encrypted by the first key.
  • all personal data of the first user encrypted by the first key are stored in the electronic device. If the personal data in the device is leaked to others, the electronic device avoids illegal users from obtaining the first key by eliminating the first key. Even if the illegal user restores all the deleted personal data of the first user encrypted by the first key to the storage area of the electronic device by illegal means, since the illegal user cannot obtain the first key, he cannot All personal data of the first user encrypted by the first key is decrypted. Therefore, the embodiment of the present application can prevent the user's privacy from being leaked.
  • FIG. 8 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • the method shown in FIG. 8 is the refinement step of S104 in FIG. 2 , and is specifically the step of “the electronic device determines whether to perform the first operation on the first personal data according to the user’s user identity and the operation authority of the first personal data”. refinement steps.
  • the method shown in FIG. 8 includes the following steps S701 to S705.
  • the electronic device determines that the input authority of the first personal data includes the first user.
  • the electronic device acquires the first key corresponding to the first user.
  • the first key is a key for encrypting the personal data of the first user.
  • Each user registered on the electronic device corresponds to a key, and each user's key can be generated based on a secure random number generator, so each user's key is unique, and the password between users is unique.
  • the keys are not the same.
  • the root key may be used to encrypt the first key, and the encrypted first key may be stored in the electronic device. Furthermore, the root key can be stored in the on-chip non-volatile memory of a central processing unit (CPU), system on chip (SOC), or cryptographic coprocessor, and is not exposed to the outside for reading The physical interface or logical interface of the root key to ensure the security of the root key.
  • CPU central processing unit
  • SOC system on chip
  • cryptographic coprocessor cryptographic coprocessor
  • the key encryption key may also be used to encrypt the first key, and the encrypted first key may be stored in the electronic device.
  • the key encryption key is encrypted by using the root key, and the encrypted key encryption key is stored in the electronic device.
  • the root key can be stored in the on-chip non-volatile memory of the central processing unit, the system-on-chip or the encryption coprocessor, and the physical interface or logical interface for reading the root key is not exposed to the outside, so as to ensure the root key key security.
  • the electronic device encrypts the first personal data with the first key to obtain encrypted first personal data.
  • the electronic device establishes a second mapping relationship between the first user, the second privacy level, and the encrypted first personal data.
  • the second privacy level is the privacy level corresponding to the first personal data.
  • Each personal data corresponds to a privacy level, as shown in Table 2, if the first personal data is a phone number, then the second privacy level corresponding to the first personal data is medium risk.
  • the electronic device stores the second mapping relationship.
  • the embodiment of the present application in the process of storing personal data, not only encrypts the personal data, but also stores the privacy level and user identity corresponding to the personal data, so as to facilitate the reading of the personal data.
  • the personal data can be found through the identity of the user, and the privacy level corresponding to the personal data can be determined when the personal data is read.
  • FIG. 9 is a flowchart of another security interaction method provided by an embodiment of the present application.
  • the method shown in FIG. 9 is an extension of FIG. 2 , that is, the steps shown in FIG. 9 are further included on the basis of FIG. 2 .
  • the method shown in FIG. 9 includes the following steps S801 to S803.
  • the electronic device receives a third instruction sent by a user.
  • the third instruction is used to instruct the electronic device to configure the access authority of the user set to the personal data set, the personal data set includes at least one personal data of the first user, and the user set includes at least one user registered in the electronic device in advance.
  • the electronic device determines that the user identity of the user is the first user.
  • the electronic device configures the access authority of each user in the user set to each personal data in the personal data set.
  • the electronic device adds the access authority of each user in the user set to each personal data in the personal data set.
  • the user may send a third instruction to the electronic device.
  • the electronic device receives the third instruction from the user, the electronic device determines that the user's user identity is the first user, and the electronic device adds the second user in the user set to the first personal data and the second personal data in the personal data set. data access rights.
  • the second user has access rights to the first personal data and the second personal data of the first user.
  • the electronic device deletes the access authority of each user in the user set to each personal data in the personal data set
  • the user may send a third instruction to the electronic device.
  • the electronic device determines that the user's user identity is the first user, and the electronic device deletes the second user in the user set to the first personal data and the second personal data in the personal data set. data access rights.
  • the second user does not have access rights to the first personal data and the second personal data of the first user.
  • the first user can configure on the electronic device whether his personal data can be accessed by other registered users. If the first user allows other registered users to access his own personal data, then the first user can add the access rights of other registered users to his own personal data. If the first user does not allow other registered users to access his own personal data, the first user can delete the access rights of other registered users to his own personal data. Therefore, the embodiment of the present application can enable the first user to flexibly configure the access rights of other registered users to his own personal data.
  • FIG. 10 is a schematic diagram of an electronic device according to an embodiment of the present application.
  • the electronic device shown in Figure 10 includes the following modules:
  • the receiving module 11 is used to receive the first instruction issued by the user, the first instruction is used to instruct the electronic device to perform the first operation on the first personal data of the first user, and the first user is pre-registered on the electronic device. user.
  • the processing module 12 is used to determine the user identity of the user.
  • the operation authority of the first personal data is obtained, and the operation authority of the first personal data is used to indicate the identity of the user who is allowed to operate the first personal data. Whether to perform the first operation on the first personal data is determined according to the user identity of the user and the operation authority of the first personal data.
  • the apparatus embodiment described in FIG. 10 is only illustrative.
  • the division of modules is only a logical function division. In actual implementation, there may be other division methods.
  • multiple modules or components may be combined or integrated into Another system, or some features can be ignored, or not implemented.
  • Each functional module in each embodiment of the present application may be integrated into one processing module, or each module may exist physically alone, or two or more modules may be integrated into one module.
  • FIG. 11 is a schematic diagram of another electronic device provided in an embodiment of the present application.
  • the electronic device shown in Figure 11 includes the following modules:
  • the receiving module 21 is used for receiving the input of the user.
  • the receiving module 21 may specifically include components such as a touch screen, a microphone, a camera, and a sensor, wherein the touch screen is used to receive user's touch input, the microphone is used to receive user's voice input, and the camera is used to collect the user's face image.
  • the output module 22 is used to feed back the output to the user.
  • the output module 22 may specifically include a touch screen, a speaker, etc., wherein the touch screen is used for displaying output in the form of images, and the speaker is used for outputting in the form of sound.
  • the output module 22 may also include a vibration motor for providing haptic feedback.
  • the output module 22 may further include the limbs of the intelligent robot, and the limbs of the intelligent robot are used to provide motion feedback, such as tapping, stroking and hugging the user.
  • the user identity identification module 23 is used to identify the user identity.
  • the user identity recognition module 23 may include a face recognition system, a voiceprint recognition system, a fingerprint recognition system, a password system, and the like.
  • the user identification module 23 can perform a fusion determination on the results of the identification of the multiple identification systems through the fusion determination system, and finally determine the user's identity.
  • the face recognition system includes multiple functions such as face detection and analysis, facial features positioning, face search, face comparison, face verification, and liveness detection.
  • the voiceprint recognition system is a system that performs identification based on the characteristics of the speaker's voice.
  • the main tasks of the voiceprint recognition system include voice signal processing, voiceprint feature extraction, voiceprint modeling, voiceprint comparison, and discriminative decision-making.
  • the fingerprint identification system is to classify and compare the fingerprints of the identified users to identify the identity.
  • the fusion judgment system obtains the final identity judgment result by merging and judging the recognition results of the face recognition system, the voiceprint recognition system and the fingerprint recognition system.
  • the privacy level determination module 24 may determine the privacy level of the personal data according to the pre-established mapping relationship between the personal data and the privacy level.
  • the encryption and decryption module 25 includes functions in charge of key management, encrypted data and decrypted data.
  • the encryption algorithm used for encrypting data may specifically be an advanced encryption standard (AES).
  • the storage module 26 may store the user's personal data.
  • the application module 27 is used to provide the user with functions for daily use, including functions such as daily dialogue and chat, games, entertainment, learning, and reminders.
  • FIG. 12 is a schematic diagram of another electronic device provided by an embodiment of the present application.
  • the electronic device shown in FIG. 12 includes a processor 31 and a memory 32 .
  • the processor 31 is configured to execute the instructions stored in the memory 32, so that the electronic device performs the following operations: receiving a first instruction issued by the user, and the first instruction is used to instruct the electronic device to The first operation is performed on the first personal data of a user, and the first user is a user registered on the electronic device in advance. Determine the user's user identity. The operation authority of the first personal data is obtained, and the operation authority of the first personal data is used to indicate the identity of the user who is allowed to operate the first personal data. Whether to perform the first operation on the first personal data is determined according to the user identity of the user and the operation authority of the first personal data.
  • the processor 31 is one or more CPUs.
  • the CPU is a single-core CPU or a multi-core CPU.
  • the memory 32 includes, but is not limited to, random access memory (RAM), read only memory (Read only Memory, ROM), erasable programmable read-only memory (erasable programmable read-only memory, EPROM or flash memory) memory), flash memory, or optical memory, etc.
  • RAM random access memory
  • ROM read only memory
  • EPROM erasable programmable read-only memory
  • flash memory or optical memory, etc.
  • the code of the operating system is stored in the memory 32 .
  • the electronic device further includes a bus 33, and the above-mentioned processor 31 and the memory 32 are connected to each other through the bus 33, and may also be connected to each other in other ways.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Facsimiles In General (AREA)

Abstract

La présente invention concerne un procédé et un appareil d'interaction sécurisée. Le procédé est appliqué à un dispositif électronique. Le procédé comprend les étapes suivantes : le dispositif électronique reçoit une première instruction émise par un utilisateur (S101), la première instruction étant utilisée pour ordonner au dispositif électronique d'effectuer une première opération sur des premières données personnelles d'un premier utilisateur, et le premier utilisateur étant un utilisateur enregistré au préalable dans le dispositif électronique ; le dispositif électronique détermine une identité d'utilisateur de l'utilisateur (S102) ; le dispositif électronique obtient une autorisation de fonctionnement des premières données personnelles (S103), l'autorisation de fonctionnement des premières données personnelles étant utilisée pour indiquer que l'opération sur l'identité d'utilisateur des premières données personnelles est autorisée ; et le dispositif électronique détermine, en fonction de l'identité d'utilisateur de l'utilisateur et de l'autorisation de fonctionnement des premières données personnelles, s'il faut effectuer la première opération sur les premières données personnelles (S104). Le procédé d'interaction sécurisée peut assurer la confidentialité et la sécurité des données personnelles de chaque utilisateur.
PCT/CN2021/107491 2020-07-31 2021-07-21 Procédé et appareil d'interaction sécurisée WO2022022346A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010758901.2A CN111949956A (zh) 2020-07-31 2020-07-31 一种安全交互方法及装置
CN202010758901.2 2020-07-31

Publications (1)

Publication Number Publication Date
WO2022022346A1 true WO2022022346A1 (fr) 2022-02-03

Family

ID=73339873

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/107491 WO2022022346A1 (fr) 2020-07-31 2021-07-21 Procédé et appareil d'interaction sécurisée

Country Status (2)

Country Link
CN (1) CN111949956A (fr)
WO (1) WO2022022346A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111949956A (zh) * 2020-07-31 2020-11-17 华为技术有限公司 一种安全交互方法及装置
CN112966297B (zh) * 2021-02-04 2022-01-14 华为技术有限公司 数据保护方法、系统、介质及电子设备

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103130060A (zh) * 2011-11-22 2013-06-05 株式会社日立制作所 电梯的安全系统
CN105354960A (zh) * 2015-10-30 2016-02-24 夏翊 一种金融自助服务终端安全区域控制方法
US20180248888A1 (en) * 2017-02-28 2018-08-30 Fujitsu Limited Information processing apparatus and access control method
CN109166579A (zh) * 2018-09-04 2019-01-08 广州市果豆科技有限责任公司 一种结合人脸信息的语音控制方法及系统
CN109237736A (zh) * 2018-09-25 2019-01-18 珠海格力电器股份有限公司 一种家电设备的控制方法及家电设备
CN110895599A (zh) * 2018-09-12 2020-03-20 西门子(中国)有限公司 访问权限确定装置和访问权限确定方法
CN111949956A (zh) * 2020-07-31 2020-11-17 华为技术有限公司 一种安全交互方法及装置

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102930194A (zh) * 2012-09-20 2013-02-13 无锡华御信息技术有限公司 一种基于权限管控的数据安全操作系统及方法
CN105447422A (zh) * 2016-01-29 2016-03-30 广东欧珀移动通信有限公司 一种保护用户隐私的方法及终端
CN106778160A (zh) * 2016-11-28 2017-05-31 上海摩软通讯技术有限公司 数据项显示方法及装置
CN108334761B (zh) * 2017-01-20 2020-04-21 深圳大森智能科技有限公司 一种用户权限的识别方法与装置
CN109151161A (zh) * 2018-06-27 2019-01-04 Oppo广东移动通信有限公司 显示控制方法及相关产品
CN109165492B (zh) * 2018-08-02 2020-08-14 Oppo广东移动通信有限公司 设备控制方法、装置、存储介质及电子设备
CN109447789A (zh) * 2018-11-01 2019-03-08 北京得意音通技术有限责任公司 业务处理方法、装置、电子设备和存储介质
CN110889142B (zh) * 2019-12-20 2022-08-26 中国银行股份有限公司 一种数据权限管理方法、装置、系统及设备

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103130060A (zh) * 2011-11-22 2013-06-05 株式会社日立制作所 电梯的安全系统
CN105354960A (zh) * 2015-10-30 2016-02-24 夏翊 一种金融自助服务终端安全区域控制方法
US20180248888A1 (en) * 2017-02-28 2018-08-30 Fujitsu Limited Information processing apparatus and access control method
CN109166579A (zh) * 2018-09-04 2019-01-08 广州市果豆科技有限责任公司 一种结合人脸信息的语音控制方法及系统
CN110895599A (zh) * 2018-09-12 2020-03-20 西门子(中国)有限公司 访问权限确定装置和访问权限确定方法
CN109237736A (zh) * 2018-09-25 2019-01-18 珠海格力电器股份有限公司 一种家电设备的控制方法及家电设备
CN111949956A (zh) * 2020-07-31 2020-11-17 华为技术有限公司 一种安全交互方法及装置

Also Published As

Publication number Publication date
CN111949956A (zh) 2020-11-17

Similar Documents

Publication Publication Date Title
US11783018B2 (en) Biometric authentication
US8515139B1 (en) Facial feature detection
US9177130B2 (en) Facial feature detection
US10303964B1 (en) Systems and methods for high fidelity multi-modal out-of-band biometric authentication through vector-based multi-profile storage
CN108804884B (zh) 身份认证的方法、装置及计算机存储介质
US9547760B2 (en) Method and system for authenticating user of a mobile device via hybrid biometics information
US20170230363A1 (en) Method, computer program, and system for identifying multiple users based on their behavior
EP3321853B1 (fr) Réglage de seuil de similarité de reconnaissance faciale
US20150220772A1 (en) System and methods for contactless biometrics-based identification
US11030291B2 (en) Methods and systems for user authentication
WO2022022346A1 (fr) Procédé et appareil d'interaction sécurisée
CN111492357A (zh) 用于生物识别用户认证的系统和方法
KR102317598B1 (ko) 서버, 서버의 제어 방법 및 단말 장치
US10956548B2 (en) User authentication via emotion detection
KR102403471B1 (ko) 동형 암호화된 음성을 이용한 개인 식별 방법 및 시스템
Debnath et al. Multimodal authentication system based on audio-visual data: a review
Subha Biometrics in internet of things (iot) security
Wells et al. Privacy and biometrics for smart healthcare systems: attacks, and techniques
CN109614804B (zh) 一种双模态生物特征加密方法、设备及存储设备
US20180373922A1 (en) Facial gesture captcha
CN107431714A (zh) 控制经由用户设备在资源的控制点处对资源功能的访问
US20160226866A1 (en) Authentication using individual's inherent expression as secondary signature
KR102502686B1 (ko) 화자 인증 및 안면 인증을 이용하여 비대면 본인 인증을 수행하는 전자 장치 및 서버를 포함하는 시스템의 제어 방법
CN111125742A (zh) 文件管理方法、智能终端以及具有存储功能的装置
US12014740B2 (en) Systems and methods for contactless authentication using voice recognition

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21849507

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21849507

Country of ref document: EP

Kind code of ref document: A1