WO2022193116A1 - 鉴权方法、装置及存储介质 - Google Patents
鉴权方法、装置及存储介质 Download PDFInfo
- Publication number
- WO2022193116A1 WO2022193116A1 PCT/CN2021/080994 CN2021080994W WO2022193116A1 WO 2022193116 A1 WO2022193116 A1 WO 2022193116A1 CN 2021080994 W CN2021080994 W CN 2021080994W WO 2022193116 A1 WO2022193116 A1 WO 2022193116A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- user
- smart device
- mode
- information
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 284
- 238000013507 mapping Methods 0.000 claims description 28
- 230000015654 memory Effects 0.000 claims description 23
- 238000012545 processing Methods 0.000 claims description 13
- 230000004913 activation Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 10
- 230000004044 response Effects 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 8
- 230000006399 behavior Effects 0.000 description 15
- 238000012795 verification Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 10
- 230000000737 periodic effect Effects 0.000 description 8
- 230000007613 environmental effect Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 230000000007 visual effect Effects 0.000 description 6
- 230000001815 facial effect Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000013475 authorization Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 4
- 238000001514 detection method Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000003203 everyday effect Effects 0.000 description 3
- 238000005259 measurement Methods 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 230000003044 adaptive effect Effects 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 2
- 238000005286 illumination Methods 0.000 description 2
- 238000007619 statistical method Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000004378 air conditioning Methods 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000002996 emotional effect Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000002650 habitual effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
- B60R25/24—Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
- B60R25/245—Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user where the antenna reception area plays a role
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
- B60R25/24—Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/26—Power supply means, e.g. regulation thereof
- G06F1/32—Means for saving power
- G06F1/3203—Power management, i.e. event-based initiation of a power-saving mode
- G06F1/3206—Monitoring of events, devices or parameters that trigger a change in power modality
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
- B60R25/25—Means to switch the anti-theft system on or off using biometry
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2135—Metering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2139—Recurrent verification
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C2209/00—Indexing scheme relating to groups G07C9/00 - G07C9/38
- G07C2209/60—Indexing scheme relating to groups G07C9/00174 - G07C9/00944
- G07C2209/63—Comprising locating means for detecting the position of the data carrier, i.e. within the vehicle or within a certain distance from the vehicle
Definitions
- the present application relates to the field of authentication, and in particular, to an authentication method, device and storage medium.
- Smart devices include automobiles, smart home products, mobile phones, computers and other devices.
- a smart device is taken as an example of a car.
- the authentication methods of the car include Bluetooth, wireless fidelity (WiFi), fingerprint, iris, etc., and excessive authentication power consumption will affect the usable time of the smart device. It will also reduce the user experience. Therefore, how to realize low-power authentication of smart devices is a problem worthy of study.
- Embodiments of the present application provide an authentication method, an apparatus, and a storage medium.
- the estimated information may include the estimated time of occurrence of the authentication operation, the probability of occurrence and the authentication method used for the authentication operation.
- the estimated information pre-starts the hardware resources related to the smart device, which effectively reduces the authentication power consumption.
- an embodiment of the present application provides an authentication method, which is applied to a smart device, including:
- the authentication environment information determine the estimated information of the authentication operation of the smart device according to the authentication environment information and the historical authentication data, wherein the estimated information includes the first time, the probability of occurrence and the first time used for the authentication operation.
- An authentication method the first time is the estimated occurrence time of the authentication operation, and the occurrence probability is the estimated occurrence probability of the authentication operation; when the occurrence probability is greater than the probability threshold, at the first time or before the first time , and start the hardware resources of the smart device required for the authentication operation using the first authentication mode.
- the authentication method in the embodiment of the present application obtains the authentication environment information, and then uses the authentication environment information and historical authentication data to determine the estimated information of the authentication operation of the smart device.
- the estimated information includes the first time, the probability of occurrence, and the first authentication method used for the authentication operation. When the probability of occurrence is greater than the probability threshold, at the first time or before the first time, start using the first authentication method.
- the authentication mode refers to the hardware resources of the smart device required for the authentication operation.
- the authentication method of the embodiment of the present application can effectively reduce the authentication power consumption of the smart device and improve the user experience by pre-starting the hardware resources corresponding to the smart device by estimating the relevant information of the authentication operation.
- the authentication environment information includes one or more of time information, location information of the smart device, internal or external environment information of the smart device, and status information of the authentication user subject.
- Historical authentication data includes one or more of the following data: authentication user ID, authentication method, authentication time, authentication location, attributes of services associated with the authentication operation, number of authentication failures, and corresponding authentication time.
- the internal or external environment information of the smart device wherein, the attributes of the services with the same authentication security level and the same service type are the same.
- the first time may be periodic or aperiodic, and specifically, the first time may be a time point or a time period (ie, a time period).
- the method further includes: when the user triggers an authentication operation, using a first authentication manner to authenticate the identity of the user.
- the first authentication mode is used to authenticate the user's identity.
- the method further includes:
- the identity of the user is authenticated using the first authentication method, which specifically includes:
- the identity of the user is authenticated according to the authentication threshold corresponding to the first authentication manner.
- the authentication method in the embodiment of the present application further utilizes the authentication environment information and historical authentication data to determine an authentication threshold corresponding to the first authentication method, and the authentication threshold includes multiple thresholds, such as an authentication threshold and an alarm threshold, To carry out the authentication operation according to the authentication threshold; the authentication threshold is the threshold for judging whether the identity authentication passes or not in the first authentication mode, and the alarm threshold is the authentication operation for judging the user in the first authentication mode The relevant threshold for whether to trigger the alert action.
- determining the authentication threshold corresponding to the first authentication mode according to the authentication environment information and the historical authentication data includes: determining the first authentication mode according to the authentication environment information and the historical authentication data The corresponding risk level; the authentication threshold corresponding to the first authentication mode is determined according to the risk level.
- the risk level corresponding to the first authentication method is determined by using the authentication environment information and historical authentication data, and then the authentication threshold corresponding to the first authentication method is determined according to the risk level; the risk level
- the risk level The higher the authentication threshold, the higher the authentication requirement reflected by the authentication threshold, so that the authentication requirement matches the authentication environment information, which can not only ensure the authentication security, but also improve the user's authentication experience.
- the larger the alarm threshold is the higher the requirement is, the higher the risk level is, and the larger the alarm threshold is; on the contrary, the smaller the alarm threshold is, the higher the requirement is, the higher the risk level is, and the smaller the alarm threshold is. .
- the method further includes: acquiring the number of authentication failures of the user; and adjusting the authentication threshold when the user's identity is authenticated by the first authentication method according to the number of authentication failures.
- the authentication threshold value during authentication is adjusted in time according to the user's authentication operation data (such as the number of authentication failures) to ensure authentication security.
- the method before using the first authentication method to authenticate the identity of the user, the method further includes: acquiring authentication environment information corresponding to the triggering moment when the user triggers the authentication operation; The authorization environment information is used to adjust the authentication threshold when the user's identity is authenticated by the first authentication method.
- the authentication environment information at the trigger time corresponding to the authentication trigger operation is obtained, and the first authentication method is adjusted according to the authentication environment information corresponding to the trigger time.
- the authentication threshold when the user's identity is authenticated so that the authentication threshold matches the current authentication environment information, which improves the security of authentication and guarantees the user experience.
- the first time includes a time period, and when the occurrence probability is greater than the probability threshold, within the time period, the hardware resources of the smart device required for the authentication operation using the first authentication mode are started.
- the time period is a periodic or non-periodic time period.
- the authentication method of the embodiment of the present application only activates hardware resources within the time period, which can effectively reduce the number of authentication Requires power consumption, prolongs the standby time of smart devices, and improves user experience.
- acquiring the authentication environment information specifically includes: determining an authentication period according to historical authentication data of the smart device; and acquiring the authentication environment information according to the authentication period.
- the historical authentication data is used to determine the time regularity of the authentication operation performed by the smart device, and the authentication period is obtained.
- the step of obtaining the authentication environment information is performed to perform the estimation information that determines the authentication operation of the smart device, which is different from obtaining the authentication in real time. Environment information, the present application can further help reduce the power consumption of the smart device by determining the authentication period to obtain the authentication environment information regularly.
- the estimated information further includes first user information, and the user indicated by the first user information is the predicted user who triggers the authentication operation; the method further includes: when the occurrence probability is greater than the probability threshold, in the first At or before the first time, the smart device is adjusted according to the user's historical usage data indicated by the first user information.
- the smart device when the probability of the authentication operation is greater than the probability threshold, the smart device will also be adjusted according to the user's historical usage data indicated by the first user information at the first time or before the first time, so that the smart device The device is in a state that is frequently used by the user indicated by the first user information, and is highly intelligent, which helps reduce the operations required by the user and improves the user experience.
- determining the first authentication mode in the estimated information according to the authentication environment information and the historical authentication data including: determining the authentication of the smart device according to the authentication environment information and the historical authentication data The authentication mode with the highest authentication priority of the operation is used as the first authentication mode.
- the authentication mode when estimating the authentication modes of the authentication operation, at least two authentication modes with different priorities will be determined, and the authentication mode with the highest priority among the at least two authentication modes will be used as the first authentication mode.
- the authentication mode is matched with the authentication environment information to determine a first authentication mode, so as to realize the self-adaptive dynamic selection of the authentication mode.
- the method before starting the hardware resource, further includes: acquiring a first distance between the smart device and the authenticated user; determining a second authentication method corresponding to the first distance according to the first distance and the mapping relationship , the mapping relationship is the corresponding relationship between the authentication mode and the distance; when the second authentication mode is different from the first authentication mode, the first authentication mode is updated to be the second authentication mode.
- the first authentication mode is adaptively adjusted according to the first distance by acquiring the first distance between the user and the smart device, and the degree of intelligence is high. Effectively improve the user's smart device experience.
- the method further includes: acquiring a second distance between the smart device and the authenticated user; determining the second distance according to the second distance and the mapping relationship The corresponding second authentication mode, the mapping relationship is the corresponding relationship between the authentication mode and the distance; when the third authentication mode is different from the first authentication mode, close the hardware resources of the smart device required by the first authentication mode , and start the hardware resources of the smart device required by the third authentication method.
- the user's identity is modified according to the second distance by continuing to obtain the second distance between the user and the smart device.
- the adopted authentication mode realizes real-time change of the authentication mode according to the second distance, adaptive transformation, reduces the operations required by the user, and improves the user experience.
- the authentication method further includes:
- the hardware resources of the smart device required for the authentication operation using the fourth authentication mode are activated.
- the embodiments of the present application in addition to the above-mentioned startup method of automatically pre-starting hardware resources by the smart device, the embodiments of the present application also provide a method of starting relevant hardware resources in response to a user's startup operation, so as to satisfy authentication in different scenarios need.
- the authentication method further includes:
- the hardware resources of the smart device required for the authentication operation using the fifth authentication mode are activated.
- the embodiment of the present application also provides a fifth authentication method to be adopted by detecting the state information of the smart device and/or the user, and matching the state information with the preset state information, And start the hardware resources of the smart device required for the authentication operation using the fifth authentication method, so as to start the relevant hardware resources through automatic detection, reduce the operations required by the user, and improve the user's authentication experience.
- an embodiment of the present application provides an authentication device, which is applied to a smart device, including:
- the determining unit is used to determine the estimated information of the authentication operation of the smart device according to the authentication environment information and the historical authentication data, and the estimated information includes the first time, the probability of occurrence and the first authentication adopted for the authentication operation. mode, the first time is the estimated occurrence time of the authentication operation, and the occurrence probability is the estimated occurrence probability of the authentication operation;
- the starting unit is configured to start the hardware resources of the smart device required for the authentication operation by adopting the first authentication mode at the first time or before the first time when the occurrence probability is greater than the probability threshold.
- the authentication device in the embodiment of the present application pre-starts the hardware resources corresponding to the smart device by estimating the relevant information of the authentication operation, which can effectively reduce the authentication power consumption of the smart device and improve the user experience.
- the authentication device further includes:
- the authentication unit is configured to use the first authentication mode to authenticate the identity of the user when the user triggers an authentication operation.
- the determining unit is further used for:
- Authentication unit specifically used for:
- the identity of the user is authenticated according to the authentication threshold corresponding to the first authentication manner.
- the determining unit is specifically used for:
- the risk level corresponding to the first authentication mode is determined according to the authentication environment information and historical authentication data; the authentication threshold corresponding to the first authentication mode is determined according to the risk level.
- the obtaining unit is further configured to obtain the number of authentication failures of the user
- the authentication device also includes:
- the adjustment unit is configured to adjust the authentication threshold when the user's identity is authenticated by the first authentication method according to the number of authentication failures.
- the authentication unit before the authentication unit uses the first authentication method to authenticate the identity of the user, uses the first authentication method to authenticate the identity of the user,
- the obtaining unit is further configured to obtain the authentication environment information corresponding to the triggering moment when the user triggers the authentication operation;
- the authentication device also includes:
- the adjusting unit is configured to adjust the authentication threshold when the user's identity is authenticated by the first authentication method according to the authentication environment information corresponding to the triggering time.
- the first time includes a time period
- the activation unit is specifically used for:
- the hardware resources of the smart device required for the authentication operation using the first authentication mode are started.
- the obtaining unit is specifically used for:
- the authentication period is determined according to the historical authentication data of the smart device; the authentication environment information is obtained according to the authentication period.
- the estimated information further includes first user information, and the user indicated by the first user information is the predicted user who triggers the authentication operation;
- the authentication device also includes:
- the adjustment unit is configured to adjust the smart device according to the user's historical usage data indicated by the first user information at the first time or before the first time when the occurrence probability is greater than the probability threshold.
- the determining unit in terms of determining the first authentication mode in the estimated information of the authentication operation of the smart device according to the authentication environment information and the historical authentication data, is specifically used for:
- the authentication mode with the highest authentication priority of the authentication operation of the smart device is determined as the first authentication mode.
- an acquisition unit also used to acquire the first distance between the smart device and the authenticated user
- the determining unit is also used to determine the second authentication mode corresponding to the first distance according to the first distance and the mapping relationship, and the mapping relationship is the corresponding relationship between the authentication mode and the distance;
- the authentication device also includes:
- the processing unit is configured to update the first authentication mode to the second authentication mode when the second authentication mode is different from the first authentication mode.
- the starting unit starts the hardware resource, before the authentication device detects that the user triggers the authentication operation,
- an acquisition unit also used to acquire the second distance between the smart device and the authenticated user
- the determining unit is also used to determine the third authentication mode corresponding to the second distance according to the second distance and the mapping relationship, and the mapping relationship is the corresponding relationship between the authentication mode and the distance;
- the authentication device also includes:
- the processing unit is configured to close the hardware resources of the smart device required by the first authentication mode and activate the hardware resources of the smart device required by the third authentication mode when the third authentication mode is different from the first authentication mode.
- the authentication environment information includes one or more of time information, location information of the smart device, internal or external environment information of the smart device, and status information of the authentication user subject.
- Historical authentication data includes one or more of the following data: authentication user ID, authentication method, authentication time, authentication location, attributes of services associated with the authentication operation, number of authentication failures, and corresponding authentication time.
- the internal or external environment information of the smart device wherein, the attributes of the services with the same authentication security level and the same service type are the same.
- the activation unit is also used to:
- the hardware resources of the smart device required for the authentication operation using the fourth authentication mode are activated.
- the acquiring unit is further used for:
- the hardware resources of the smart device required for the authentication operation using the fifth authentication mode are activated.
- an embodiment of the present application provides a chip system, the chip system includes at least one processor, a memory, and an interface circuit, and the memory, the interface circuit, and the at least one processor are interconnected by lines, and the Instructions are stored in at least one memory; when the instructions are executed by the processor, the method of the first aspect is implemented.
- embodiments of the present application provide a smart device, including a processor, a memory, and a communication interface, wherein one or more programs are stored in the memory and configured to be executed by the processor, the The program includes instructions for performing the steps in the method of the first aspect.
- an embodiment of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and the computer program is executed by a processor to implement the method according to the first aspect.
- an embodiment of the present application provides a computer program product, where the computer program product includes instructions that, when executed on a computer, cause the computer to execute the authentication method described in the first aspect.
- estimated information of an authentication operation of a smart device is first determined, and the estimated information includes the estimated occurrence time, occurrence time and occurrence of an authentication operation of a smart device.
- the probability and the authentication method used for the authentication operation in this way, the hardware resources related to the smart device can be pre-started according to the estimated information, and the hardware resources can be opened in a timely manner, which can effectively reduce the authentication power consumption and improve the user's use of smart devices. experience.
- FIG. 1 is a schematic diagram of a scenario of an authentication method provided by an embodiment of the present application.
- FIG. 2 is a schematic flowchart of an authentication method provided by an embodiment of the present application.
- Fig. 3 is a specific flowchart of an authentication method provided by an embodiment of the present application.
- FIG. 4 is a block diagram of functional unit composition of an authentication device provided in an embodiment of the present application.
- FIG. 5 is a schematic structural diagram of a smart device according to an embodiment of the present application.
- FIG. 6 is a schematic diagram of a specific structure of a smart device provided by an embodiment of the present application.
- FIG. 7 is a schematic diagram of function division of a smart device according to an embodiment of the present application.
- an embodiment of the present application provides an authentication method applied to a smart device, where the smart device includes a smart device or a chip, and the method can be executed by the smart device, or can be performed by an authentication device (such as a chip) provided in the smart device ) to execute.
- the authentication device is set on a smart device
- the smart device may be a device that requires human-computer interaction, such as a vehicle, a smart robot, a smart home product, a mobile phone, a computer, and a smart wearable device.
- the smart home product includes a speaker. , refrigerators, access control, air conditioners, TVs, projectors, printers, etc.
- Computers include laptops, desktop computers, tablet computers, etc.
- smart wearable devices include smart watches, headphones, sports bracelets, etc.
- the types of smart devices are not limited, and may include but are not limited to examples. This technology can be used in scenarios where user identity authentication is required to implement differentiated service provision and authority control. .
- FIG. 1 is a schematic diagram of a scenario of an authentication method provided by an embodiment of the present application.
- the smart device as the vehicle 101 as an example, assuming that the authentication device is set on the vehicle 101, when the authentication device executes the authentication method, the authentication environment information of the vehicle 101 can be obtained first, and then the authentication environment information and the vehicle can be used.
- the historical authentication data of 101 is processed to determine the estimated information of the authentication operation of the smart device, and the estimated information includes the first time, the probability of occurrence and the first authentication method used for the authentication operation, wherein the first The time is the estimated occurrence time of the authentication operation, and the occurrence probability is the estimated occurrence probability of the authentication operation; when the occurrence probability is greater than the probability threshold, at the first time or before the first time, start using the first authentication operation in advance.
- the hardware resources of the smart device required for the authentication operation in the authorization mode.
- the authentication power consumption of the smart device can be effectively reduced, and the user experience can be improved; in addition, before the user 102 triggers the authentication, the relevant The user does not need to choose an authentication method, which can effectively reduce the user's authentication interaction and improve the user's vehicle experience.
- FIG. 2 is a schematic flowchart of an authentication method provided by an embodiment of the present application; the authentication method includes the following steps:
- the authentication environment information refers to one or more influencing parameter information that can be used to determine the authentication method of the smart device.
- the authentication environment information includes time information, location information of the smart device, internal or external information of the smart device.
- the external environment information of the smart device refers to the specific information that affects the selection of the authentication method and the environment of the smart device, such as the smart device Information about the wireless environment, lighting conditions, and noise conditions of the environment.
- the status information of the authentication user subject refers to the relevant information of the authenticated user that affects the selection of the authentication method, such as the location of the authenticated user, facial features, voice features, and the user's activity status.
- the types of authentication environment information and the like are not limited, which may include but are not limited to examples.
- the geofencing technology can be used to determine the location information of the smart device, for example, the location information of the smart device is determined based on the Global Positioning System (Global Positioning System, GPS), or the location information of the smart device can be determined based on the wireless positioning technology, such as based on One or more of wireless local area network (Wireless Local Area Network, WLAN), Bluetooth, ZigBee (ZigBee), ultra-wideband (Ultra Wide Band, UWB), etc. to determine the location information of the smart device;
- the location information of the device, etc.; in the embodiments of the present application, the specific method for acquiring the location information of the smart device is not limited, which may include but not limited to examples.
- the estimated information of the authentication operation of the smart device includes the first time, the probability of occurrence, and the first authentication method used for the authentication operation, the first A time is the estimated occurrence time of the authentication operation, and the occurrence probability is the estimated occurrence probability of the authentication operation;
- the historical authentication data includes one or more of the following data (multiple refers to two or more): authentication user identifier (identifier, ID), authentication method, authentication time, authentication location, authentication Intrinsic or external environment information of the smart device corresponding to the attributes of the operations associated with the operation, the number of authentication failures, and the authentication time, wherein the attributes of the services with the same authentication security level and the same service type are the same.
- authentication user identifier identifier, ID
- authentication method authentication time
- authentication location authentication Intrinsic or external environment information of the smart device corresponding to the attributes of the operations associated with the operation, the number of authentication failures, and the authentication time, wherein the attributes of the services with the same authentication security level and the same service type are the same.
- authentication data includes one or more of the following data (multiple refers to two or more): authentication user identifier (identifier, ID), authentication method, authentication time, authentication location, authentication Intrinsic or external environment information of the smart device corresponding to the attributes of the operations associated with the operation,
- the first time may be periodic or non-periodic, and specifically, the first time may be a time point or a time period (ie, a time period), for example, the first time is 8:00 in the morning every day, or 9:00 in the evening every day point, or 0:00 on the 1st of each month; the first time is 8:00-9:00 every morning, or 9:00-10:00 every night, or 6:00-7:00 on the 1st of each month.
- the estimated information of the authentication operation of the smart device is determined through the dynamic identity authentication model and the obtained authentication environment information.
- the dynamic identity authentication model is obtained by pre-training with historical authentication data, and a specific example will be given below to illustrate the training process of the dynamic identity authentication model, which will not be described here.
- the hardware resources of the smart device required for the authentication operation using the first authentication method are activated, wherein the probability threshold may be Set according to the actual situation, which is not particularly limited here.
- the authentication method in the embodiment of the present application obtains the authentication environment information, and then uses the authentication environment information and historical authentication data to determine the estimated information of the authentication operation of the smart device. Pre-starting the hardware resources related to the smart device based on the estimation information can effectively reduce the authentication power consumption of the smart device and improve the user experience.
- the identity authentication scheme between the authentication user and the smart device the authentication scheme for the same service (one or more authentication methods, multiple authentication methods such as voiceprint recognition and face recognition Recognition, when the number of voiceprint recognition failures reaches a certain value, it enters face recognition, that is, the execution order of multiple authentication methods is predetermined) is fixed, and no differentiated authentication scheme is made based on the scene, resulting in The user experience is not good; and there are security loopholes, and security problems are prominent.
- information estimation is performed on the authentication operation based on the authentication environment information, so as to determine a first authentication mode of the authentication operation, and different first authentication modes are dynamically determined based on the scene change, that is,
- the authentication power consumption of the smart device can be reduced, the authentication interaction operation required by the user can be reduced, the user experience can be enhanced, and the authentication security can be guaranteed.
- the state of the authentication user subject has no influence on the determination of the authentication method, resulting in that the determined authentication method is inconvenient for the authentication user to perform the authentication operation.
- the authentication method is fingerprint recognition
- the user cannot easily complete the authentication operation at this time, and the user's authentication experience is low.
- the authentication user wears sunglasses or a mask
- the authentication method at this time is face recognition or voiceprint recognition
- the sunglasses will block part of the face, and the mask will reduce the user's volume, etc., not only will As a result, the authentication accuracy is low, and the user needs to remove the sunglasses or mask, which is very inconvenient.
- the obtained authentication environment information includes the state information of the authentication user subject, it is possible to determine the recommended first authentication mode according to the state of the authenticated user, so that the first authentication mode is more efficient. It is suitable for the operation of authenticating users and effectively improves the user experience.
- the smart device has at least two authentication methods, including visual recognition, acoustic recognition, Bluetooth authentication, two-dimensional code scanning, password and other authentication methods, and visual recognition includes face recognition, iris Recognition, etc.
- the acoustic recognition can be voiceprint recognition.
- Bluetooth key verification When the Bluetooth key is matched, the owner account verification is passed.
- Voiceprint verification The user calls "Xiaobai to open the door" outside the car, and based on the matching degree of the voiceprint, the relevant permissions are given to the vehicle, such as opening the door, the driving authority of the vehicle, and the personalized setting of the vehicle.
- Face static recognition verification After the user enters the car, the face recognition is activated, and if the face recognition passes, the user will be granted the driving authority of the vehicle.
- Face dynamic recognition verification After the face user passes the face dynamic recognition, the payment permission will be activated.
- QR code verification The user scans the QR code with the mobile phone to confirm the user's identity.
- Login password verification use the user account and password to verify the user account login.
- different authentication methods involve different hardware resources of smart devices, such as cameras, microphones, Bluetooth modules, etc.
- cameras correspond to authentication methods such as visual recognition and QR codes
- microphones correspond to authentication methods such as acoustic recognition
- the Bluetooth module corresponds to authentication methods such as Bluetooth authentication.
- the authentication method further includes:
- the identity of the user is authenticated by adopting the first authentication method.
- the estimated information of the authentication operation of the smart device is obtained by using the authentication environment information, and then the hardware resources of the smart device corresponding to the first authentication method are pre-started according to the estimated information, so as to detect the
- the first authentication mode is used to authenticate the user's identity, so as to ensure normal user authentication and save the authentication power consumption of the smart device.
- the authentication triggering operation may be a voice triggering operation, a specific instruction triggering operation, or the like.
- the voice trigger operation may include voice control of the vehicle to open the door, play music, etc., such as "Xiaobai opens the door", and the identity authentication is triggered when the command voice is received.
- the specific instruction may include a payment instruction, an instruction to start the vehicle, a Bluetooth control instruction, an account login instruction, etc.
- identity authentication is triggered.
- the command to start the vehicle may be generated by pressing a start button on the vehicle, for example, face recognition is activated when a command to start the vehicle is received.
- the Bluetooth control commands include unlocking, locking, window raising, window lowering, opening and closing the trunk, and car search. After the user enters the account password, click the login button to generate an account login instruction, and perform identity authentication according to the account login instruction.
- step 201 specifically includes:
- the authentication period is determined according to the historical authentication data of the smart device; the authentication environment information is obtained according to the authentication period.
- the time rule of the smart device performing the authentication operation is determined by using the historical authentication data of a certain period or all of the smart device to obtain the authentication period.
- the step of obtaining the authentication environment information is performed to perform the estimation information that determines the authentication operation of the smart device, which is different from obtaining the authentication in real time.
- Environment information the present application can further help reduce the power consumption of the smart device by determining the high-frequency authentication period so as to obtain the authentication environment information regularly according to the authentication period.
- the specific execution rules for obtaining the authentication environment information according to the authentication period can be set according to actual needs, for example, executing the obtaining of the authentication environment information during the authentication period, or executing the obtaining of the authentication environment information for a period of time before the authentication period , or obtain the authentication environment information for a period of time after the authentication period.
- the specific time length of the above period of time can be set according to the actual situation, such as 30 seconds, 1 minute, 5 minutes, 10 minutes, etc.
- the authentication time rule of the vehicle is determined, for example, every Monday at 7:30 in the morning, There will be an authentication operation at 6:30 pm. Therefore, it can be determined that the authentication period is 7:30 am every Monday and 6:30 pm every Monday.
- the authentication environment information will be obtained once every Monday at 7:25 am and every Monday at 6:25 pm. The authentication environment information is subjected to subsequent processing to obtain estimated information.
- the first authentication method in the estimated information is determined according to the authentication environment information and historical authentication data, including:
- the authentication mode with the highest authentication priority of the authentication operation of the smart device is determined as the first authentication mode.
- a first authentication mode with the highest authentication priority will be determined by matching the authentication environment information, so as to realize the adaptive and dynamic selection of the authentication mode.
- the smart device has K authentication modes, where K is a positive integer.
- K is a positive integer.
- the first authentication mode at least two authentication modes with different priorities of the authentication operation can be determined in advance. For example, each time the first authentication mode of the authentication operation is estimated, different priorities are obtained first. Sequential 2 authentication methods, 3 authentication methods or K authentication methods.
- the priority level indicates the recommendation level of the authentication method in the authentication environment corresponding to the authentication environment information. The higher the priority level, the higher the recommendation level. Then, from the 2 authentication methods, the 3 authentication methods, or the K authentication methods, an authentication method with the highest authentication priority is determined as the first authentication method.
- the authentication method further includes:
- An authentication threshold corresponding to the first authentication mode is determined according to the authentication environment information and historical authentication data.
- the authentication method in the embodiment of the present application further utilizes the authentication environment information and historical authentication data to determine the authentication threshold corresponding to the first authentication method, so as to authenticate the user according to the authentication threshold.
- the value/measurement value of the authentication object is within a certain range of the authentication threshold, it is considered that the user authentication has passed. For example, when the value/measurement value of the authentication object is less than or equal to the authentication threshold, it is considered that the user authentication has passed; or, when the value/measurement value of the authentication object is greater than the authentication threshold, it is considered that the user authentication has passed.
- the authentication threshold may include one or more of the following thresholds, including an authentication threshold and an alarm threshold.
- the authentication threshold is a threshold used to determine whether the identity authentication passes or not in the first authentication method, and the alarm threshold It is a relevant threshold for judging whether the user's authentication operation triggers an alarm operation in the first authentication mode.
- the authentication threshold can be the face matching degree threshold, such as 98% or 99%, when the face of the authenticated user is pre-stored with the smart device
- the face matching degree calculated from the face of the legal user or the face-related information is greater than or equal to the face matching degree threshold
- the authenticated user passes face recognition.
- the face recognition authentication method is also provided with a related alarm mechanism. For example, when the number of face recognition failures is greater than a certain number of times, the alarm module of the smart device is activated, such as sound and light alarm; wherein, the certain number of times is the alarm threshold. , for example, can be set to 3 times, 4 times, or 5 times, etc.
- the authentication threshold corresponding to the first authentication method is determined by using the authentication environment information and historical authentication data, so that the authentication threshold changes with the authentication environment information, which can not only ensure the authentication security, but also ensure the authentication security. It ensures the user's authentication experience, and avoids that the authentication process is not smooth due to the fixed authentication threshold, and the authentication takes too long, which affects the user experience.
- the authentication threshold corresponding to the first authentication method is determined according to the authentication environment information and historical authentication data, which specifically includes:
- the risk level corresponding to the first authentication mode is determined according to the authentication environment information and historical authentication data; the authentication threshold corresponding to the first authentication mode is determined according to the risk level.
- the risk level corresponding to the first authentication method is determined by using the authentication environment information and historical authentication data, and then the authentication threshold corresponding to the first authentication method is determined according to the risk level; the risk level
- the risk level The higher the authentication threshold, the higher the authentication requirement, so that the authentication requirement matches the authentication environment information, which can not only ensure the authentication security, but also improve the user's authentication experience.
- the larger the alarm threshold is the higher the requirement is, the higher the risk level is, and the larger the alarm threshold is; on the contrary, the smaller the alarm threshold is, the higher the requirement is, the higher the risk level is, and the smaller the alarm threshold is. .
- the risk level may be three levels of high, medium and low, and the specific type of the risk level is not particularly limited, and may include but not limited to examples.
- the authentication thresholds corresponding to different risk levels are different, and it is assumed that the level is the default authentication threshold of the authentication method.
- the authentication threshold of face recognition such as The threshold of face matching degree is increased from 98% to 99%, and the alarm threshold needs to be lowered, for example, the alarm threshold of the number of face recognition failures is lowered from 4 to 3 times.
- the authentication threshold of face recognition needs to be lowered, such as reducing the face matching degree threshold from 98%. It is as small as 97%, and the alarm threshold needs to be increased, for example, the alarm threshold of the number of failed face recognition is increased from 4 to 5.
- the time point may be periodic or aperiodic, according to the time point
- the time point may be periodic or aperiodic, according to the time point
- the hardware resources of the smart device required for the authentication operation using the first authentication method can be started at this time point, and in addition, the hardware resources can be set to start a ( The size of a can be adjusted freely, such as 1 minute, 5 minutes, 10 minutes, etc.) automatically shut down hardware resources after time.
- the smart device required for the authentication operation using the first authentication method can be started at the time b before the time point (the size of b can be adjusted freely, such as 1 minute, 2 minutes, 3 minutes, etc.)
- the hardware resources likewise, can be set to automatically close the hardware resources after a time when the hardware resources are started. By setting the hardware resource to be automatically turned off after the hardware resource corresponding to the first authentication mode is activated for a time, the power of the smart device can be saved and the standby time of the smart device can be prolonged.
- the first time includes a time period, and when the occurrence probability is greater than the probability threshold, within the time period, the hardware resources of the smart device required for the authentication operation using the first authentication mode are started.
- the time period is a periodic or aperiodic time period, which is different from the full-time standby authentication scheme.
- the authentication method of the embodiment only starts the hardware resources within the time period, which can effectively reduce the power consumption required for authentication, prolong the standby time of the smart device, and improve the user experience.
- the hardware resources of the smart device In this way, the time when the hardware resources are in the starting state is from the time c to the end of the time period. For example, if the time period is 8:00-9:00 am every day, and c is 1 minute, then the hardware resources It is activated every morning from 7:59-9:00.
- the estimated information further includes first user information, and the user indicated by the first user information is the predicted user who triggers the authentication operation; the authentication method further includes:
- the smart device When the occurrence probability is greater than the probability threshold, at or before the first time, the smart device is adjusted according to the user's historical usage data indicated by the first user information.
- the smart device when the occurrence probability of the authentication operation is greater than the probability threshold, the smart device will also be adjusted according to the user's historical usage data indicated by the first user information at the first time or before the first time, so that the smart device is in the first
- the user's frequently used state indicated by the user information is highly intelligent, which helps reduce the operations that the user needs to perform and improves the user experience.
- the historical usage data is related data when a logged-in user uses a smart device.
- the historical usage data includes the height and angle of the vehicle seat, the temperature and usage time of the air conditioner, the volume of music playing, The opening of various software, etc. Perform statistical analysis and processing according to the user's historical usage data to obtain the user's habit data, and adjust the smart device in advance according to the habit data at or before the first time.
- the user's habit data is obtained by analyzing the historical usage data of the user indicated by the first user information
- the air conditioner is 23 degrees
- the seat angle is 100 degrees
- the seat height is 30 millimeters (mm)
- the navigation is turned on.
- Software, etc. at the first time or before the first time, adjust the air conditioning temperature of the vehicle to 23 degrees according to the habitual parameters, adjust the height of the vehicle seat to 30mm and the angle to 100 degrees, and start the navigation software.
- the authentication method further includes:
- the user's authentication operation data (such as the number of authentication failures) is counted, and the authentication of the first authentication method when the user's identity is authenticated is adjusted in time according to the number of authentication failures. Threshold, so that the authentication threshold can be changed according to the user's authentication operation, and further enhance the security of authentication.
- the authentication method before using the first authentication method to authenticate the identity of the user, the authentication method further includes:
- the authentication environment information at the trigger time corresponding to the authentication trigger operation is obtained, and before performing the authentication comparison, the authentication environment information corresponding to the trigger time is obtained.
- the authorization environment information adjusts the authentication threshold when the user's identity is authenticated by the first authentication method, so that the authentication threshold matches the current authentication environment information, which improves authentication security and guarantees user experience.
- the predicted first authentication method is the face recognition authentication method
- the authentication environment information at the trigger time of the authentication trigger operation indicates that the intelligent The location of the device belongs to a public place, and the time is late at night, and the authentication risk is high; at this time, the authentication requirements of face recognition will be improved according to the authentication environment information at the trigger time, that is, the authentication threshold is adjusted to improve its reflection.
- the method of adjusting the authentication threshold according to the authentication requirements and matching the authentication requirements can refer to the above description, and will not be described too much here.
- the specific adjustment method for adjusting the authentication threshold when the user's identity is authenticated by the first authentication method is adjusted according to the authentication environment information corresponding to the trigger time.
- the principle is to make the authentication requirements reflected by the authentication threshold and the trigger time.
- the corresponding authentication environment information is matched, in other words, according to the risk level corresponding to the authentication environment information corresponding to the trigger moment, the authentication threshold and/or the authentication alarm threshold are adjusted to match the current risk, so that Improve authentication security.
- the authentication mode can also be switched according to the authentication environment information corresponding to the trigger time, considering the interference and error influence of the specific environment during authentication on the authentication mode, and based on the specific environment during authentication, Dynamically load the appropriate authentication method. For example, ambient light will affect the accuracy of face recognition, and noise will affect the accuracy of voiceprint recognition.
- the control will stop the face recognition authentication method, and the at least two authentication methods determined in step 202 will be used. Choose the authentication method with the highest priority that does not depend on the lighting conditions, such as the voiceprint recognition authentication method, and activate the microphone for voiceprint recognition authentication.
- the authentication method before starting the hardware resource, the authentication method further includes:
- the first authentication mode is updated to the second authentication mode.
- the mapping relationships of various authentication methods and their corresponding usage distances are set in advance according to actual application requirements, and the specific corresponding relationship of the mapping relationships is not particularly limited.
- the first authentication method is adaptively adjusted according to the first distance by acquiring the first distance between the user and the smart device, which has a high degree of intelligence and effectively improves the user's smart device. Use experience.
- the use distance of the Bluetooth key is 0-10 meters (m)
- the Bluetooth coverage area of the vehicle 101 is area C
- the use distance of the voiceprint recognition is 0-3m, and the voiceprint can identify the area It is area B
- the use distance of QR code scanning and recognition is 0-1m
- the area where the QR code can be scanned is area A.
- the at least two authentication modes of the authentication operation determined according to the authentication environment information are Bluetooth key, two-dimensional code scanning and voiceprint recognition respectively
- the authentication mode with the highest priority is Bluetooth key.
- the Bluetooth module of the smart device Before starting the Bluetooth module of the smart device, obtain the first distance between the smart device (such as the vehicle 101) and the authenticated user 102, and determine that the authentication method corresponding to the first distance is voiceprint recognition according to the first distance and the mapping relationship (that is, the authenticated user 102 is located in the area B, but outside the area A), the voiceprint recognition is used as the new first authentication method, and the microphone of the smart device is turned on.
- the smart terminal sends its own location information (for example, the location information determined by using GPS or Bluetooth technology) to the background server in real time, and the smart device also sends its own location information to the background server in real time, so that , the background server can determine the first distance between the smart terminal and the smart device in real time, and deliver the first distance to the smart device, so that the smart device can adaptively adjust the first authentication method according to the first distance.
- the smart terminal sends its own location information (for example, the location information determined by using GPS or Bluetooth technology) to the background server in real time
- the smart device also sends its own location information to the background server in real time, so that , the background server can determine the first distance between the smart terminal and the smart device in real time, and deliver the first distance to the smart device, so that the smart device can adaptively adjust the first authentication method according to the first distance.
- the authentication method further includes:
- the hardware resources of the smart device required by the first authentication mode are closed, and the hardware resources of the smart device required by the third authentication mode are activated.
- the user's identity is modified according to the second distance by continuing to obtain the second distance between the user and the smart device.
- the adopted authentication mode realizes real-time change of the authentication mode according to the second distance, and adaptively changes the authentication mode, reduces the operations required by the user, and improves the user experience.
- the method for obtaining the second distance is the same as the method for obtaining the first distance, which will not be repeated.
- the authentication method with the highest priority is Bluetooth key.
- the second distance between the smart device (such as the vehicle 101) and the authentication user 102 is obtained, and the authentication method corresponding to the second distance is determined according to the second distance and the mapping relationship For voiceprint recognition (ie, to authenticate the user 102 entering the area B from the area C, but not entering the area A)
- the Bluetooth module of the smart device is turned off, and the microphone of the smart device is turned on.
- the authentication method corresponding to the second distance is QR code scanning identification (that is, the authentication user 102 enters the area A from the area B), turn off the microphone and turn on the camera of the smart device .
- the authentication method further includes:
- the hardware resources of the smart device required for the authentication operation using the fourth authentication mode are activated.
- the activation operation may be a user triggering operation on a soft key or a physical key associated with the fourth authentication mode, so as to activate the hardware resources of the smart device required for the authentication operation using the fourth authentication mode.
- the fourth authentication method may be any one of the authentication methods possessed by the smart device.
- a smart device takes a vehicle as an example, and the fourth authentication method is face recognition; a soft key for face recognition is displayed on the vehicle display screen of the vehicle, and the user can press the key to determine the start of face recognition, and then trigger the Start face recognition-related hardware resources, such as cameras.
- the embodiment of the present application in addition to the above-mentioned startup method of automatically pre-starting the hardware resources according to the estimated information, the embodiment of the present application also provides a method of starting the relevant hardware resources in response to the user's startup operation, so as to meet the needs of different scenarios.
- the authentication requirement can be activated in response to the user's activation operation when the hardware resource is not activated, so as to satisfy the authentication requirement of the user.
- the authentication method further includes:
- the embodiment of the present application also provides a fifth authentication method to be adopted by detecting the state information of the smart device and/or the user, and matching the state information with the preset state information, And start the hardware resources of the smart device required for the authentication operation using the fifth authentication method, so as to start the relevant hardware resources through automatic detection, reduce the operations required by the user, and improve the user's authentication experience.
- the state information is used to represent the state of the smart device and/or the associated user of the smart device.
- the correspondence between the fifth authentication mode and the preset state information may be preset, wherein the fifth authentication mode may be any one of the authentication modes provided by the smart device.
- the smart device takes a vehicle as an example.
- the preset state information of face recognition is the information that indicates that there is a user operating on the vehicle, such as opening the door, closing the door, opening the window, turning on the air conditioner, starting the Status information such as vehicle, accelerator pedal, etc.
- the state information of the vehicle is the same as the preset state information, such as a user getting in the car or closing the door, etc.
- the face recognition will be triggered, that is, the camera related to face recognition will be activated.
- the state of the associated user of the smart device may be user subject state information, such as gestures, sounds, and the like.
- the preset state information can be preset gestures or trigger voices, and trigger gestures or trigger voices can be set in advance for different fifth authentication methods. For example, the "like" gesture starts voiceprint recognition, and the "scissor hand" gesture In order to start face recognition; when the corresponding gesture is detected, the hardware resources of the corresponding fifth authentication mode are started.
- the preset trigger voice can be "start face recognition", in which, when the voice is compared, it can be to compare whether the text corresponding to the input voice is the same as the text of the preset trigger voice, if the text is the same, the voice comparison Yes, the associated hardware resources for enabling face recognition.
- both pass it is determined that the hardware resources related to face recognition can be activated through voice comparison.
- the manner in which the other fifth authentication manners are activated by triggering the voice is similar to that of face recognition, and will not be repeated here.
- the fourth authentication method and the fifth authentication method can be the same authentication method of the smart device or different authentication methods of the smart device respectively, and the two authentication methods are marked with different serial numbers only for the purpose of To distinguish them is to use different startup methods to start.
- FIG. 3 is a schematic flow chart of an authentication method provided by an embodiment of the present application; in order to more clearly illustrate the authentication method of the embodiment of the present application, the following takes a smart device as a vehicle as an example for specific description:
- Buried point counts the following dimensions of historical authentication behavior during vehicle operation:
- Authentication user subject including the user ID of the vehicle (that is, the authentication user ID), which can be composed of one or more of numbers, letters, and special characters. In this embodiment, no special limitation is made. .
- Authentication methods including Bluetooth authentication, visual recognition, acoustic recognition, two-dimensional code, password and other authentication methods.
- Authentication time The system time of the vehicle during authentication can be used as the authentication time, which can include the year, month, and day (such as 2020/10/11), and can also arrive at a specific authentication time, such as hours, minutes, seconds (such as 8: 00).
- Location of authentication including location information and its location attributes, where the location information can be location information such as GPS information (such as longitude and latitude), IP address information, etc. several types.
- the authentication places are divided into two categories: private places and public places. Private places are safe places. The location of the user's home and company can be determined through machine learning, and these places are marked as private places. A place other than a private place is a public place, which is a non-secure place. When the authenticated location is acquired, the location attribute of the authentication location can be determined according to the authentication location and the pre-stored private location.
- 5 ⁇ Authentication service attributes All services are divided into several categories in advance according to the authentication security level requirements and service types, such as entertainment services, functional services, privacy services, payment services, etc. Among them, entertainment services such as music playback, Photo playback and other services; functional services are basic functions of vehicles, such as folders; privacy services involve users' personal information, such as WeChat, QQ, etc.; payment services involve users' financial information.
- entertainment services such as music playback, Photo playback and other services
- functional services are basic functions of vehicles, such as folders
- privacy services involve users' personal information, such as WeChat, QQ, etc.
- payment services involve users' financial information.
- the authentication success rate is the number of authentication attempts (referred to as the number of authentications in the table).
- System environment during authentication including illumination, noise, wireless environment, network environment, system stability, etc.
- Table 1 can be obtained by using the data of buried point statistics. For example, at 8:00 am on October 20, 2020, the ambient light of the vehicle was detected to be 800.10 lux (Lux), while the ambient noise was 50 decibels (db).
- model evaluation includes the following (not limited to):
- Authentication user status the distance between the user's location and the vehicle (if the distance between the user and the vehicle is small, the authentication method with a small distance can be selected, and if the distance is far, the authentication method with a large distance can be selected. ). Whether the user's facial features are clear (whether there are sunglasses, scarves, etc.), and visual recognition methods are not recommended if the user's facial features are not clear. Whether the user's voice characteristics are clear (emotional, hoarse and other unstable factors), acoustic recognition and other methods are not recommended if the voice characteristics are not clear. Whether the user's activities are convenient (Bluetooth keys, fingerprints, password verification, etc. are not recommended for scenarios such as holding objects with both hands).
- Authentication time the time when authentication is often performed in history, and there will be authentication demands at similar times.
- the high-frequency authentication period is determined based on the buried point data of 301. If the time in the subsequently acquired authentication environment information does not belong to the high-frequency authentication period or does not belong to the acceptable error of the high-frequency authentication period When the range is exceeded, the authentication requirements need to be increased. For example, using historical behavior data to determine that the high-frequency authentication time is the off-duty time, that is, 6 pm. When it is detected that the authentication is performed at 12 pm, the security level needs to be increased, that is, the authentication requirements are increased.
- the authentication security level of public places is high, and the authentication security level of personal privacy places can be relatively lowered.
- Attributes of authentication services high-value services require a high level of authority, and relatively public services can reduce the authentication level.
- Authentication success rate The success rate of multiple authentications in history is low, and the security level requirements for the next authentication need to be increased.
- Authentication environment face, image and other authentication methods are not recommended for poor lighting conditions. There is a lot of noise and interference, and authentication methods such as voiceprint are not recommended.
- the security level standard requirements required by different authentication methods in different scenarios can also be defined, as shown in Table 3.
- the authentication standards in Table 3 can be understood as authentication requirements.
- the wireless environment also affects the prediction of the authentication mode, and the prediction rules of the authentication mode can be set according to actual requirements. For example, when the number of Bluetooth broadcast signals around the vehicle exceeds a certain threshold, it is not recommended to Bluetooth authentication method, so as not to interfere with the authentication of other terminals. Or, when there is no network environment, QR code scanning authentication and password identification authentication are not recommended; in particular, when it is detected that the vehicle is in a cracked state, the authentication operation will not be performed, and all authentication channels will be closed.
- the authentication environment information may include the location and location attributes of the on-board system, the time of the on-board system, and the environment (light, noise, wireless environment) of the on-board system. , network environment, system stability and other dimensions), authentication user subject status (user location, whether facial features are clear, whether voice features are stable, user activity status is convenient), etc., Table 4 and Table 5 can be obtained.
- the dynamic identity authentication model uses Table 1, Table 2, Table 3 and related prediction rules to input the authentication environment information obtained in 303 into the model for prediction, and the prediction information can be obtained, including the predicted system login user , Predict the time of the authentication operation, the probability of the authentication operation, the priority order of the recommended authentication methods, the hardware resources corresponding to the recommended authentication methods, the risk level corresponding to the recommended authentication methods, the recommended authentication methods The authentication threshold and/or the authentication alarm threshold corresponding to the mode.
- the dynamic identity authentication model can use time prediction methods such as Bayesian statistical prediction methods to process historical authentication behavior data and obtained authentication environment information to infer the possible occurrence time of authentication operations; in addition, dynamic identity authentication The model performs estimation processing based on the historical authentication behavior data and the obtained authentication environment information, and the above estimation information can also be obtained, specifically:
- the frequency and risk level of each authentication mode of the vehicle corresponding to the location information is determined.
- the frequency and risk level of each authentication method corresponding to the current external environment are predicted.
- the frequency and risk level of the current authentication time are predicted and judged.
- the dynamic identity authentication model integrates various risk levels determined above to determine authentication thresholds for different recommended authentication methods.
- different personalized resources of the user are preloaded, such as the OS system (multimedia, navigation, etc.), the angle and height of the vehicle seat, and the temperature of the air conditioner.
- OS system multimedia, navigation, etc.
- the angle and height of the vehicle seat and the temperature of the air conditioner.
- the current system may log in the 001 user, and the personalized resources of the 001 user are loaded. It can reduce system resource consumption and shorten the system startup time.
- the hardware resources of the vehicle corresponding to the authentication mode with the highest priority among the recommended authentication modes are activated before the time.
- the authentication mode recommended in step 304 is Bluetooth key, Voiceprint verification, face recognition, login password verification, and Bluetooth key and voiceprint verification are the authentication methods with the highest priority. The user's request to enter the vehicle without feeling, reduces the user's authentication interaction operation, and increases the standby time.
- the identity authentication scheme is implemented, and the system authentication behavior statistics are refreshed. Specifically, the user's identity is authenticated using the authentication method with the highest priority. If the authentication is successful, the corresponding service capability is loaded and the corresponding authority of the vehicle is opened. If the authentication fails, follow-up measures should be taken to warn the system maintainer. For example, if the voiceprint fails to be verified for multiple times, the vehicle owner can be notified by SMS and other related measures.
- the dynamic identity authentication model can also replace the authentication method with the highest priority according to the authentication environment information during user authentication and the status of the authenticated user.
- the authentication method with the highest priority is voiceprint recognition. If the ambient noise is relatively large, turn off voiceprint recognition authentication, use face recognition as the authentication method with the highest priority, and start face recognition authentication.
- the authentication method with the highest priority is face recognition
- the user's face is wearing sunglasses, that is, the face is blocked
- voiceprint recognition is selected as the authentication method with the highest priority, and the camera is turned off. , activate the microphone.
- the dynamic identity authentication model can also update the authentication threshold of the authentication method in real time according to the authentication environment information when the user performs authentication. For example, the time when the current user performs authentication is different from the high-frequency authentication period, or the current When the authentication time is not within the acceptable error range of the high-frequency authentication period, or when the current authentication time is identified as a dangerous time (such as a late night period), the authentication threshold needs to be adjusted to improve the authentication requirements. On the other hand, it is determined that the location where the current user performs authentication is a non-secure place (such as a public parking lot), and the authentication threshold also needs to be adjusted at this time to improve the authentication requirements and avoid artificial brute force cracking. Finally, when there are too many user authentication failures, the authentication requirements need to be increased.
- the authentication method of the present application dynamically loads authentication hardware resources and configures authentication-related thresholds according to user behavior and environmental characteristic information input, thereby achieving scenario-based dynamic identity authentication and enhancing user experience and security.
- an appropriate authentication method can be independently performed to realize the non-sensing authentication of the user. It can be well compatible with the balance between user ease of use, security and system resource consumption.
- FIG. 4 is a block diagram of functional units of an authentication device provided by an embodiment of the present application; the authentication device 400 includes an acquisition unit 410, determining unit 420 and starting unit 430;
- an obtaining unit 410 configured to obtain authentication environment information
- the determining unit 420 is used to determine the estimated information of the authentication operation of the smart device according to the authentication environment information and the historical authentication data, and the estimated information includes the first time, the probability of occurrence and the first authentication used for the authentication operation.
- the first time is the estimated occurrence time of the authentication operation, and the occurrence probability is the estimated occurrence probability of the authentication operation;
- the starting unit 430 is configured to start, at or before the first time, the hardware resources of the smart device required for the authentication operation using the first authentication mode when the probability of occurrence is greater than the probability threshold.
- the authentication device in the embodiment of the present application pre-starts the hardware resources corresponding to the smart device by estimating the relevant information of the authentication operation, which can effectively reduce the authentication power consumption of the smart device and improve the user experience.
- the authentication device 400 may be used to execute the above authentication method.
- the acquisition unit 410 is used to execute step 201
- the determination unit 420 is used to execute step 202
- the activation unit 430 is used to execute step 203 .
- the acquiring unit 410 may be implemented by one or more of a camera, a microphone, a GPS module, etc.
- the determining unit 420 and the starting unit 430 may be implemented by a processor or the like.
- the authentication device further includes:
- the authentication unit 440 is configured to use the first authentication mode to authenticate the identity of the user when the user triggers the authentication operation.
- the authentication unit 440 may be implemented by using a camera, a microphone, etc. in combination with a processor.
- the determining unit 420 is further configured to:
- Authentication unit specifically used for:
- the identity of the user is authenticated according to the authentication threshold corresponding to the first authentication manner.
- the determining unit 420 is specifically configured to:
- the authentication threshold corresponding to the first authentication mode is determined according to the risk level.
- the obtaining unit 410 is further configured to obtain the number of authentication failures of the user;
- the authentication apparatus 400 further includes:
- the adjustment unit 450 is configured to adjust the authentication threshold when the user's identity is authenticated by the first authentication method according to the number of authentication failures.
- the adjustment unit 450 may be implemented by a processor or the like.
- the obtaining unit 410 is further configured to obtain the authentication environment information corresponding to the trigger moment when the user triggers the authentication operation ;
- the adjusting unit 450 is further configured to adjust the authentication threshold when the user's identity is authenticated by the first authentication method according to the authentication environment information corresponding to the trigger time.
- the first time includes a time period
- the activation unit 430 is specifically configured to:
- the hardware resources of the smart device required for the authentication operation using the first authentication mode are started.
- the obtaining unit 410 is specifically configured to:
- the authentication environment information is obtained according to the authentication period.
- the estimated information further includes first user information, and the user indicated by the first user information is the predicted user who triggers the authentication operation;
- the adjustment unit 450 is further configured to adjust the smart device according to the user's historical usage data indicated by the first user information at the first time or before the first time when the occurrence probability is greater than the probability threshold.
- the determining unit 420 is specifically configured to:
- the authentication mode with the highest authentication priority of the authentication operation of the smart device is determined as the first authentication mode.
- the starting unit 430 starts the hardware resource
- the obtaining unit 410 is further configured to obtain the first distance between the smart device and the authenticated user;
- the determining unit 420 is further configured to determine the second authentication mode corresponding to the first distance according to the first distance and the mapping relationship, and the mapping relationship is the corresponding relationship between the authentication mode and the distance;
- the authentication apparatus 400 further includes:
- the processing unit 460 is configured to update the first authentication mode to the second authentication mode when the second authentication mode is different from the first authentication mode.
- the processing unit 460 may be implemented by a processor or the like.
- the obtaining unit 410 is further configured to obtain the second distance between the smart device and the authenticated user Determining unit 420 is also used to determine the third authentication mode corresponding to the second distance according to the second distance and the mapping relationship, and the mapping relationship is the corresponding relationship between the authentication mode and the distance;
- the processing unit 460 is further configured to close the hardware resources of the smart device required by the first authentication mode when the third authentication mode is different from the first authentication mode, and activate the hardware resources of the smart device required by the third authentication mode resource.
- the authentication environment information includes one or more of time information, location information of the smart device, internal or external environment information of the smart device, and status information of the authentication user subject.
- Historical authentication data includes one or more of the following data (multiple items refer to two or more): authentication user ID, authentication method, authentication time, authentication location, attributes of services associated with the authentication operation, authentication The internal or external environment information of the smart device corresponding to the number of authorization failures and the authentication time, wherein the attributes of the services with the same authentication security level and the same service type are the same.
- the starting unit 430 is further configured to: in response to the user's starting operation on the fourth authentication mode of the smart device, start the hardware resources of the smart device required for the authentication operation using the fourth authentication mode .
- the obtaining unit 410 is further configured to: obtain the status information of the smart device and/or the user;
- the starting unit 430 is further configured to: when the state information matches the preset state information corresponding to the fifth authentication method, start the hardware resources of the smart device required for the authentication operation using the fifth authentication method.
- the authentication apparatus 400 may be implemented in other manners.
- the apparatus embodiments described above are only illustrative, for example, the division of the units is only a logical function division, and there may be other division methods in actual implementation, for example, multiple units or components may be combined or Integration into another system, or some features can be ignored, or not implemented.
- the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical or other forms.
- the units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
- each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
- the above-mentioned integrated units can be implemented in the form of hardware, and can also be implemented in the form of software program modules.
- An embodiment of the present application further provides a chip system, where the chip system includes at least one processor, a memory, and an interface circuit.
- the memory, the interface circuit, and the at least one processor are interconnected through lines, and the at least one memory Instructions are stored in the ; when the instructions are executed by the processor, any one of the authentication methods described in the above method embodiments can be implemented.
- FIG. 5 is a schematic structural diagram of a smart device provided by an embodiment of the present application; the smart device 500 includes a processor, a memory, and a communication interface, wherein one or more A program is stored in the memory and configured to be executed by the processor, the program including instructions for performing steps in any one of the authentication methods described in the above method embodiments.
- FIG. 6 is a schematic diagram of a specific structure of a smart device provided by an embodiment of the application; wherein, the smart device includes a processor, a memory, a communication module, a visual management module, and an audio management module, which are run by the processor and stored in the memory or program instructions for modules on other memories.
- the processor can directly access the memory, audio management module and video management module through the system bus.
- the storage includes memory and disk storage, and the stored content includes many modules such as user account management, voiceprint recognition, and face recognition.
- the audio management module is responsible for interfacing and managing audio devices (speakers and microphones).
- the video management module is responsible for the interface and management of the video equipment (camera), the communication module is responsible for the interface and management of the interconnected equipment (Bluetooth, Wi-Fi, GPS and Ethernet ETH, etc.), and the processor can access various cloud through the network interface. Services and cloud service management modules. Smart terminals such as mobile phones can be interconnected with smart devices through Bluetooth, scanning, etc.
- FIG. 7 is a schematic diagram of function division of a smart device according to an embodiment of the present application.
- the system architecture of the smart device is divided into three parts: a sensing module, a processor and an authentication execution module.
- the processor includes the following sub-modules: historical data analysis, environmental risk management, authentication methods and risk prediction.
- the sensing module mainly includes:
- Camera It is used to regularly collect video or image data of the surrounding environment of users and smart devices, and send these data to the processor to obtain ambient lighting values, surrounding objects, etc.
- Microphone used to regularly collect audio data of the user and the surrounding environment of the smart device, and send the data to the processor.
- Communication module used to obtain information such as the radio environment and network environment of the system, and send these data to the processor.
- GPS module It can obtain the position data of the system in real time, and send the data to the central processing unit. According to the position data, the position attribute and local time can be determined.
- the processor is used to implement the following functions:
- Historical data analysis Count historical identity authentication behaviors of smart devices and evaluate system user preferences.
- Environmental risk management Predict the security risks of different authentication methods of the system based on the current authentication environment information.
- Authentication method and risk prediction Combine user behavior analysis and environmental risk management, predict and judge the user authentication behavior of the system, the authentication method and risk adopted, and output the information to the authentication actuator module.
- the authentication execution module is used to:
- Hardware resource management According to the recommended authentication method, as well as different times and different environments, dynamically load the hardware resources required by the system for authentication.
- Perform identity authentication and feedback Perform authentication operations, and perform different feedback operations for authentication success and authentication failure. For example, when authentication fails, control the speaker to sound to give an early warning. For another example, when the number of authentication failures exceeds a certain threshold, a notification short message is sent to the owner of the smart device for risk reminder.
- Embodiments of the present application further provide a computer storage medium, where the computer-readable storage medium stores a computer program, and the computer program is executed by a processor to implement a part of any one of the authentication methods described in the foregoing method embodiments or all steps.
- the computer-readable storage medium may include: a flash disk, a read-only memory (English: Read-Only Memory, abbreviated as: ROM), a random access device (English: Random Access Memory, abbreviated as: RAM), a magnetic disk or an optical disk, and the like.
- Embodiments of the present application further provide a computer program product, where the computer program product includes instructions that, when executed on a computer, cause the computer to execute any one of the authentication methods described in the foregoing method embodiments.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Mechanical Engineering (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Social Psychology (AREA)
- Telephone Function (AREA)
Abstract
一种鉴权方法、装置及存储介质,该鉴权方法通过获取鉴权环境信息,再利用该鉴权环境信息和历史鉴权数据确定智能设备的鉴权操作的预估信息,其中,预估信息包括预估的鉴权操作的发生时间、发生概率以及进行该鉴权操作所采用的鉴权方式;这样,可以根据预估信息预启动智能设备相关的硬件资源。可以有效减少智能设备的鉴权功耗,提高了用户的使用体验。
Description
本申请涉及鉴权领域,具体涉及一种鉴权方法、装置及存储介质。
对请求使用智能设备的用户进行身份鉴权,是保障智能设备安全的一个重要环节,其中,智能设备包括汽车、智能家居产品、手机、电脑等设备。现有技术中,智能设备以汽车为例,汽车的鉴权方式包括蓝牙、无线保真(WIreless FIdelity,WiFi)、指纹、虹膜等,而鉴权功耗过大会影响智能设备的可使用时长,也会降低用户体验,因此,如何实现智能设备的低功耗鉴权,是值得研究的问题。
发明内容
本申请实施例提供了一种鉴权方法、装置及存储介质。通过确定智能设备的鉴权操作的预估信息,例如,预估信息可以包括预估的鉴权操作的发生时间、发生概率以及进行该鉴权操作所采用的鉴权方式,这样,可以根据预估信息预启动智能设备相关的硬件资源,有效减少鉴权功耗。
第一方面,本申请实施例提供一种鉴权方法,应用于智能装置,包括:
获取鉴权环境信息;根据鉴权环境信息和历史鉴权数据,确定智能设备的鉴权操作的预估信息,其中,预估信息包括第一时间、发生概率以及进行鉴权操作所采用的第一鉴权方式,第一时间为预估的鉴权操作的发生时间,发生概率为预估的鉴权操作的出现概率;在发生概率大于概率阈值时,在第一时间或者在第一时间之前,启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源。
本申请实施例中的鉴权方法,通过获取鉴权环境信息,再利用该鉴权环境信息和历史鉴权数据确定智能设备的鉴权操作的预估信息,这样,可以根据预估信息预启动智能设备相关的硬件资源。具体地,预估信息包括第一时间、发生概率以及进行鉴权操作所采用的第一鉴权方式,在发生概率大于概率阈值时,在第一时间或者在第一时间之前,启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源。本申请实施例的鉴权方法,通过预估鉴权操作的相关信息以预启动智能设备对应的硬件资源,可以有效减少智能设备的鉴权功耗,提高了用户的使用体验。
在一些可能的实施方式中,鉴权环境信息包括时间信息、智能设备的位置信息、智能设备内在或外在的环境信息、鉴权用户主体的状态信息中的一个或多个。历史鉴权数据包括以下数据中的一项或多项:鉴权用户标识、鉴权方式、鉴权时间、鉴权地点、鉴权操作关联的业务的属性、鉴权失败次数、鉴权时间对应的智能设备的内在或外在的环境信息,其中,鉴权安全等级相同、业务类型相同的业务的属性相同。另外,第一时间可以为周期性或非周期的,具体地,第一时间可以为时间点或者时间周期(即时间段)。
在一些可能的实施方式中,方法还包括:在用户触发鉴权操作时,采用第一鉴权方式对用户的身份进行鉴权。
本申请实施例中,在预启动第一鉴权方式对应的智能设备的硬件资源之后,检测到用户的鉴权触发操作时,则采用第一鉴权方式对用户的身份进行鉴权。
在一些可能的实施方式中,方法还包括:
根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的鉴权阈值;
采用第一鉴权方式对用户的身份进行鉴权,具体包括:
根据第一鉴权方式对应的鉴权阈值,对用户的身份进行鉴权。
本申请实施例中的鉴权方法,还利用鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的鉴权阈值,鉴权阈值包括多个阈值,例如鉴权门限和警报门限,以根据鉴权阈值进行鉴权操作;鉴权门限是第一鉴权方式中用于判断身份鉴权通过与否的阈值,而警报门限为第一鉴权方式中用于判断用户的鉴权操作是否触发警报操作的相关阈值。
在一些可能的实施方式中,根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的鉴权阈值,包括:根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的风险等级;根据风险等级确定第一鉴权方式对应的鉴权阈值。
本申请实施例中的鉴权方法,先通过鉴权环境信息和历史鉴权数据确定第一鉴权方式对应的风险等级,再根据风险等级确定第一鉴权方式对应的鉴权阈值;风险等级越高,鉴权阈值所反映的鉴权要求越高,以使鉴权要求与鉴权环境信息匹配,既能保障鉴权安全性,又能提高用户的鉴权体验。例如,某一鉴权门限越大,表示要求越高,则风险等级越高,鉴权门限越大;反之,鉴权门限越小,表示要求越高,则风险等级越高,鉴权门限越小。同样地,例如,某一警报门限越大,表示要求越高,则风险等级越高,警报门限越大;反之,警报门限越小,表示要求越高,则风险等级越高,警报门限越小。
在一些可能的实施方式中,方法还包括:获取用户的鉴权失败次数;根据鉴权失败次数,调整在采用第一鉴权方式对用户的身份进行鉴权时的鉴权阈值。
本申请实施例中,根据用户的鉴权操作数据(如鉴权失败次数)及时调整鉴权时的鉴权阈值,以保障鉴权安全。
在一些可能的实施方式中,在采用第一鉴权方式对用户的身份进行鉴权之前,方法还包括:获取用户触发鉴权操作的触发时刻对应的鉴权环境信息;根据触发时刻对应的鉴权环境信息,调整在采用第一鉴权方式对用户的身份进行鉴权时的鉴权阈值。
本申请实施例中,在检测到用户的鉴权触发操作时,获取该鉴权触发操作对应的触发时刻的鉴权环境信息,根据触发时刻对应的鉴权环境信息调整在采用第一鉴权方式对用户的身份进行鉴权时的鉴权阈值,以使鉴权阈值匹配当前的鉴权环境信息,提高鉴权的安全性,又能保障用户体验。
在一些可能的实施方式中,第一时间包括时间周期,在发生概率大于概率阈值时,在时间周期内,启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源。
本申请实施例中,时间周期为周期或非周期的时间段,不同于全时待机的鉴权方案,本申请实施例的鉴权方法仅在时间周期内启动硬件资源,可以有效减少鉴权所需功耗,延长智能设备的待机时间,提升用户的体验。
在一些可能的实施方式中,获取鉴权环境信息,具体包括:根据智能设备的历史鉴权数据确定鉴权时段;根据鉴权时段获取鉴权环境信息。
本申请实施例中,利用历史鉴权数据确定智能设备执行鉴权操作的时间规律,得到鉴权时段。在鉴权时段或在鉴权时段之前或在鉴权时段之后,执行获取鉴权环境信息的步骤,以执行确定智能设备的鉴权操作的预估信息,简单地说,不同于实时获取鉴权环境信息,本申请通过确定鉴权时段,以定时获取鉴权环境信息,可以进一步帮助减少智能设备的功耗。
在一些可能的实施方式中,预估信息还包括第一用户信息,第一用户信息指示的用户为预测的触发鉴权操作的用户;方法还包括:在发生概率大于概率阈值时,在第一时间或者在第一时间之前,根据第一用户信息指示的用户的历史使用数据调整智能设备。
本申请实施例中,在鉴权操作的发生概率大于概率阈值时,还会在第一时间或者在第一时间之前,根据第一用户信息指示的用户的历史使用数据调整智能设备,以使智能设备处于第一用户信息指示的用户经常使用的状态,智能化高,帮助减少用户所需进行的操作,提升用户体验。
在一些可能的实施方式中,根据鉴权环境信息和历史鉴权数据,确定预估信息中的第一鉴权方式,包括:根据鉴权环境信息和历史鉴权数据,确定智能设备的鉴权操作的鉴权优先级最高的鉴权方式作为第一鉴权方式。
本申请实施例中,预估鉴权操作的鉴权方式时,将会确定不同优先级的至少两个鉴权方式,将至少两个鉴权方式中优先级最高的鉴权方式作为第一鉴权方式,匹配鉴权环境信息确定一个第一鉴权方式,实现鉴权方式的自适应动态选择。
在一些可能的实施方式中,在启动硬件资源之前,方法还包括:获取智能设备和鉴权用户之间的第一距离;根据第一距离和映射关系确定第一距离对应的第二鉴权方式,映射关系为鉴权方式和距离之间的对应关系;第二鉴权方式和第一鉴权方式不同时,更新第一鉴权方式为第二鉴权方式。
本申请实施例中,在启动第一鉴权方式对应的硬件资源之前,通过获取用户和智能设备之间的第一距离,根据第一距离自适应调整第一鉴权方式,智能化程度高,有效提升用户的智能设备使用体验。
在一些可能的实施方式中,启动硬件资源之后,在用户触发鉴权操作之前,方法还包括:获取智能设备和鉴权用户之间的第二距离;根据第二距离和映射关系确定第二距离对应的第二鉴权方式,映射关系为鉴权方式和距离之间的对应关系;第三鉴权方式和第一鉴权方式不同时,关闭第一鉴权方式所需的智能设备的硬件资源,并启动第三鉴权方式所需的智能设备的硬件资源。
本申请实施例中,在硬件资源启动之后,在检测到用户的鉴权触发操作之前,通过继续获取用户和智能设备之间的第二距离,根据第二距离修改对用户的身份进行鉴权所采用的鉴权方式,实现根据第二距离实时变换鉴权方式,自适应变换,减少用户所需进行的操作,提升用户的使用体验。
在一些可能的实施方式中,鉴权方法还包括:
响应用户对智能设备的第四鉴权方式的启动操作,启动采用第四鉴权方式进行鉴权操作所需的智能设备的硬件资源。
本申请实施例中,除了上述智能装置自动预先启动硬件资源的启动方式之外,本申请 实施例还提供一种通过响应用户的启动操作而启动相关硬件资源的方式,以满足不同场景的鉴权需求。
在一些可能的实施方式中,鉴权方法还包括:
获取智能设备和/或用户的状态信息;
状态信息与第五鉴权方式对应的预设状态信息匹配时,启动采用第五鉴权方式进行鉴权操作所需的智能设备的硬件资源。
为了满足不同场景的鉴权需求,本申请实施例还提供一种通过检测智能设备和/或用户的状态信息,根据状态信息与预设状态信息进行匹配,以确定采用的第五鉴权方式,并启动采用第五鉴权方式进行鉴权操作所需的智能设备的硬件资源,以通过自动检测而启动相关硬件资源,减少用户所需的操作,提升用户的鉴权体验。
第二方面,本申请实施例提供一种鉴权装置,应用于智能装置,包括:
获取单元,用于获取鉴权环境信息;
确定单元,用于根据鉴权环境信息和历史鉴权数据,确定智能设备的鉴权操作的预估信息,预估信息包括第一时间、发生概率以及进行鉴权操作所采用的第一鉴权方式,第一时间为预估的鉴权操作的发生时间,发生概率为预估的鉴权操作的出现概率;
启动单元,用于在发生概率大于概率阈值时,在第一时间或者在第一时间之前,启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源。
本申请实施例中的鉴权装置,通过预估鉴权操作的相关信息以预启动智能设备对应的硬件资源,可以有效减少智能设备的鉴权功耗,提高了用户的使用体验。
在一些可能的实施方式中,鉴权装置还包括:
鉴权单元,用于在用户触发鉴权操作时,采用第一鉴权方式对用户的身份进行鉴权。
在一些可能的实施方式中,确定单元,还用于:
根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的鉴权阈值;
鉴权单元,具体用于:
根据第一鉴权方式对应的鉴权阈值,对用户的身份进行鉴权。在一些可能的实施方式中,在根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的鉴权阈值方面,确定单元,具体用于:
根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的风险等级;根据风险等级确定第一鉴权方式对应的鉴权阈值。
在一些可能的实施方式中,获取单元,还用于获取用户的鉴权失败次数;
鉴权装置还包括:
调整单元,用于根据鉴权失败次数,调整在采用第一鉴权方式对用户的身份进行鉴权时的鉴权阈值。
在一些可能的实施方式中,在鉴权单元采用第一鉴权方式对用户的身份进行鉴权之前,
获取单元,还用于获取用户触发鉴权操作的触发时刻对应的鉴权环境信息;
鉴权装置还包括:
调整单元,用于根据触发时刻对应的鉴权环境信息,调整在采用第一鉴权方式对用户的身份进行鉴权时的鉴权阈值。
在一些可能的实施方式中,第一时间包括时间周期,启动单元,具体用于:
在发生概率大于概率阈值时,在时间周期内,启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源。
在一些可能的实施方式中,在获取鉴权环境信息方面,获取单元,具体用于:
根据智能设备的历史鉴权数据确定鉴权时段;根据鉴权时段获取鉴权环境信息。
在一些可能的实施方式中,预估信息还包括第一用户信息,第一用户信息指示的用户为预测的触发鉴权操作的用户;
鉴权装置还包括:
调整单元,用于在发生概率大于概率阈值时,在第一时间或者在第一时间之前,根据第一用户信息指示的用户的历史使用数据调整智能设备。
在一些可能的实施方式中,在根据鉴权环境信息和历史鉴权数据,确定智能设备的鉴权操作的预估信息中的第一鉴权方式方面,确定单元,具体用于:
根据鉴权环境信息和历史鉴权数据,确定智能设备的鉴权操作的鉴权优先级最高的鉴权方式作为第一鉴权方式。
在一些可能的实施方式中,在启动单元启动硬件资源之前,
获取单元,还用于获取智能设备和鉴权用户之间的第一距离;
确定单元,还用于根据第一距离和映射关系确定第一距离对应的第二鉴权方式,映射关系为鉴权方式和距离之间的对应关系;
鉴权装置还包括:
处理单元,用于第二鉴权方式和第一鉴权方式不同时,更新第一鉴权方式为第二鉴权方式。
在一些可能的实施方式中,在启动单元启动硬件资源之后,在鉴权装置检测到用户触发鉴权操作之前,
获取单元,还用于获取智能设备和鉴权用户之间的第二距离;
确定单元,还用于根据第二距离和映射关系确定第二距离对应的第三鉴权方式,映射关系为鉴权方式和距离之间的对应关系;
鉴权装置还包括:
处理单元,用于第三鉴权方式和第一鉴权方式不同时,关闭第一鉴权方式所需的智能设备的硬件资源,并启动第三鉴权方式所需的智能设备的硬件资源。
在一些可能的实施方式中,鉴权环境信息包括时间信息、智能设备的位置信息、智能设备内在或外在的环境信息、鉴权用户主体的状态信息中的一个或多个。历史鉴权数据包括以下数据中的一项或多项:鉴权用户标识、鉴权方式、鉴权时间、鉴权地点、鉴权操作关联的业务的属性、鉴权失败次数、鉴权时间对应的智能设备的内在或外在的环境信息,其中,鉴权安全等级相同、业务类型相同的业务的属性相同。
在一些可能的实施方式中,启动单元,还用于:
响应用户对智能设备的第四鉴权方式的启动操作,启动采用第四鉴权方式进行鉴权操作所需的智能设备的硬件资源。
在一些可能的实施方式中,获取单元,还用于:
获取智能设备和/或用户的状态信息;
启动单元,还用于:
状态信息与第五鉴权方式对应的预设状态信息匹配时,启动采用第五鉴权方式进行鉴权操作所需的智能设备的硬件资源。
第三方面,本申请实施例提供一种芯片系统,所述芯片系统包括至少一个处理器,存储器和接口电路,所述存储器、所述接口电路和所述至少一个处理器通过线路互联,所述至少一个存储器中存储有指令;所述指令被所述处理器执行时,第一方面所述的方法得以实现。
第四方面,本申请实施例提供一种智能设备,包括处理器、存储器和通信接口,其中,一个或多个程序被存储在所述存储器中,并且被配置由所述处理器执行,所述程序包括用于执行第一方面所述的方法中的步骤的指令。
第五方面,本申请实施例提供一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行以实现如第一方面所述的方法。
第六方面,本申请实施例提供一种计算机程序产品,所述计算机程序产品包括指令,当其在计算机上运行时,使得计算机执行如第一方面所述的鉴权方法。
本申请实施例提供的一种鉴权方法、装置及存储介质,通过先确定智能设备的鉴权操作的预估信息,该预估信息包括预估的智能设备的鉴权操作的发生时间、发生概率以及进行该鉴权操作所采用的鉴权方式,这样,可以根据预估信息预启动智能设备相关的硬件资源,适时开启硬件资源,可以有效减少鉴权功耗,提升用户关于智能设备的使用体验。
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1为本申请实施例提供的一种鉴权方法的场景示意图;
图2为本申请实施例提供的一种鉴权方法的流程示意图;
图3为本申请实施例提供的一种鉴权方法的具体流程示意图;
图4为本申请实施例提供的一种鉴权装置的功能单元组成框图;
图5为本申请实施例提供的一种智能设备的结构示意图;
图6为本申请实施例提供的一种智能设备的具体结构示意图;
图7为本申请实施例提供的一种智能设备的功能划分示意图。
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例, 都属于本申请保护的范围。
本申请的说明书和权利要求书及所述附图中的术语“第一”、“第二”、“第三”和“第四”等是用于区别不同对象,而不是用于描述特定顺序。此外,术语“包括”和“具有”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。
在本文中提及“实施例”意味着,结合实施例描述的特定特征、结果或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是,本文所描述的实施例可以与其它实施例相结合。
现有技术中,由于智能设备无法实现低功耗鉴权,严重影响智能设备的可使用时长,将会降低用户体验。为此,本申请实施例提供一种应用于智能装置的鉴权方法,智能装置包括智能设备或芯片,该方法可以由智能设备执行,也可以由设置在智能设备中的鉴权装置(如芯片)来执行。
在一些可能的实施方式中,鉴权装置设置在智能设备上,智能设备可以是车辆、智能机器人、智能家居产品、手机、电脑、智能穿戴设备等需要人机交互的设备,智能家居产品包括音箱、冰箱、门禁、空调、电视、投影仪、打印机等,电脑包括笔记本电脑、台式电脑、平板电脑等,智能穿戴设备包括智能手表、耳机、运动手环等。在本申请实施例中,对于智能设备的类型等不予限定,可以包括但不限于例举的情况,需要进行用户身份鉴权,实现差异化业务提供与权限控制的场景,都可用到本技术。
参考图1,图1为本申请实施例提供的一种鉴权方法的场景示意图。以智能设备为车辆101为例,假设鉴权装置设置在车辆101上,则鉴权装置在执行鉴权方法时,可以先获取车辆101的鉴权环境信息,再利用该鉴权环境信息和车辆101的历史鉴权数据进行处理,以确定智能设备的鉴权操作的预估信息,预估信息包括第一时间、发生概率以及进行鉴权操作所采用的第一鉴权方式,其中,第一时间为预估的鉴权操作的发生时间,发生概率为预估的鉴权操作的出现概率;在发生概率大于概率阈值时,在第一时间或者在第一时间之前,提前启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源。通过预估鉴权操作的相关信息以预启动智能设备对应的硬件资源,可以有效减少智能设备的鉴权功耗,提高了用户的使用体验;另外,在用户102触发鉴权之前,提前启动相关的硬件资源,用户无需选择鉴权方式,可以有效减少用户的鉴权交互操作,提升用户的车辆使用体验。
下面结合图2对鉴权方法进行具体说明,图2为本申请实施例提供的一种鉴权方法的流程示意图;鉴权方法包括以下步骤:
201:获取鉴权环境信息;
具体地,鉴权环境信息是指可以用于确定智能设备的鉴权方式的一个或多个影响参数信息,例如,鉴权环境信息包括时间信息、智能设备的位置信息、智能设备内在或外在的环境信息、鉴权用户主体的状态信息中的一个或多个(多个指两个以上);其中,智能设备内在的环境信息指影响鉴权方式选择的、智能设备自身的状态信息,例如智能设备的联网 状态、智能设备的系统稳定性、智能设备的内存占用情况等信息;智能设备外在的环境信息是指影响鉴权方式选择的、智能设备所处环境的具体信息,例如智能设备所处环境的无线环境、光照情况、噪声情况等信息。而鉴权用户主体的状态信息是指影响鉴权方式选择的、鉴权用户的相关信息,例如鉴权用户的位置、脸部特征、声音特征、用户的活动状态等。在本申请实施例中,对于鉴权环境信息的类型等不予限定,可以包括但不限于例举的情况。
特别地,可以采用地理围栏技术来确定智能设备的位置信息,例如基于全球定位系统(Global Positioning System,GPS)确定智能设备的位置信息,或者,基于无线定位技术确定智能设备的位置信息,例如基于无线局域网(Wireless Local Area Network,WLAN),蓝牙,紫峰(ZigBee),超宽带(Ultra Wide Band,UWB)等中的一种或多种来确定智能设备的位置信息;或者,基于IP地址确定智能设备的位置信息等;在本申请实施例中,对于智能设备的位置信息的具体获取方法不予限定,可以包括但不限于例举的情况。
202:根据鉴权环境信息和历史鉴权数据,确定智能设备的鉴权操作的预估信息,预估信息包括第一时间、发生概率以及进行鉴权操作所采用的第一鉴权方式,第一时间为预估的鉴权操作的发生时间,发生概率为预估的鉴权操作的出现概率;
具体地,历史鉴权数据包括以下数据中的一项或多项(多项指两项以上):鉴权用户标识(identifier,ID)、鉴权方式、鉴权时间、鉴权地点、鉴权操作关联的业务的属性、鉴权失败次数、鉴权时间对应的智能设备的内在或外在的环境信息,其中,鉴权安全等级相同、业务类型相同的业务的属性相同。在本申请实施例中,对于历史鉴权数据的类型等不予限定,可以包括但不限于例举的情况。
另外,第一时间可以为周期性或非周期的,具体地,第一时间可以为时间点或者时间周期(即时间段),例如,第一时间为每天的早上8点,或每天的晚上9点,或者每月的1号0点;第一时间为每天的早上8点-9点,或者每天的晚上9点-10点,或者每月的1号的6点-7点。
可选地,通过动态身份鉴权模型和获取的鉴权环境信息,确定智能设备的鉴权操作的预估信息。其中,利用历史鉴权数据预先训练得到动态身份鉴权模型,后面将具体举例以对动态身份鉴权模型的训练过程进行说明,在此不做过多描述。
203:在发生概率大于概率阈值时,在第一时间或者在第一时间之前,启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源。
具体地,当上述确定的发生概率大于概率阈值时,在第一时间或在第一时间之前,启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源,其中,概率阈值可以根据实际情况进行设置,在此不做特别限定。
可以看出,本申请实施例中的鉴权方法,通过获取鉴权环境信息,再利用该鉴权环境信息和历史鉴权数据确定智能设备的鉴权操作的预估信息,这样,可以根据预估信息预启动智能设备相关的硬件资源,可以有效减少智能设备的鉴权功耗,提高了用户的使用体验。
特别指出的是,现有技术中,鉴权用户与智能设备之间的身份认证方案,同一业务的鉴权方案(一个或多个鉴权方式,多个鉴权方式例如声纹识别和人脸识别,当声纹识别失败次数达到一定值时,进入人脸识别,即多个鉴权方式的执行顺序是预先确定好的)是固 定不变的,未基于场景做差异化的认证方案,造成用户体验不佳;且存在安全漏洞,安全性问题突出。本申请实施例的鉴权方法,基于鉴权环境信息对鉴权操作进行信息预估,以确定鉴权操作的一个第一鉴权方式,基于场景变化动态确定不同的第一鉴权方式,既能减少智能设备的鉴权功耗,又能减少用户所需的鉴权交互操作,增强用户体验且保障鉴权安全。
另外,特别地,现有技术中,鉴权用户主体的状态对于鉴权方式的确定并无影响,导致所确定的鉴权方式不便于鉴权用户进行鉴权操作,例如,当鉴权用户手上提着物品时,而鉴权方式为指纹识别,此时用户无法方便地完成鉴权操作,用户的鉴权体验低下。又例如,当鉴权用户带着墨镜或者带着口罩时,而此时的鉴权方式为人脸识别或声纹识别,由于墨镜会遮挡部分人脸,而口罩会降低用户的音量等,不仅会导致鉴权准确度低下,而且需要用户取下墨镜或口罩,十分不便。而利用本申请实施例的鉴权方法,由于获取的鉴权环境信息包括鉴权用户主体的状态信息,实现根据鉴权用户的状态确定推荐的第一鉴权方式,使得第一鉴权方式更加适合鉴权用户的操作,有效提升用户体验。
在一些可能的实施方式中,智能设备至少具有两种以上的鉴权方式,包括视觉识别、声学识别、蓝牙鉴权,二维码扫描,密码等鉴权方式,视觉识别包括人脸识别,虹膜识别等,声学识别可以为声纹识别。以车辆的车载系统为例,不同的鉴权方式有不同的应用场景。例如:
蓝牙钥匙验证:蓝牙钥匙匹配通过时,此时车主账号验证通过。
声纹验证:用户在车外呼唤“小白开门”,基于声纹的匹配程度,赋予车辆的相关权限,如开车门,车辆的驾驶权限,个性化设置车辆等。
人脸静态识别验证:用户进入车内后启动人脸识别,人脸识别通过则为用户增补车辆的驾驶权限。
人脸动态识别验证:人脸用户通过人脸动态识别之后,将启动支付权限。
二维码验证:用户利用手机扫描二维码以确认用户的身份。
登录密码验证:利用用户账号、密码,对用户账号登录进行校验。
相应地,不同的鉴权方式涉及智能设备的不同硬件资源,例如摄像头、麦克风、蓝牙模块等,具体地,摄像头对应视觉识别、二维码等鉴权方式,而麦克风对应声学识别等鉴权方式,蓝牙模块对应蓝牙鉴权等鉴权方式。
在一些可能的实施方式中,鉴权方法还包括:
在用户触发鉴权操作时,采用第一鉴权方式对用户的身份进行鉴权。
其中,本申请实施例中,通过鉴权环境信息得到智能设备的鉴权操作的预估信息,再根据预估信息预启动第一鉴权方式对应的智能设备的硬件资源之后,以在检测到用户的鉴权触发操作时,采用第一鉴权方式对用户的身份进行鉴权,确保用户鉴权正常进行,又能节省智能设备的鉴权功耗。
其中,鉴权触发操作可以是语音触发操作、特定指令触发操作等。以车辆为例,语音触发操作可以包括语音控制车辆开门、播放音乐等,如“小白开门”,接收到该指令语音时即触发身份鉴权。同样地,特定指令可以包括支付指令、启动车辆指令、蓝牙控制指令、账号登录指令等,当检测到该特定指令时,即触发身份鉴权。启动车辆指令可以是通过按 压车辆上的启动按键而生成的,如接收到启动车辆指令时启动人脸识别。蓝牙控制指令包括开锁、闭锁、升窗、降窗、开关后备箱、寻车等,如利用蓝牙钥匙开锁时,车辆接收到蓝牙开锁请求时即触发鉴权。用户输入账号密码后,点击登录键即生成账号登录指令,根据账号登录指令进行身份鉴权。
在一些可能的实施方式中,步骤201具体包括:
根据智能设备的历史鉴权数据确定鉴权时段;根据鉴权时段获取鉴权环境信息。
其中,利用智能设备某一时段或全部的历史鉴权数据确定智能设备执行鉴权操作的时间规律,得到鉴权时段。在鉴权时段或在鉴权时段之前或在鉴权时段之后,执行获取鉴权环境信息的步骤,以执行确定智能设备的鉴权操作的预估信息,简单地说,不同于实时获取鉴权环境信息,本申请通过确定出高频的鉴权时段,以根据鉴权时段定时获取鉴权环境信息,可以进一步帮助减少智能设备的功耗。
特别地,根据鉴权时段获取鉴权环境信息的具体执行规则,可以根据实际需要进行设置,例如在鉴权时段执行获取鉴权环境信息,或在鉴权时段之前一段时间执行获取鉴权环境信息,或在鉴权时段之后一段时间执行获取鉴权环境信息,上述一段时间的具体时间长度可以根据实际情况进行设置,例如30秒、1分钟、5分钟、10分钟等。
举例来说,以车载系统为例,假设对车载系统前一个月或者前半年的历史鉴权数据进行统计分析处理后,确定出车辆的鉴权时间规律,例如,每周一的上午7点半、下午6点半都会有一次鉴权操作,因此,可以确定鉴权时段为每周一的上午7点半和每周一的下午6点半。以在鉴权时段之前5分钟执行获取鉴权环境信息为例,则在每个周一的上午7点25分、每个周一的下午6点25,都将会获取一次鉴权环境信息,并根据该鉴权环境信息进行后续处理,得到预估信息。
在一些可能的实施方式中,步骤202中,根据鉴权环境信息和历史鉴权数据,确定预估信息中的第一鉴权方式,包括:
根据鉴权环境信息和历史鉴权数据,确定智能设备的鉴权操作的鉴权优先级最高的鉴权方式作为第一鉴权方式。
其中,在预估鉴权操作的鉴权方式时,将会匹配鉴权环境信息确定一个鉴权优先级最高的第一鉴权方式,实现鉴权方式的自适应动态选择。
具体地,假设智能设备具有K个鉴权方式,其中,K为正整数。在预估第一鉴权方式时,可以提前确定鉴权操作的不同优先级的至少两个鉴权方式,例如,每次预估鉴权操作的第一鉴权方式时,先得到不同优先级顺序的2个鉴权方式、3个鉴权方式或K个鉴权方式。优先级的高低表示在鉴权环境信息所对应的鉴权环境下,鉴权方式的推荐等级高低,优先级越高,表示推荐等级越高。再从2个鉴权方式、3个鉴权方式或K个鉴权方式中确定一个鉴权优先级最高的鉴权方式作为第一鉴权方式。
在一些可能的实施方式中,鉴权方法还包括:
根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的鉴权阈值。
其中,本申请实施例中的鉴权方法,还利用鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的鉴权阈值,以根据该鉴权阈值对用户进行鉴权。应理解的是,在鉴权对象的取值/测量值满足在鉴权阈值的一定范围内的时候,认为该用户鉴权通过。例如鉴权对象 的取值/测量值小于或等于鉴权阈值时,认为该用户鉴权通过;或者,鉴权对象的取值/测量值大于鉴权阈值时,认为该用户鉴权通过。这里,不做具体限定,可以在具体实施过程中,进行设置。其中,鉴权阈值可以包括下列阈值中的一个或多个阈值,包括鉴权门限、警报门限,鉴权门限是第一鉴权方式中用于判断身份鉴权通过与否的阈值,而警报门限为第一鉴权方式中用于判断用户的鉴权操作是否触发警报操作的相关阈值。
举例来说,以人脸识别为例,当鉴权标准为人脸匹配度时,鉴权门限可以为人脸匹配度阈值,如98%或99%,当鉴权用户的人脸与智能设备预存储的合法用户的人脸或人脸相关信息(如人脸特征向量)计算得到的人脸匹配度大于或等于人脸匹配度阈值时,该鉴权用户通过人脸识别。而人脸识别鉴权方式还设置有相关报警机制,例如,当人脸识别失败次数大于某一次数时,启动智能设备的报警模块,如声光报警;其中,该某一次数即为警报门限,例如,可以设置为3次、4次或5次等。
由此可见,利用鉴权环境信息和历史鉴权数据,确定得到第一鉴权方式对应的鉴权阈值,使得鉴权阈值跟随鉴权环境信息进行变化,既能确保鉴权安全性,又能保障用户的鉴权体验,避免由于固定不变的鉴权阈值,导致鉴权过程不顺利,鉴权花费时间过长,影响用户体验。在一些可能的实施方式中,根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的鉴权阈值,具体包括:
根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的风险等级;根据风险等级确定第一鉴权方式对应的鉴权阈值。
本申请实施例中的鉴权方法,先通过鉴权环境信息和历史鉴权数据确定第一鉴权方式对应的风险等级,再根据风险等级确定第一鉴权方式对应的鉴权阈值;风险等级越高,鉴权阈值反映的鉴权要求越高,以使鉴权要求与鉴权环境信息匹配,既能保障鉴权安全性,又能提高用户的鉴权体验。例如,某一鉴权门限越大,表示要求越高,则风险等级越高,鉴权门限越大;反之,鉴权门限越小,表示要求越高,则风险等级越高,鉴权门限越小。同样地,例如,某一警报门限越大,表示要求越高,则风险等级越高,警报门限越大;反之,警报门限越小,表示要求越高,则风险等级越高,警报门限越小。
其中,风险等级可以为高、中、低三个等级,对风险等级的具体类型不做特别限定,可以包括但不限于例举的情况。对于某一鉴权方式而言,不同风险等级对应的鉴权阈值不同,假设等级中为鉴权方式默认的鉴权阈值。
举例来说,以人脸识别为例,当根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的风险等级为高等级时,则需要增大人脸识别的鉴权门限,如将人脸匹配度阈值从98%提高到99%,且需要降低警报门限,例如将人脸识别失败次数的警报门限从4次降低到3次。而当根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的风险等级为低等级时,则需要降低人脸识别的鉴权门限,如将人脸匹配度阈值从98%减小到97%,且需要增大警报门限,例如将人脸识别失败次数的警报门限从4次增加到5次。
在一些可能的实施方式中,当根据鉴权环境信息和历史鉴权数据确定的鉴权操作的第一时间为时间点时,该时间点可以是周期性或者非周期性的,根据该时间点控制硬件资源的开启和关闭可以有多种方法。第一种方法,当发生概率大于概率阈值时,可以在该时间点启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源,另外,还可以设定在 硬件资源启动a(a的大小可以自由调整,如1分钟、5分钟、10分钟等)时间后自动关闭硬件资源。第二种方法,可以在该时间点到达之前的b时间(b的大小可以自由调整,如1分钟、2分钟、3分钟等)启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源,同样地,可以设定在硬件资源启动a时间后自动关闭硬件资源。通过设置在第一鉴权方式对应的硬件资源启动a时间后自动关闭该硬件资源,以节省智能设备的电能,延长智能设备的待机时间。
在一些可能的实施方式中,第一时间包括时间周期,在发生概率大于概率阈值时,在时间周期内,启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源。
其中,当根据鉴权环境信息和历史鉴权数据确定的鉴权操作的第一时间为时间周期时,时间周期为周期或非周期的时间段,不同于全时待机的鉴权方案,本申请实施例的鉴权方法仅在时间周期内启动硬件资源,可以有效减少鉴权所需功耗,延长智能设备的待机时间,提升用户的体验。
值得指出的是,还可以在时间周期到达之前的c(c的大小可以自由调整,如1分钟、2分钟、3分钟等)时间,先启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源,这样,硬件资源处于启动状态的时间从c时间到时间周期结束这一段时间区间,例如,假设时间周期为每天的早上8点-9点,c为1分钟,则硬件资源在每天早上的7点59分-9点处于启动状态。
在一些可能的实施方式中,预估信息还包括第一用户信息,第一用户信息指示的用户为预测的触发鉴权操作的用户;鉴权方法还包括:
在发生概率大于概率阈值时,在第一时间或者在第一时间之前,根据第一用户信息指示的用户的历史使用数据调整智能设备。
其中,在鉴权操作的发生概率大于概率阈值时,还会在第一时间或者在第一时间之前,根据第一用户信息指示的用户的历史使用数据调整智能设备,以使智能设备处于第一用户信息指示的用户经常使用的状态,智能化高,帮助减少用户所需进行的操作,提升用户体验。
具体地,历史使用数据为某一登录用户在使用智能设备时的相关数据,以车辆为例,历史使用数据包括车辆座椅的高度和角度、空调的温度和使用时间、音乐播放的音量大小、各类软件的开启情况等等。根据用户的历史使用数据进行统计分析处理以得到用户的习惯数据,在第一时间或在第一时间之前,根据该习惯数据提前调整智能设备。以车辆为例,假设根据第一用户信息指示的用户的历史使用数据分析得到该用户的习惯数据为空调23度、座椅角度为100度、以及座椅高度为30毫米(mm),开启导航软件等,则在第一时间或在第一时间之前,根据该习惯参数调整车辆的空调温度到23度,调整车辆的座椅的高度到30mm、角度为100度,并启动导航软件。
在一些可能的实施方式中,鉴权方法还包括:
获取用户的鉴权失败次数;根据鉴权失败次数,调整在采用第一鉴权方式对用户的身份进行鉴权时的鉴权阈值。
其中,在用户的鉴权过程中,统计用户的鉴权操作数据(如鉴权失败次数),并根据该鉴权失败次数及时调整第一鉴权方式在对用户的身份进行鉴权时的鉴权阈值,以使鉴权阈 值适应用户的鉴权操作进行变化,进一步增强鉴权的安全性。
在一些可能的实施方式中,在采用第一鉴权方式对用户的身份进行鉴权之前,鉴权方法还包括:
获取用户触发鉴权操作的触发时刻对应的鉴权环境信息;根据触发时刻对应的鉴权环境信息,调整在采用第一鉴权方式对用户的身份进行鉴权时的鉴权阈值。
具体地,本申请实施例中,在检测到用户的鉴权触发操作时,获取该鉴权触发操作对应的触发时刻的鉴权环境信息,在执行鉴权比对之前,根据触发时刻对应的鉴权环境信息调整在采用第一鉴权方式对用户的身份设定鉴权时的鉴权阈值,以使鉴权阈值匹配当前的鉴权环境信息,提高鉴权的安全性,又能保障用户体验。
例如,以鉴权环境信息包括时间信息、智能设备的位置信息为例,预测的第一鉴权方式为人脸识别鉴权方式,而鉴权触发操作的触发时刻的鉴权环境信息表示此时智能设备所在位置属于公共场所,时间为深夜时段,鉴权风险较大;此时,将会根据触发时刻的鉴权环境信息提高人脸识别的鉴权要求,即调整鉴权阈值,以提高其反映的鉴权要求,匹配鉴权要求调整鉴权阈值的方法可参考上述描述,在此不做过多描述。
其中,根据触发时刻对应的鉴权环境信息调整在采用第一鉴权方式对用户的身份进行鉴权时的鉴权阈值的具体调整方法,原理在于使鉴权阈值所反映的鉴权要求与触发时刻对应的鉴权环境信息相匹配,换句话说,根据触发时刻对应的鉴权环境信息所对应的风险等级,调整鉴权阈值和/或鉴权警报门限,使其与当前的风险相匹配,以提高鉴权安全性。
另外,在一些可能的实施方式中,还可以根据触发时刻对应的鉴权环境信息切换鉴权方式,考虑鉴权时的具体环境对鉴权方式的干扰、误差影响,基于鉴权时的具体环境情况,动态加载合适的鉴权方式。如环境光照将会影响人脸识别的准确度,而噪声将会影响声纹识别的准确度。当触发时刻的光照条件不适合人脸识别,且当前采用的第一鉴权方式为人脸识别时,将会控制停止人脸识别鉴权方式,并从步骤202中确定的至少两个鉴权方式中选取不依靠光照条件的、优先级最高的鉴权方式,例如声纹识别鉴权方式,启动麦克风进行声纹识别鉴权。
在一些可能的实施方式中,在启动硬件资源之前,鉴权方法还包括:
获取智能设备和鉴权用户之间的第一距离;根据第一距离和映射关系确定第一距离对应的第二鉴权方式,映射关系为鉴权方式和距离之间的对应关系;第二鉴权方式和第一鉴权方式不同时,更新第一鉴权方式为第二鉴权方式。
本申请实施例中,预先根据实际应用需求设置各种鉴权方式及其对应的使用距离的映射关系,对映射关系的具体对应关系不做特别限定。在启动第一鉴权方式对应的硬件资源之前,通过获取用户和智能设备之间的第一距离,根据第一距离自适应调整第一鉴权方式,智能化程度高,有效提升用户的智能设备使用体验。
举例来说,参考图1,假设蓝牙钥匙的使用距离是0-10米(m),车辆101的蓝牙覆盖区域为区域C;而声纹识别的使用距离是0-3m,声纹可识别区域为区域B;而二维码扫描识别的使用距离是0-1m,可扫描到二维码的区域为区域A。当根据鉴权环境信息确定的鉴权操作的至少两个鉴权方式分别为蓝牙钥匙、二维码扫描以及声纹识别,优先权最高的鉴权方式为蓝牙钥匙。在启动智能设备的蓝牙模块之前,获取智能设备(如车辆101)和鉴 权用户102之间的第一距离,并根据第一距离和映射关系确定第一距离对应的鉴权方式为声纹识别(即鉴权用户102位于区域B之中,但位于区域A之外),则将声纹识别作为新的第一鉴权方式,打开智能设备的麦克风。
第一距离的获取方法可以有多种,对第一距离具体的获取方法不做特别限定,例如可以是利用用户的智能终端的位置信息和智能设备的位置信息以确定两者之间的第一距离。一种可能的实现方式中,智能终端实时将自身的位置信息(例如利用GPS或蓝牙技术确定的位置信息)发送给后台服务器,而智能设备也会实时将自身的位置信息发送给后台服务器,这样,后台服务器可以实时确定智能终端和智能设备之间的第一距离,并将第一距离下发给智能设备,以使智能设备根据第一距离自适应调整第一鉴权方式。
在一些可能的实施方式中,启动硬件资源之后,在用户触发鉴权操作之前,鉴权方法还包括:
获取智能设备和鉴权用户之间的第二距离;
根据第二距离和映射关系确定第二距离对应的第三鉴权方式,映射关系为鉴权方式和距离之间的对应关系;
第三鉴权方式和第一鉴权方式不同时,关闭第一鉴权方式所需的智能设备的硬件资源,并启动第三鉴权方式所需的智能设备的硬件资源。
本申请实施例中,在硬件资源启动之后,在检测到用户的鉴权触发操作之前,通过继续获取用户和智能设备之间的第二距离,根据第二距离修改对用户的身份进行鉴权所采用的鉴权方式,实现根据第二距离实时变换鉴权方式,自适应变换鉴权方式,减少用户所需进行的操作,提升用户的使用体验。其中,第二距离的获取方法和第一距离的获取方法相同,不做赘述。
举例来说,当根据鉴权环境信息确定的鉴权操作的至少两个鉴权方式分别为蓝牙钥匙、二维码扫描以及声纹识别,优先权最高的鉴权方式为蓝牙钥匙。参考图1,在启动智能设备的蓝牙模块之后,获取智能设备(如车辆101)和鉴权用户102之间的第二距离,并根据第二距离和映射关系确定第二距离对应的鉴权方式为声纹识别(即鉴权用户102从区域C进入区域B之中,但未进入区域A),则关闭智能设备的蓝牙模块,并打开智能设备的麦克风。随着第二距离的变化,匹配到第二距离对应的鉴权方式为二维码扫描识别时(即鉴权用户102从区域B进入区域A之中),关闭麦克风,并打开智能设备的摄像头。
在一些可能的实施方式中,鉴权方法还包括:
响应用户对智能设备的第四鉴权方式的启动操作,启动采用第四鉴权方式进行鉴权操作所需的智能设备的硬件资源。
其中,启动操作可以是用户对第四鉴权方式关联的软按键或物理按键的触发操作,以启动采用第四鉴权方式进行鉴权操作所需的智能设备的硬件资源。第四鉴权方式可以是智能设备所具备的鉴权方式中的任意一种。例如,智能设备以车辆为例,而第四鉴权方式为人脸识别;在车辆的车机显示屏上显示人脸识别的软按键,用户可以按压该按键,以确定启动人脸识别,进而触发启动人脸识别相关的硬件资源,如摄像头。
本申请实施例中,除了上述根据预估信息自动预先启动硬件资源的启动方式之外,本申请实施例还提供一种通过响应用户的启动操作而启动相关硬件资源的方式,以满足不同 场景的鉴权需求,可以在硬件资源未启动的情况下,响应用户的启动操作而启动,以满足用户的鉴权需要。
在一些可能的实施方式中,鉴权方法还包括:
获取智能设备和/或用户的状态信息;状态信息与第五鉴权方式对应的预设状态信息匹配时,启动采用第五鉴权方式进行鉴权操作所需的智能设备的硬件资源。
为了满足不同场景的鉴权需求,本申请实施例还提供一种通过检测智能设备和/或用户的状态信息,根据状态信息与预设状态信息进行匹配,以确定采用的第五鉴权方式,并启动采用第五鉴权方式进行鉴权操作所需的智能设备的硬件资源,以通过自动检测而启动相关硬件资源,减少用户所需的操作,提升用户的鉴权体验。
其中,状态信息用于表征智能设备和/或智能设备的关联用户所处的状态。实际上,可以预先设置第五鉴权方式与预设状态信息的对应关系,其中,第五鉴权方式可以为智能设备所具备的鉴权方式中的任意一种。智能设备以车辆为例,假设第五鉴权方式为人脸识别,人脸识别的预设状态信息是表征车辆上有用户进行操作的信息,例如开车门、关车门、开窗、开空调、启动车辆、踩油门等状态信息。当检测到车辆的状态信息与预设状态信息相同时,如检测到有用户上车或关车门等,则触发启动人脸识别,即启动人脸识别相关的摄像头。
而智能设备的关联用户的状态可以是用户主体状态信息,例如,手势、声音等。预设状态信息可以为预设的手势或触发语音,可以预先为不同的第五鉴权方式设置触发手势或触发语音,例如,“点赞”手势为启动声纹识别,而“剪刀手”手势为启动人脸识别;检测到对应的手势则启动相应的第五鉴权方式的硬件资源。
而预设的触发语音可以为“启动人脸识别”,其中,语音比对时,可以是比对输入语音对应的文本是否与预设的触发语音的文本相同,若文本相同,则通过语音比对,启动人脸识别的关联硬件资源。除了比对文本之外,还可以比对输入语音的声纹特征是否与预设的触发语音的声纹特征相同,即确定输入语音是否为预设的用户输入的,当文本和声纹两种均通过时,确定通过语音对比,可以启动人脸识别相关的硬件资源。同样地,通过触发语音启动其他的第五鉴权方式的方式与人脸识别相似,不做赘述。
特别指出的是,第四鉴权方式和第五鉴权方式可以为智能设备相同的鉴权方式或者分别为智能设备不同的鉴权方式,用不同的序号来标记这两种鉴权方式只为区分它们是采用不同的启动方式进行启动的。
参考图3,图3为本申请实施例提供的一种鉴权方法的具体流程示意图;为了更清楚地说明本申请实施例的鉴权方法,下面以智能设备为车辆为例进行具体说明:
301:系统鉴权行为统计。
埋点统计车辆运行过程中的历史鉴权行为的如下维度信息:
①、鉴权用户主体:包括车辆车机的用户ID(即鉴权用户标识),该ID可以由数字、字母、特殊字符中的一个或多个来组成,本实施例中,不做特别限定。
②、鉴权方式:包括蓝牙鉴权,视觉识别,声学识别,二维码,密码等鉴权方式。
③、鉴权的时间:可以将鉴权时车辆的系统时间作为鉴权时间,可以包括年月日(如2020/10/11),还可以到具体的鉴权时刻,如时分秒(如8:00)。
④、鉴权的地点:包括位置信息及其位置属性,其中,位置信息可以是GPS信息(如经度和纬度)、IP地址信息等位置信息,位置属性是按照安全性高低将鉴权地点分为几个类型。本实施例中,将鉴权地点分为私人场所和公共场所两大类,私人场所为安全场所,可以通过机器学习确定出用户的家、公司所在的地点,将这些地点标记为私人场所,而除了私人场所之外的场所为公共场所,其为非安全场所。在获取鉴权的地点时,根据鉴权地点和预存储的私人场所可以确定该鉴权地点的位置属性。
⑤、鉴权业务属性:预先根据鉴权安全等级要求和业务类型将所有业务划分成几大类,例如划分为娱乐业务,功能业务,隐私业务,支付业务等,其中,娱乐业务如音乐播放、照片播放等业务;功能业务为车辆的基础功能业务,如文件夹;而隐私业务涉及用户的个人信息,比如微信、QQ等;支付业务涉及用户的财务信息。
⑥、鉴权的成功率:鉴权成功率也即鉴权尝试次数(表格中简称鉴权次数)。
⑦、鉴权时的系统环境:包括光照,噪声,无线环境,网络环境,系统稳定性等。
利用埋点统计的数据可以得到表1。例如,在2020年10月20日上午8点检测到车辆的环境光照为800.10勒克斯(Lux),而环境噪声为50分贝(db)。
表1
302:构建基于行为与环境特性的动态身份鉴权模型。
根据历史行为统计与系统环境的相关性,构建动态身份鉴权模型,该模型评估的维度涵盖有如下(不局限于此):
①、鉴权用户:针对用户周期性的登录行为,用户会周期性登录意图。
②、鉴权用户状态:用户所处位置与车辆之间的距离大小(用户与车辆之间的距离小的可以选择适用距离小的鉴权方式,距离远的可以选择适用距离大的鉴权方式)。用户脸部特征是否清晰(是否有墨镜,围巾等遮挡),用户脸部特征不清晰的不推荐视觉识别等方式。用户声音特征是否清晰(情绪激动,沙哑等不稳定因素),声音特征不清晰的不推荐声学识别等方式。用户活动是否方便(双手拿物等场景不推荐蓝牙钥匙,指纹,密码校验等方式)。
③、鉴权方式:对于同一业务场景下,最近一次使用的鉴权方式,其发生频率会更高。
④、鉴权时间:历史经常进行鉴权的时间,在类似时间会有鉴权诉求。特别地,基于301的埋点数据确定出高频的鉴权时段,若后续获取的鉴权环境信息中的时间不属于高频 的鉴权时段或者不属于高频的鉴权时段的可接受误差范围时,则需要提高鉴权要求。例如,利用历史行为数据确定高频的鉴权时间为下班时间,即晚上6点,当检测到晚上12点下班进行鉴权时,则需要提高安全等级,即提高鉴权要求。
⑤、鉴权地点:公共场所的鉴权安全要求等级高,个人隐私场所的鉴权安全等级可以相对降低。
⑥、鉴权业务属性:重大价值的业务权限要求等级高,相对公开的业务可降低鉴权等级。
⑦、鉴权成功率:历史多次鉴权成功率低,需加大下次鉴权安全等级要求。
⑧、鉴权环境:光照条件差不推荐人脸,图像等鉴权方式。噪声干扰大,不推荐声纹的等鉴权方式等。
另外,还可以定义各种鉴权方式可支撑的业务,以及对环境和用户状态的依赖,如表2。
表2
另一方面,还可以定义不同场景下,不同鉴权方式所需的安全等级标准要求,如表3。其中,表3中的鉴权标准可以理解为鉴权要求。
表3
在一些可能的实施例中,无线环境对鉴权方式的预测也有影响,可以根据实际要求设置鉴权方式的预测规则,例如,可以设置当车辆周围的蓝牙广播信号数目超过一定阈值时,不推荐蓝牙鉴权方式,以不对其他终端的鉴权造成干扰。又或者,无网络环境时,不推荐 二维码扫描鉴权以及密码识别鉴权方式;特别地,当检测到车辆处于被破解状态时,将不进行鉴权操作,关闭所有鉴权通道。
303:检测车辆的鉴权环境信息。
在高频的鉴权时段检测车辆的鉴权环境信息,其中,鉴权环境信息可以包括车载系统所处地点以及位置属性、车载系统所处时间、车载系统所处环境(光照,噪声,无线环境,网络环境,系统稳定性等维度)、鉴权用户主体状态(用户位置,脸部特征是否清晰,声音特征是否稳定,用户活动状态是方便)等,可以得到表4和表5。
检测日期 | 检测时间 | 经度 | 纬度 | 环境光照 | 环境噪声 | Wi-Fi网络 | 蓝牙设备 | 无线网络 | … |
2020/11/11 | 8:00 | 121.47 | 31.23 | 800.10Lux | 70db | IP地址 | MAC地址 | 小区ID |
表4
检测日期 | 检测时间 | 用户脸部特征 | 用户声音特征 | 双手是否可活动 |
2020/11/11 | 8:00 | 清晰 | 稳定 | 是 |
表5
304:推测智能设备的用户身份、预测用户的身份鉴权方案。
本申请实施例中,动态身份鉴权模型利用表1、表2和表3以及相关预测规则,将303获得的鉴权环境信息输入模型进行预测,可以得到预估信息,包括预测的系统登录用户、预测出现鉴权操作的时间,鉴权操作的发生概率,推荐的鉴权方式的优先级顺序,推荐的鉴权方式对应的硬件资源,推荐的鉴权方式对应的风险等级,推荐的鉴权方式对应的鉴权阈值和/或鉴权警报门限。
其中,动态身份鉴权模型可以利用如贝叶斯统计预测方法等时间预测方法,处理历史鉴权行为数据和获取的鉴权环境信息以推断鉴权操作可能的出现时间;另外,动态身份鉴权模型基于历史鉴权行为数据和获取的鉴权环境信息进行预估处理,还可以得到上述预估信息,具体地:
基于鉴权环境信息中的位置信息和历史鉴权位置,判断该位置信息对应的车辆的各鉴权方式的频次与风险等级。
基于鉴权环境信息中的光照,噪声等外在环境信息和历史鉴权外在环境数据,预判当前的外在环境对应的各鉴权方式的频次与风险等级。
基于鉴权环境信息中的鉴权时间和历史鉴权时间,预测判断当前鉴权时间的频次与风险等级。
动态身份鉴权模型综合上述确定的各种风险等级,确定不同的推荐鉴权方式的鉴权阈值。
305:加载个性化资源、执行身份鉴权方案,迭代动态身份鉴权模型。
根据步骤304推测的系统登录用户,预先加载该用户的不同个性化资源,如OS系统(多媒体,导航等),车辆座椅的角度和高度,空调温度等。例如,推测当前系统可能会登录001用户,则加载001用户的个性化资源。可以减少系统资源消耗,缩小系统启动时长。
另外,基于预测出现鉴权操作的时间,在该时间之前启动推荐的鉴权方式中优先级最高的鉴权方式对应的车辆的硬件资源,例如,假设步骤304推荐的鉴权方式为蓝牙钥匙、声纹检验、人脸识别、登录密码验证,而蓝牙钥匙和声纹校验为优先级最高的鉴权方式, 则在预测出现鉴权操作的时间之前,启动车辆的蓝牙模块和麦克风,以支撑用户无感进入车载的诉求,减少用户的鉴权交互操作,并且增加待机时长。
检测到用户的鉴权触发操作时,执行身份鉴权方案,并刷新系统鉴权行为统计。具体地,利用优先级最高的鉴权方式对用户的身份进行鉴权,鉴权成功的话,则加载对应业务能力,开放车辆相应的权限。而鉴权失败的话,则应采取善后措施以预警系统维护者,例如声纹多次校验识别失败,可短信等相关措施知会车辆拥有者。
根据用户每次的鉴权行为,刷新表1,以刷新用户行为,环境与鉴权方式的概率关系,更新用户动态身份鉴权模型的模型参数,以得出最新的推荐的鉴权方式以及鉴权阈值,并进行动态刷新。另外,动态身份鉴权模型还可以根据用户鉴权时的鉴权环境信息和鉴权用户的状态对优先级最高的鉴权方式进行更换,如优先级最高的鉴权方式为声纹识别,鉴权时的环境噪声较大,则关闭声纹识别鉴权,将人脸识别作为优先级最高的鉴权方式,启动人脸识别鉴权。又例如,假设优先级最高的鉴权方式为人脸识别,当检测到鉴权时用户的脸部带有墨镜,即脸部被遮挡,则选择声纹识别作为优先级最高的鉴权方式,关闭摄像头,启动麦克风。
另外,动态身份鉴权模型还可以根据用户进行鉴权时的鉴权环境信息实时更新鉴权方式的鉴权阈值,例如,当前用户进行鉴权的时间与高频的鉴权时段不同,或者当前的鉴权时间不在高频的鉴权时段可接受的误差范围内,或者识别到当前的鉴权时间为危险时间(如深夜时段)时,需要调整鉴权阈值以提高鉴权要求。另一方面,确定当前用户进行鉴权的地点为非安全场所(如公共停车场),此时也需要调整鉴权阈值以提高鉴权要求,避免人为暴力破解。最后,当用户鉴权失败次数过多时,需要提高鉴权要求。
特别指出的是,上述表1、表2和表3只是提供一个示例,不对本申请的保护范围造成限定。
可见,本申请的鉴权方法,根据用户行为与环境特性信息输入,动态加载鉴权硬件资源与配置鉴权相关门限,从而达到基于场景的动态身份认证,增强用户体验与安全性。在同一智能设备上,基于目标用户的不同状态,自主进行合适的鉴权方式,实现用户的无感鉴权。可以很好地兼容用户易用性,安全性与系统资源消耗的平衡。
本申请实施例还提供一种应用于智能装置的鉴权装置,参考图4,图4为本申请实施例提供的一种鉴权装置的功能单元组成框图;鉴权装置400包括获取单元410、确定单元420和启动单元430;
获取单元410,用于获取鉴权环境信息;
确定单元420,用于根据鉴权环境信息和历史鉴权数据,确定智能设备的鉴权操作的预估信息,预估信息包括第一时间、发生概率以及进行鉴权操作所采用的第一鉴权方式,第一时间为预估的鉴权操作的发生时间,发生概率为预估的鉴权操作的出现概率;
启动单元430,用于在发生概率大于概率阈值时,在第一时间或者在第一时间之前,启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源。
本申请实施例中的鉴权装置,通过预估鉴权操作的相关信息以预启动智能设备对应的硬件资源,可以有效减少智能设备的鉴权功耗,提高了用户的使用体验。
其中,鉴权装置400可以用于执行上述鉴权方法,具体地,获取单元410用于执行步骤201,确定单元420用于执行步骤202,启动单元430用于执行步骤203。更具体地,获取单元410可以采用摄像头、麦克风、GPS模块等中的一种或多种来实现,而确定单元420和启动单元430可以采用处理器等来实现。
在一些可能的实施方式中,参考图4,鉴权装置还包括:
鉴权单元440,用于在用户触发鉴权操作时,采用第一鉴权方式对用户的身份进行鉴权。其中,鉴权单元440可以采用摄像头、麦克风等结合处理器来实现。
在一些可能的实施方式中,确定单元420,还用于:
根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的鉴权阈值;
鉴权单元,具体用于:
根据第一鉴权方式对应的鉴权阈值,对用户的身份进行鉴权。
在一些可能的实施方式中,在根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的鉴权阈值方面,确定单元420,具体用于:
根据鉴权环境信息和历史鉴权数据,确定第一鉴权方式对应的风险等级;
根据风险等级确定第一鉴权方式对应的鉴权阈值。
在一些可能的实施方式中,获取单元410,还用于获取用户的鉴权失败次数;
参考图4,鉴权装置400还包括:
调整单元450,用于根据鉴权失败次数,调整在采用第一鉴权方式对用户的身份进行鉴权时的鉴权阈值。其中,调整单元450可以采用处理器等来实现。
在一些可能的实施方式中,在鉴权单元440采用第一鉴权方式对用户的身份进行鉴权之前,获取单元410,还用于获取用户触发鉴权操作的触发时刻对应的鉴权环境信息;调整单元450,还用于根据触发时刻对应的鉴权环境信息,调整在采用第一鉴权方式对用户的身份进行鉴权时的鉴权阈值。
在一些可能的实施方式中,第一时间包括时间周期,启动单元430,具体用于:
在发生概率大于概率阈值时,在时间周期内,启动采用第一鉴权方式进行鉴权操作所需的智能设备的硬件资源。
在一些可能的实施方式中,在获取鉴权环境信息方面,获取单元410,具体用于:
根据智能设备的历史鉴权数据确定鉴权时段;
根据鉴权时段获取鉴权环境信息。
在一些可能的实施方式中,预估信息还包括第一用户信息,第一用户信息指示的用户为预测的触发鉴权操作的用户;
调整单元450,还用于在发生概率大于概率阈值时,在第一时间或者在第一时间之前,根据第一用户信息指示的用户的历史使用数据调整智能设备。
在一些可能的实施方式中,在根据鉴权环境信息和历史鉴权数据,确定智能设备的鉴权操作的预估信息中的第一鉴权方式方面,确定单元420,具体用于:
根据鉴权环境信息和历史鉴权数据,确定智能设备的鉴权操作的鉴权优先级最高的鉴权方式作为第一鉴权方式。
在一些可能的实施方式中,在启动单元430启动硬件资源之前,
获取单元410,还用于获取智能设备和鉴权用户之间的第一距离;
确定单元420,还用于根据第一距离和映射关系确定第一距离对应的第二鉴权方式,映射关系为鉴权方式和距离之间的对应关系;
参考图4,鉴权装置400还包括:
处理单元460,用于第二鉴权方式和第一鉴权方式不同时,更新第一鉴权方式为第二鉴权方式。其中,处理单元460可以采用处理器等来实现。
在一些可能的实施方式中,在启动单元430启动硬件资源之后,在鉴权装置检测到用户触发鉴权操作之前,获取单元410,还用于获取智能设备和鉴权用户之间的第二距离;确定单元420,还用于根据第二距离和映射关系确定第二距离对应的第三鉴权方式,映射关系为鉴权方式和距离之间的对应关系;
处理单元460,还用于第三鉴权方式和第一鉴权方式不同时,关闭第一鉴权方式所需的智能设备的硬件资源,并启动第三鉴权方式所需的智能设备的硬件资源。
在一些可能的实施方式中,鉴权环境信息包括时间信息、智能设备的位置信息、智能设备内在或外在的环境信息、鉴权用户主体的状态信息中的一个或多个。历史鉴权数据包括以下数据中的一项或多项(多项指两项以上):鉴权用户标识、鉴权方式、鉴权时间、鉴权地点、鉴权操作关联的业务的属性、鉴权失败次数、鉴权时间对应的智能设备的内在或外在的环境信息,其中,鉴权安全等级相同、业务类型相同的业务的属性相同。
在一些可能的实施方式中,启动单元430,还用于:响应用户对智能设备的第四鉴权方式的启动操作,启动采用第四鉴权方式进行鉴权操作所需的智能设备的硬件资源。
在一些可能的实施方式中,获取单元410,还用于:获取智能设备和/或用户的状态信息;
启动单元430,还用于:状态信息与第五鉴权方式对应的预设状态信息匹配时,启动采用第五鉴权方式进行鉴权操作所需的智能设备的硬件资源。
在本申请实施例中,应该理解到,鉴权装置400的具体功能实现方式可以参见上述任意实施例所述的鉴权方法的描述,这里不再进行赘述。实施例中所揭露的鉴权装置,可通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件程序模块的形式实现。
本申请实施例还提供一种芯片系统,所述芯片系统包括至少一个处理器,存储器和接 口电路,所述存储器、所述接口电路和所述至少一个处理器通过线路互联,所述至少一个存储器中存储有指令;所述指令被所述处理器执行时,上述方法实施例中记载的任何一种鉴权方法得以实现。
本申请实施例还提供一种智能设备,参考图5,图5为本申请实施例提供的一种智能设备的结构示意图;智能设备500包括处理器、存储器和通信接口,其中,一个或多个程序被存储在所述存储器中,并且被配置由所述处理器执行,所述程序包括用于执行上述方法实施例中记载的任何一种鉴权方法中的步骤的指令。
参考图6,图6为本申请实施例提供的一种智能设备的具体结构示意图;其中,智能设备包括处理器、存储器、通讯模块、视觉管理模块和音频管理模块,由处理器运行存放在内存或其它存储器上的各模块的程序指令。处理器可以通过系统总线直接访问存储器、音频管理模块,视频管理模块。存储器包括内存和磁盘存储器,存储的内容包括用户账号管理、声纹识别、人脸识别等诸多模块。音频管理模块负责对音频设备(扬声器和麦克风)进行接口和管理。视频管理模块负责对视频设备(摄像头)进行接口和管理,通讯模块负责对互联设备(蓝牙,Wi-Fi,GPS以及以太网ETH等)进行接口和管理,处理器可以通过网络接口访问各种云服务以及云服务管理模块。手机等智能终端可以通过蓝牙,扫描等方式与智能设备进行互联。
继续参考图7,图7为本申请实施例提供的一种智能设备的功能划分示意图。其中,智能设备的系统架构分为传感模块、处理器和鉴权执行模块三个部分,其中,处理器包括如下子模块:历史数据分析,环境风险管理,鉴权方式与风险预测。
更具体地,传感模块主要包括:
摄像头:用于定时采集用户、智能设备的周边环境的视频或图像数据,并把这些数据发送给处理器,以获取环境光照值、周边目的物等情况。
麦克风:用于定时采集用户、智能设备的周边环境的音频数据,并把这些数据发送给处理器。
通讯模块:用于获取系统的无线电环境,网络环境等信息,并把这些数据发送给处理器。
GPS模块:可实时获取系统的位置数据,并把这些数据发送给中央处理的单元,根据位置数据可以确定位置属性和本地时间。
而处理器用于实现以下功能:
历史数据分析:统计智能设备的历史身份鉴权行为,评估系统用户偏好。
环境风险管理:基于当前的鉴权环境信息预测系统不同鉴权方式的安全风险。
鉴权方式与风险预测:结合用户行为分析与环境风险管理,预测判断系统用户鉴权行为、采用的鉴权方式与风险,输出信息至鉴权执行器模块。
最后,鉴权执行模块用于:
硬件资源管理:根据推荐的鉴权方式,以及不同时刻、不同环境,动态加载系统进行鉴权时所需的硬件资源。
执行身份鉴权与反馈:执行鉴权操作,针对鉴权成功,鉴权失败进行不同的反馈操作。例如,当鉴权失败时,控制扬声器发声以进行预警。又例如,当鉴权失败次数超过一定阈 值时,发送通知短信给智能设备的拥有者以进行风险提醒。
本申请实施例还提供一种计算机存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行以实现如上述方法实施例中记载的任何一种鉴权方法的部分或全部步骤。计算机可读存储介质可以包括:闪存盘、只读存储器(英文:Read-Only Memory,简称:ROM)、随机存取器(英文:Random Access Memory,简称:RAM)、磁盘或光盘等。
本申请实施例还提供一种计算机程序产品,所述计算机程序产品包括指令,当其在计算机上运行时,使得计算机执行如上述方法实施例中记载的任何一种鉴权方法。
需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本申请并不受所描述的动作顺序的限制,因为依据本申请,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于可选实施例,所涉及的动作和模块并不一定是本申请所必须的。
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。
Claims (35)
- 一种鉴权方法,其特征在于,应用于智能装置,包括:获取鉴权环境信息;根据所述鉴权环境信息和历史鉴权数据,确定智能设备的鉴权操作的预估信息,所述预估信息包括第一时间、发生概率以及进行所述鉴权操作所采用的第一鉴权方式,所述第一时间为预估的所述鉴权操作的发生时间,所述发生概率为预估的所述鉴权操作的出现概率;在所述发生概率大于概率阈值时,在所述第一时间或者在所述第一时间之前,启动采用所述第一鉴权方式进行所述鉴权操作所需的所述智能设备的硬件资源。
- 根据权利要求1所述的方法,其特征在于,所述方法还包括:在用户触发鉴权操作时,采用所述第一鉴权方式对所述用户的身份进行鉴权。
- 根据权利要求2所述的方法,其特征在于,所述方法还包括:根据所述鉴权环境信息和所述历史鉴权数据,确定所述第一鉴权方式对应的鉴权阈值;所述采用所述第一鉴权方式对所述用户的身份进行鉴权,具体包括:根据所述第一鉴权方式对应的鉴权阈值,对所述用户的身份进行鉴权。
- 根据权利要求3所述的方法,其特征在于,所述根据所述鉴权环境信息和所述历史鉴权数据,确定所述第一鉴权方式对应的鉴权阈值,包括:根据所述鉴权环境信息和所述历史鉴权数据,确定所述第一鉴权方式对应的风险等级;根据所述风险等级确定所述第一鉴权方式对应的鉴权阈值。
- 根据权利要求2至4任一项所述的方法,其特征在于,所述方法还包括:获取所述用户的鉴权失败次数;根据所述鉴权失败次数,调整在采用所述第一鉴权方式对所述用户的身份进行鉴权时的鉴权阈值。
- 根据权利要求2至4任一项所述的方法,其特征在于,在采用所述第一鉴权方式对所述用户的身份进行鉴权之前,所述方法还包括:获取所述用户触发鉴权操作的触发时刻对应的鉴权环境信息;根据所述触发时刻对应的鉴权环境信息,调整在采用所述第一鉴权方式对所述用户的身份进行鉴权时的鉴权阈值。
- 根据权利要求1至6任一项所述的方法,其特征在于,所述第一时间包括时间周期,在所述发生概率大于概率阈值时,在所述时间周期内,启动采用所述第一鉴权方式进行所述鉴权操作所需的所述智能设备的硬件资源。
- 根据权利要求1至6任一项所述的方法,其特征在于,所述获取鉴权环境信息,具体包括:根据所述智能设备的历史鉴权数据确定鉴权时段;根据所述鉴权时段获取所述鉴权环境信息。
- 根据权利要求1至6任一项所述的方法,其特征在于,所述预估信息还包括第一用户信息,所述第一用户信息指示的用户为预测的触发所述鉴权操作的用户;所述方法还包括:在所述发生概率大于所述概率阈值时,在所述第一时间或者在所述第一时间之前,根据所述第一用户信息指示的用户的历史使用数据调整所述智能设备。
- 根据权利要求1至6任一项所述的方法,其特征在于,根据所述鉴权环境信息和所述历史鉴权数据,确定所述预估信息中的第一鉴权方式,包括:根据所述鉴权环境信息和所述历史鉴权数据,确定所述智能设备的鉴权操作的鉴权优先级最高的鉴权方式作为所述第一鉴权方式。
- 根据权利要求1至6任一项所述的方法,其特征在于,在启动所述硬件资源之前,所述方法还包括:获取所述智能设备和鉴权用户之间的第一距离;根据所述第一距离和映射关系确定所述第一距离对应的第二鉴权方式,所述映射关系为鉴权方式和距离之间的对应关系;所述第二鉴权方式和所述第一鉴权方式不同时,更新所述第一鉴权方式为所述第二鉴权方式。
- 根据权利要求1至6任一项所述的方法,其特征在于,启动所述硬件资源之后,在用户触发鉴权操作之前,所述方法还包括:获取所述智能设备和所述鉴权用户之间的第二距离;根据所述第二距离和所述映射关系确定所述第二距离对应的第三鉴权方式,所述映射关系为鉴权方式和距离之间的对应关系;所述第三鉴权方式和所述第一鉴权方式不同时,关闭所述第一鉴权方式所需的智能设备的硬件资源,并启动所述第三鉴权方式所需的智能设备的硬件资源。
- 根据权利要求1至6任一项所述的方法,其特征在于,所述鉴权环境信息包括时间信息、智能设备的位置信息、智能设备内在或外在的环境信息、鉴权用户主体的状态信息中的一个或多个。
- 根据权利要求1至6任一项所述的方法,其特征在于,所述历史鉴权数据包括以下数据中的一项或多项:鉴权用户标识鉴权方式、鉴权时间、鉴权地点、鉴权操作关联的业务的属性、鉴权失败次数、所述鉴权时间对应的所述智能设备的内在或外在的环境信息。
- 根据权利要求1至6任一项所述的方法,其特征在于,所述方法还包括:响应用户对所述智能设备的第四鉴权方式的启动操作,启动采用所述第四鉴权方式进行鉴权操作所需的所述智能设备的硬件资源。
- 根据权利要求1至6任一项所述的方法,其特征在于,所述方法还包括:获取所述智能设备和/或用户的状态信息;所述状态信息与第五鉴权方式对应的预设状态信息匹配时,启动采用所述第五鉴权方式进行鉴权操作所需的所述智能设备的硬件资源。
- 一种鉴权装置,其特征在于,应用于智能装置,包括:获取单元,用于获取鉴权环境信息;确定单元,用于根据所述鉴权环境信息和历史鉴权数据,确定智能设备的鉴权操作的预估信息,所述预估信息包括第一时间、发生概率以及进行所述鉴权操作所采用的第一鉴权方式,所述第一时间为预估的所述鉴权操作的发生时间,所述发生概率为预估的所述鉴 权操作的出现概率;启动单元,用于在所述发生概率大于概率阈值时,在所述第一时间或者在所述第一时间之前,启动采用所述第一鉴权方式进行所述鉴权操作所需的所述智能设备的硬件资源。
- 根据权利要求17所述的鉴权装置,其特征在于,所述鉴权装置还包括:鉴权单元,用于在用户触发鉴权操作时,采用所述第一鉴权方式对所述用户的身份进行鉴权。
- 根据权利要求18所述的鉴权装置,其特征在于,所述确定单元,还用于:根据所述鉴权环境信息和所述历史鉴权数据,确定所述第一鉴权方式对应的鉴权阈值;所述鉴权单元,具体用于:根据所述第一鉴权方式对应的鉴权阈值,对所述用户的身份进行鉴权。
- 根据权利要求19所述的鉴权装置,其特征在于,在根据所述鉴权环境信息和所述历史鉴权数据,确定所述第一鉴权方式对应的鉴权阈值方面,所述确定单元,具体用于:根据所述鉴权环境信息和所述历史鉴权数据,确定所述第一鉴权方式对应的风险等级;根据所述风险等级确定所述第一鉴权方式对应的鉴权阈值。
- 根据权利要求18至20任一项所述的鉴权装置,其特征在于,所述获取单元,还用于获取所述用户的鉴权失败次数;所述鉴权装置还包括:调整单元,用于根据所述鉴权失败次数,调整在采用所述第一鉴权方式对所述用户的身份进行鉴权时的鉴权阈值。
- 根据权利要求18至20任一项所述的鉴权装置,其特征在于,在所述鉴权单元采用所述第一鉴权方式对所述用户的身份进行鉴权之前,所述获取单元,还用于获取所述用户触发鉴权操作的触发时刻对应的鉴权环境信息;所述鉴权装置还包括:调整单元,用于根据所述触发时刻对应的鉴权环境信息,调整在采用所述第一鉴权方式对所述用户的身份进行鉴权时的鉴权阈值。
- 根据权利要求17至22任一项所述的鉴权装置,其特征在于,所述第一时间包括时间周期,所述启动单元,具体用于:在所述发生概率大于概率阈值时,在所述时间周期内,启动采用所述第一鉴权方式进行所述鉴权操作所需的所述智能设备的硬件资源。
- 根据权利要求17至22任一项所述的鉴权装置,其特征在于,在获取鉴权环境信息方面,所述获取单元,具体用于:根据所述智能设备的历史鉴权数据确定鉴权时段;根据所述鉴权时段获取所述鉴权环境信息。
- 根据权利要求17至22任一项所述的鉴权装置,其特征在于,所述预估信息还包括第一用户信息,所述第一用户信息指示的用户为预测的触发所述鉴权操作的用户;所述鉴权装置还包括:调整单元,用于在所述发生概率大于所述概率阈值时,在所述第一时间或者在所述第一时间之前,根据所述第一用户信息指示的用户的历史使用数据调整所述智能设备。
- 根据权利要求17至22任一项所述的鉴权装置,其特征在于,在根据所述鉴权环境信息和历史鉴权数据,确定所述智能设备的鉴权操作的预估信息中的第一鉴权方式方面,所述确定单元,具体用于:根据所述鉴权环境信息和所述历史鉴权数据,确定所述智能设备的鉴权操作的鉴权优先级最高的鉴权方式作为所述第一鉴权方式。
- 根据权利要求17至22任一项所述的鉴权装置,其特征在于,在所述启动单元启动所述硬件资源之前,所述获取单元,还用于获取所述智能设备和鉴权用户之间的第一距离;所述确定单元,还用于根据所述第一距离和映射关系确定所述第一距离对应的第二鉴权方式,所述映射关系为鉴权方式和距离之间的对应关系;所述鉴权装置还包括:处理单元,用于所述第二鉴权方式和所述第一鉴权方式不同时,更新所述第一鉴权方式为所述第二鉴权方式。
- 根据权利要求17至22任一项所述的鉴权装置,其特征在于,在所述启动单元启动所述硬件资源之后,在所述鉴权装置检测到用户触发鉴权操作之前,所述获取单元,还用于获取所述智能设备和所述鉴权用户之间的第二距离;所述确定单元,还用于根据所述第二距离和所述映射关系确定所述第二距离对应的第三鉴权方式,所述映射关系为鉴权方式和距离之间的对应关系;所述鉴权装置还包括:处理单元,用于所述第三鉴权方式和所述第一鉴权方式不同时,关闭所述第一鉴权方式所需的智能设备的硬件资源,并启动所述第三鉴权方式所需的智能设备的硬件资源。
- 根据权利要求17至22任一项所述的鉴权装置,其特征在于,所述鉴权环境信息包括时间信息、智能设备的位置信息、智能设备内在或外在的环境信息、鉴权用户主体的状态信息中的一个或多个。
- 根据权利要求17至22任一项所述的鉴权装置,其特征在于,所述历史鉴权数据包括以下数据中的一项或多项:鉴权用户标识、鉴权方式、鉴权时间、鉴权地点、鉴权操作关联的业务的属性、鉴权失败次数、所述鉴权时间对应的所述智能设备的内在或外在的环境信息。
- 根据权利要求17至22任一项所述的鉴权装置,其特征在于,所述启动单元,还用于:响应用户对所述智能设备的第四鉴权方式的启动操作,启动采用所述第四鉴权方式进行鉴权操作所需的所述智能设备的硬件资源。
- 根据权利要求17至22任一项所述的鉴权装置,其特征在于,所述获取单元,还用于:获取所述智能设备和/或用户的状态信息;所述启动单元,还用于:所述状态信息与第五鉴权方式对应的预设状态信息匹配时,启动采用所述第五鉴权方式进行鉴权操作所需的所述智能设备的硬件资源。
- 一种芯片系统,其特征在于,所述芯片系统包括至少一个处理器,存储器和接口电路,所述存储器、所述接口电路和所述至少一个处理器通过线路互联,所述至少一个存储器中存储有指令;所述指令被所述处理器执行时,权利要求1至16任一项所述的方法得以实现。
- 一种智能设备,其特征在于,包括处理器、存储器和通信接口,其中,一个或多个程序被存储在所述存储器中,并且被配置由所述处理器执行,所述程序包括用于执行权利要求1至16任一项方法中的步骤的指令。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行以实现如权利要求1至16任一项所述的方法。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2021/080994 WO2022193116A1 (zh) | 2021-03-16 | 2021-03-16 | 鉴权方法、装置及存储介质 |
EP21930712.1A EP4297336A4 (en) | 2021-03-16 | 2021-03-16 | AUTHENTICATION METHOD, APPARATUS AND RECORDING MEDIUM |
CN202180000507.5A CN113168484B (zh) | 2021-03-16 | 2021-03-16 | 鉴权方法、装置及存储介质 |
US18/468,101 US20240010165A1 (en) | 2021-03-16 | 2023-09-15 | Authentication Method and Apparatus, and Storage Medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2021/080994 WO2022193116A1 (zh) | 2021-03-16 | 2021-03-16 | 鉴权方法、装置及存储介质 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/468,101 Continuation US20240010165A1 (en) | 2021-03-16 | 2023-09-15 | Authentication Method and Apparatus, and Storage Medium |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022193116A1 true WO2022193116A1 (zh) | 2022-09-22 |
Family
ID=76875980
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/080994 WO2022193116A1 (zh) | 2021-03-16 | 2021-03-16 | 鉴权方法、装置及存储介质 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20240010165A1 (zh) |
EP (1) | EP4297336A4 (zh) |
CN (1) | CN113168484B (zh) |
WO (1) | WO2022193116A1 (zh) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4145412A1 (en) * | 2021-05-12 | 2023-03-08 | Harman International Industries, Incorporated | Secured seamless authentication for bluetooth just works pairing |
CN113639435B (zh) * | 2021-08-02 | 2023-01-13 | 青岛海尔空调器有限总公司 | 空调控制方法、设备、介质及程序产品 |
CN113779391B (zh) * | 2021-09-02 | 2024-07-23 | 广东好太太智能家居有限公司 | 基于建模的智能锁开锁推荐方法、系统、装置及存储介质 |
CN113907511B (zh) * | 2021-10-12 | 2023-03-10 | 安徽淘云科技股份有限公司 | 书桌高度调整方法、装置、电子设备、书桌与存储介质 |
CN114978749B (zh) * | 2022-06-14 | 2023-10-10 | 中国电信股份有限公司 | 登录认证方法及系统、存储介质和电子设备 |
FR3139640A1 (fr) * | 2022-09-09 | 2024-03-15 | Psa Automobiles Sa | Procédé de sécurisation de l’authentification d’une demande de démarrage d’un moteur de véhicule automobile |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140109200A1 (en) * | 2012-10-17 | 2014-04-17 | Ca, Inc. | Biometric identification for mobile applications |
CN104579665A (zh) * | 2013-10-25 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | 鉴权方法及装置 |
CN105426658A (zh) * | 2015-10-29 | 2016-03-23 | 东莞酷派软件技术有限公司 | 一种车辆预启动方法及相关装置 |
CN107517209A (zh) * | 2017-08-25 | 2017-12-26 | 北京新能源汽车股份有限公司 | 基于电动车辆的认证鉴权系统和方法 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10114935B2 (en) * | 2014-12-23 | 2018-10-30 | Intel Corporation | Technologies for login pattern based multi-factor authentication |
GB2525464B (en) * | 2015-01-13 | 2016-03-16 | Validsoft Uk Ltd | Authentication method |
KR102314241B1 (ko) * | 2017-03-28 | 2021-10-20 | 삼성전자주식회사 | 적응적 인증 수행 방법 및 이를 지원하는 전자 장치 |
CN109774471B (zh) * | 2017-05-15 | 2022-07-29 | 成都中技智慧企业管理咨询有限公司 | 一种适用于安全驾驶的车载设备 |
CN108875327A (zh) * | 2018-05-28 | 2018-11-23 | 阿里巴巴集团控股有限公司 | 一种核身方法和装置 |
CN112272819B (zh) * | 2018-06-05 | 2024-04-26 | 三星电子株式会社 | 被动唤醒用户交互设备的方法和系统 |
-
2021
- 2021-03-16 EP EP21930712.1A patent/EP4297336A4/en active Pending
- 2021-03-16 CN CN202180000507.5A patent/CN113168484B/zh active Active
- 2021-03-16 WO PCT/CN2021/080994 patent/WO2022193116A1/zh active Application Filing
-
2023
- 2023-09-15 US US18/468,101 patent/US20240010165A1/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140109200A1 (en) * | 2012-10-17 | 2014-04-17 | Ca, Inc. | Biometric identification for mobile applications |
CN104579665A (zh) * | 2013-10-25 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | 鉴权方法及装置 |
CN105426658A (zh) * | 2015-10-29 | 2016-03-23 | 东莞酷派软件技术有限公司 | 一种车辆预启动方法及相关装置 |
CN107517209A (zh) * | 2017-08-25 | 2017-12-26 | 北京新能源汽车股份有限公司 | 基于电动车辆的认证鉴权系统和方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP4297336A4 * |
Also Published As
Publication number | Publication date |
---|---|
US20240010165A1 (en) | 2024-01-11 |
EP4297336A4 (en) | 2024-04-10 |
CN113168484A (zh) | 2021-07-23 |
CN113168484B (zh) | 2022-05-10 |
EP4297336A1 (en) | 2023-12-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2022193116A1 (zh) | 鉴权方法、装置及存储介质 | |
US11527249B2 (en) | Multi-user personalization at a voice interface device | |
US12046241B2 (en) | Device leadership negotiation among voice interface devices | |
US11869527B2 (en) | Noise mitigation for a voice interface device | |
US11451553B2 (en) | Sensor-based human authorization evaluation | |
CN105118257B (zh) | 智能控制系统及方法 | |
US9450961B2 (en) | Mechanism for facilitating dynamic adjustments to computing device characteristics in response to changes in user viewing patterns | |
CN108537025B (zh) | 隐私保护方法和装置、计算机可读存储介质、终端 | |
US20240363113A1 (en) | Device Leadership Negotiation Among Voice Interface Devices | |
CN116166740A (zh) | 一种数据同步管理方法、系统和电子设备 | |
CN117872787A (zh) | 智能家居设备的控制方法、装置及电子设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21930712 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2021930712 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2021930712 Country of ref document: EP Effective date: 20230921 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |