KR20160025410A - User authentication method of electronic apparatus and electronic apparatus thereof - Google Patents

Abstract

A method for authenticating a user of an electronic device and an electronic apparatus thereof, the method comprising: associating authentication information for user authentication with identification information for identifying the validity of the authentication information; And storing in the electronic device; Determining, in the electronic device, whether the authentication information is valid based on the identification information when the user authentication process is performed; And determining whether to perform a user authentication process using the authentication information according to the determination result. In addition, various embodiments of the present invention include embodiments that are different from the above-described embodiments.

Description

Technical Field [0001] The present invention relates to a user authentication method for an electronic device,

Various embodiments of the present invention relate to a user authentication method of an electronic device and an electronic device thereof.

Various types of electronic devices such as a smart phone or a tablet PC are widely used. For example, an electronic device such as the smart phone may store various types of biometrics information such as fingerprint information of a user, iris information, voice information, and face information, , And user authentication information.

Also, the electronic device may store feature data extracted from the biometric information as the user authentication information, and the user authentication information may include a file system or the like on the inside or the outside of the electronic device, And stored and managed in a database.

Hereinafter, the fingerprint information, the iris information, the audio information, the face information, and the feature data extracted from at least one of the pieces of information are collectively referred to as biometric information. The face information may be at least one of a contour of a human face extracted from a specific image, an eye, a nose, a mouth, and an ear.

On the other hand, when the user authentication process is performed while the user fingerprint information is stored as user authentication information in the database, the electronic device acquires user fingerprint information through a fingerprint recognition module or the like And compare the obtained user fingerprint information with user fingerprint information stored as user authentication information of the database to perform a user authentication processing operation for determining whether the user is a valid user.

However, when the user authentication information of the database is hacked by a third party or the like, and is tampered with or falsified by the third party's user authentication information, there is a problem that the third party is misidentified as a valid user.

Various embodiments of the present invention may be configured to determine whether the user authentication information stored in an electronic device such as, for example, a smart phone is arbitrarily modulated or falsified by a third party or the like, A user authentication method for an electronic device and an electronic apparatus thereof are provided.

In various embodiments of the present invention, since biometric information for personal information protection or information processed and generated from the biometric information can be used only in a secure area, various limitations that can not be directly utilized by an application can be solved A user authentication method for an electronic device and an electronic apparatus thereof are provided.

According to various embodiments of the present invention, there is provided an operation method of an electronic device, comprising the steps of: associating authentication information for user authentication with identification information for identifying validity of the authentication information and storing the identification information in the electronic device; Determining, in the electronic device, whether the authentication information is valid based on the identification information when the user authentication process is performed; And determining whether to perform a user authentication process using the authentication information according to the determination result.

According to various embodiments of the present invention, there is provided an electronic device comprising: a memory for storing authentication information for user authentication and identification information for identifying the validity of the authentication information; And a processor for determining whether the authentication information is valid based on the identification information and determining whether to perform a user authentication process using the authentication information according to the determination result.

According to various embodiments of the present invention, it is possible to determine whether the user authentication information stored in the electronic device such as a smart phone has been arbitrarily modulated or falsified by a third party or the like, so that the user authentication problem can be prevented in advance.

Further, when the user authentication information stored in the electronic device is arbitrarily modulated or falsified, an application requiring user authentication, for example, stopping execution of a specific application capable of purchasing and paying an article through user authentication, It is possible to automatically perform the loss report on the electronic device.

1 is a diagram illustrating a network environment including an electronic device according to various embodiments of the present invention.
2 is a block diagram of an electronic device according to various embodiments of the present invention.
3 is an exemplary diagram for detecting user fingerprint information in an electronic device according to various embodiments of the present invention.
4 is an exemplary diagram for detecting user iris information in an electronic device according to various embodiments of the present invention.
5 is an operational flow diagram for storing and managing a user authentication database in an electronic device according to various embodiments of the present invention.
6A-6C are illustrative drawings in which fingerprint information is stored and managed in a user authentication database in accordance with various embodiments of the present invention.
7A-7C are exemplary diagrams illustrating how iris information is stored and managed in a user authentication database in accordance with various embodiments of the present invention.
Figure 8 is a flow diagram of operations for updating a user authentication database in an electronic device according to various embodiments of the present invention.
9 is a flowchart of operations for performing user authentication processing in an electronic device according to various embodiments of the present invention.
10 is an exemplary diagram in which a user authentication failure and password input window is displayed according to various embodiments of the present invention.
11 is an exemplary diagram in which a user authentication failure and an application suspension status are displayed according to various embodiments of the present invention.
12 is an exemplary diagram illustrating a situation where a user authentication failure and loss report message is transmitted according to various embodiments of the present invention.

Hereinafter, various embodiments of the present invention will be described with reference to the accompanying drawings. The various embodiments of the present invention are capable of various changes and may have various embodiments, and specific embodiments are illustrated in the drawings and the detailed description is described with reference to the drawings. It should be understood, however, that it is not intended to limit the various embodiments of the invention to the specific embodiments, but includes all changes and / or equivalents and alternatives falling within the spirit and scope of the various embodiments of the invention. In connection with the description of the drawings, like reference numerals have been used for like elements.

It should be noted that the terms such as " comprising " or " may include " may be used among the various embodiments of the present invention to indicate the presence of a corresponding function, operation or component, Not limited. Also, in various embodiments of the invention, the terms "comprise" or "having" are intended to specify the presence of stated features, integers, steps, operations, components, parts or combinations thereof, But do not preclude the presence or addition of one or more other features, numbers, steps, operations, components, parts, or combinations thereof.

The " or " in various embodiments of the present invention includes any and all combinations of words listed together. For example, " A or B " may comprise A, comprise B, or both A and B. It should be understood that the expressions "first," "second," "first," or "second," etc. of the various embodiments of the present invention may modify various elements of various embodiments of the present invention, I never do that. For example, the representations do not limit the order and / or importance of the components. The representations may be used to distinguish one component from another. For example, both the first user equipment and the second user equipment are user equipment and represent different user equipment. For example, without departing from the scope of the present disclosure, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between.

The terminology used in the various embodiments of the present invention is used only to describe a specific embodiment and is not intended to limit the various embodiments of the present invention. The singular expressions include plural expressions unless the context clearly dictates otherwise.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which the various embodiments of the present invention belong. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the contextual meaning of the related art and, unless expressly defined in the various embodiments of the present invention, It is not interpreted as meaning.

An electronic device according to various embodiments of the present invention may be a device including a communication function. For example, the electronic device may be a smart phone, a tablet personal computer, a mobile phone, a videophone, an e-book reader, a desktop personal computer, Such as a laptop personal computer, a netbook computer, a personal digital assistant (PDA), a portable multimedia player (PMP), an MP3 player, a mobile medical device, a camera, or a wearable device : At least one of a head-mounted-device (HMD) such as electronic glasses, an electronic garment, an electronic bracelet, an electronic necklace, an electronic app apparel, an electronic tattoo, or a smart watch.

According to some embodiments, the electronic device may be a smart home appliance with communication capabilities. [0003] Smart household appliances, such as electronic devices, are widely used in the fields of television, digital video disk (DVD) player, audio, refrigerator, air conditioner, vacuum cleaner, oven, microwave oven, washing machine, air cleaner, set- (E.g., Samsung HomeSync, Apple TV, or Google TV), game consoles, an electronic dictionary, an electronic key, a camcorder, or an electronic photo frame.

According to some embodiments, the electronic device may be implemented in a variety of medical devices (e.g., magnetic resonance angiography (MRA), magnetic resonance imaging (MRI), computed tomography (CT), camera, ultrasound, global positioning system receiver, EDR (event data recorder), flight data recorder (FDR), automotive infotainment device, marine electronic equipment (eg marine navigation device and gyro compass), avionics, security An automotive head unit, an industrial or home robot, an ATM (automatic teller's machine) of a financial institution, or a point of sale (POS) of a store.

According to some embodiments, the electronic device may be a piece of furniture or a structure / structure including a communication function, an electronic board, an electronic signature receiving device, a projector, (E.g., water, electricity, gas, or radio wave measuring instruments, etc.). An electronic device according to various embodiments of the present invention may be one or more of the various devices described above. Further, the electronic device according to various embodiments of the present invention may be a flexible device. It should also be apparent to those skilled in the art that the electronic device according to various embodiments of the present invention is not limited to the above-described devices.

Hereinafter, an electronic device according to various embodiments of the present invention will be described with reference to the accompanying drawings. The term user, as used in various embodiments of the present invention, may refer to a person using an electronic device or an apparatus using an electronic device (e.g., an artificial intelligence electronic device).

1 is a diagram illustrating a network environment 100 including an electronic device 101 in accordance with various embodiments of the present invention. Referring to FIG. 1, the electronic device 101 may include a bus 110, a processor 120, a memory 130, an input / output interface 140, a display 150, a communication interface 160, and a user authentication interface 170.

The user authentication interface 170 is a component for performing a user authentication processing operation based on various pieces of biometric information such as a user's fingerprint, iris, voice, face, etc., May be included in the processor 120, or may be interlocked with the processor 120, as a separate configuration.

The bus 110 may be a circuit that interconnects the components described above and communicates (e.g., control messages) between the components described above. The processor 120 receives an instruction from the other components (e.g., the memory 130, the input / output interface 140, the display 150, the communication interface 160, etc.) described above via the bus 110, It is possible to decode the instruction and execute the operation or data processing according to the decoded instruction.

The memory 130 may store instructions or data received from the processor 120 or other components (e.g., the input / output interface 140, the display 150, the communication interface 160, etc.) or generated by the processor 120 or other components Can be stored. The memory 130 may include, for example, a programming module such as a kernel 131, a middleware 132, an application programming interface (API) 133, or an application 134. Each of the above-described programming modules may be composed of software, firmware, hardware, or a combination of at least two of them.

The kernel 131 may include system resources (e.g., the bus 110, the processor 120, etc.) used to execute the operations or functions implemented in the other programming modules, e.g., the middleware 132, the API 133, Or the memory 130 and the like). In addition, the kernel 131 may provide an interface for accessing and controlling or managing individual components of the electronic device 101 in the middleware 132, the API 133, or the application 134.

The middleware 132 can act as an intermediary for the API 133 or the application 134 to communicate with the kernel 131 to exchange data. In addition, the middleware 132 may be associated with at least one of the applications 134, for example, with respect to work requests received from the application 134, such as system resources (e.g., the bus 110, the processor 120, (E.g., scheduling or load balancing) for a work request using a method such as assigning a priority that can be used to the memory 130 or the like.

The API 133 is an interface for the application 134 to control the functions provided by the kernel 131 or the middleware 132 and includes at least one interface or function for file control, window control, image processing, (E.g., commands).

According to various embodiments of the present invention, the application 134 may be an SMS / MMS application, an email application, a calendar application, an alarm application, a health care application (e.g., an application that measures momentum or blood glucose) (E.g., applications that provide air pressure, humidity, or temperature information, etc.). Additionally or alternatively, the application 134 may be an application related to the exchange of information between the electronic device 101 and an external electronic device (e.g., electronic device 104). The application associated with the information exchange may include, for example, a notification relay application for communicating specific information to the external electronic device, or a device management application for managing the external electronic device .

For example, the notification delivery application may send notification information generated in another application (e.g., an SMS / MMS application, an email application, a healthcare application, or an environment information application) of the electronic device 101 to an external electronic device ). ≪ / RTI > Additionally or alternatively, the notification delivery application may receive notification information from, for example, an external electronic device (e.g., electronic device 104) and provide it to the user. The device management application may provide a function (e.g., turn on / off) of at least a portion of an external electronic device (e.g., electronic device 104) in communication with the electronic device 101 (E.g., adjusting, turning off, or adjusting the brightness (or resolution) of the display), managing an application running on the external electronic device or services (e.g., call service or message service) )can do.

According to various embodiments of the present invention, the application 134 may include an application specified according to attributes (e.g., the type of electronic device) of the external electronic device (e.g., electronic device 104). For example, if the external electronic device is an MP3 player, the application 134 may include an application related to music playback. Similarly, if the external electronic device is a mobile medical device, the application 134 may include applications related to health care. According to one embodiment, the application 134 may include at least one of an application specified in the electronic device 101 or an application received from an external electronic device (e.g., the server 106 or the electronic device 104).

The input / output interface 140 connects commands or data input from a user via an input / output device (e.g., a sensor, a keyboard or a touch screen) to the processor 120, the memory 130, the communication interface 160 . For example, the input / output interface 140 may provide the processor 120 with data on the user's touch input through the touch screen. The input / output interface 140 outputs commands or data received from the processor 120, the memory 130, and the communication interface 160 via the input / output device (e.g., a speaker or a display) through the bus 110 . For example, the input / output interface 140 may output voice data processed through the processor 120 to a user through a speaker.

The display 150 may display various information (e.g., multimedia data or text data) to the user. The communication interface 160 can connect the communication between the electronic device 101 and an external device (e.g., the electronic device 104 or the server 106). For example, the communication interface 160 may be connected to the network 162 via wireless or wired communication to communicate with the external device. The wireless communication may include, for example, a wireless fidelity (WiFi), a Bluetooth (BT), a near field communication (NFC), a global positioning system (GPS), or a cellular communication (e.g., LTE, LTE-A, CDMA, WCDMA, UMTS , WiBro or GSM, etc.). The wired communication may include at least one of, for example, a universal serial bus (USB), a high definition multimedia interface (HDMI), a recommended standard 232 (RS-232) or a plain old telephone service (POTS).

According to one embodiment of the present invention, the network 162 may be a telecommunications network. The communication network may include at least one of a computer network, an internet, an internet of things, or a telephone network. (E.g., a transport layer protocol, a data link layer protocol, or a physical layer protocol) for communication between the electronic device 101 and the external device is controlled by the application 134, the application programming interface 133, the middleware 132, the kernel 131 Or the communication interface 160. [0035]

2 is a block diagram of an electronic device 201 in accordance with various embodiments of the present invention. The electronic device 201 may constitute all or part of the electronic device 101 shown in Fig. 1, for example. 2, the electronic device 201 includes at least one application processor 210, a communication module 220, a subscriber identification module (SIM) card 224, a memory 230, a sensor module 240, an input device 250, a display 260, An interface 270, an audio module 280, a camera module 291, a power management module 295, a battery 296, an indicator 297, and a motor 298.

The AP 210 may control a plurality of hardware or software components connected to the AP 210 by operating an operating system or an application program, and may perform various data processing and operations including multimedia data. The AP 210 may be implemented as a system on chip (SoC), for example. According to one embodiment, the AP 210 may further include a graphics processing unit (GPU) (not shown).

The communication module 220 (e.g., the communication interface 160) can send and receive data in communication between the electronic device 201 (e.g., the electronic device 101) and other electronic devices (e.g., electronic device 104 or server 106) Can be performed. According to one embodiment, the communication module 220 may include a cellular module 221, a WiFi module 223, a BT module 225, a GPS module 227, an NFC module 228, and a radio frequency (RF) module 229.

The cellular module 221 may provide voice calls, video calls, text services, or Internet services over a communication network (e.g., LTE, LTE-A, CDMA, WCDMA, UMTS, WiBro or GSM). In addition, the cellular module 221 can perform identification and authentication of electronic devices within the communication network, for example, using a subscriber identity module (e.g., a SIM card 224). According to one embodiment, the cellular module 221 may perform at least some of the functions that the AP 210 may provide. For example, the cellular module 221 may perform at least some of the multimedia control functions.

According to an embodiment of the present invention, the cellular module 221 may include a communication processor (CP). In addition, the cellular module 221 may be implemented as a SoC, for example. In FIG. 2, components such as the cellular module 221 (e.g., a communication processor), the memory 230, or the power management module 295 are illustrated as separate components from the AP 210. However, according to one embodiment, May include at least a portion of the above-described components (e.g., cellular module 221).

According to one embodiment of the present invention, the AP 210 or the cellular module 221 (e.g., a communications processor) may load a command or data received from at least one of non-volatile memory or other components connected to each, ). In addition, the AP 210 or the cellular module 221 may store data generated by at least one of the other components or received from at least one of the other components in the non-volatile memory.

Each of the WiFi module 223, the BT module 225, the GPS module 227, and the NFC module 228 may include a processor for processing data transmitted and received through a corresponding module, for example. 2, the cellular module 221, the WiFi module 223, the BT module 225, the GPS module 227, and the NFC module 228 are shown as separate blocks. However, according to one embodiment, At least some (e.g., two or more) of modules 227 or NFC modules 228 may be included in one integrated chip (IC) or IC package. For example, at least some of the processors corresponding to the cellular module 221, the WiFi module 223, the BT module 225, the GPS module 227, or the NFC module 228, respectively (e.g., corresponding to the communication processor and WiFi module 223 corresponding to the cellular module 221) WiFi processor) can be implemented in one SoC.

The RF module 229 can transmit and receive data, for example, transmit and receive RF signals. The RF module 229 may include, for example, a transceiver, a power amplifier module (PAM), a frequency filter, or a low noise amplifier (LNA). In addition, the RF module 229 may further include a component for transmitting and receiving electromagnetic waves in free space in a wireless communication, for example, a conductor or a lead wire. 2, the cellular module 221, the WiFi module 223, the BT module 225, the GPS module 227, and the NFC module 228 are shown sharing one RF module 229. However, according to one embodiment, the cellular module 221, the WiFi module 223 , The BT module 225, the GPS module 227, or the NFC module 228 can transmit and receive RF signals through separate RF modules.

The SIM card 224 may be a card including a subscriber identity module and may be inserted into a slot formed at a specific location of the electronic device. The SIM card 224 may include unique identification information (e.g., an integrated circuit card identifier (ICCID)) or subscriber information (e.g., international mobile subscriber identity (IMSI)).

The memory 230 (e.g., the memory 130) may include an internal memory 232 or an external memory 234. The internal memory 232 may be implemented as, for example, a volatile memory (e.g., dynamic RAM, SRAM, synchronous dynamic RAM (SDRAM), or the like) or a non-volatile memory , At least one of an OTPROM (one time programmable ROM), a PROM (programmable ROM), an EPROM (erasable and programmable ROM), an EEPROM (electrically erasable and programmable ROM), a mask ROM, a flash ROM, a NAND flash memory, . ≪ / RTI >

According to one embodiment, the internal memory 232 may be a solid state drive (SSD). The external memory 234 may be a flash drive, for example, a compact flash (CF), a secure digital (SD), a micro secure digital (SD), a mini secure digital (SD), an extreme digital And the like. The external memory 234 may be functionally connected to the electronic device 201 through various interfaces. According to one embodiment, the electronic device 201 may further include a storage device (or storage medium) such as a hard drive.

The sensor module 240 may measure a physical quantity or sense an operation state of the electronic device 201, and convert the measured or sensed information into an electric signal. The sensor module 240 may include, for example, a gesture sensor 240A, a gyro sensor 240B, an air pressure sensor 240C, a magnetic sensor 240D, an acceleration sensor 240E, a grip sensor 240F, a proximity sensor 240G, blue sensor), a living body sensor 240I, a temperature / humidity sensor 240J, an illuminance sensor 240K, or an ultraviolet (UV) sensor 240M. Additionally or alternatively, the sensor module 240 may include an electronic sensor, such as, for example, an E-nose sensor (not shown), an EMG sensor (not shown), an EEG sensor (not shown) an electrocardiogram sensor (not shown), an infra red sensor (not shown), an iris sensor (not shown), a fingerprint sensor (not shown), a geomagnetic sensor (not shown), a heart rate meter (not shown) have. The sensor module 240 may further include a control circuit for controlling at least one sensor included in the sensor module 240.

The input device 250 may include a touch panel 252, a (digital) pen sensor 254, a key 256, or an ultrasonic input device 258. The touch panel 252 can detect a touch input in at least one of an electrostatic, a pressure sensitive, an infrared, or an ultrasonic manner, for example. The touch panel 252 may further include a control circuit. In the case of electrostatic, physical contact or proximity detection is possible. The touch panel 252 may further include a tactile layer. In this case, the touch panel 252 may provide a tactile response to the user.

The (digital) pen sensor 254 may be implemented, for example, using the same or similar method as receiving the touch input of the user or using a separate sheet for detection. The key 256 may include, for example, a physical button, an optical key or a keypad. The ultrasonic input device 258 is a device that can confirm data by sensing a sound wave from the electronic device 201 to a microphone (e.g., a microphone 288) through an input tool for generating an ultrasonic signal. According to one embodiment, the electronic device 201 may receive user input from an external device (e.g., a computer or a server) connected thereto using the communication module 220.

The display 260 (e.g., the display 150) may include a panel 262, a hologram device 264, or a projector 266. The panel 262 may be, for example, a liquid-crystal display (LCD) or an active-matrix organic light-emitting diode (AM-OLED). The panel 262 may be embodied, for example, as being flexible, transparent or wearable. The panel 262 may be composed of the touch panel 252 and one module. The hologram device 264 can display a stereoscopic image in the air using interference of light. The projector 266 can display an image by projecting light onto a screen. The screen may be located, for example, inside or outside the electronic device 201. According to one embodiment, the display 260 may further include control circuitry for controlling the panel 262, the hologram device 264, or the projector 266.

The interface 270 may include, for example, a high-definition multimedia interface (HDMI) 272, a universal serial bus (USB) 274, an optical interface 276, or a D-sub (D-subminiature) 278. The interface 270 may, for example, be included in the communication interface 160 shown in FIG. Additionally or alternatively, the interface 270 may include, for example, a mobile high-definition link (MHL) interface, a secure digital (SD) card / multi-media card (MMC) interface, or an infrared data association can do.

The audio module 280 can convert sound and electric signals into both directions. At least some of the components of the audio module 280 may be included, for example, in the input / output interface 140 shown in FIG. The audio module 280 may process sound information input or output through, for example, a speaker 282, a receiver 284, an earphone 286, a microphone 288, or the like.

The camera module 291 may capture still images and moving images. The camera module 291 may include one or more image sensors (e.g., a front sensor or a rear sensor), a lens (not shown), an image signal processor Or a flash (not shown), such as a LED or xenon lamp. The power management module 295 can manage the power of the electronic device 201. Although not shown, the power management module 295 may include, for example, a power management integrated circuit (PMIC), a charger integrated circuit (PMIC), or a battery or fuel gauge.

The PMIC may be mounted, for example, in an integrated circuit or a SoC semiconductor. The charging method can be classified into wired and wireless. The charging IC can charge the battery, and can prevent an overvoltage or an overcurrent from the charger. According to one embodiment, the charging IC may comprise a charging IC for at least one of a wired charging scheme or a wireless charging scheme. The wireless charging system may be, for example, a magnetic resonance system, a magnetic induction system or an electromagnetic wave system, and additional circuits for wireless charging, for example, a coil loop, a resonant circuit, have.

The battery gauge can measure, for example, the remaining amount of the battery 296, the voltage during charging, the current or the temperature. The battery 296 may store or generate electricity and supply power to the electronic device 201 using the stored or generated electricity. The battery 296 may include, for example, a rechargeable battery or a solar battery.

The indicator 297 may indicate a specific state of the electronic device 201 or a part thereof (e.g., the AP 210), for example, a boot state, a message state, or a charged state. The motor 298 can convert an electrical signal to mechanical vibration. Although not shown, the electronic device 201 may include a processing unit (e.g., GPU) for mobile TV support. The processing device for supporting the mobile TV can process media data according to standards such as digital multimedia broadcasting (DMB), digital video broadcasting (DVB), or media flow.

Each of the above-described components of the electronic device according to various embodiments of the present invention may be composed of one or more components, and the name of the component may be changed according to the type of the electronic device. The electronic device according to various embodiments of the present invention may be configured to include at least one of the above-described components, and some components may be omitted or further include other additional components. In addition, some of the components of the electronic device according to various embodiments of the present invention may be combined into one entity, so that the functions of the components before being combined can be performed in the same manner.

Hereinafter, a method of authenticating a user of an electronic device and its electronic device according to various embodiments of the present invention will be described in detail. The electronic device according to various embodiments of the present invention may be various types of electronic devices such as a smart phone or a tablet PC, and may be configured to include all or some of the components shown in Figs. 1 and 2 .

3 is an exemplary diagram for detecting user fingerprint information in an electronic device according to various embodiments of the present invention. The electronic device such as a smart phone may include a fingerprint detection module capable of variously detecting fingerprint information of a user in a contact mode or a non-contact mode.

For example, as shown in FIG. 3, a fingerprint detection module 300 capable of detecting fingerprint information of a user in a contact manner may be installed at a site where a home button of the electronic device is installed. The fingerprint detection module 300 may be installed at the lower end of the touch panel. In this case, the fingerprint detection module 300 can simultaneously perform touch detection and fingerprint detection by a user.

The fingerprint detection module 300 detects the fingerprint information of the user when the user's finger 301 is touched, and a message 302 indicating the fingerprint detection status can be displayed on the display screen of the electronic device. The fingerprint detection module 300 may be installed in an external device (e.g., a wearable device) capable of communicating with the electronic device.

4 is an exemplary diagram for detecting user iris information in an electronic device according to various embodiments of the present invention. An electronic device such as a smart phone may include an iris detection module that can detect iris information of a user in various ways by an infrared ray photographing method or a camera photographing method.

For example, as shown in FIG. 4, a proximity sensor 400, a camera 401, and the like may be installed on a front surface of the electronic device. When the user 402 is within a predetermined distance The camera 401 performs a camera photographing operation to detect the iris information of the user and a message 403 indicating that the iris detection situation is displayed on the display screen of the electronic device.

5 is an operational flow diagram for storing and managing a user authentication database in an electronic device according to various embodiments of the present invention. As described above with reference to Fig. 1, all or a part of the user authentication interface 170 constituting the electronic device 100 may be included in the processor 120, or may be interlocked with the processor 120 as a separate configuration. Hereinafter, the case where the user authentication interface 170 is included in the processor 120 will be described as an embodiment.

The processor 120, for example, when generating a user authentication database, detects biometric information of the user in operation 500. 3, fingerprint information of the user detected by the fingerprint detection module 300, or the fingerprint information of the user of the camera 401, as described above with reference to FIG. 4, Iris information of the user detected by the user.

In operation 501, the processor 120 may generate a unique code or unique value to be stored in association with the biometric information of the user. In one embodiment, the unique code value may be a hash code . The hash code may be a random or serial number generated by a predetermined algorithm. Where the algorithm may be a dissolution code generation algorithm that generates a unique hash code based on the current date or time.

In operation 502, the processor 120 determines the biometric information of the detected user as authentication information for user authentication, and transmits the generated hash code to an identification (ID) And stores the authentication information in association with the identification information in a user authentication database.

Here, the user authentication database may be stored in the memory 130 of the electronic device, or may be stored in various types of removable memory (e.g., USB memory), and further, May be stored in an external device or the like.

In operation 503, the processor 120 may generate a unique code or unique value stored as identification information in the user authentication database, for example, the unique code value, as a hash code, May be stored in the internal or external device of the electronic device or may be uploaded to a server 106 connected via a network and stored.

For example, the user authentication database may be stored in a data area and / or a secure area in the memory 130, and a hash code stored in or separately from the user authentication database may be stored in the memory 130 May be stored in any one of the data area and / or the security area, for example, a private area, or may be stored in another area.

6A-6C are exemplary views in which fingerprint information is stored and managed in a user authentication database in accordance with various embodiments of the present invention. Referring to FIG. 6A, the user authentication database 600 stores user fingerprint information as user authentication information 600, and the user fingerprint information includes identification information 601 A unique code or a unique value, for example, a hash code may be stored in association with the unique code.

For example, as the user authentication information, first fingerprint information (fingerprint_info_A) corresponding to a thumbprint of a user, second fingerprint information (fingerprint_info_B) corresponding to a user's fingerprint fingerprint, 3 fingerprint information (fingerprint_info_C) can be stored. Also, various pieces of information about one finger can be stored in each fingerprint information (fingerprint_info_A, fingerprint_info_B), and various pieces of information about one finger and various pieces of information at one finger.

Furthermore, the fingerprint information for one finger may be stored in various values. For example, the center portion, the left portion, and the right portion of the fingerprint of the user may be separately stored.

As the identification information, first to third hash codes (hash code_A, hash code_B, and hash code_C) may be stored in association with the first to third fingerprint information, respectively, and the first to third hash codes Is a unique hash code for identifying whether the first to third fingerprint information is valid or not, and may be a random or serial number generated by a predetermined algorithm. Here, the hash code is a unique code or a unique value, which is used as an embodiment of the present invention, and can be replaced with another code.

As another example, referring to FIG. 6B, the user authentication database may store user fingerprint information as user authentication information 600, and may include database identification information (db_identification info.) 602 , And a hash code may be stored in association with each other. Here, the hash code may be a unique hash code for identifying whether the user authentication database is valid or not, and may be a random or a serial number.

As another example, referring to FIG. 6C, in the user authentication database 600, user fingerprint information may be stored as user authentication information 600, and the user fingerprint information may include identification information information 601, a hash code can be stored in association with each other, and further, as database identification information (db_identification info.) 602, another hash code can be stored in association with each other.

The hash codes (hash code_A, hash code_B, and hash code_C) stored in association with the identification information (identification info) 601 in the user fingerprint information are inherent hash codes for identifying validity of the user fingerprint information , The hash code stored as the database identification information (db_identification info.) 602 is a unique hash code for identifying validity of the entire user authentication database.

7A-7C are exemplary diagrams illustrating how iris information is stored and managed in a user authentication database in accordance with various embodiments of the present invention. Referring to FIG. 7A, the user authentication database 700 may store user iris information as user authentication information 700, and the user iris information may include identification information 701 , A hash code can be stored in association with each other.

For example, as the user authentication information, first iris information (iris_info_A) corresponding to the iris of the left eye of the user and second iris information (iris_info_B) corresponding to the iris of the right eye of the user may be stored .

As the identification information, first and second hash codes (hash code_A, hash code_B) may be stored in association with the first and second iris information, respectively, and the first and second hash codes Each unique hash code for identifying validity of the first and second iris information, may be a random or serial number generated by a predetermined algorithm, and the like.

As another example, referring to FIG. 7B, in the user authentication database 700, user iris information can be stored as user authentication information 700, and as database identification information db_identification info 702 , And a hash code may be stored in association with each other. Here, the hash code may be a unique hash code for identifying whether the user authentication database is valid or not, and may be a random or a serial number.

As another example, referring to FIG. 7C, in the user authentication database 700, user iris information may be stored as user authentication information 700, and the user iris information may include identification information a hash code may be stored in association with the hash code 701, and a hash code may be stored in association with the database identification information (db_identification info.) 702.

Here, the hash code stored in association with the user iris information 701 as identification information (identification info) 701 is a unique hash code for identifying whether the user iris information is valid or not, and the database identification information The hash code stored as db_identification info.) 702 is a unique hash code for identifying the validity of the entire user authentication database.

For reference, the user authentication information according to the embodiment of the present invention is not limited to the fingerprint information and the iris information. For example, various types of biometric information such as a user's hand blood vessel pattern, a user's heart rate pattern, voice information, face information, and the like can be alternatively or additionally used.

8 is an operational flow diagram for updating a user authentication database in an electronic device according to various embodiments of the present invention. The processor 120 may update the user authentication database, which is stored and managed as described above, occasionally or intermittently.

Referring to FIG. 8, in operation 800, the processor 120 may update the user authentication database when changing the authentication information stored in the user authentication database or adding new authentication information according to a user's request .

The processor 120 may update the user authentication database if the authentication information stored in the user authentication database is used more than N times (e.g., N = 1) in operation 801. [

The processor 120 may update the user authentication database at a predefined period of time (e.g., 24 hours) at operation 802. For example, at step 803, the processor 120 generates a new hash code to update the user authentication database, and at step 804, the processor 120 compares the generated new hash code with a hash code previously stored in the user authentication database And performs an update operation to replace it.

The processor 120 stores the new hash code used for updating the user authentication database in the electronic device separately from the user authentication database or uploads it to the server 106 connected via the network and stores it.

5, a hash code stored in a data area in the memory 130 and stored separately from the user authentication database is stored in a private area of the memory 130 May be stored in a private area, and the private area may be one of secure areas in a memory where access to the external device is restricted.

9 is an operational flow diagram for performing user authentication processing in an electronic device according to various embodiments of the present invention. The processor 120 may perform the user authentication process normally or fail based on the user authentication database and the hash code stored separately from the user authentication database.

Referring to FIG. 9, the processor 120 may enter a user authentication processing mode at operation 900, at a user's request, or upon execution of a particular application. 3 and 4, the processor 120 confirms whether biometric information such as a fingerprint or iris of the user is detected by the fingerprint detection module 300 or the camera 401 or the like.

If the biometric information of the user is detected in operation 901, the processor 120 searches the user authentication database stored in the memory 130 in operation 902, and in operation 903, the hash code stored in the user authentication database as identification information , Compares the hash codes stored separately from the user authentication database, and analyzes the match.

For example, the processor 120 may compare a hash code stored as identification information in the user authentication database with a hash code separately stored in the private area of the memory 130 in the data area of the memory 130, and analyze the match.

Also, the processor 120 may download a hash code stored as identification information in the user authentication database and a hash code uploaded to the server 106 connected to the network in the data area of the memory 130, and analyze the match.

If the hash codes match with each other at operation 904, the processor 120 determines that the authentication information in the user authentication database is valid. At operation 905, the processor 120 compares the authentication information and the detected biometric information Process user authentication normally.

On the other hand, if it is determined that the hash codes do not coincide with each other, the processor 120 determines that the authentication information in the user authentication database is invalid, and then in step 906, the processor 120 compares the authentication information with the detected biometric information , And treats the user authentication as failure.

Here, when the user authentication process is failed, the processor 120 displays a warning message or a password input window, forcibly stops the execution of an application requiring authentication information, or transmits a lost report message of the electronic device It can be automatically transmitted to a specific party.

10 is an exemplary diagram in which a user authentication failure and password input window is displayed according to various embodiments of the present invention. For example, the processor 120 may store the hash code stored as the database identification information (db_identification info.) In the user authentication database separately from the user authentication database, or match the hash code downloaded from the server connected through the network If not, it treats user authentication as failure.

Alternatively, the hash code of the identification information stored in association with the authentication information in the user authentication database may be stored separately from the user authentication database, or may be stored in the hash code downloaded from the server connected through the network If they do not match, the user authentication processing is regarded as a failure.

That is, the processor 120 determines whether the user authentication database has been tampered with or falsified by, for example, a third party, or if the authentication information included in the user authentication database has been tampered or falsified, Can be processed.

10, the processor 120 displays a warning message 1000 notifying the user authentication failure, further displays a password input window 1001, switches the user authentication processing to a user password instead of the biometric information .

11 is an exemplary diagram in which a user authentication failure and an application suspension status are displayed according to various embodiments of the present invention. 11, the processor 120 displays an alert message 1100 informing of the user authentication failure, and further displays a specific application that requires user authentication, as shown in Fig. And then displays the corresponding guidance message 1101. [

For example, when user authentication is normally processed using user biometric information such as fingerprint information or iris information, forcibly stopping execution of a specific application (e.g., a shopping application) capable of purchasing and payment of an article on-line And can display a guidance message 1101 informing that the specific application is suspended.

12 is an exemplary diagram in which a user authentication failure and loss report message is displayed according to various embodiments of the present invention. 12, when the user authentication process is failed, the processor 120 displays a warning message 1100 informing of the user authentication failure, and further, when the electronic device is lost or stolen , And can automatically transmit the lost report message to a specific party.

For example, if the user authentication failure is repeated N times (for example, N = 1), the processor 120 generates a lost report message for the electronic device, E.g., a telephone number of a police station).

Furthermore, the processor 120 may search for contact information stored and managed in the electronic device, and may transmit the lost report message to the telephone number of a specific contact most recently contacted most recently, It is possible to display a guidance message 1201 indicating that the message has been transmitted.

Here, the lost report message may include a telephone number of the electronic device, user information, current location information, and the like.

Furthermore, as another embodiment of the present invention, as another method for authenticating the integrity of the database, a separate flag may be used. For example, when the database is hacked as an abnormal route by a third party, a flag in which a previously set unique value is changed is stored in association with the database, and each time the database is used, the flag is checked first May be used.

The claims of various embodiments of the present invention or the methods according to the embodiments described in the specification may be implemented in hardware, software, or a combination of hardware and software. When implemented in software, a computer-readable storage medium storing one or more programs (software modules) may be provided. One or more programs stored on a computer-readable storage medium are configured for execution by one or more processors 120 in an electronic device. The one or more programs include instructions that cause the electronic device to perform the methods according to the embodiments of the various embodiments of the invention or the claims of the present invention.

Such a program (software module, software) may be a non-volatile memory including a random access memory, a flash memory, a ROM (Read Only Memory), an electrically erasable programmable ROM (EEPROM), a magnetic disc storage device, a compact disc-ROM (CD-ROM), a digital video disc (DVD) And can be stored in a magnetic cassette. Or a combination of some or all of these. In addition, a plurality of constituent memories may be included.

In addition, the program may be transmitted through a communication network composed of a communication network such as the Internet, an Intranet, a LAN (Local Area Network), a WLAN (Wide LAN), or a SAN (Storage Area Network) And can be stored in an Attachable Storage Device that can access the storage device. Such a storage device may be connected to an apparatus performing an embodiment of the present invention via an external port. In addition, a separate storage device on the communication network may be connected to an apparatus that performs an embodiment of the present invention.

In the specific embodiments of the various embodiments of the invention described above, the elements included in the invention have been represented singular or plural, in accordance with the specific embodiments shown. It should be understood, however, that the singular or plural representations are selected appropriately according to the circumstances presented for the convenience of description, and that the various embodiments of the present invention are not limited to the singular or plural constituent elements, Or may be composed of a plurality of elements even if they are represented by a single number.

While the present invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and similarities. Therefore, the scope of the various embodiments of the present invention should not be limited by the illustrated embodiments, but should be determined by the scope of the appended claims and equivalents thereof.

100: Network environment 101: Electronic device
104: Electronic device 106: Server
110: bus 120: processor
130: memory 140: input / output interface
150: Display 160: Communication interface
162: network 170: user authentication interface

Claims (20)

A method of operating an electronic device,
Associating authentication information for user authentication with identification information for identifying the validity of the authentication information and storing the authentication information in the electronic device;
Determining, in the electronic device, whether the authentication information is valid based on the identification information when the user authentication process is performed; And
And determining whether to perform a user authentication process using the authentication information according to the determination result.
The method according to claim 1,
Wherein the authentication information is biometric information including at least one of fingerprint information, iris information, voice information, and face information.
The method according to claim 1,
Wherein the identification information is a unique code comprising at least one of a random or a serial number.
The method according to claim 1,
Wherein the authentication information and the identification information are stored in a database in the electronic device, and identification information for identifying the validity of the database is stored in association with the database.
The method according to claim 1,
Wherein the identification information is stored separately in the electronic device or stored separately in a server connected to the electronic device via a network.
6. The method of claim 5,
Wherein the discriminating operation is performed by obtaining identification information separately stored in the electronic device or stored separately in a server connected to the electronic device via a network,
Comparing the obtained identification information with the identification information stored in association with the authentication information, and if the identification information matches the identification information, determining that the authentication information is valid.
The method according to claim 1,
Further comprising the step of displaying a warning message or displaying a password input window when the user authentication process is not performed according to the determination result.
The method according to claim 1,
And forcibly stopping the execution of the application requiring the authentication information when the user authentication processing is not performed according to the determination result.
The method according to claim 1,
And generating a message informing at least one of the loss or theft of the electronic device when the user authentication process is not performed according to the determination result, and transmitting the message to a specific counterpart.
The method according to claim 1,
Wherein the identification information is updated at least at any one of a time when the authentication information is stored first, a case where the authentication information is changed or added, a case where the authentication information is used, or a predetermined time period set in advance.
In an electronic device,
A memory for associating authentication information for user authentication with identification information for identifying the validity of the authentication information; And
Based on the identification information, determining whether the authentication information is valid, and determining whether to perform a user authentication process using the authentication information according to the determination result.
12. The method of claim 11,
Wherein the authentication information is biometric information including at least one of fingerprint information, iris information, audio information, and face information,
Wherein the identification information is a unique code comprising at least one of a random or a serial number.
12. The method of claim 11,
Wherein the authentication information and the identification information are stored in a database in the memory, and identification information for identifying the validity of the database is stored in association with the database.
12. The method of claim 11,
Wherein the identification information is stored separately in the electronic device, or separately stored in a server connected to the electronic device via a network.
15. The method of claim 14,
Wherein the processor obtains identification information separately stored in the electronic device or stored separately in a server connected to the electronic device via a network,
And compares the obtained identification information with the identification information stored in association with the authentication information, and determines that the authentication information is valid if they match each other.
12. The method of claim 11,
Wherein the processor displays a warning message or displays a password input window when the user authentication processing is not performed according to the determination result.
12. The method of claim 11,
Wherein the processor forcibly stops the execution of the application requiring the authentication information when the user authentication processing is not performed according to the determination result.
12. The method of claim 11,
Wherein the processor generates a message informing at least one of loss or theft of the electronic device when the user authentication processing is not performed according to the determination result and transmits the message to a specific counterpart.
12. The method of claim 11,
Wherein the identification information is updated at least at any one of a time point at which the authentication information is initially stored, a change or addition of the authentication information, a use of the authentication information, or a preset time period.
Associating authentication information for user authentication with identification information for identifying the validity of the authentication information and storing the authentication information in the electronic device; Determining, in the electronic device, whether the authentication information is valid based on the identification information when the user authentication process is performed; And determining, based on the determination result, whether to perform a user authentication process using the authentication information. ?

Images