CN115829577A - Authentication method, apparatus, system, medium, and program product - Google Patents

Abstract

The application discloses an authentication method, device, system, medium and program product. The method is applied to a security element, and the security element includes at least one reference voiceprint information, and the method includes: acquiring first voiceprint information; wherein, the first voiceprint information is the first voiceprint information received by the electronic device based on the user's The voice information is analyzed; if the first voiceprint information matches the target reference voiceprint information, it is determined that the user has passed the authentication; wherein the target reference voiceprint information is the at least one reference voiceprint information Among them, the reference voiceprint information matched with the first voiceprint information; for each reference voiceprint information, the reference voiceprint information is obtained by the electronic device based on the analysis of the received second voice information of the user; The confirmation information of passing the authentication is sent to the electronic device, so that the electronic device performs a payment operation based on the confirmation information. It can improve the security of voiceprint authentication.

Description

Authentication method, apparatus, system, medium and program product

technical field

This application relates to the technical field of information authentication, in particular to an authentication method, device, system, medium and program product.

Background technique

Electronic payment refers to the use of secure electronic means between consumers, merchants and financial institutions to securely transmit payment information to banks or corresponding processing institutions through information networks for currency payment or capital transfer.

At present, when electronic devices are used for payment operations, the user's identity information needs to be authenticated. At present, voiceprint information can be used for verification, but the storage or transmission security of the current voiceprint information cannot be guaranteed, and it is easy to be stolen, resulting in User property damage.

Contents of the invention

The purpose of the embodiments of the present application is to provide an authentication method, device, electronic equipment, medium, and program product, so as to improve the security of voiceprint authentication.

The technical scheme of the application is as follows:

In a first aspect, an authentication method is provided, the method is applied to a security element, and the security element includes at least one reference voiceprint information, the method includes:

Acquiring first voiceprint information; wherein, the first voiceprint information is obtained by the electronic device based on the received first voice information of the user;

If the first voiceprint information matches the target reference voiceprint information, it is determined that the user has passed the authentication; wherein, the target reference voiceprint information is the at least one reference voiceprint information, and the The reference voiceprint information matched with the first voiceprint information; for each reference voiceprint information, the reference voiceprint information is obtained by the electronic device based on the received second voice information of the user;

Sending the confirmation information of passing the authentication to the electronic device, so that the electronic device performs a payment operation based on the confirmation information.

In the second aspect, an authentication method is provided, the method is applied to electronic equipment, and the method includes:

Obtain the user's first voice information;

Analyzing the first voice information to obtain first voiceprint information;

sending the first voiceprint information to a security element, so that the security element matches the first voiceprint information with at least one reference voiceprint information; and when the first voiceprint information and the If the target reference voiceprint information matches, determine that the user's authentication has passed, and send the confirmation information of the authentication pass to the electronic device, so that the electronic device performs a payment operation based on the confirmation information; wherein , the security element includes at least one reference voiceprint information, and the target reference voiceprint information is the reference voiceprint information matching the first voiceprint information among the at least one reference voiceprint information; for each Referring to voiceprint information, the reference voiceprint information is obtained by the electronic device through analysis based on the received second voice information of the user.

In a third aspect, an authentication device is provided, the device is applied to a security element, the security element includes at least one reference voiceprint information, and the device includes:

The first acquisition module is configured to acquire the first voiceprint information; wherein, the first voiceprint information is obtained by the electronic device based on the received first voice information of the user,

A first determining module, configured to determine that the user has passed the authentication when the first voiceprint information matches target reference voiceprint information; wherein the target reference voiceprint information is at least one piece of reference voiceprint information wherein, the reference voiceprint information matched with the first voiceprint information; for each reference voiceprint information, the reference voiceprint information is obtained by the electronic device based on the received second voice information of the user;

The first sending module is configured to send the confirmation information of passing the authentication to the electronic device, so that the electronic device performs a payment operation based on the confirmation information.

In a fourth aspect, an authentication device is provided, the device is applied to electronic equipment, and the device includes:

The first obtaining module is used to obtain the first voice information of the user;

The first determination module is configured to analyze the first voice information to obtain the first voiceprint information;

A first sending module, configured to send the first voiceprint information to a security element, so that the security element matches the first voiceprint information with at least one reference voiceprint information; When the voiceprint information matches the target reference voiceprint information, determine that the user's authentication has passed, and send the confirmation information of the authentication pass to the electronic device, so that the electronic device Perform payment operations; wherein, the security element includes at least one reference voiceprint information, and the target reference voiceprint information is the reference voiceprint that matches the first voiceprint information among the at least one reference voiceprint information information; for each piece of reference voiceprint information, the reference voiceprint information is obtained by the electronic device based on the received second voice information of the user.

In the fifth aspect, the embodiment of the present application provides an authentication system, the system includes:

An electronic device, configured to acquire first voice information of the user, analyze the first voice information to obtain first voiceprint information; and send the first voiceprint information to the security element;

The security element is configured to match the first voiceprint information with at least one reference voiceprint information; and determine the user's identity when the first voiceprint information matches the target reference voiceprint information. Passing the authentication; and sending confirmation information of passing the authentication to the electronic device, so that the electronic device performs a payment operation based on the confirmation information;

Wherein, the security element includes at least one reference voiceprint information, and the target reference voiceprint information is the reference voiceprint information matching the first voiceprint information among the at least one reference voiceprint information; A piece of reference voiceprint information, the reference voiceprint information is obtained by the electronic device based on the analysis of the received second voice information of the user.

In the sixth aspect, the embodiments of the present application provide a readable storage medium, on which programs or instructions are stored, and when the programs or instructions are executed by a processor, the authentication described in any one of the embodiments of the present application is realized. method steps.

In the seventh aspect, the embodiment of the present application provides a computer program product, when the instructions in the computer program product are executed by the processor of the electronic device, the electronic device can perform the authentication described in any one of the embodiments of the present application. method steps.

The technical solutions provided by the embodiments of the present application bring at least the following beneficial effects:

In the embodiment of the present application, by acquiring the first voiceprint information transmitted by the electronic device, if the first voiceprint information matches the target reference voiceprint information in at least one reference voiceprint information in the security element, it is determined that the user After passing the authentication, the reference voiceprint information is stored in the secure element in this application. Since the environment of the secure element is safe, the voiceprint information cannot be modified or stolen. This prevents the voiceprint information from being replaced and ensures that the voiceprint security of fingerprint information.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.

Description of drawings

The accompanying drawings here are incorporated into the specification and constitute a part of the specification, show the embodiment consistent with the application, and are used together with the specification to explain the principle of the application, and do not constitute an improper limitation of the application.

Fig. 1 is a schematic structural diagram of an authentication system provided by an embodiment of the third aspect of the present application;

Fig. 2 is one of the schematic flow charts of an authentication method provided in the embodiment of the first aspect of the present application;

Fig. 3 is the second schematic flow diagram of an authentication method provided by the embodiment of the first aspect of the present application;

Fig. 4 is one of the structural schematic diagrams of an authentication device provided in the embodiment of the second aspect of the present application;

Fig. 5 is the second structural schematic diagram of an authentication device provided in the embodiment of the second aspect of the present application;

Fig. 6 is a schematic structural diagram of an electronic device provided by an embodiment of the third aspect of the present application.

Detailed ways

In order to enable ordinary persons in the art to better understand the technical solutions of the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the accompanying drawings. It should be understood that the specific embodiments described here are only intended to explain the present application rather than limit the present application. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is only to provide a better understanding of the present application by showing examples of the present application.

It should be noted that the terms "first" and "second" in the description and claims of the present application and the above drawings are used to distinguish similar objects, but not necessarily used to describe a specific sequence or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances such that the embodiments of the application described herein can be practiced in sequences other than those illustrated or described herein. The implementations described in the following exemplary embodiments do not represent all implementations consistent with this application. Rather, they are merely examples consistent with aspects of the application as recited in the appended claims.

As mentioned in the background technology section, there is a problem of low security of voiceprint information in the prior art. In order to solve the above problem, the embodiment of this application provides an authentication method, device, system, medium and program product. The first voiceprint information transmitted by the device, if the first voiceprint information matches the target reference voiceprint information in at least one reference voiceprint information in the security element, it is determined that the user’s authentication has passed, and the reference voiceprint information will be used in this application The fingerprint information is stored in the secure element. Since the environment of the secure element is safe, the voiceprint information cannot be modified or stolen. This prevents the voiceprint information from being replaced and ensures the security of the voiceprint information. .

The authentication method provided by the embodiment of the present application will be described in detail below through specific embodiments and application scenarios with reference to the accompanying drawings.

Before introducing the authentication method of this application, first introduce the authentication system that implements the authentication method of this application. Figure 1 is a schematic structural diagram of an authentication system provided by the embodiment of this application. As shown in Figure 1, the embodiment of this application The provided authentication system may include: an electronic device 110 and a secure element 120 .

Wherein, the electronic device 110 is configured to acquire the first voice information of the user, analyze the first voice information to obtain the first voiceprint information, and send the first voiceprint information to the security element.

The security element 120 is configured to match the first voiceprint information with at least one reference voiceprint information; and when the first voiceprint information matches the target reference voiceprint information, determine that the user's authentication has passed; and pass the authentication The confirmation information is sent to the electronic device, so that the electronic device performs the payment operation based on the confirmation information.

In some embodiments of the present application, the electronic device may be, but not limited to, a smart speaker, a smart TV, a vehicle-mounted smart unit, a personal computer (Personal Computer, PC), a smart phone, a tablet computer, or a personal digital assistant (Personal Digital Assistant, PDA). )wait.

An electronic device at least has an input device (microphone or keyboard), an output device (display screen or speaker), a control device (such as a Micro Control Unit (MCU)), a storage unit, a communication unit, and the like.

In some embodiments of the present application, the security element may be an element with security authentication (Security Element, SE). The environment of the secure element is safe, and the voiceprint information cannot be modified or stolen, which prevents the voiceprint information from being replaced and ensures the security of the voiceprint information in the secure element.

In some embodiments of the present application, the security element may include at least one reference voiceprint information.

In some embodiments of the present application, for each piece of reference voiceprint information, the reference voiceprint information may be obtained by the electronic device based on the received second voice information of the user.

The second voice information may be voice information input by the user using a microphone of the electronic device.

The first voice information may be voice information input by a user using a microphone of the electronic device.

The first voiceprint information may be voiceprint feature data of the first voice information obtained after analyzing the first voice information.

The target reference voiceprint information may be reference voiceprint information that matches the first voiceprint information in at least one reference voiceprint information.

In an embodiment of the present application, by acquiring the first voiceprint information transmitted by the electronic device, if the first voiceprint information matches the target reference voiceprint information in at least one reference voiceprint information in the security element, it is determined that After the user's authentication is passed, the reference voiceprint information is stored in the security element in this application. Since the environment of the security element is safe, the voiceprint information cannot be modified or stolen. This prevents the voiceprint information from being replaced, ensuring Security of voiceprint information.

In some embodiments of the present application, the electronic device is also used to: perform information authentication on the user based on the first voice information; and send the first voiceprint information to the security element when it is determined that the user's information authentication is passed;

The security element is specifically configured to: match the first voiceprint information with at least one reference voiceprint information; and determine that the user's identity authentication has passed if the first voiceprint information matches the target reference voiceprint information.

Wherein, the information authentication may be to verify whether the data content extracted based on the first voice information input by the user is consistent with the random verification code received by the electronic device.

The authentication method provided by the embodiment of the present application will be described in detail below. FIG. 2 is a schematic flowchart of an authentication method provided by an embodiment of the present application. The execution body of the authentication method may be the secure element 120 in FIG. 1 above.

It should be noted that the same nouns in the embodiments of the present application and the above-mentioned embodiments, and the explanations of nouns will not be repeated here.

As shown in FIG. 2 , the authentication method provided by the embodiment of the present application may include steps 210 to 230 .

Step 210, acquiring first voiceprint information.

Wherein, the first voiceprint information may be obtained by analyzing the received first voice information of the user by the electronic device.

Step 220, if the first voiceprint information matches the target reference voiceprint information, determine that the user's authentication is passed.

Wherein, the target reference voiceprint information may be the reference voiceprint information matching the first voiceprint information in at least one reference voiceprint information.

For each piece of reference voiceprint information, the reference voiceprint information may be obtained by the electronic device based on the received second voice information of the user.

In some embodiments of the present application, in order to improve user experience, step 210 may specifically include:

Obtaining the first voiceprint information when it is determined that the electronic device passes the information authentication of the user;

Step 220 may specifically include:

If the first voiceprint information matches the target reference voiceprint information, it is determined that the user's identity authentication has passed.

Wherein, the information authentication may be to verify whether the data content extracted based on the first voice information input by the user is consistent with the random verification code received by the electronic device.

In some embodiments of the present application, authenticating the information of the user means authenticating that the user is a real person, not a machine.

In some embodiments of the present application, it may be that a random verification code is displayed in the electronic device, and the user reads the random verification code (that is, obtains the first voice information), and the user reads the verification code at any time obtained by extracting the first voice information. code, if the extracted random verification code read by the user is consistent with the random verification code displayed on the electronic device, it can be determined that the user's information has been authenticated.

In the embodiment of the present application, when it is determined that the user's information authentication is passed, the first voiceprint information corresponding to the first voice information is obtained again, and in the case where the first voiceprint information matches the target reference voiceprint information Next, confirm that the user's identity authentication is passed.

That is, in some embodiments of the present application, the voice information used for the information authentication of the user by the electronic device and the identity authentication of the user by the security element is the same voice information.

In some embodiments of the present application, the identity authentication of the user is for the user to be an authorized user of the electronic device, that is, to authenticate that the user A is the authorized user A and not the unauthorized user B.

In the embodiment of the present application, by using the same voice information for information authentication and identity authentication, the user does not need to input voice information multiple times, which saves user operations and improves user experience.

Step 230, sending the confirmation information of passing the authentication to the electronic device, so that the electronic device performs a payment operation based on the confirmation information.

In some embodiments of the present application, the above-mentioned authentication system can be applied in a payment scenario. Specifically, it can be applied to the payment scenario of gas stations.

In some embodiments of the present application, in order to ensure the security of payment, after step 240, the above-mentioned authentication method may further include:

Generate data to be paid for payment order information;

The data to be paid is sent to the electronic device to make payment based on the data to be paid.

Wherein, the order information may be generated by the electronic device in response to a user's purchase instruction.

In some embodiments of the present application, the purchase instruction may be a voice purchase instruction input by the user on the electronic device, and may also be an instruction generated in response to the user's operation of purchasing commodities on the electronic device.

The data to be paid may include, but is not limited to: bank card number, payment validity period, card owner's name, payment amount, and user's voiceprint information.

The data to be paid can also include a secure payment address provided by the merchant, and the electronic device can access the address based on the secure payment address to complete the payment.

In the embodiment of the present application, by generating the data to be paid for the payment order information, the data to be paid is sent to the electronic device, so as to make payment based on the data to be paid, so that the payment can only be made after the identity authentication of the user is confirmed to be passed. Payment is made, which ensures the security of payment.

In some embodiments of the present application, when payment is made based on the data to be paid, at least one of the electronic device and the payment collection device may be in an offline state. The electronic device and the payment collection device may be connected by communication, specifically through Near Field Communication (Near Field Communication, NFC) or Bluetooth Low Energy (Bluetooth Low Energy, BLE).

The following two situations are introduced respectively:

(1) One of the electronic equipment and payment collection equipment is offline

The authentication method in the embodiment of the present application supports a single-online payment scenario, that is, only one of the payment device (that is, the electronic device) or the payment collection device is in a networked state.

For example, to pay the gas fee at the gas station, the on-board smart device (that is, the electronic device) pays to the oil gun or the point of sales information management system (point of sales terminal, POS) machine at the gas station. Each on-board electronic device can be offline, through NFC Or BLE, etc. communicate with the POS machine or oil gun equipment of the gas station and complete the payment transaction. The gas station has a unified device that can be connected to the Internet to broadcast payment information through a large screen or voice terminal.

The following is a separate introduction to one of the electronic equipment and the payment collection equipment being offline:

(a) Only the electronic device is connected to the Internet, that is, the payment collection device is offline:

The sending the data to be paid to the electronic device to pay based on the data to be paid may specifically include:

When the payment collection device is offline, the secure element sends the data to be paid to the electronic device, so that the electronic device sends payment information corresponding to the data to be paid to the server.

Specifically, when the collection device is offline, the payment process can be as follows:

The electronic device communicates with the POS machine through short-range communication, such as Bluetooth. The electronic device and the POS machine authenticate each other, the electronic device interacts with the user to generate order information, and the SE of the electronic device authenticates the user's first voiceprint information. After the SE authentication is passed, the data to be paid is generated and returned to the electronic device. The device sends the payment information corresponding to the data to be paid to the bank server or the merchant server (the merchant server interacts with the bank server). After the deduction is successful, the payment success certificate is returned to the electronic device and/or the merchant's unified network-enabled device.

(b) Only the payment collection device is connected to the Internet, and the electronic device cannot be connected to the Internet temporarily or permanently:

The sending the data to be paid to the electronic device to pay based on the data to be paid may specifically include:

When the electronic device is offline, the secure element sends the data to be paid to the electronic device, so that the electronic device sends the payment information corresponding to the data to be paid to the payment collection device.

Specifically, when the electronic device is offline, the payment process can be as follows:

The electronic device communicates with the POS machine through short-range communication, such as Bluetooth. The electronic device and the POS machine authenticate each other. The electronic device interacts with the user to generate order information, and the SE of the electronic device authenticates the user's first voiceprint information. After the SE authentication is passed, the data to be paid is generated and returned to the electronic device. The electronic device stores the order information and the data to be paid. Send it to the POS machine through Bluetooth, and the POS machine communicates with the bank server or merchant server through the network (the merchant server interacts with the bank server). After the deduction is successful, the payment success certificate is returned to the POS machine.

(2) Both the electronic device and the payment collection device are offline

Specifically, when both the electronic device and the payment collection device are offline, the payment process can be as follows:

This situation is mainly applied to the scenario of using digital currency for transactions. When both the payee and the payer pass the authentication, and the SE voiceprint information of the payer passes the authentication, the SE generates the data to be paid according to the payment amount, account information, etc., and sends the payment information corresponding to the data to be paid to the payee through the transmission module. The two parties respectively record the information of this digital currency payment and complete the double offline payment.

The aforementioned data to be paid may be the digital currency string to be paid.

In the embodiment of this application, voiceprint information authentication is carried out in SE, which is more secure, and the process and results of voiceprint information comparison will not be notified to the outside world, but only whether to perform payment operations, which further ensures voiceprint information. Information Security.

In some embodiments of the present application, the secure element can be set in a gateway, and the gateway can be connected to at least one electronic device, and the secure element can include at least one storage area, each storage area corresponds to an electronic device, and is used to store the corresponding The user's voiceprint information obtained by the electronic device.

In some embodiments of the present application, in order to improve user experience, step 210 may specifically include:

Obtain the first voiceprint information transmitted by the target electronic device and the device information of the target electronic device;

Step 220 may specifically include:

Determine a target storage area corresponding to the target electronic device based on the device information;

If the first voiceprint information matches the target reference voiceprint information stored in the target storage area, it is determined that the user's authentication is passed.

Wherein, the target electronic device may be any one of at least one electronic device.

The target storage area may be a storage area corresponding to the target electronic device in the secure element.

In some embodiments of the present application, there may be multiple electronic devices, all of which are connected to the gateway and managed by the gateway in a unified manner. SE is set in the gateway for voiceprint authentication of each electronic device connected to it.

Different electronic devices may belong to different users, therefore, different electronic devices correspond to different voiceprint users. Each electronic device and SE can use different keys to communicate.

In this regard, the SE can divide the storage area to store the voiceprints of users of different electronic devices and the secret keys of the corresponding electronic devices.

In some embodiments of the present application, the first voiceprint information may be sent to the secure element after the gateway identifies the target electronic device corresponding to the first voice information.

The device information may be sent to the secure element after the gateway identifies the target electronic device corresponding to the first voice information.

In the embodiment of the present application, the secure element can be set in the gateway, and the gateway can be connected to at least one electronic device, and the secure element can include at least one storage area, each storage area corresponds to an electronic device, and is used to store the corresponding electronic device. The voiceprint information of the user obtained by the device, so that the first voiceprint information transmitted by the target electronic device and the device information of the target electronic device can be obtained, and then according to the device information, the target storage area corresponding to the target electronic device can be determined, so in When the first voiceprint information matches the target reference voiceprint information stored in the target storage area, it is determined that the user's authentication has passed, so that voiceprint authentication can be performed on each electronic device, and voiceprint payment can be made, which improves user experience .

In some embodiments of the present application, each electronic device and the secure element may communicate based on different keys.

In some embodiments of the present application, the first voiceprint information may be voiceprint information encrypted by the electronic device based on the first key.

In the case where the first voiceprint information matches the reference voiceprint information stored in the target storage area in the secure element, before it is determined that the user's authentication is passed, the above-mentioned authentication method may further include:

Decrypting the first voiceprint information based on the first secret key corresponding to the target electronic device;

Step 220 may specifically include:

When the decryption of the first voiceprint information is completed and the first voiceprint information matches the reference voiceprint information stored in the target storage area in the security element, it is determined that the user's authentication is passed.

Wherein, the first secret key may be a secret key for communication between the electronic device and the secure element.

In some embodiments of the present application, when the secure element is set in the gateway, the payment process can be as follows:

After the user interacts with the electronic device to generate order information and selects voiceprint payment, the electronic device sends the voiceprint feature data (that is, the first voiceprint information) to the gateway, and the gateway judges and identifies the electronic device that sent the voiceprint, and sends the first voiceprint The information and the storage area of the corresponding electronic device are sent to the SE, and the SE uses the corresponding secret key (ie, the first secret key) to decrypt the first voiceprint information, and compares it with the voiceprint information in the storage area (ie, the target reference voiceprint information) for comparison, if they are consistent, a successful authentication message will be returned to the gateway, and the gateway will communicate with the corresponding server to complete the payment operation.

In the embodiment of the present application, by decrypting the first voiceprint information based on the first secret key corresponding to the target electronic device, the decryption of the first voiceprint information is completed, and the first voiceprint information and the security element When the reference voiceprint information stored in the target storage area matches, it is determined that the user’s authentication has passed, so that the first voiceprint information is the encrypted voiceprint information, and the authentication is performed only after the decryption is successful, which further ensures The security of the voiceprint information is ensured.

In some embodiments of the present application, in order to further improve user experience, the security element can also be set in the integrated circuit card.

Step 210 may specifically include:

receiving the first voiceprint information sent by the control element of the integrated circuit card;

Step 220 may specifically include:

Using the second secret key to decrypt the first voiceprint information;

When the decryption of the first voiceprint information is completed and the first voiceprint information matches the target reference voiceprint information, it is determined that the authentication of the user passes.

Wherein, the control element of the integrated circuit card may be a controller of the integrated circuit card, for example, may be a micro control unit (Micro Control Unit, MCU) of the integrated circuit card.

The first voiceprint information may be voiceprint information encrypted based on the second key.

The first voiceprint information received by the control element of the integrated circuit card is sent by the electronic device.

The second secret key may be a secret key for communication between the integrated circuit card and the secure element.

In the embodiment of the present application, by receiving the first voiceprint information sent by the control element of the integrated circuit card, and then using the second secret key to decrypt the first voiceprint information, after the decryption of the first voiceprint information is completed, and at When the first voiceprint information matches the target reference voiceprint information, it is determined that the user’s authentication has passed. In this way, the first voiceprint information is the encrypted voiceprint information, and the authentication is performed only after the decryption is successful, which further ensures The security of the voiceprint information is ensured.

In some embodiments of the present application, the integrated circuit card and the electronic device can be bound, and the integrated circuit card and the electronic device can be communicatively connected. After step 220, the above-mentioned authentication method may also include:

Send the confirmation information of passing the authentication and the data to be paid for payment to the control element of the integrated circuit card, so that the control element of the integrated circuit card sends the data to be paid to the electronic device, so that the electronic device is based on the data to be paid The data completes the payment.

In some embodiments of the present application, before the data to be paid for payment is sent to the control element of the integrated circuit card, the above-mentioned authentication method may further include:

Encrypt the payment data based on the third secret key;

The sending the data to be paid for payment to the control element of the integrated circuit card includes:

The encrypted data to be paid for payment is sent to the control element of the integrated circuit card. Wherein, the third secret key is a secret key for direct communication between the secure element and the integrated circuit card.

In some embodiments of the present application, for existing electronic devices, if there is no SE, the electronic device can be configured with a separate integrated circuit card with SE to realize secure authentication payment.

During initialization, the voiceprint characteristic data (that is, the reference voiceprint information) can be placed in the SE of the integrated circuit card, the integrated circuit card and the electronic device are bound, and the two parties negotiate the secret key. Symmetrical key or asymmetrical key can be used Secret key.

The user interacts with the electronic device by voice to generate order information. After the user selects voiceprint verification, the electronic device and the integrated circuit card can communicate through the short-range communication module, such as NFC, BLE, etc.

The electronic device encrypts the obtained first voiceprint information with the negotiated second secret key, and transmits it to the MCU of the integrated circuit card through NFC or BLE, etc., and the MCU of the integrated circuit transmits the first voiceprint information to the MCU of the integrated circuit card. SE, SE uses the corresponding second secret key to decrypt and then compares the first voiceprint information. After passing the authentication, it sends the certified information to the MCU, and at the same time encrypts the data for payment with the third secret key and sends it to the MCU. Integrated circuit card MCU. The integrated circuit card MCU transmits the data used for payment to the electronic device through NFC or BLE, etc., and the electronic device transmits the encrypted payment data to the bank server or merchant server (the merchant server interacts with the bank server). The payment data encrypted by the second secret key can only be decrypted by the bank server, and the electronic device is only used as a data transmission intermediary, and the real payment data cannot be obtained to ensure the security of the payment data.

In the embodiment of the present application, the security element can be set in the integrated circuit card, and the integrated circuit card can be bound to the electronic device, so that the electronic device can be authenticated by voiceprint and paid by voiceprint, which improves the user experience.

In some embodiments of the present application, another implementable manner of the authentication method is also provided. FIG. 3 is a schematic flowchart of another authentication method provided by the embodiment of the present application. The execution body of the authentication method may be the electronic device 110 in FIG. 1 .

It should be noted that the same nouns in the embodiments of the present application and the above-mentioned embodiments, and the explanations of nouns will not be repeated here.

As shown in FIG. 3 , the authentication method provided by the embodiment of the present application may include steps 310 - 330 .

Step 310, acquiring first voice information of the user.

Step 320: Analyze the first voice information to obtain the first voiceprint information.

Step 330: Send the first voiceprint information to the security element, so that the security element matches the first voiceprint information with at least one reference voiceprint information; and when the first voiceprint information matches the target reference voiceprint information In this case, it is determined that the authentication of the user is passed, and the confirmation information of passing the authentication is sent to the electronic device, so that the electronic device performs a payment operation based on the confirmation information.

Wherein, the security element may include at least one reference voiceprint information.

The target reference voiceprint information may be reference voiceprint information that matches the first voiceprint information in at least one reference voiceprint information.

For each piece of reference voiceprint information, the reference voiceprint information may be obtained by the electronic device based on the received second voice information of the user.

In the embodiment of the present application, the first voiceprint information is obtained by analyzing the acquired first voice information of the user, and the first voiceprint information is sent to the security element, so that the security element will transmit the first voiceprint information Matching with at least one reference voiceprint information; and in the case that the first voiceprint information matches the target reference voiceprint information, it is determined that the user's information authentication is passed, so that the reference voiceprint information is stored in the security element, and the security element is In a safe environment, the voiceprint information will not be modified or stolen, which prevents the voiceprint information from being replaced, ensures the security of the voiceprint information, and performs voiceprint authentication in the security element, which has higher security performance.

In some embodiments of the present application, for further security of the voiceprint information, before step 330, the above-mentioned authentication method may also include:

Based on the first voiceprint information, information authentication is performed on the user;

Step 330 may specifically include:

When it is determined that the user's information authentication is passed, the first voiceprint information is sent to the security element, so that the security element matches the first voiceprint information with at least one reference voiceprint information; and in the first voiceprint information If it matches the target reference voiceprint information, it is determined that the user's identity authentication has passed.

Wherein, the information authentication may be a verification of whether the data content extracted based on the first voice information input by the user is consistent with the random verification code received by the electronic device.

In some embodiments of the present application, it may be that a random verification code is displayed in the electronic device, and the user reads the random verification code (that is, obtains the first voice information), and the user reads the verification code at any time obtained by extracting the first voice information. code, if the extracted random verification code read by the user is consistent with the random verification code displayed on the electronic device, it can be determined that the user's information has been authenticated.

In the embodiment of the present application, when it is determined that the user's information authentication is passed, the first voiceprint information corresponding to the first voice information is obtained again, and in the case where the first voiceprint information matches the target reference voiceprint information In this case, it is determined that the user's identity authentication is passed, so that the same voice information is used for information authentication and identity authentication, which does not require the user to input voice information multiple times, saves user operations, and improves user experience.

In some embodiments of the present application, in order to further improve user experience, before step 310, the above-mentioned authentication method may also include:

Obtain the user's purchase instruction;

Generate order information based on purchase instructions;

Obtain the random verification code corresponding to the order information;

Correspondingly, step 310 may specifically include:

Obtain the first voice information for the user to read the random verification code.

Wherein, the random verification code may be a verification code generated by the electronic device for verifying the user's information.

In some embodiments of the present application, the electronic device communicates with the merchant server, and after generating the order information, the electronic device obtains a random verification code (such as randomly displaying several numbers, requiring the user to read it according to the rules listed therein) and displays it to the user After obtaining the voice input by the user (that is, the first voice information), recognize it, extract the content spoken by the user, compare it with the dynamic random verification code provided by the merchant server, and verify whether the content spoken by the user is consistent with the displayed content . If so, the user's first voice information is acquired again, and the user's identity is authenticated based on the first voice information.

In some embodiments of the present application, when comparing the first voice information spoken by the user with the random verification code, it can be performed locally (the device stores and analyzes the dynamic verification information sent by the server), or it can be performed on the server side (After the device extracts the user content, it sends the content to the server for comparison), which is not limited here.

In the embodiment of this application, the order information is generated based on the acquired user's purchase instruction, and then the random verification code corresponding to the order information is obtained, and the first voice information for the user to read the random verification code is obtained. In this way, based on the first voice Information authentication and identity authentication are performed on users, so that information authentication is performed first, and then identity authentication is performed, which improves the security of authentication. Improved user experience.

In some embodiments of the present application, for further security of the voiceprint information, before step 310, the above-mentioned authentication method may also include:

Obtain the second voice information of the user;

Analyzing the second voice information to obtain reference voiceprint information;

Sending the reference voiceprint information to the secure element, so that the secure element stores the reference voiceprint information.

In some embodiments of the present application, the user's voice (ie, second voice information) can be collected in a safe environment, the voice can be converted into voiceprint feature data (ie, reference voiceprint information), and the voiceprint feature data It is initially stored in the SE of the electronic device, or is sent and stored in the SE of the electronic device by the server through a secure channel. In the embodiment of the present application, the security of the reference voiceprint information is improved by storing the acquired voiceprint information corresponding to the second voice information in the security element.

In the above authentication method, the electronic device can be used to purchase goods and services through voice interaction. During the transaction, the SE is used to authenticate the user's voiceprint information, and the payment operation can only be performed after the authentication is passed.

Possible usage scenarios include: using smart speakers to buy songs, using smart TVs to buy movies or other items sold online.

The whole process may include: the control device of the smart speaker receives voice commands (that is, the third voice information), generates transaction order information, requires the user to perform voiceprint authentication, sends the voiceprint features input by the user to SE, and waits for and receives SE's authentication message, after SE confirms that it can be traded, activate the trading operation.

This solution supports online payment, single online payment and dual offline payment. The following scenario takes online payment as an example to describe.

The conventional transaction process mainly includes: (1) generating orders according to instructions; (2) SE voice authentication; (3) activating orders.

(1) The input device of the electronic device receives the voice command and generates order information.

The electronic device here may specifically be a smart speaker.

The order information may at least include: type, quantity, total price and payee of purchased items.

The way of generating the order information may be: the user interacts with the electronic device through a voice man-machine interface. For example, the user sends a purchase instruction through voice, and the control device of the electronic device recognizes and analyzes the user's voice, extracts and generates order information, interacts with the user through a human-computer interaction interface, and the user confirms the order information.

(2) After confirming the order information, the electronic device performs voiceprint authentication by default or by the user's choice.

Voiceprint authentication includes two steps: information authentication and identity authentication.

Step 1: Information Authentication

The electronic device communicates with the merchant's server. After generating the order information, the electronic device obtains a random verification code (such as randomly displaying several numbers and requires the user to read it out according to the rules listed) and displays it to the user, and obtains the voice input by the user (that is, the first (2) voice information), identify and extract what the user said, compare it with the dynamic random verification code provided by the merchant server, and verify whether the content spoken by the user is consistent with the displayed content. If so, acquire the first voice information of the user, and perform identity authentication on the user based on the first voice information.

Step 2: Authentication

The microphone of the electronic device acquires the authentication sound input by the user, that is, the first voice information, (in order to ensure a good user experience and avoid the user inputting voice information twice, preferably, the voice when the user performs information authentication is also used as the voice for identity authentication template), the control device of the electronic equipment analyzes and calculates, converts it into a voiceprint feature template (that is, the first voiceprint information), and sends the converted first voiceprint information to SE, and SE sends the received first voiceprint information Compared with the reference voiceprint information preset in the SE, it is judged whether it belongs to the same person as the prestored reference voiceprint information. When the coincidence degree (score) obtained by comparison is greater than a certain threshold (the preset can be set according to the user's needs), the authentication is passed. SE sends a successful authentication message to the electronic device, activates the order and proceeds with the subsequent transaction process.

It should be noted that the voiceprint feature data of a specific sentence (namely the first voiceprint information) is stored in the SE, and the user also needs to speak the same specific sentence when authenticating (corresponding scenario: reading a fixed number string aloud, which is the same as in the SE The stored voiceprint information of the same digital string is compared).

Multiple voiceprint feature data of the user are stored in the SE. When the user is authenticated, other sentences can be spoken, and the voiceprints can also be judged based on other sentences (corresponding scenario: read random numbers or text aloud, extract voiceprint information, and Compare the voiceprint information stored in the SE to determine whether it comes from the same person).

Regarding the reference voiceprint information: in a safe environment, collect the user's voice, convert the voice into voiceprint feature data (that is, refer to voiceprint information), and initially store the voiceprint feature data in the SE, or by the server It is sent and stored to SE through a secure channel.

One SE can store voiceprint information of multiple people. During voiceprint authentication, SE will compare the received voiceprint feature data with all the reference voiceprint feature data preset in SE to judge whether it is consistent with the pre-stored voiceprint feature data. At least one of the voiceprints of belong to the same person.

(3) After the authentication is passed, the payment operation is performed.

After confirming that the voiceprint belongs to the same person, SE activates the payment operation. The specific form is: providing data for payment (that is, data to be paid). The SE encrypts the data used for payment and sends it to the control device of the electronic device, and the control device transmits the payment information to the payee or the bank server through the communication module.

In the embodiment of this application, since the data to be paid comes from the SE, data security and tamper-proof are ensured in this way.

It should be noted that, for the authentication method provided in the embodiment of the present application, the execution subject may be an authentication device, or a control module in the authentication device for executing the authentication method.

Based on the same inventive concept as the above authentication method, the present application also provides an authentication device. The authentication device provided by the embodiment of the present application will be described in detail below with reference to FIG. 4 .

Fig. 4 is a schematic structural diagram of an authentication device according to an exemplary embodiment.

As shown in FIG. 4, the authentication device 400 can be applied to a secure element, and the authentication device 400 can include:

The first acquiring module 410 is configured to acquire first voiceprint information; wherein, the first voiceprint information is obtained by analyzing the first voice information of the user received by the electronic device,

The first determining module 420 is configured to determine that the user has passed the authentication when the first voiceprint information matches the target reference voiceprint information; wherein the target reference voiceprint information is at least one reference voiceprint In the information, reference voiceprint information matching the first voiceprint information; for each reference voiceprint information, the reference voiceprint information is obtained by the electronic device based on the received second voice information of the user;

The first sending module 430 is configured to send the confirmation information of passing the authentication to the electronic device, so that the electronic device performs a payment operation based on the confirmation information.

In the embodiment of the present application, the first voiceprint information is acquired by the first acquisition module, based on the fact that the first determination module matches the first voiceprint information with the target reference voiceprint information, it is determined that the user's authentication is passed, and based on the second A sending module sends the confirmation information of passing the authentication to the electronic device, so that the electronic device performs payment operations based on the confirmation information. In this application, the reference voiceprint information is stored in the security element. Since the environment of the security element is safe, the voiceprint The information cannot be modified or stolen, which prevents the voiceprint information from being replaced and ensures the security of the voiceprint information.

In some embodiments of the present application, in order to ensure payment security, the first acquisition module 410 can be specifically used to:

When it is determined that the electronic device has passed the user's information authentication, the first voiceprint information is obtained; wherein the information authentication is to verify that the data content extracted based on the first voice information input by the user is consistent with that received by the electronic device Whether the random verification codes are consistent;

The first determining module 420 can specifically be used for:

If the first voiceprint information matches the target reference voiceprint information, it is determined that the identity authentication of the user is passed.

In some embodiments of the present application, in order to improve user experience, the voice information used for the information authentication of the user by the electronic device and the identity authentication of the user by the security element is the same voice information.

In some embodiments of the present application, the authentication device mentioned above may also include:

A first generation module, configured to generate data to be paid for payment order information; the order information is generated by the electronic device in response to the user's purchase instruction;

The second sending module is configured to send the data to be paid to the electronic device, so as to make payment based on the data to be paid.

In some embodiments of the present application, at least one of the electronic device and the payment collection device is offline, and the electronic device and the payment collection device are connected in communication; the second sending module is specifically used to :

When the electronic device is offline, the secure element sends the data to be paid to the electronic device, so that the electronic device sends payment information corresponding to the data to be paid to the collection device;

When the payment collection device is offline, the secure element sends the data to be paid to the electronic device, so that the electronic device sends payment information corresponding to the data to be paid to the server.

In some embodiments of the present application, the secure element is set in a gateway, the gateway is connected to at least one electronic device, and the secure element includes at least one storage area, each storage area corresponds to an electronic device, for The user's voiceprint information acquired by the corresponding electronic device is stored.

In some embodiments of the present application, in order to improve user experience, the first acquiring module 410 can be specifically used to:

Obtain the first voiceprint information corresponding to the target electronic device, and the device information of the target electronic device; wherein, the target electronic device is any one of at least one electronic device; the first voiceprint information is provided by the gateway identifying the target electronic device corresponding to the first voice information and sending it to the secure element; the device information is sent to the secure element after the gateway identifies the target electronic device corresponding to the first voice information;

The first determining module 420 may specifically include:

A first determining unit, configured to determine a target storage area corresponding to the target electronic device based on the device information;

The second determining unit is configured to determine that the user's authentication has passed if the first voiceprint information matches the target reference voiceprint information stored in the target storage area; wherein the target storage area is A storage area in the secure element corresponding to the target electronic device.

In some embodiments of the present application, each electronic device communicates with the secure element based on a different key; the first voiceprint information is the electronic device's encrypted voiceprint information based on the first key;

The first determining module 420 may also include:

Decrypting the first voiceprint information based on the first secret key corresponding to the target electronic device;

The second determination unit can specifically be used for:

When the decryption of the first voiceprint information is completed and the first voiceprint information matches the reference voiceprint information stored in the target storage area in the security element, it is determined that the authentication of the user is passed.

In some embodiments of the present application, in order to further improve user experience, the secure element is set in an integrated circuit card.

The first acquisition module 410 can specifically be used for:

receiving the first voiceprint information sent by the control element of the integrated circuit card; wherein the first voiceprint information is voiceprint information encrypted based on the second key, and received by the control element of the integrated circuit card The first voiceprint information is sent by the electronic device;

The first determining module 420 can specifically be used for:

Decrypting the first voiceprint information by using the second secret key;

When the decryption of the first voiceprint information is completed and the first voiceprint information matches the target reference voiceprint information, it is determined that the authentication of the user passes.

In some embodiments of the present application, the integrated circuit card is bound to the electronic device, and the integrated circuit card is communicatively connected to the electronic device. The above-mentioned authentication device may also include:

The third sending module is used to send the confirmation information of passing the authentication and the data to be paid for payment to the control element of the integrated circuit card, so that the control element of the integrated circuit card sends the to-be-paid data to the control element of the integrated circuit card The data is sent to the electronic device, so that the electronic device completes the payment based on the data to be paid.

In some embodiments of the present application, the authentication device mentioned above may also include:

An encryption module, configured to encrypt the data to be paid based on a third secret key;

The third sending module can specifically be used for:

The encrypted data to be paid for payment is sent to the control element of the integrated circuit card.

The authentication device provided in the embodiment of this application can be used to execute the authentication method provided in the method embodiment in which the executive body is a secure element. The implementation principle and technical effect are similar, and for the sake of brief introduction, details are not repeated here.

Fig. 5 is a schematic structural diagram of another authentication device according to an exemplary embodiment.

As shown in Figure 5, the authentication device 500 can be applied to electronic equipment, and the authentication device 500 can include:

The first acquiring module 510 is configured to acquire the first voice information of the user;

The first determining module 520 is configured to analyze the first voice information to obtain the first voiceprint information;

The first sending module 530 is configured to send the first voiceprint information to the security element, so that the security element matches the first voiceprint information with at least one reference voiceprint information; and in the When the first voiceprint information matches the target reference voiceprint information, determine that the user’s authentication has passed, and send the confirmation information of the authentication pass to the electronic device, so that the electronic device information to perform payment operations; wherein, the security element includes at least one reference voiceprint information, and the target reference voiceprint information is the reference voice that matches the first voiceprint information among the at least one reference voiceprint information fingerprint information; for each piece of reference voiceprint information, the reference voiceprint information is obtained by the electronic device based on the received second voice information of the user.

In the embodiment of the present application, the first voiceprint information of the user obtained by the acquisition module is analyzed by the first determination module to obtain the first voiceprint information, and the first voiceprint information is sent to the security element based on the first sending module so that the security element matches the first voiceprint information with at least one reference voiceprint information; The information is stored in the security element, which is a safe environment, and the voiceprint information will not be modified or stolen, which prevents the voiceprint information from being replaced, ensures the security of the voiceprint information, and conducts voiceprint information in the security element. Pattern authentication, higher security performance.

In some embodiments of this application, in order to further improve the security of voiceprint information,

An information authentication module, configured to perform information authentication on the user based on the first voiceprint information; wherein, the information authentication is to verify that the data content extracted based on the first voice information input by the user is consistent with that received by the electronic device Whether the random verification codes are consistent;

The first sending module 530 can specifically be used for:

When it is determined that the information authentication of the user is passed, sending the first voiceprint information to a security element, so that the security element matches the first voiceprint information with at least one reference voiceprint information ; and when the first voiceprint information matches the target reference voiceprint information, determine that the user's identity authentication has passed.

In some embodiments of the present application, in order to further improve user experience, the above-mentioned authentication device may also include:

A third acquiring module, configured to acquire the user's purchase instruction;

A first generation module, configured to generate order information based on the purchase instruction;

A fourth obtaining module, configured to obtain a random verification code corresponding to the order information; wherein, the random verification code is used to verify information of the user;

The first obtaining module 510 can specifically be used for:

Acquiring first voice information for the user to read the random verification code.

In some embodiments of the present application, in order to further improve the security of the voiceprint information, the above-mentioned authentication device may further include:

The second obtaining module is used to obtain the second voice information of the user;

The second determination module is configured to analyze the second voice information to obtain reference voiceprint information;

A third sending module, configured to send the reference voiceprint information to the secure element, so that the secure element stores the reference voiceprint information.

The authentication device provided by the embodiment of the present application can be used to implement the authentication method provided by the above-mentioned method embodiment in which the execution subject is an electronic device. The implementation principle and technical effect are similar, and for the sake of brief introduction, details are not repeated here.

Based on the same inventive concept, the embodiment of the present application also provides an electronic device.

FIG. 6 is a schematic structural diagram of an electronic device provided by an embodiment of the present application. As shown in FIG. 6 , the electronic device may include a processor 601 and a memory 602 storing computer programs or instructions.

Specifically, the above-mentioned processor 601 may include a central processing unit (CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or may be configured to implement one or more integrated circuits in the embodiments of the present invention.

Memory 602 may include mass storage for data or instructions. By way of example and not limitation, memory 602 may include a hard disk drive (Hard Disk Drive, HDD), a floppy disk drive, a flash memory, an optical disk, a magneto-optical disk, a magnetic tape, or a Universal Serial Bus (Universal Serial Bus, USB) drive or two or more Combinations of multiple of the above. Storage 602 may include removable or non-removable (or fixed) media, where appropriate. Under appropriate circumstances, the storage 602 can be inside or outside the comprehensive gateway disaster recovery device. In a particular embodiment, memory 602 is a non-volatile solid-state memory. Memory may include read-only memory (Read Only Memory image, ROM), random-access memory (Random-Access Memory, RAM), disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible Memory storage device. Thus, in general, memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software comprising computer-executable instructions, and when the software is executed (e.g., by one or When there are multiple processors), it is operable to execute the operations described in the authentication method provided by the above embodiments.

The processor 601 implements any authentication method in the foregoing embodiments by reading and executing the computer program instructions stored in the memory 602 .

In one example, the electronic device may further include a communication interface 603 and a bus 610 . Wherein, as shown in FIG. 6 , a processor 601 , a memory 602 , and a communication interface 603 are connected through a bus 610 to complete mutual communication.

The communication interface 603 is mainly used to implement communication between various modules, devices, units and/or devices in the embodiments of the present invention.

Bus 610 includes hardware, software, or both, and couples the components of the electronic device to each other. By way of example and not limitation, the bus may include Accelerated Graphics Port (AGP) or other graphics bus, Enhanced Industry Standard Architecture (EISA) bus, Front Side Bus (FSB), HyperTransport (HT) interconnect, Industry Standard Architecture (ISA) Bus, Infiniband Interconnect, Low Pin Count (LPC) Bus, Memory Bus, Micro Channel Architecture (MCA) Bus, Peripheral Component Interconnect (PCI) Bus, PCI-Express (PCI-X) Bus, Serial Advanced Technology Attachment (SATA) bus, Video Electronics Standards Association Local (VLB) bus or other suitable bus or a combination of two or more of these. Bus 610 may comprise one or more buses, where appropriate. Although embodiments of the invention describe and illustrate a particular bus, the invention contemplates any suitable bus or interconnect.

The electronic device can execute the authentication method in the embodiment of the present invention, so as to realize the authentication method described in FIG. 2-FIG. 3 .

In addition, in combination with the authentication methods in the foregoing embodiments, embodiments of the present invention may provide a readable storage medium for implementation. The readable storage medium stores program instructions; when the program instructions are executed by the processor, any authentication method in the above-mentioned embodiments is implemented.

In addition, in combination with the authentication method in the foregoing embodiments, the embodiments of the present invention may provide a computer program product for implementation. When the instructions in the computer program product are executed by the processor of the electronic device, the electronic device is made to execute any authentication method in the foregoing embodiments.

It is to be understood that the invention is not limited to the specific arrangements and processes described above and shown in the drawings. For conciseness, detailed descriptions of known methods are omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method process of the present invention is not limited to the specific steps described and shown, and those skilled in the art can make various changes, modifications and additions, or change the sequence of steps after understanding the spirit of the present invention.

The functional blocks shown in the structural block diagrams described above may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an application specific integrated circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the invention are the programs or code segments employed to perform the required tasks. Programs or code segments can be stored in machine-readable media, or transmitted over transmission media or communication links by data signals carried in carrier waves. "Machine-readable medium" may include any medium that can store or transmit information. Examples of machine-readable media include electronic circuits, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio frequency (RF) links, and the like. Code segments may be downloaded via a computer network such as the Internet, an Intranet, or the like.

It should also be noted that the exemplary embodiments mentioned in the present invention describe some methods or systems based on a series of steps or devices. However, the present invention is not limited to the order of the above steps, that is, the steps may be performed in the order mentioned in the embodiment, or may be different from the order in the embodiment, or several steps may be performed simultaneously.

Aspects of the present application are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the present application. It will be understood that each block of the flowchart and/or block diagrams, and combinations of blocks in the flowchart and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine such that execution of these instructions via the processor of the computer or other programmable data processing apparatus enables Implementation of the functions/actions specified in one or more blocks of the flowchart and/or block diagrams. Such processors may be, but are not limited to, general purpose processors, special purpose processors, application specific processors, or field programmable logic circuits. It can also be understood that each block in the block diagrams and/or flowcharts and combinations of blocks in the block diagrams and/or flowcharts can also be realized by dedicated hardware for performing specified functions or actions, or can be implemented by dedicated hardware and Combination of computer instructions to achieve.

The above is only a specific implementation of the present invention, and those skilled in the art can clearly understand that for the convenience and brevity of description, the specific working process of the above-described systems, modules and units can refer to the foregoing method embodiments The corresponding process in , will not be repeated here. It should be understood that the protection scope of the present invention is not limited thereto. Any person skilled in the art can easily think of various equivalent modifications or replacements within the technical scope disclosed in the present invention, and these modifications or replacements should cover all Within the protection scope of the present invention.

Claims (21)

1. An authentication method applied to a secure element including at least one reference voiceprint information therein, the method comprising:

acquiring first voiceprint information; the first voiceprint information is obtained by analyzing the electronic equipment based on the received first voice information of the user;

determining that the user passes authentication under the condition that the first voiceprint information is matched with target reference voiceprint information; the target reference voiceprint information is reference voiceprint information matched with the first voiceprint information in the at least one piece of reference voiceprint information; for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user;

and sending the confirmation information passing the authentication to the electronic equipment so as to enable the electronic equipment to carry out payment operation based on the confirmation information.

2. The method of claim 1, wherein the obtaining the first voiceprint information comprises:

acquiring first voiceprint information under the condition that the electronic equipment is determined to pass the information authentication of the user; the information authentication is to verify whether the data content extracted based on the first voice information input by the user is consistent with a random verification code received by the electronic equipment;

determining that the user passes authentication when the first voiceprint information matches the reference voiceprint information, comprising:

and determining that the identity authentication of the user passes under the condition that the first voiceprint information is matched with the target reference voiceprint information.

3. The method according to claim 2, wherein the voice information used for the information authentication of the user by the electronic device and the identity authentication of the user by the secure element is the same voice information.

4. The method of claim 2, wherein after the determining that the identity authentication of the user is passed, the method further comprises:

generating data to be paid for payment order information; the order information is generated by the electronic equipment in response to a purchase instruction of the user;

after the sending the confirmation information that the authentication is passed to the electronic device, the method further includes:

and sending the data to be paid to the electronic equipment so as to pay based on the data to be paid.

5. The method of claim 4, wherein at least one of the electronic device and a checkout device are offline, the electronic device and the checkout device being communicatively coupled;

the sending the data to be paid to the electronic device to pay based on the data to be paid comprises:

under the condition that the electronic equipment is in an offline state, the safety element sends the data to be paid to the electronic equipment so that the electronic equipment sends payment information corresponding to the data to be paid to a money receiving device;

under the condition that the money receiving device is in an offline state, the secure element sends the data to be paid to the electronic device, so that the electronic device sends payment information corresponding to the data to be paid to a server.

6. The method according to claim 1, wherein the secure element is disposed in a gateway, the gateway is connected to at least one electronic device, and the secure element includes at least one storage area, each storage area corresponds to one electronic device, and is configured to store voiceprint information of the user acquired by the corresponding electronic device.

7. The method of claim 6, wherein the obtaining the first voiceprint information comprises:

acquiring first voiceprint information corresponding to target electronic equipment and equipment information of the target electronic equipment; the target electronic equipment is any one of at least one electronic equipment; the gateway identifies the target electronic equipment corresponding to the first voice message and then sends the first voice print message to the secure element; the device information is sent to the safety element after the gateway identifies the target electronic device corresponding to the first voice information;

determining that the user passes authentication when the first voiceprint information matches target reference voiceprint information, comprising:

determining a target storage area corresponding to the target electronic device based on the device information;

determining that the user passes authentication when the first voiceprint information matches target reference voiceprint information stored in the target storage area; the target storage area is a storage area corresponding to the target electronic device in the secure element.

8. The method of claim 7, wherein each electronic device communicates with the secure element based on a different key; the first voiceprint information is the voiceprint information encrypted by the electronic equipment based on a first secret key;

in a case where the first voiceprint information matches reference voiceprint information stored in a target storage area in the secure element, before determining that the authentication of the user is passed, the method further comprises:

decrypting the first voiceprint information based on a first key corresponding to the target electronic device;

the determining that the user is authenticated in the case that the first voiceprint information matches reference voiceprint information stored in a target storage area in the secure element, includes:

and determining that the user passes the authentication if the first voiceprint information is decrypted and the first voiceprint information is matched with the reference voiceprint information stored in the target storage area in the secure element.

9. The method of claim 1, wherein the secure element is disposed within an integrated circuit card;

the acquiring of the first voiceprint information includes:

receiving first voiceprint information sent by a control element of the integrated circuit card; the first voiceprint information is encrypted based on a second secret key, and the first voiceprint information received by the control element of the integrated circuit card is sent by the electronic equipment;

determining that the user passes authentication when the first voiceprint information matches target reference voiceprint information, comprising:

decrypting the first voiceprint information by using the second secret key;

and determining that the user passes the authentication under the condition that the first voiceprint information is decrypted and matched with the target reference voiceprint information.

10. The method of claim 9, wherein the integrated circuit card is bound to the electronic device, wherein the integrated circuit card is communicatively coupled to the electronic device,

after the determining that the authentication of the user passes, the method further comprises:

and sending the confirmation information which passes the authentication and the data to be paid for payment to the control element of the integrated circuit card, so that the control element of the integrated circuit card sends the data to be paid to the electronic equipment, and the electronic equipment completes the payment based on the data to be paid.

11. The method of claim 10, wherein prior to sending the data to be paid for payment to the control element of the integrated circuit card, the method further comprises:

encrypting the data to be paid based on a third key;

the sending of the data to be paid for payment to the control element of the integrated circuit card comprises:

and sending the encrypted data to be paid for payment to a control element of the integrated circuit card.

12. An authentication method, applied to an electronic device, the method comprising:

acquiring first voice information of a user;

analyzing the first voice information to obtain first voiceprint information;

sending the first voiceprint information to a secure element so that the secure element matches the first voiceprint information with at least one reference voiceprint information; determining that the user passes the authentication under the condition that the first voiceprint information is matched with the target reference voiceprint information, and sending confirmation information of the passing authentication to the electronic equipment so that the electronic equipment carries out payment operation based on the confirmation information; the secure element comprises at least one piece of reference voiceprint information, and the target reference voiceprint information is the reference voiceprint information which is matched with the first voiceprint information in the at least one piece of reference voiceprint information; and for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user.

13. The method of claim 12, wherein prior to said sending the first voiceprint information into a secure element, the method further comprises:

performing information authentication on the user based on the first voiceprint information; the information authentication is to verify whether the data content extracted based on the first voice information input by the user is consistent with a random verification code received by the electronic equipment;

sending the first voiceprint information into a secure element so that the secure element matches the first voiceprint information with at least one reference voiceprint information; and determining that the user passes the authentication when the first voiceprint information matches the target reference voiceprint information, comprising:

under the condition that the information authentication of the user is confirmed to pass, the first voiceprint information is sent to a secure element, so that the secure element can match the first voiceprint information with at least one piece of reference voiceprint information; and determining that the identity authentication of the user passes under the condition that the first voiceprint information is matched with the target reference voiceprint information.

14. The method of claim 13, wherein prior to said obtaining the first voice information of the user, the method further comprises:

acquiring a purchase instruction of the user;

generating order information based on the purchase instruction;

acquiring the random verification code corresponding to the order information; the random verification code is used for performing information verification on the user;

the acquiring of the first voice information of the user comprises:

and acquiring first voice information of the user reading the random verification code.

15. The method of claim 12, wherein prior to said obtaining the first voice information of the user, the method further comprises:

acquiring second voice information of the user;

analyzing the second voice information to obtain reference voiceprint information;

sending the reference voiceprint information into the secure element to cause the secure element to store the reference voiceprint information.

16. An authentication apparatus, wherein the apparatus is applied to a secure element, and the secure element includes at least one piece of reference voiceprint information therein, and the apparatus comprises:

the first acquisition module is used for acquiring first voiceprint information; wherein the first voiceprint information is obtained by the electronic equipment through analysis based on the received first voice information of the user,

a first determining module, configured to determine that the user passes authentication when the first voiceprint information matches target reference voiceprint information; the target reference voiceprint information is reference voiceprint information matched with the first voiceprint information in at least one piece of reference voiceprint information; for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user;

and the first sending module is used for sending the confirmation information passing the authentication to the electronic equipment so as to enable the electronic equipment to carry out payment operation based on the confirmation information.

17. An authentication apparatus, applied to an electronic device, the apparatus comprising:

the first acquisition module is used for acquiring first voice information of a user;

the first determining module is used for analyzing the first voice information to obtain first voiceprint information;

a first sending module, configured to send the first voiceprint information to a secure element, so that the secure element matches the first voiceprint information with at least one reference voiceprint information; determining that the user passes the authentication under the condition that the first voiceprint information is matched with the target reference voiceprint information, and sending confirmation information of the passing authentication to the electronic equipment so that the electronic equipment carries out payment operation based on the confirmation information; the secure element comprises at least one piece of reference voiceprint information, and the target reference voiceprint information is the reference voiceprint information which is matched with the first voiceprint information in the at least one piece of reference voiceprint information; and for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user.

18. An authentication system, the system comprising:

the electronic equipment is used for acquiring first voice information of a user and analyzing the first voice information to obtain first voiceprint information; and sending the first voiceprint information to a secure element;

the secure element is configured to match the first voiceprint information with at least one reference voiceprint information; and determining that the user passes the authentication under the condition that the first voiceprint information is matched with the target reference voiceprint information; sending the confirmation information passing the authentication to the electronic equipment so that the electronic equipment carries out payment operation based on the confirmation information;

the secure element comprises at least one piece of reference voiceprint information, and the target reference voiceprint information is the reference voiceprint information which is matched with the first voiceprint information in the at least one piece of reference voiceprint information; and for each piece of reference voiceprint information, the reference voiceprint information is obtained by analyzing the electronic equipment based on the received second voice information of the user.

19. The system of claim 18, wherein the electronic device is further configured to: performing information authentication on the user based on the first voiceprint information; the information authentication is to verify whether the data content extracted based on the first voice information input by the user is consistent with a random verification code received by the electronic equipment; under the condition that the information authentication of the user is determined to pass, sending the first voiceprint information to a safety element;

the security element is particularly configured to: matching the first voiceprint information with at least one reference voiceprint information; and determining that the identity authentication of the user passes under the condition that the first voiceprint information is matched with the target reference voiceprint information.

20. A readable storage medium, characterized in that it stores thereon a program or instructions which, when executed by a processor, implement the steps of the authentication method according to any one of claims 1 to 15.

21. A computer program product, characterized in that instructions in the computer program product, when executed by a processor of an electronic device, cause the electronic device to perform the steps of the authentication method according to any of claims 1-15.

Images