CN114528537A - System login method and electronic equipment - Google Patents

System login method and electronic equipment Download PDF

Info

Publication number
CN114528537A
CN114528537A CN202011198431.5A CN202011198431A CN114528537A CN 114528537 A CN114528537 A CN 114528537A CN 202011198431 A CN202011198431 A CN 202011198431A CN 114528537 A CN114528537 A CN 114528537A
Authority
CN
China
Prior art keywords
password
fingerprint
user
verification
electronic device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011198431.5A
Other languages
Chinese (zh)
Inventor
庾能国
王延辉
冯鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN202011198431.5A priority Critical patent/CN114528537A/en
Publication of CN114528537A publication Critical patent/CN114528537A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephone Function (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The application discloses a system login method and electronic equipment. The electronic device may include a power key, a fingerprint sensor, etc. through which a user may log into the system. By implementing the method, the electronic equipment can disable the driving of the fingerprint sensor after detecting that the user logs in the system in a fingerprint verification mode for a certain time or a certain number of times, or set the BIOS not to report the fingerprint sensor equipment when the next time of power-on, or inform the fingerprint verification module to continuously return a result of fingerprint verification failure when the next time of verification is carried out, or disable the biological identification service, or call an interface to preferentially obtain a password verification result when logging in, and the like, so that the user logs in the system in a password verification mode. And after the user successfully verifies the password and logs in the system, the electronic equipment recovers the default fingerprint verification login function. By implementing the technical scheme, the user can be effectively reminded to recall the login password, and the security of system login verification is improved.

Description

System login method and electronic equipment
Technical Field
The present application relates to the field of terminals, and in particular, to a system login method and an electronic device.
Background
With the rapid development of information technology, the use of electronic devices such as notebook computers and the like is more and more popular, and in order to improve the security of user information, the electronic devices can provide security verification for users when the users log in an operating system. Based on the premise of convenient use, for electronic equipment providing multiple verification login operation system modes, users often adopt fingerprint verification or face verification and other more convenient verification modes to login the operation system. But the authentication mode based on the biological characteristics has the defects of easy copying and stealing, incapability of modifying, large fault-tolerant range, difficulty in encryption and the like, and is convenient and fast while losing safety. If the user uses the identity authentication based on the biological characteristics for a long time, the user not only easily forgets the set password, but also seriously lacks the security.
Disclosure of Invention
The application provides a system login method and electronic equipment, which can be switched to a mode that a user logs in a system through password authentication after detecting that the user logs in the system through a biological characteristic authentication mode for a certain time or a certain number of times. And after the user successfully verifies the password and logs in the system, the electronic equipment restores the default use of the biological feature verification login function. By implementing the technical scheme, the user can be effectively reminded to recall the login password, and the security of system login verification is improved.
In a first aspect, the present application provides a system login method, including: the electronic equipment starts a biological characteristic verification mode, the biological characteristic verification mode is used for determining whether the identity of the user passes the verification according to the biological characteristic information collected by the biological characteristic collection device, if the identity of the user passes the verification, the system is logged in, otherwise, the system is not logged in. The electronic device records the number of times or duration of logging into the system via the biometric authentication mode. If the number of times exceeds the first number of times or the duration exceeds the first duration (for example, the first duration is M days, the first number of times is N times, and M, N is a positive integer), the electronic device starts a password authentication mode, where the password authentication mode is used to determine whether the user identity passes authentication according to the collected first password, and if the user identity passes authentication, the system login is executed, otherwise, the system login is not executed. Wherein the first password comprises one or more of: character password, symbol password, graphic password and digital password. And the electronic equipment restarts the biometric authentication mode after determining that the user passes the authentication of the password authentication mode.
In a possible implementation manner, the electronic device further includes a system detection module, a biometric verification module, a password verification module, a user login module, and the like. The user login module is used for executing a login system according to the result of the biological characteristic verification module or the password verification module. The biological characteristic verification module is used for determining whether the user identity passes the verification according to the biological characteristic information acquired by the biological characteristic acquisition device. The password verification module is used for determining whether the user identity passes the verification according to the password input by the user.
In one possible implementation, the electronic device may disable the driving of the biometric acquisition device if the number of times exceeds a first number of times or the duration exceeds a first duration.
In one possible implementation, the electronic device may disable the driving of the biological information collection apparatus through the device manager. The system monitoring module may send a first notification to the device manager. The device manager then disables the actuation of the biometric acquisition apparatus in response to the first notification.
In one possible implementation, the system monitoring module of the electronic device may re-enable the driving of the biometric acquisition device after determining that the user is authenticated by the password authentication mode.
In a possible implementation manner, if the number of times exceeds the first number of times or the duration exceeds the first duration, the electronic device notifies the BIOS to set the enable flag of the drive of the biometric acquisition device in the advanced configuration and power management interface Table ACPI Table to disable when the system is started next time.
In a possible implementation manner, the system monitoring module may send a second notification to the BIOS, where the second notification is used to notify the BIOS that the biometric acquisition device is not reported when the system is started next time. In response to the second notification, the BIOS sets an enable flag of the drive of the biometric acquisition device in the ACPI Table to disable.
In one possible implementation, after determining that the user passes the authentication of the password authentication mode, the system monitoring module of the electronic device may notify the BIOS to set the enable flag of the driver of the biometric acquisition device in the ACPI Table to enable.
In one possible implementation, if the number of times exceeds a first number of times or the duration exceeds a first duration, the electronic device may generate an event that the biometric authentication fails, the event being used to trigger the electronic device to turn on the password authentication mode.
In one possible implementation, the system monitoring module may send a third notification to the biometric verification module, where the third notification is used to notify the biometric verification module to generate an event that the biometric verification fails at the next login verification. The biometric verification module may generate an event that the biometric verification fails in response to the third notification.
In one possible implementation manner, after the electronic device determines that the user passes the verification of the password verification mode, the system monitoring module of the electronic device may notify the biometric verification mode to recover to normal, and clear the sign of the biometric verification mode that the generation of the verification fails.
In one possible implementation, if the number of times exceeds a first number of times or the duration exceeds a first duration, the electronic device disables a biometric service for identifying or verifying biometric information.
In one possible implementation, the system monitoring module may send a fourth notification to the biometric verification module. In response to the fourth notification, the biometric verification module disables the biometric service.
In one possible implementation, after determining that the user is authenticated by the password authentication mode, the system monitoring module of the electronic device may notify the biometric authentication module to re-enable the biometric service.
In a possible implementation manner, the electronic device confirms whether to execute login to the system by calling the second interface to obtain the result of the password authentication mode.
In a possible implementation manner, the system monitoring module determines whether to execute login to the system by calling the second interface to obtain a result of the password authentication mode.
In one possible implementation, after determining that the user passes the authentication of the password authentication mode, the electronic device confirms whether to perform login to the system by calling the first interface to acquire the result of the biometric authentication mode.
In one possible implementation, the biometric features may include a fingerprint, face, iris, voice, palm print, gait, pulse, etc.
In a possible implementation manner, the electronic device acquires the first password through a password acquisition device, where the password acquisition device includes one or more of the following: keyboard, mouse, touch panel or touch screen.
In one possible implementation, the biometric acquisition device is a fingerprint acquisition device that is integrated on a power key of the electronic device.
In one possible implementation manner, when the electronic device starts the password authentication mode, a password login interface is displayed, and the password login interface comprises a password input area.
In one possible implementation, the password input area includes: a password entry box and/or a graphical entry area.
In a second aspect, the present application provides an electronic device, comprising: the system comprises a biological characteristic acquisition device, a memory and a processor coupled to the memory, wherein the processor further comprises a system detection module, a biological characteristic verification module, a password verification module and a user login module. The biological characteristic verification module is used for determining whether the identity of the user passes the verification according to the biological characteristic information acquired by the biological characteristic acquisition device. The user login module is configured to perform system login after the user passes the authentication, where the performing of system login may include: and displaying the desktop or displaying the interface reserved before the last screen locking. The system monitoring module may be configured to record the number of times or duration of login to the system based on the authentication result of the biometric authentication module. And the password verification module is used for determining whether the user identity passes the verification according to the first password acquired by the password acquisition device if the times exceed the first times or the duration exceeds the first duration. The system detection module is also used for restarting the biometric authentication module after determining that the user passes the authentication of the password authentication module. The memory stores computer-executable instructions, and the processor is configured to invoke the instructions to cause the electronic device to execute the system login method in any one of the possible implementation manners of the above aspects.
In a third aspect, an embodiment of the present application provides a computer storage medium, which includes computer instructions, and when the computer instructions are executed on an electronic device, the electronic device is caused to execute a system login method in any possible implementation manner of any one of the foregoing aspects.
In a fourth aspect, the present application provides a computer program product, which when run on a computer, causes the computer to execute the system login method in any one of the possible implementations of the foregoing aspect.
In a fifth aspect, the present application provides an electronic device, comprising: one or more functional modules, configured to execute the system login method in any possible implementation manner of any one of the above aspects.
Drawings
FIG. 1A illustrates an exemplary electronic device provided by an embodiment of the present application;
FIG. 1B illustrates an arrangement of a power key and a fingerprint sensor of the electronic device shown in FIG. 1A;
FIG. 1C illustrates another exemplary electronic device provided by embodiments of the present application;
2A-2C illustrate a process by which a user of the electronic device shown in FIG. 1A logs into an operating system;
3A-3C illustrate a display interface of an electronic device;
4A-4C illustrate a display interface of an electronic device;
5A-5B illustrate a display interface of an electronic device;
FIG. 6 illustrates a hardware architecture for use with the electronic device shown in FIG. 1A;
FIG. 7 illustrates a software architecture applied to the electronic device shown in FIG. 1A;
fig. 8 illustrates an architecture of an electronic device provided by an embodiment of the present application;
fig. 9 illustrates a method for login provided by an embodiment of the present application;
FIG. 10 illustrates a method for login provided by an embodiment of the present application;
FIG. 11 illustrates a method for login provided by an embodiment of the present application;
FIG. 12 illustrates a method for login provided by an embodiment of the present application;
FIG. 13 illustrates a method for login provided by an embodiment of the present application;
FIG. 14A illustrates another exemplary electronic device provided by embodiments of the present application;
fig. 14B illustrates a display interface provided in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described in detail and clearly with reference to the accompanying drawings. Wherein the terms "first", "second" are used for descriptive purposes only and are not to be construed as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature, and in the description of embodiments of the application, unless stated otherwise, "plurality" means two or more.
The application provides an electronic device which can be a notebook computer, a desktop computer, a tablet computer, a smart phone and other types of electronic devices, and the electronic device can provide various verification login modes such as password verification login, fingerprint verification login and face recognition verification login. The application also provides a system login method, which can be applied to the electronic equipment provided by the application, and the electronic equipment can disable the drive of the biological characteristic acquisition device (such as the drive of a fingerprint sensor) after detecting that a user logs in the system for a certain time (such as M days, M can be a positive integer) or a certain number of times (such as N times, N can be a positive integer) through a biological characteristic identification verification mode (such as fingerprint verification login, face identification verification login, voice print verification login and the like), or set the BIOS not to report the biological characteristic acquisition device (such as the fingerprint sensor) when the next time of power-on, or inform the biological identification verification module to continuously return the result of the failure of the biological identification verification during the next verification, disable the biological identification service, or call an interface to preferentially acquire the password verification result during login and the like, thereby enabling the user to log in the system through a password authentication mode. And after the user successfully verifies the password and logs in the system, the electronic equipment recovers the default fingerprint verification login function. By implementing the technical scheme, the user can be effectively reminded to recall the login password, and the security of system login verification is improved.
In the embodiment of the present application, an operating system (also referred to as "system") of an electronic device may refer to a computer program that manages hardware and software resources of a computer. The operating system needs to handle basic transactions such as managing and configuring memory, determining priorities of system resources, controlling input devices and output devices, operating the network, and managing the file system. The operating system also provides an operator interface for the user to interact with the system. The operating system stores a user name and a password set by a user, and the user can use the user name and the password to verify and log in the operating system. After login is successful, the user can legally use the capabilities of the account. For example, a user may view, change, use, etc. a document in an electronic device. The password may be in various forms, such as a number, a letter, a character, a punctuation mark, a figure or a mixed password (hereinafter, simply referred to as a password), a fingerprint password, a voice-print password, a facial feature password, and the like, which are not limited in any way in this application.
Generally, operating systems can be divided into open source systems (opensources) and closed source systems (closesources). Open source is referred to collectively as open source code, and refers to allowing a user to modify or recompile the system kernel within copyright constraints. Closed source is an antisense word to open source and is used to refer to any program that is not qualified as open source licensing terms. Closed source means that only a binary version of the program is available, not the source code of the program, and the user can hardly modify or recompile the program. Common open source systems are:
Figure BDA0002754659240000041
systems and other derived systems, etc.; common closed-source systems are:
Figure BDA0002754659240000042
(Windows) system, etc.
Electronic devices with open source systems, e.g. mounting
Figure BDA0002754659240000043
On the mobile phone of the system, the unlocking function can be realized by adding a screen locking application program in the system, wherein the screen locking application program can support: unlocking modes such as password unlocking, pin code unlocking, face recognition unlocking, fingerprint unlocking, voiceprint unlocking and the like. In one case, the mobile phone must enter the system by inputting a password when the mobile phone is powered on, after the password is verified to be correct, a timer starts to count time, and then the user can unlock the mobile phone by using a fingerprint when the user wakes up a screen. After the timer reaches the preset time, the system can disable the function of the screen locking application program, and further trigger password authentication login.
On electronic devices carrying closed-source systems, e.g. carrying
Figure BDA0002754659240000044
Individuals of the systemOn a computer (PC), the system login authentication function is composed of
Figure BDA0002754659240000045
The login module of the system provides, and a developer cannot customize, so that the screen locking application program cannot be used. According to the scheme provided by the application, the system can be realized by disabling the drive of the biological characteristic acquisition device (such as the drive of a fingerprint sensor), or setting the modes that the BIOS does not report the biological characteristic acquisition device (such as the fingerprint sensor) when the system is powered on next time, or informing the biological identification verification module to continuously return the result of the failure of the biological identification verification when the biological identification verification module is verified next time, or disabling the biological identification service, or calling an interface to preferentially acquire the password verification result during login, and the like, so that a user can log in the system in a password verification mode, the user is effectively reminded of recalling the login password, and the security of the system login verification is improved.
The present application will be specifically described below by taking the electronic device 100 as an example.
Fig. 1A illustrates an exemplary electronic device 100 provided in the embodiments of the present application. The electronic device 100 may be a notebook computer, a desktop computer, a tablet computer, etc. The electronic device 100 shown in fig. 1A is a notebook computer. It should be understood that the electronic device 100 shown in FIG. 1A is merely an example, and that the electronic device 100 may have more or fewer components than shown in FIG. 1A, may split device combinations of components, may combine two or more components, or may have a different configuration of components. The various components shown in the figures may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits.
As shown in fig. 1A, the electronic device 100 may include a power key 101, wherein, as shown in fig. 1B,
the power button 101 may be composed of a fingerprint sensor 102 and a power button 103. The fingerprint sensor 102 may be an optical fingerprint sensor, an ultrasonic fingerprint sensor, or other type of fingerprint sensor. The power button 103 may be responsible for switching and waking up the electronic device. In some embodiments, the fingerprint sensor 102 and the power button 103 may be integrated. For example, as shown in FIG. 1B, the fingerprint sensor 102 may be placed on the surface of the power button 103. The surface may contact the user's finger when the user presses the power key 101. In this way, it is realized that the fingerprint sensor 102 can capture the fingerprint of the user while the user presses the power key 101. In other embodiments, the fingerprint sensor 102 may also be separated from the power button 103, as shown in fig. 1C, a user may start, shut down, wake up, and the like by pressing the power button 103, and after the electronic device 100 displays the fingerprint verification interface, the user may then collect a fingerprint by pressing the fingerprint sensor 102. The embodiment of the present application does not limit the positional relationship between the fingerprint sensor 102 and the power button 103.
The following describes the process of booting up and logging in the operating system of the electronic device 100 shown in fig. 1A.
As shown in fig. 2A, when the power button 101 of the electronic device 100 is not triggered, the electronic device 100 is in a blank screen state in a normal operation state such as power off, hibernation, or sleep. When the user presses the power key 101 of the electronic device 100, the electronic device 100 may be powered on or awakened to operate in response to the user pressing the power key 101. Meanwhile, the fingerprint sensor 102 integrated on the power key 101 can acquire first fingerprint information of the user for fingerprint verification. The first fingerprint information of the user may be matched and verified with the correct fingerprint information that is collected by the electronic device 100 in advance, and if the fingerprint information is verified successfully, the electronic device 100 may display a system desktop 210 as shown in fig. 2C. To this end, the user successfully logs into the operating system of the electronic device 100. It can be seen that the electronic device 100 provided by the present application can implement "one-touch power-on login", and does not require a user to perform password authentication.
In some embodiments, if the fingerprint sensor 102 and the power button 103 of the electronic device 100 are separate, the fingerprint verification interface 201 may be displayed after power-on by pressing the power button 103. Or if the electronic device 100 is only woken up, the login needs to be re-authenticated, but the electronic device 100 does not need to be powered on again, and the fingerprint authentication interface 201 may be displayed after the electronic device 100 is woken up. As shown in fig. 2B, in the fingerprint authentication interface 201, a fingerprint authentication prompt or prompt icon 202 and a control 203 for switching login modes may be displayed, and the control 203 may display a prompt such as "click to switch to a password authentication login interface". After the user places a finger on the fingerprint sensor 102 and fingerprint verification passes, the electronic device 100 may display the system desktop 210 or the interface last retained by the user.
Fig. 3A-3B illustrate display interfaces provided in some embodiments. The interface is used for prompting the user to change the mode of logging in the system from fingerprint authentication to password authentication.
In some embodiments, as shown in fig. 3A, when it is detected that the user does not use the password to verify login for many days, a prompt box 311 may be displayed on the display interface 310 of the electronic device 100, and a prompt may be displayed in the prompt box 311 to remind the user to use the password to verify login the next time the user logs in to the system. In the example of fig. 3A, the prompt in prompt box 311 may be: "you have detected that you log in using fingerprint authentication for 10 consecutive days, please verify the login using password to confirm your identity the next time you log in order to ensure your account security", this embodiment does not limit the content of the prompt.
In some embodiments, as shown in fig. 3B, after the electronic device 100 detects that the user logs in using face recognition authentication for more than a certain number of times or a certain time, the electronic device 100 may display a prompt box 321 in the display interface 320 after being powered on again, restarted, and woken up before displaying the user login interface. A prompt may be displayed in the prompt box 321 to remind the user to use the password to verify the login when logging in the system. In the example of fig. 3B, the prompt in prompt box 321 may be: "you have detected that you use fingerprint authentication login for 10 consecutive days, in order to ensure your account security, you use password authentication login to confirm your identity in this login", this embodiment does not limit the content of the prompt.
After the ok button or the close button in the prompt box 321 is clicked by the user, the electronic device 100 may display a password authentication login interface 400 as shown in fig. 4A.
In other embodiments, as shown in fig. 3C, the electronic device 100 may directly display the password authentication login interface 330 after being powered on again, restarted, and awakened, and the prompt may be displayed in the password authentication login interface 330: the warm prompt: the method has the advantages that the fact that a user uses a fingerprint to verify login for 10 consecutive days is detected, and in order to guarantee the safety of an account, the user can verify login by using a password to confirm the identity of the user. "
4A-4C illustrate display interfaces for password authentication login in some embodiments.
As shown in FIG. 4A, interface 400 is a user password authentication login interface. In the interface 400, an account information control 401 of the user a is displayed, and the account information control 401 may display the name and avatar information of the user. Control 402 is a password entry box that allows a user to enter a password. The control 403 is a next step/login component, and the password verification login module compares the password input by the user with the preset correct password after being clicked. When the user inputs the password, as shown in fig. 4B, the input character is displayed in the control 402, and the input character may not be explicitly shown, and at this time, the user can only see the encrypted display character and the input password number. After password authentication login authentication is passed, the operating system desktop 210 or the interface reserved by the user last time may be displayed. If password authentication is not passed, an interface 410 as shown in FIG. 4C may be displayed. In interface 410, a prompt 404 may be displayed below control 402, and prompt 404 may be used to display to the user: prompting the input password error, the residual input times and the password prompting information. Wherein the remaining number information may indicate that the user has a total of 5 (or more or less positive integers) opportunities to continue entering the password and prompt that the electronic device 100 will lock if the number of times is exhausted. The password prompt message may display information related to the password set by the user, and prompt the user to recall the password. Considering the scenario when the user really forgets the password but is anxious to use the electronic device 100, in some embodiments, the system may be configured such that the electronic device 100 may also have the opportunity to log in for fingerprint authentication if the remaining number of password authentication information is exhausted, and lock the electronic device 100 if fingerprint authentication is not passed again.
It should be noted that the fingerprint verification login in the above embodiment is only an example of biometric verification login, and other biometric verification manners may also be face recognition login, voiceprint verification login, pupil recognition login, and the like.
For example, in some embodiments, the login mode may be set to default to face recognition verification login, and as shown in fig. 5A, the electronic device 100 may display a face recognition login interface 501. The face recognition login interface 501 may display a face recognition verification prompt or prompt icon 502 and a control 503 for switching login modes, where the control 503 may display a prompt such as "click to switch to a password verification login interface". The electronic device 100 may collect a facial image of the user through the camera 504, and perform verification matching with a pre-collected correct facial image of the user. After the face image information is verified, the electronic device 100 may display the system desktop 210 or the interface retained by the user last time. When the user face verification fails, the user can be prompted that the face information is wrong and needs to be verified again.
As shown in fig. 5B, similarly, after the electronic device 100 detects that the user logs in using face recognition authentication more than a certain number of times or a certain time, the password authentication login interface 510 may be directly displayed after being powered on again, restarted, and awakened, and a prompt may be displayed in the password authentication login interface 510: the warm prompt: the method has the advantages that the user is detected to log in by using face recognition for 10 consecutive days, and in order to guarantee the safety of the account, the user can verify the login by using a password so as to confirm the identity of the user. "
Fig. 6 illustrates a hardware architecture applied to the electronic device 100 provided in the present application, which may include: a Central Processing Unit (CPU) 104, an Embedded Controller (EC) 105, a fingerprint sensor 102, a keyboard 122, and the like, wherein the processor 104 may include a fingerprint sensor driver 108, a keyboard driver 123, a system monitoring module 150, a fingerprint verification login module 151, a password verification login module 152, and the like. Wherein,
the EC105 is a single processor. The EC105 and the CPU104 may communicate with each other through a general purpose input/output (GPIO) interface. During the operating system boot process of the electronic device 100, the EC105 controls the timing of most important signals. In the power-off state of the electronic device 100, the EC105 keeps running and waits for a power-on signal from the user. After the electronic device 100 is turned on, the EC105 may serve as a controller for the fingerprint sensor 102, the charging indicator light, and the fan light device, and the EC104 may also control the standby state, the sleep state, and the like of the system. Upon detecting that the user has pressed the power key 101, the EC105 may notify the entire electronic device 100 to power up.
The EC105 is a single processor. The EC105 may be connected to the fingerprint sensor 102, and the EC104 and the fingerprint sensor 102 may communicate via the SPI interface, for example, the EC105 sends a fingerprint acquisition request to the fingerprint sensor 102, and the fingerprint sensor 102 transmits the acquired fingerprint to the EC 105. A firmware program, a fingerprint encryption module, may be loaded within the EC 105. The fingerprint encryption module may be responsible for encrypting the fingerprint from the fingerprint sensor 102. The EC105 may have a memory that may store the encrypted fingerprint to transmit the encrypted fingerprint to the CPU104 in response to a subsequent fingerprint entry instruction, fingerprint verification instruction from the CPU 104.
The EC105 may be coupled to the CPU 104. Communication between the EC105 and the CPU104 may be via a GPIO interface. Such communication may include: EC105 sends an interrupt signal (e.g., notification) to CPU104 via certain pin or pins of the GPIO, and CPU104 sends an interrupt signal (e.g., notification) to EC105 via certain pin or pins. The communication efficiency based on the GPIO interface is high. To enable the transfer of fingerprint information between the EC105 and the CPU104, a software communication interface may be introduced that allows for the communication of fingerprint information between the EC105 and the CPU 104. The software communication interface may be referred to as an S-interface. The S interface may enable communication between the EC105 and the CPU104 based on shared memory. Both the EC105 and the CPU104 may be connected to the shared memory through, but not limited to, an Enhanced SPI (ESPI) interface to write data to or read data from the shared memory through ESPI. The following details will be described with respect to the specific implementation of the S interface, which are not described herein again.
The CPU104 is loaded with a fingerprint sensor driver 108. The CPU104 loaded with the fingerprint sensor driver 108 may communicate with the EC105 through the S interface, e.g., the CPU104 sends a fingerprint entry instruction or a fingerprint verification instruction to the EC105, the EC105 transmits a fingerprint cached in the memory of the EC105 to the CPU 104.
The CPU104 is loaded with a keyboard driver 123. The keyboard driver 123 is used to acquire key values input from the keyboard 122 and transfer the key values to the CPU 104.
Included in CPU104 may be fingerprint authentication login module 151. fingerprint authentication login module 151 may be configured to perform user authentication based on a fingerprint from EC 105. If the fingerprint from the EC105 is consistent with the fingerprint template previously entered and stored in the electronic device 100, the verification is passed; otherwise, the verification fails.
The CPU104 may include a system monitoring module 150, which may include a timer. The system monitoring module 150 may monitor the fingerprint verification login module and the password verification login module, and the timer is used to count a specific event, for example, when the system monitoring module 150 monitors that the number of times that the user verifies and logs in the system through the fingerprint verification login module continuously exceeds N times, or N days, the system monitoring module 150 may take a series of measures to enable the electronic device 100 to enable the password verification login manner, including but not limited to disabling the sensor driver, setting that the BIOS does not report the fingerprint sensor device when powering on next time, notifying the fingerprint verification module to continuously return a result of fingerprint verification failure when verifying next time, disabling the biometric identification service, and calling an interface to preferentially obtain a password verification result when logging in (details will be described in subsequent embodiments), so as to achieve the purpose of reminding the user of recalling the password. When the system monitoring module 150 monitors that the system successfully verifies the event of logging in the operating system through the password verification login module 152, the timer may be reset, the timer is cleared, and the counting of the event of logging in the system successfully through fingerprint verification is restarted.
A password authentication login module 152 may be included in CPU104 and may be used to perform password authentication of the system based on a password entered by the user via keypad 122. If the password input by the user is consistent with the password template which is input in advance and stored in the electronic equipment 100, the verification is passed; otherwise, the verification fails.
When the power key 101 is pressed by the user's finger, the EC104 notifies the fingerprint sensor 102, the CPU104 to power up. The powered fingerprint sensor 102 may collect fingerprint information of the user, which may be transmitted to the EC104 for encryption and caching. After the CPU104 loads and starts the operating system, the fingerprint information from the EC104 is acquired through the S interface, so as to perform verification according to the fingerprint information from the EC104 and correct fingerprint information pre-stored in the system. If the user's identity is verified, a display screen (not shown) may display the system desktop 210 or an interface that was retained before the last screen lock. Thus, the hardware architecture shown in fig. 6 implements one-key completion of booting and authentication, and can support a user to quickly log in an operating system.
In some embodiments, the system monitoring module 150 of the electronic device 100 may display the prompt 311 informing the user that password authentication is required for logging in the system next time when it is monitored that the user logs in the system for authentication through the fingerprint authentication login module continuously for more than N times or N days.
When the electronic device 100 is powered on/restarted/awakened again, i.e., when the power key 101 is pressed again by the user's finger, the EC105 notifies the CPU104 of power-up. CPU104 loads the interface for the user to log in to the system and displays password authentication login interface 400. Or, in other embodiments, the system monitoring module 150 of the electronic device 100 may monitor that the number of times that the user performs authentication login on the system through the fingerprint authentication login module continuously exceeds N times, or N days, when the electronic device 100 is powered on/restarted/awakened again, the CPU104 loads an interface of the user login system, displays the password authentication login interface 330, and displays a prompt 331 to inform the user that the login system needs to use a password for authentication. When the user inputs a password through the keyboard 122, the keyboard driver 123 transmits the acquired key value to the system. The system verifies the password input by the user through the password verification login module, and when the key-in password received by the CPU104 is consistent with the password template which is pre-entered and stored in the electronic equipment 100, the verification is passed, and the display screen (not shown) can display the system desktop 210 or the interface reserved before the screen is locked last time; if the verification fails, a display screen (not shown) may display the interface 410.
Based on the hardware architecture of fig. 6, the present application provides a software architecture applied to the electronic device 100. As shown in fig. 7, the software architecture may include: an operating system 106 running in the CPU104, a fingerprint sensor driver 108 loaded by the operating system 106, a basic input-output system (BIOS) 109, a fingerprint library 111 loaded in the EC 107. Wherein:
the operating system 106 is responsible for managing hardware and software resources. The hardware resources include the CPU104, the memory 110, the video card, the network card, the sound card, the hard disk, and the like. The software resources include various programs, such as various hardware drivers. The operating system 106 is also responsible for abstracting the interface of the hardware driver to form a simple set of software interface for the upper layer application.
Operating system 106 may manage system monitoring module 150. The system monitoring module 150 may respond to the notification of the timer, and disable the related functions of the fingerprint authentication login operating system by the method shown in the embodiment (explained in detail in the following embodiments), so that the operating system calls the related function module of the password authentication login operating system. The system monitoring module 150 may listen for successful login operating system events. When it is monitored that the user has authenticated the login of the operating system using the password, a reset signal is sent to the timer 107, and the timer is reset to zero.
The system monitoring module 150 may include a timer 107. The timer 107 may record the number of days or times that the user has logged in continuously using fingerprint authentication, and when a certain duration or a certain number of times is met, the system monitoring module may disable the biometric acquisition device driver (e.g., fingerprint sensor driver), or set the next time the BIOS is powered on and does not report the biometric acquisition device (e.g., fingerprint sensor), or notify the biometric authentication module to continuously return the result of the biometric authentication failure during the next authentication, or disable the biometric service, or call the interface to preferentially obtain the password authentication result during logging in, so that the user logs in the system through the password authentication method.
Operating system 106 may manage fingerprint verification login module 151. The fingerprint authentication login module 151 may be responsible for receiving the first fingerprint information provided by the fingerprint sensor driver 108 and performing authentication by comparing the first fingerprint information with the fingerprint template. If the verification is successful, the operating system is logged in successfully.
Operating system 106 may manage password authentication login module 152. Password authentication login module 152 is responsible for receiving an input password from a keyboard. Then the identity is verified by comparing with the password template. If the verification is successful, the user can log in the operating system.
The fingerprint sensor driver 108 may be used to initialize the fingerprint sensor 102, providing a hardware resource access interface to the fingerprint sensor 102.
The BIOS109 is integrated in a Read Only Memory (ROM) on a motherboard of the electronic device 100, and mainly stores a basic input/output program, a system information setting program, a power-on self-test program, a system boot bootstrap program, and the like. The BIOS109 may be considered to be a piece of software permanently recorded in ROM as part of the operating system input output management system. BIOS109 may be loaded into memory 110 prior to execution by CPU 104. The memory 110 may be a Random Access Memory (RAM).
BIOS109 may be used primarily to take care of the booting of electronic device 100, the control and driving of critical hardware, and to provide basic level calls for higher level software. The BIOS109 may issue instructions through a specific data port, and send or receive data of various external devices, thereby implementing operations of the software application on the hardware. The BIOS109 may be used to initialize the memory 110 upon power-up of the electronic device 100 and to inform the EC105 and the fingerprint sensor driver 108 of the addresses of the shared memory used for communication between the EC105 and the fingerprint sensor driver 108. The interface between the EC105 and the fingerprint sensor driver 109 that communicates based on shared memory may be referred to as the S-interface.
The fingerprint repository 111 may provide various types of software interfaces such as service interfaces, control interfaces, interrupt service interfaces, read and write interfaces. The service interface may be configured to receive an input-output (IO) instruction issued by the fingerprint sensor driver 108 by the EC105, and send a notification (for example, to notify that a fingerprint is written into the shared memory) to the fingerprint sensor driver 108 by the EC 105; the control interface may be used for the EC105 to send an interrupt signal to the fingerprint sensor driver 108 through the GPIO interface; the interrupt service interface may be used for the EC105 to process an interrupt signal issued by the fingerprint sensor driver 108; the read-write interface may be configured to read, by the EC105, a command (e.g., a fingerprint entry instruction and a fingerprint verification instruction) written by the fingerprint sensor driver 108 from the shared memory in response to an IO instruction sent by the fingerprint sensor driver 108, and may be configured to write, by the EC105, first fingerprint information acquired by the fingerprint sensor 102 into the shared memory in response to the fingerprint entry instruction or the fingerprint verification instruction written by the fingerprint sensor driver 108 into the shared memory.
When the power key 101 is pressed by the user's finger, the EC105 notifies the fingerprint sensor 102, the CPU104 to power up. The powered fingerprint sensor 102 may collect the first fingerprint information, which may be transmitted to the EC105 for encryption and buffering. After the operating system 106 is started, the operating system 106 loads the fingerprint sensor driver 108. The EC105 may receive a specific IO instruction (i.e., the notification a mentioned in the following embodiments) sent by the fingerprint sensor driver 108 through the service interface in the fingerprint repository 111, and in response to the specific IO instruction, the EC105 may read a fingerprint sensor driver command (e.g., a fingerprint entry instruction, a fingerprint verification instruction) written by the fingerprint sensor driver 108 from the shared memory through the read/write interface in the fingerprint repository 111. Then, the EC105 may write the first fingerprint information into the shared memory through the read/write interface in the fingerprint database 111, and send a notification (i.e., the notification B mentioned in the following embodiments) to the fingerprint sensor driver 108 through the service interface in the fingerprint database 111 to notify that the first fingerprint information has been written into the shared memory. Finally, the fingerprint sensor driver 108 reads the first fingerprint information from the shared memory according to the notification. To this end, the fingerprint sensor driver 108 obtains the first fingerprint information collected by the fingerprint sensor 102, and sends the first fingerprint information to the operating system 109, so that the operating system 106 performs user authentication according to the first fingerprint information.
When the power key 101 is pressed by the user's finger, the EC105 notifies the CPU104, and the keyboard 120, to power up. The powered-up keypad 120 may receive password information entered by the user keypad. After the operating system 106 is started, the operating system 106 enables the password authentication login module 152. The password authentication login module 152 may perform user authentication according to the password information.
Fig. 8 shows a functional module architecture in the electronic device 100 provided in the present application. The architecture shown in fig. 8 can be largely divided into two parts: device layer, application, and kernel layer.
1. The device layer may include devices connected to the CPU 104: local storage 113, BIOS109, EC105, fingerprint sensor 102, keyboard 120, and power key 101. Wherein,
the local storage 113 may be used to store fingerprint templates, i.e., fingerprints that a user has previously entered to log into the operating system 106. The local storage 113 may be used to store a Secure Account Manager (SAM). A SAM is a database running in the system that can be used to store user accounts and passwords and security descriptors on the system.
A firmware program, a fingerprint encryption module, may be loaded within the EC 105. The fingerprint encryption module may be responsible for encrypting the fingerprint from the fingerprint sensor 102. The EC105 may have a memory that may store the encrypted fingerprint. The KEY _ a may be pre-set in the BIOS 109. The KEY _ B may be pre-set in the EC 105. The EC105 may encrypt the first fingerprint information collected by the fingerprint sensor 10 using the KEY _ B.
The BIOS109 refers to a ROM into which a BIOS is integrated. The KEY _ a is used by the fingerprint sensor driver 108, and the KEY _ a is carried in a fingerprint entry instruction or a fingerprint verification instruction by the fingerprint sensor driver 108. Then, the EC105 that receives the fingerprint entry instruction or the fingerprint verification instruction verifies the KEY _ a, and if the verification is passed, the encrypted first fingerprint information that is temporarily stored in the EC105 is transmitted to the fingerprint sensor driver 108 through the S interface.
The fingerprint sensor driver 108 may obtain the KEY _ a through an advanced configuration and power management interface-specific method (ACPI DSM) provided by the BIOS 109.
The communication between the fingerprint sensor driver 108 running in the CPU104 and the fingerprint encryption module in the EC105 is a cross-chip communication. In order to ensure the Security of fingerprint transmission, a communication link may be established between the two based on a Transport Layer Security Protocol (TLS).
2. The application and kernel layers may include various software programs running on the CPU 104: a user login Application (APP) 114, a fingerprint management application 115, a fingerprint sensor driver 108, a power management program 121, a system monitoring module 150, a fingerprint verification login module 151, and a password verification login module 152. Wherein:
the user login APP 114 may be responsible for login management for the operating system 106, may prompt the user for a password, and may perform user authentication based on a fingerprint or other form of password entered by the user. For example, if the user authentication results in authentication, the user login APP 114 may display the system desktop as shown in fig. 2C.
The fingerprint management APP115 may be responsible for entering a fingerprint template, i.e., for setting a fingerprint that the user entered in advance to log in to the operating system 106. The fingerprint management APP115 may generally be integrated in a setting application.
The fingerprint sensor driver 108 may be used to initialize the fingerprint sensor 102 and provide an access interface to the operating system 106 for the hardware resources of the fingerprint sensor 102.
The system monitoring module 150 is a system resident service, and can monitor a fingerprint login event, determine that the user successfully uses the fingerprint verification login system according to a system login success event and a fingerprint unlocking success event obtained by fingerprint driving, and use a timer to time.
The system monitoring module 150 may include a timer 107. Timer 107 may be used to record the time or number of times a user logs in using fingerprint authentication continuously. When the continuous timing reaches a certain time or a certain number of times, the system monitoring module 150 may disable the fingerprint sensor driver, or set that the BIOS does not report the fingerprint sensor device when the system is powered on next time, or notify the fingerprint verification module to continuously return a result of fingerprint verification failure when the system is powered on next time, or disable the biometric identification service, or call the interface to preferentially obtain a password verification result when the system is logged on, so that the user logs on the system in a password verification manner. When the system monitoring module 150 monitors that the user successfully logs in the operating system by using the password authentication, the default fingerprint authentication login function can be recovered, and the timer 107 is reset, and the event of logging in the system by using the fingerprint authentication is monitored again.
Fingerprint authentication login module 151 may include: a fingerprint identification service 116, a storage adapter 117, an engine adapter 118, and a fingerprint sensor adapter 119. Wherein,
biometric services (a)
Figure BDA0002754659240000111
Biometric Service, WBS)122 may contain the fingerprinting Service 116, the Biometric Service 122 being an underlying Service for managing Biometric devices. In particular, the biometric service 122, acting as an I/O proxy between an application and a biometric device, may perform all of the capture, processing, and storage operations on the biometric device. Biometric identification may include, but is not limited to, fingerprint identification, face identification, voice print identification, iris identification, and the like.
The fingerprinting service 116 may include various Application Programming Interfaces (APIs) that may be used in building applications involving fingerprinting, as well as service interfaces that allow consistent development and management of the fingerprint sensor 102, allowing efficient development by application developers.
The storage adapter 117 may provide an interface to store or access a fingerprint template, which may be used to store or access the fingerprint template or a user password.
The engine adapter 118 may be responsible for fingerprint security management, running fingerprint processing algorithms. Specifically, the engine adapter 118 may manage or operate the first fingerprint information obtained by the fingerprint sensor driver 108 in an encrypted trusted execution area of memory. The engine adapter 118 may specifically include two modules: fingerprint acquisition 118A and fingerprint verification 118B. The fingerprint acquisition 118A may be used to acquire first fingerprint information from the fingerprint sensor adapter 116. The fingerprint verification 118B may be configured to verify whether the first fingerprint information acquired by the fingerprint acquisition 118A is consistent with the fingerprint template accessed by the storage adapter 117, and if so, pass the user identity verification; otherwise, the user identity authentication is not passed.
The fingerprint sensor adapter 116 may be responsible for setting up the fingerprint sensor 102, reading the first fingerprint information from the fingerprint sensor driver 108.
Password authentication login module 152 may implement password authentication login operating system functionality. The password verification login module 152 includes winlogo process (winlogo. exe), graphical identification and verification (GINA), local security verification 112 (LSA), and the like, wherein:
the winlogo process is a user login related process of the NT kernel operating system in the operating system, and may be used to monitor keyboard and mouse activities to determine when to activate the screen saver, and the main function is to take charge of the user login and logout process.
The GINA is a Dynamic Link Library (DLL) module running in the security context of the winlogo process, and the winlogo process loads the GINA at the early stage of the starting process, provides a function capable of identifying and verifying the identity of a user for the winlogo process, and feeds back the user account and the password to the winlogo process. A DLL is a library that contains code and data that can be used by multiple programs simultaneously. When a program uses the DLL, the advantage of using less resources is provided, and when a plurality of programs use the same function library, the DLL can reduce the repeated amount of codes loaded in a disk and a physical memory. Local security verification 112 is a protected subsystem that authenticates a user and logs it into the system.
The process of password verifying the login operating system of the login module 152 may be: winlogo calls GINA, which displays a login dialog box for the user to enter an account and password. After the user enters the account number and password, GINA sends the information to the LSA112 for verification. The LSA112 will process the user information to generate a key that is compared to keys stored in the SAM database. If the SAM receives the message that the LSA112 is successfully aligned, it sends the Security Identifier (SID) of the user, the SID of the user group to which the user belongs, and some other related information to the LSA 112. The LSA112 creates a security access token based on the received SID information, then sends the handle of the token and login information to winlogo. GINA then activates the user's shell program, which is used to provide the user interface, and winlogo finally switches to the default desktop for display.
Based on the foregoing embodiments, the method for system login provided in the present application will be described in detail below.
In the following method embodiments 1 to 5, the method steps are described by taking the biometric authentication mode of the electronic device 100 as fingerprint authentication as an example. The biometric features may also include fingerprints, face, iris, voice, palm print, gait, pulse, etc.
The electronic device 100 may disable the driving of the biometric acquisition device (e.g., the driving of the fingerprint sensor) after detecting that the event that the user continuously logs in the system through the fingerprint authentication mode satisfies a first duration (e.g., M days, M may be 10, etc.) or a first number of times (e.g., N times, N may be 10, etc.), set a mode that the BIOS does not report the biometric acquisition device (e.g., the fingerprint sensor) when powering on next time, or notify the biometric authentication module to continuously return a result of the biometric authentication failure when authenticating next time, disable the biometric service, or call an interface to preferentially obtain a password authentication result when logging in, and the like. And after the user successfully verifies the password and logs in the system, the electronic device 100 restores the fingerprint verification login function to normal.
It is understood that the electronic device may select any one of the methods described in embodiments 1 to 5 to implement switching the fingerprint authentication login manner to the password authentication login manner, and different methods may be used to trigger the switching of the fingerprint authentication login manner each time on the same electronic device, for example, the method of disabling the fingerprint sensor driving described in embodiment 1 is used to trigger the switching of the login manner for the first time, and the method of disabling the biometric identification service described in embodiment 5 is used to trigger the switching of the login manner for the second time, which is not limited in this application.
It is understood that, without being limited to the fingerprint verification method illustrated in embodiments 1 to 5, the biometric verification method of the electronic device 100 may also be other types, such as face recognition verification, voiceprint recognition verification, iris recognition verification, and the like, and the present application does not limit this to any way, and the purpose set forth in this embodiment can be achieved.
For example, in an embodiment in which the biometric authentication mode is face recognition authentication, the device that acquires the face image may be a camera of the electronic device 100, and the face recognition authentication module of the electronic device 100 may perform feature comparison on the face image acquired from the camera with a previously pre-stored correct face image template, and if the authentication is passed, the user successfully logs in the system in the face recognition authentication mode. When the system detects that the user uses the face recognition verification mode to continuously log in the system for a certain time or a certain number of times, the system can use the modes of forbidding the drive of the camera, setting that the BIOS does not report the image acquisition equipment (such as the camera) when the electronic equipment 100 is powered on next time, informing the face recognition verification module to continuously return the result of face recognition verification failure when the electronic equipment is verified next time, forbidding the biological recognition service, calling an interface to preferentially obtain a password verification result when logging in the system next time, and the like, so that the user can log in the system through the password verification mode when logging in the system next time. And after the user successfully verifies the password and logs in the system, the electronic device 100 can restore the face recognition verification login function to normal. Similarly, the method steps of the biometric authentication may refer to the method flows described in embodiments 1 to 5, and this application is not described in detail herein.
Example 1
In embodiment 1, the electronic device 100 includes a power key (including a fingerprint sensor), a keyboard, and a processor, where the processor includes functional modules such as a fingerprint sensor driver, a keyboard driver, a user login module, a fingerprint verification module, a password verification module, and a system monitoring module.
The electronic device 100 may disable the sensor driver when the system monitoring module detects that an event that the user continuously logs in the system through the fingerprint authentication mode satisfies a first parameter (for example, M days or N times, M, N may be a positive integer), and switch to logging in the system through the password authentication mode when the user logs in the system next time. After the user successfully verifies the password and logs in the system, the electronic device 100 may restore the fingerprint verification login function to normal, and the system monitoring module re-counts the event that the user successfully logs in the system through fingerprint verification.
As shown in fig. 9, the method steps can be divided into three stages, stage 1: fingerprint authentication login (steps S101-S112), stage 2: password authentication login (steps S113-S124), stage 3: fingerprint authentication login is resumed again (steps S125-S128). Specifically, the method comprises the following steps:
stage 1: fingerprint authentication login (steps S101-S112)
S101, the electronic device 100 detects that the power key is pressed by the first user.
Specifically, the EC (not shown) of the electronic device 100 may be responsible for detecting whether the power key is pressed.
S102, the electronic device 100 is powered on.
The EC is responsible for managing the running state of the notebook computer. EC determines that electronic device 100 is in the off state before the user's finger presses the power key. After the power key is pressed, the electronic device 100 starts to power up. Specifically, the EC in the electronic device 100 may power up each hardware device (e.g., a fingerprint sensor, a BIOS, a CPU, a display screen, a keyboard, etc.) according to a power sequence. In the power-off state, the EC also keeps running and waits for a power-on signal (e.g., a high-level pulse signal generated by pressing a power key).
When controlling each hardware device to be powered on, the EC initializes, that is, sets the pin states of hardware devices such as a memory and a chip necessary for operating an operating system, so as to initialize the internal environment. For example, the EC sends a fingerprint sensor configuration to the fingerprint sensor, enabling the fingerprint sensor. The fingerprint sensor configuration may be a parameter such as a size of the fingerprint image, a resolution of the fingerprint image, etc.
After the EC initializes the internal hardware equipment, the BIOS performs self-test and program initialization of the hardware equipment.
S103, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
After the electronic device 100 is powered on and started, the operating system is operated, and other drivers such as a fingerprint sensor driver, a keyboard driver and the like are loaded.
And S104, the system monitoring module informs the user login module to display a first user interface, wherein the first user interface is a fingerprint verification login interface.
The system monitoring module detects that the electronic device 100 is operating normally and notifies the user login module to display the first user interface. The first user interface may be a fingerprint verification login interface as shown in fig. 2B.
Alternatively, when the electronic device 100 has the function of "one-touch login" in the foregoing embodiment, the step S104 may not be executed, that is, the fingerprint authentication login interface does not need to be displayed.
S105, the fingerprint sensor collects first fingerprint information of the first user.
The biosensor is used to capture biometric information, and the information captured by the biosensor can be used as a biometric sample. A single sample contains a single biometric data representative of a single individual. The system may average multiple samples for creating a biometric template and securely store the template. When the system receives a sample from an unknown user, it compares it to the stored templates, thereby verifying the user's identity.
The first user may be a user of the electronic device 100, and a first user account is established in the electronic device 100. For account security, the first user may preset information such as a password template, a fingerprint template, a face template, and the like in advance, and perform user identity authentication when logging in the system.
In some embodiments, when a user's finger presses a power button, a fingerprint sensor integrated with the power button may detect the user's finger touch and may capture the user's fingerprint. In particular, the data representation of the user's fingerprint may be a fingerprint image. The data corresponding to the user fingerprint image may be referred to as first fingerprint information.
And S106, the fingerprint sensor driver acquires first fingerprint information from the fingerprint sensor.
Specifically, after the fingerprint sensor collects the first fingerprint information, the fingerprint sensor may notify the EC to acquire the first fingerprint information. In response to the notification by the fingerprint sensor, the EC may send a request to the fingerprint sensor to request acquisition of the first fingerprint information. The fingerprint sensor then returns the first fingerprint information collected by the fingerprint sensor to the EC.
And the EC and the fingerprint sensor are communicated through an SPI interface. For example, the EC sends a request to the fingerprint sensor based on the SPI interface and also reads the first fingerprint information in the fingerprint sensor based on the SPI interface. The communication between the EC and the fingerprint sensor may be performed a plurality of times to obtain the complete first fingerprint information. Because the amount of data that can be interacted with in one communication based on the SPI interface is limited, it is generally not possible to transmit a complete fingerprint image in one interaction. The complete fingerprint image is the fingerprint image actually acquired by the fingerprint sensor.
The EC will store in a memory internal to the EC each time the first fingerprint information is read from the fingerprint sensor. A firmware program, a fingerprint encryption module, may be loaded within the EC. The EC may encrypt the user fingerprint stored therein through a fingerprint encryption module.
After the BIOS performs memory initialization, the BIOS may notify the EC of the shared memory address. The BIOS may also notify the fingerprint sensor driver running in the CPU of the shared memory address. The shared memory can be used for data communication between a fingerprint encryption module loaded in the EC and a fingerprint sensor driver running in the CPU.
The fingerprint sensor driver receives a fingerprint authentication request from the operating system. The following objectives exist for the operating system to obtain a user's fingerprint: 1. inputting a fingerprint template; 2. and carrying out user identity authentication. The present embodiment relates to the 2 nd object.
The fingerprint authentication request may specifically come from a user login APP running on the operating system. In response to a fingerprint verification request from the operating system, the fingerprint sensor driver writes a fingerprint verification instruction into the shared memory to notify the EC to write the user fingerprint acquired by the fingerprint sensor into the shared memory. The fingerprint authentication instruction may be a particular command in a set of drive commands driven by the fingerprint sensor.
The fingerprint sensor driver sends a notification (specific IO instruction) to the EC to trigger the EC to read the fingerprint verification instruction written by the fingerprint sensor driver from the shared memory. Specifically, the fingerprint sensor driver may send an a notification to the EC through the GPIO interface. The A notice is transmitted based on the GPIO interface, so that the transmission efficiency of the A notice can be improved, and further the fingerprint interaction efficiency between the EC and the CPU is improved. In response to the notification a, the EC may read the fingerprint verification command written by the fingerprint sensor driver from the shared memory through the S interface (specifically, the read interface). In response to the fingerprint verification instruction, the EC may write the encrypted user fingerprint into the shared memory through the S interface (specifically, the write interface). After writing the user fingerprint into the shared memory, the EC may send a B notification (a specific IO instruction) to the fingerprint sensor driver to notify the fingerprint sensor driver that the user fingerprint has been written into the shared memory. Specifically, the EC may send a B notification to the fingerprint sensor driver through the GPIO interface. The B notification is transmitted based on the GPIO interface, so that the transmission efficiency of the B notification can be improved, and the fingerprint interaction efficiency between the EC and the CPU is further improved. The fingerprint sensor driver can read the fingerprint of the user from the shared memory according to the notice B.
Therefore, the fingerprint sensor driver obtains the user fingerprint acquired by the fingerprint sensor, and the user fingerprint can be sent to the operating system, so that the operating system can be supported to carry out user identity verification according to the user fingerprint.
And S107, the fingerprint verification module acquires first fingerprint information from the fingerprint sensor drive.
And S108, the fingerprint verification module verifies the first fingerprint information, and if the verification is successful, the step S109 is executed.
The fingerprint verification login module can perform user identity verification according to the first fingerprint information. Firstly, the fingerprint verification login module can take out the encrypted fingerprint template from the local storage, and the fingerprint template is compared with the first fingerprint information encrypted in the same way. If the comparison result is judged to be the same, the fingerprint verification is successful, and the user can log in the operating system; otherwise, the fingerprint authentication fails. When the fingerprint authentication fails, the user can be prompted to authenticate the fingerprint again or switch to a password authentication login interface. If the password is successfully verified and logged in, the timer in the system monitoring module is cleared, and the fingerprint verification login event is counted again. If the password authentication fails, the electronic device 100 may display an interface as shown in FIG. 4C. Such as prompting for password error information, remaining input times information, and password prompt information. Wherein the remaining number information may indicate that the user has 5 (or more or less positive integers) chances to continue entering the password and the reminder to use up the electronic device 100 will lock. The password prompt message displays the information related to the password set by the user, and prompts the user to recall the set password. When the remaining number information is used up, the electronic device 100 may have a chance to log in with fingerprint verification once after the electronic device is restarted, and if the fingerprint verification does not pass through the electronic device, the electronic device 100 may be locked.
S109, the user login module acquires the message that the fingerprint verification is successful, the first user can successfully log in the system, the electronic device 100 displays a third user interface, and the third user interface is a system desktop or an interface reserved in the last screen locking process.
And when the user login module receives the message of successful fingerprint verification, the user login module performs login operation, and the first user successfully logs in the operating system. At this time, the electronic device 100 displays the third user interface. The third user interface may be the interface shown in fig. 2B or a display interface of the electronic device 100 before the user locks the screen.
S110, the system monitoring module acquires an event that the first user successfully logs in the system through fingerprint verification.
The system monitoring module can monitor the user login module and acquire an event of the user logging in the system. And a timer is arranged in the system monitoring module, and when an event that the first user successfully logs in the system through fingerprint verification is acquired, the count of the timer is increased by one.
S111, the timer of the system monitoring module monitors that an event that the first user successfully logs in the system through fingerprint verification has satisfied a first parameter (e.g., M days or N times).
And the timer of the system monitoring module keeps timing. When it is detected that the number of times of the event that the first user successfully logs in the system through fingerprint authentication reaches N times (for example, 10 times) or when the event that the first user successfully logs in the system through fingerprint authentication continuously occurs for M days (for example, 10 days), the electronic device 100 may execute step S112 to switch the next login manner to a password authentication login manner. M, N herein may be any positive integer, and the present application is not intended to be limiting. In some embodiments, the electronic device 100 may display an interface 310 as shown in fig. 3A, where the interface 310 includes a prompt box 311 for prompting the user to log in to the operating system next time through password authentication.
And S112, the system monitoring module sets the fingerprint sensor drive to be forbidden.
The system monitoring module may set to disable the fingerprint sensor driver when it is monitored that the user next triggers shutdown/hibernation/sleep/lock screen, for example, the system monitoring module may send a first notification to the device manager. The device manager then disables the fingerprint sensor driver in response to the first notification.
And (2) stage: password authentication login (step S113-S124)
S113, the electronic device 100 detects again that the power key is pressed by the first user.
Specifically, refer to step S101, which is not described herein again.
S114, the electronic device 100 is powered on.
Specifically, refer to step S102, which is not described herein again.
S115, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
Specifically, refer to step S103, which is not described herein again.
And S116, the system monitoring module informs the user login module to display a second user interface, wherein the second user interface is a password verification login interface.
Since the operating system sets the fingerprint sensor driver to be disabled in step S112, the fingerprint sensor driver cannot be normally loaded. Because the fingerprint sensor drive fails to load, the user cannot normally use the fingerprint verification function to log in the system. The system monitoring module informs the user login module to display a second user interface. The second user interface is a password authentication login interface, which can refer to the interfaces shown in fig. 4A and fig. 3C. The password login interface comprises a password input area, and the password input area can also comprise a password input box and/or a graphic input area. For another example, before the electronic device 100 displays the password authentication login interface shown in fig. 4A, an interface shown in fig. 3B may be displayed, and the interface may prompt the user that the login authentication mode is password authentication.
S117, the first user inputs the first password through the keypad.
Not limited to the keyboard, the password collecting device used by the user to input the password may also be a touch pad, a touch screen, or the like. The password may include, but is not limited to, a text password, a pattern password, a number password, combinations thereof, and the like.
And S118, the keyboard driver acquires the first password.
The keyboard driver may obtain a first password sent from the keyboard. The first password is a string of character strings, including but not limited to numbers, english characters, punctuation marks and the like, which are typed by the first user through the keyboard for logging in the operating system at this time.
And S119, the password verification module acquires the first password from the keyboard driver.
The keyboard driver may send a first password to the password authentication module. The password verification module can take out the encrypted password template stored locally and compare the encrypted password template with a first password input by a first user. If the result is consistent, the verification is passed, and the user successfully logs in the operating system; otherwise, the verification fails. When the first password authentication fails, the electronic device 100 may display an interface as shown in fig. 4C, prompting the user to input again.
S120, the password verification module verifies the first password, and if the verification is successful, the step S121 is executed.
And S121, the user login module acquires the message that the password verification is successful, the first user can successfully log in the system, the electronic device 100 displays a fourth user interface, and the fourth user interface is a system desktop or an interface reserved in the last screen locking process.
And when the user login module receives the message of successful password verification, the user login module performs login operation, and the first user successfully logs in the operating system. At this time, the electronic apparatus 100 displays the fourth user interface. The fourth user interface may be the interface shown in fig. 2B or a display interface of the electronic device 100 before the user locks the screen.
And S122, the system monitoring module acquires an event that the first user successfully logs in the system through password verification.
The system monitoring module can monitor the user login module and acquire an event of the user logging in the system.
And S123, the system monitoring module counts events of the first user logging in the system successfully through fingerprint verification again.
After the event that the password is successfully verified to log in the system is obtained, the system monitoring module resets a timer, the timer counts the time and returns to zero, and counting of the event that the system is successfully logged in through fingerprint verification is restarted.
S124, the system monitoring module enables the fingerprint sensor driver.
The system monitoring module enables the fingerprint sensor to drive, and the fingerprint sensor drives are loaded successfully. Such as by a device manager setting to re-enable the fingerprint sensor driver. When logging in the system next time, the login verification mode can be recovered to the fingerprint verification login mode, and the user can use the fingerprint to perform verification login.
And (3) stage: fingerprint authentication login is resumed again (step S125-S127)
S125, the electronic device 100 detects again that the power key is pressed by the first user.
Specifically, refer to step S101, which is not described herein again.
S126, the electronic device 100 is powered on.
Specifically, refer to step S102, which is not described herein again.
S127, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
Since the system monitoring module enables the fingerprint sensor driver in step S124, the fingerprint sensor driver can be normally loaded when the electronic device 100 is powered on/restarted/awakened this time, and the fingerprint verification login function is recovered to normal.
Example 2
In embodiment 2, the electronic device 100 may include a power key (including a fingerprint sensor), a keyboard, a processor, a BIOS, and the like, where the processor includes functional modules such as a fingerprint sensor driver, a keyboard driver, a user login module, a fingerprint verification module, a password verification module, and a system monitoring module.
The electronic device 100 may notify the BIOS that the fingerprint collection device, such as a fingerprint sensor, is not reported when the electronic device is turned on/restarted next time when the system monitoring module detects that an event that the user continuously logs in the system through a fingerprint verification mode satisfies a first parameter (for example, M days or N times, M, N may be a positive integer). Then, when the electronic device is turned on/restarted next time, the BIOS may set an enable flag driven by a fingerprint sensor in an advanced configuration and power management interface (ACPI) table (table) to disable. In this way, the device manager of the system cannot detect a fingerprint sensor device that is operating normally, and therefore a user can only log in to the system by means of password authentication. After the user successfully verifies the password and logs in the system, the BIOS sets the enable flag driven by the fingerprint sensor in the ACPI Table to enable, the device manager of the system scans the hardware device again, the fingerprint sensor device is detected to work normally, namely the fingerprint verification login function is recovered to be normal, and the system monitoring module counts events of the user successfully logging in the system through fingerprint verification again.
As shown in fig. 10, the method steps can be divided into three stages, stage 1: fingerprint authentication login (steps S201-S213), stage 2: password authentication login (steps S214-S228), stage 3: fingerprint authentication login is resumed again (steps S229 to S232). Specifically, the method comprises the following steps:
stage 1: fingerprint authentication login (step S201-S213)
S201, the electronic device 100 detects that the power key is pressed by the first user.
Specifically, the EC (not shown) of the electronic device 100 may be responsible for detecting whether the power key is pressed.
S202, the electronic device 100 is powered on.
The EC is responsible for managing the running state of the notebook computer. EC determines that electronic device 100 is in the off state before the user's finger presses the power key. After the power key is pressed, the electronic device 100 starts to power up. Specifically, the EC in the electronic device 100 may power up each hardware device (e.g., a fingerprint sensor, a BIOS, a CPU, a display screen, a keyboard, etc.) according to a power sequence. In the power-off state, the EC also keeps running and waits for a power-on signal (e.g., a high-level pulse signal generated by pressing a power key).
When controlling each hardware device to be powered on, the EC initializes, that is, sets the pin states of hardware devices such as a memory and a chip necessary for operating an operating system, so as to initialize the internal environment. For example, the EC sends a fingerprint sensor configuration to the fingerprint sensor, enabling the fingerprint sensor. The fingerprint sensor configuration may be a parameter such as a size of the fingerprint image, a resolution of the fingerprint image, etc.
After the EC initializes the internal hardware equipment, the BIOS performs self-test and program initialization of the hardware equipment.
S203, the BIOS performs hardware equipment self-test and program initialization.
The BIOS is responsible for a plurality of functions such as system boot, compatibility between components, and program management. After the power switch is pressed to start the host, the BIOS starts to take over all self-test operations of the motherboard start, and the system first checks each internal device by a Power On Self Test (POST) program. A typical complete POST self test would include testing the CPU, basic memory, 1MB or more expansion memory, ROM, motherboard, Complementary Metal Oxide Semiconductor (CMOS) memory, serial-parallel ports, display card, hard-and-soft disk system, and keyboard, and once a problem is found in the self test, the system would give a prompt or whistling warning. Then BIOS searches floppy drive, Integrated Drive Electronics (IDE) device and their starting sequence according to the starting sequence stored in the system CMOS setting, reads in the operating system guide record, finally gives the system control right to the guide record, and finally completely transits to the operating state of the operating system. Besides the basic start-up function, the BIOS also functions as hardware interrupt handling, system design management, program requests, and the like. The management of peripheral equipment such as hard disk, optical drive, keyboard and display by operating system is directly based on BIOS system interrupt service program, and it is a programmable interface between software and hardware in PC system. When the computer is started, the BIOS assigns an interrupt number to hardware devices such as a CPU. When the operation command using some hardware is executed, it will use the corresponding hardware to complete the command work according to the interrupt number, and finally jump it back to the original state according to the interrupt number. Similarly, the BIOS may also send and receive instructions through a specific data port to implement operations of the software application on the hardware. The system management function of the BIOS is BIOS setting. The BIOS program will call the records stored in the CMOS RAM and the user can see the system basic conditions including CPU frequency, IDE drive, ACPI power management and password settings etc. through the display.
S204, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
After the electronic device 100 is powered on and started, the operating system is operated, and other drivers such as a fingerprint sensor driver, a keyboard driver and the like are loaded.
S205, the system monitoring module informs the user login module to display a first user interface, wherein the first user interface is a fingerprint verification login interface.
The system monitoring module detects that the electronic device 100 is operating normally and notifies the user login module to display the first user interface. The first user interface may be a fingerprint verification login interface as shown in fig. 2B.
Alternatively, when the electronic device 100 has the function of "one-touch login" in the foregoing embodiment, step S205 may not be executed, that is, the fingerprint authentication login interface does not need to be displayed.
S206, the fingerprint sensor collects first fingerprint information of the first user.
The biosensor is used to capture biometric information, and the information captured by the biosensor can be used as a biometric sample. A single sample contains a single biometric data representative of a single individual. The system may average multiple samples for creating a biometric template and securely store the template. When the system receives a sample from an unknown user, it compares it to the stored templates, thereby verifying the user's identity.
The first user may be a user of the electronic device 100, and a first user account is established in the electronic device 100. In order to ensure account security, the first user can preset information such as a password template, a fingerprint template, a face template and the like in advance, and the user identity authentication is carried out when the first user logs in the system.
In some embodiments, when a user's finger presses the power button, a fingerprint sensor integrated with the power button may detect the user's finger touch and may capture the user's fingerprint. In particular, the data representation of the user's fingerprint may be a fingerprint image. The data corresponding to the user fingerprint image may be referred to as first fingerprint information.
And S207, the fingerprint sensor driver acquires first fingerprint information from the fingerprint sensor.
Specifically, after the fingerprint sensor collects the first fingerprint information, the fingerprint sensor may notify the EC to acquire the first fingerprint information. In response to the notification by the fingerprint sensor, the EC may send a request to the fingerprint sensor to request acquisition of the first fingerprint information. The fingerprint sensor then returns the first fingerprint information collected by the fingerprint sensor to the EC. And the EC and the fingerprint sensor are communicated through an SPI interface. For example, the EC sends a request to the fingerprint sensor based on the SPI interface, and also reads the first fingerprint information in the fingerprint sensor based on the SPI interface. The communication between the EC and the fingerprint sensor may be performed a plurality of times to obtain the complete first fingerprint information. Because the amount of data that can be interacted with in one communication based on the SPI interface is limited, it is generally not possible to transmit a complete fingerprint image in one interaction. The complete fingerprint image is the fingerprint image actually acquired by the fingerprint sensor. The EC will store in a memory internal to the EC each time the first fingerprint information is read from the fingerprint sensor. A firmware program, a fingerprint encryption module, may be loaded within the EC. The EC may encrypt the user fingerprint stored therein through a fingerprint encryption module.
After the BIOS performs memory initialization, the BIOS may notify the EC of the shared memory address. The BIOS may also notify the fingerprint sensor driver running in the CPU of the shared memory address. The shared memory can be used for data communication between a fingerprint encryption module loaded in the EC and a fingerprint sensor driver running in the CPU.
The fingerprint sensor driver receives a fingerprint authentication request from the operating system. The following objectives exist for the operating system to obtain a user's fingerprint: 1. inputting a fingerprint template; 2. and carrying out user identity authentication. The present embodiment relates to the 2 nd object. The fingerprint authentication request may specifically come from a user login APP running on the operating system. In response to a fingerprint verification request from the operating system, the fingerprint sensor driver writes a fingerprint verification instruction into the shared memory to notify the EC to write the user fingerprint acquired by the fingerprint sensor into the shared memory. The fingerprint authentication instruction may be a particular command in a set of drive commands driven by the fingerprint sensor. The fingerprint sensor driver sends an A notification (specific IO instruction) to the EC to trigger the EC to read the fingerprint verification instruction written by the fingerprint sensor driver from the shared memory. Specifically, the fingerprint sensor driver may send an a notification to the EC through the GPIO interface. The A notification is transmitted based on the GPIO interface, so that the transmission efficiency of the A notification can be improved, and the fingerprint interaction efficiency between the EC and the CPU is further improved. In response to the notification a, the EC may read the fingerprint verification command written by the fingerprint sensor driver from the shared memory through the S interface (specifically, the read interface). In response to the fingerprint verification instruction, the EC may write the encrypted user fingerprint into the shared memory through the S interface (specifically, the write interface). After writing the user fingerprint into the shared memory, the EC may send a B notification (a specific IO instruction) to the fingerprint sensor driver to notify the fingerprint sensor driver that the user fingerprint has been written into the shared memory. Specifically, the EC may send a B notification to the fingerprint sensor driver through the GPIO interface. The B notification is transmitted based on the GPIO interface, so that the transmission efficiency of the B notification can be improved, and the fingerprint interaction efficiency between the EC and the CPU is further improved. The fingerprint sensor driver can read the fingerprint of the user from the shared memory according to the notice B.
Therefore, the fingerprint sensor driver obtains the user fingerprint acquired by the fingerprint sensor, and the user fingerprint can be sent to the operating system, so that the operating system can be supported to carry out user identity verification according to the user fingerprint.
S208, the fingerprint verification module acquires first fingerprint information from the fingerprint sensor driver.
S209, the fingerprint verification module verifies the first fingerprint information, and if the verification is successful, step S109 is executed.
The fingerprint verification login module can perform user identity verification according to the first fingerprint information. Firstly, the fingerprint verification login module can take out the encrypted fingerprint template from the local storage, and the fingerprint template is compared with the first fingerprint information encrypted in the same way. If the comparison result is judged to be the same, the fingerprint verification is successful, and the user can log in the operating system; otherwise the fingerprint authentication fails. When the fingerprint authentication fails, the user can be prompted to authenticate the fingerprint again or switch to a password authentication login interface. If the password is successfully verified and logged in, the timer in the system monitoring module is cleared, and the fingerprint verification login event is counted again. If the password authentication fails, the electronic device 100 may display an interface as shown in FIG. 4C. Such as prompting for password error information, remaining input times information, and password prompt information. Wherein the remaining number information may indicate that the user has 5 (or more or less positive integers) chances to continue entering the password and the reminder to use up the electronic device 100 will lock. The password prompt message displays the information related to the password set by the user, and prompts the user to recall the set password. Or when the remaining number of times information is used up, the user may have a chance to log in with fingerprint verification once after restarting, and if the remaining number of times information is not used up, the electronic device 100 may be locked.
S210, the user login module acquires a message that the fingerprint verification is successful, the first user can successfully log in the system, the electronic device 100 displays a third user interface, and the third user interface is a system desktop or an interface reserved in the last screen locking process.
And when the user login module receives the message of successful fingerprint verification, the user login module performs login operation, and the first user successfully logs in the operating system. At this time, the electronic device 100 displays the third user interface. The third user interface may be the interface shown in fig. 2B or a display interface of the electronic device 100 before the user locks the screen.
S211, the system monitoring module acquires an event that the first user successfully logs in the system through fingerprint verification.
The system monitoring module can monitor the user login module and acquire an event of the user logging in the system. And a timer is arranged in the system monitoring module, and when an event that the first user successfully logs in the system through fingerprint verification is acquired, the count of the timer is increased by one.
S212, the system monitoring module monitors that an event that the first user successfully logs in the system through fingerprint verification has satisfied a first parameter (e.g., M days or N times).
And the timer of the system monitoring module keeps timing. When it is detected that the number of times of the event that the first user successfully logs in the system through fingerprint authentication reaches N times (for example, 10 times) or when the event that the first user successfully logs in the system through fingerprint authentication continuously occurs for M days (for example, 10 days), the electronic device 100 may execute step S213 to switch the next login manner to a password authentication login manner. M, N herein may be any positive integer, and the present application is not intended to be limiting. In some embodiments, the electronic device 100 may display an interface 310 as shown in fig. 3A, where the interface 310 includes a prompt box 311 for prompting the user to log in to the operating system next time through password authentication.
S213, the system monitoring module notifies the BIOS that the fingerprint sensor device is not reported when the electronic device is powered on/restarted next time.
In some embodiments, the system monitoring module may send a second notification to the BIOS, the second notification notifying the BIOS that the biometric acquisition device is not to be reported when the system is next started. In response to the second notification, the BIOS sets an enable flag of the drive of the biometric acquisition device in the ACPI Table to disable.
And (2) stage: password authentication login (step S214-S228)
S214, the electronic device 100 detects again that the power key is pressed by the first user.
Specifically, refer to step S101.
S215, the electronic device 100 is powered on.
Specifically, refer to step S102.
S216, the BIOS performs hardware device self-checking and program initialization, and the BIOS sets an enable flag driven by a fingerprint sensor in the ACPI Table to disable.
In step S213, the system monitoring module notifies the BIOS that the fingerprint device is not reported when the electronic device is powered on/restarted next time, so that the BIOS may set the enable flag of the fingerprint sensor driver in the ACPI Table to disable when the electronic device 100 is powered on to start the BIOS this time.
ACPI may report hardware information to the operating system, which may control the hardware through ACPI. ACPI can be said to be a standard interface protocol between the operating system and the hardware/firmware. ACPI may describe the properties and methods of system hardware via an ACPI Source Language (ASL), which is eventually compiled into bytecode (bytecode) of the ACPI Machine Language (AML). The method for controlling hardware by ACPI is essentially the software described by ASL/AML for querying and configuring hardware, and the ACPI driver is responsible for interpreting and executing.
The ACPI Table is hardware configuration data provided by the BIOS to the operating system, including power management and configuration management of system hardware. ACPI may describe the current state of a device, for example, it may tell the operating system whether a device (device) is present, and the device state may be the three cases: enabled, disabled, or removed.
S217, the fingerprint sensor driver cannot be loaded normally, the equipment manager of the system detects that the fingerprint sensor cannot work normally, and other devices such as the keyboard driver are loaded normally.
In step S216, the BIOS sets the enable flag of the fingerprint sensor driver in the ACPI Table to disable, so that the fingerprint sensor driver cannot be loaded normally, and the device manager of the system detects that the fingerprint sensor device cannot work normally due to a failure in loading the fingerprint sensor driver.
S218, the system monitoring module informs the user login module to display a second user interface, wherein the second user interface is a password verification login interface.
Since the device manager of the system in step S217 detects that the fingerprint sensor device cannot operate normally, the user cannot use the fingerprint authentication login method. The system monitoring module informs the user login module to display a second user interface. The second user interface is a password authentication login interface, which can refer to the interfaces shown in fig. 4A and fig. 3C. For another example, before the electronic device 100 displays the password authentication login interface shown in fig. 4A, an interface shown in fig. 3B may be displayed, and the interface may prompt the user that the login authentication mode is password authentication.
S219, the first user inputs the first password through the keypad.
Not limited to the keyboard, the password collecting device used by the user to input the password may also be a touch pad, a touch screen, or the like. The password may include, but is not limited to, a text password, a pattern password, a number password, combinations thereof, and the like.
And S220, the keyboard driver acquires the first password.
The keyboard driver may obtain a first password sent from the keyboard. The first password is a string of characters, including but not limited to numbers, english characters, punctuation marks, etc., typed by the first user through the keyboard for logging in the operating system this time.
S221, the password verification module acquires a first password from the keyboard driver.
The keyboard driver may send a first password to the password authentication module. The password verification module can take out the encrypted password template stored locally and compare the encrypted password template with a first password input by a first user. If the result is consistent, the verification is passed, and the user successfully logs in the operating system; otherwise, the verification fails. When the first password authentication fails, the electronic device 100 may display an interface as shown in fig. 4C, prompting the user to input again.
S222, the password verification module verifies the first password, and if the verification is successful, the step S223 is executed.
S223, the user login module obtains the message that the password verification is successful, the first user may successfully log in the system, and the electronic device 100 displays a fourth user interface, where the fourth user interface is a system desktop or an interface reserved when the screen is locked last time.
And when the user login module receives the message of successful password verification, the user login module performs login operation, and the first user successfully logs in the operating system. At this time, the electronic apparatus 100 displays the fourth user interface. The fourth user interface may be the interface shown in fig. 2B or a display interface of the electronic device 100 before the user locks the screen.
S224, the system monitoring module acquires an event that the first user successfully logs in the system through password verification.
The system monitoring module can monitor the user login module and acquire an event of the user logging in the system.
S225, the system monitoring module counts events of the first user successfully logging in the system through fingerprint verification again.
After the event that the password is successfully verified to log in the system is obtained, the system monitoring module resets a timer, the timer counts the time and returns to zero, and counting of the event that the system is successfully logged in through fingerprint verification is restarted.
S226, the system monitoring module informs the BIOS to recover reporting the fingerprint sensor device.
The system monitoring module can notify the BIOS to resume reporting the fingerprint sensor device through a Q _ EVENT (responsible for EVENT distribution).
S227, the BIOS sets the enable flag of the fingerprint sensor drive in the ACPI Table to enable.
In response to the notification of step S226, the BIOS may set the enable flag of the fingerprint sensor driver in the ACPI Table to enable.
And S228, the fingerprint sensor driver is successfully reloaded, the equipment manager of the system scans again, and the normal work of the fingerprint sensor equipment is detected.
When logging in the system next time, the login verification mode can be recovered to the fingerprint verification login mode, and the user can use the fingerprint to perform verification login.
And (3) stage: fingerprint authentication login is resumed again (step S229-S232)
S229, the electronic apparatus 100 again detects that the power key is pressed by the first user.
Specifically, refer to step S101.
S230, the electronic device 100 is powered on.
Specifically, refer to step S102.
And S231, carrying out hardware equipment self-checking and program initialization by the BIOS.
Specifically, refer to step S203.
S232, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
In step S227, the BIOS sets the enable flag of the fingerprint sensor driver in the ACPI Table to enable again, so that when the electronic device 100 is powered on/restarted again, the system can normally load the fingerprint sensor driver, the fingerprint sensor device normally operates, and the fingerprint verification login function returns to normal.
Example 3
In embodiment 1, the electronic device 100 includes a power key (including a fingerprint sensor), a keyboard, a processor, and the like, where the processor includes functional modules such as a fingerprint sensor driver, a keyboard driver, a user login module, a fingerprint verification module, a password verification module, and a system monitoring module.
The electronic device 100 may notify the fingerprint verification module to continuously return a result of failure of fingerprint verification when the system monitoring module detects that an event that the user continuously logs in the system through the fingerprint verification mode satisfies a first parameter (for example, M days or N times, M, N may be a positive integer). Therefore, when the user logs in the system next time, the system can be switched to password authentication login when the system receives the result of continuous failure of fingerprint authentication. After the user successfully verifies the password and logs in the system, the electronic device 100 may notify the fingerprint verification module to recover to normal, and the system monitoring module may count again the event that the user successfully logs in the system through fingerprint verification.
As shown in fig. 11, the method steps can be divided into three stages, stage 1: fingerprint authentication login (steps S301-S312), phase 2: password authentication login (steps S313-S329), stage 3: fingerprint authentication login is resumed again (steps S330-S337). Specifically, the method comprises the following steps:
stage 1: fingerprint authentication login (steps S301-S312)
S301, the electronic device 100 detects that the power key is pressed by the first user.
Specifically, the EC (not shown) of the electronic device 100 may be responsible for detecting whether the power key is pressed.
S302, the electronic device 100 is powered on.
The EC is responsible for managing the running state of the notebook computer. EC determines that electronic device 100 is in the off state before the user's finger presses the power key. After the power key is pressed, the electronic device 100 starts to power up. Specifically, the EC in the electronic device 100 may power up each hardware device (e.g., a fingerprint sensor, a BIOS, a CPU, a display screen, a keyboard, etc.) according to a power sequence. In the power-off state, the EC is also kept running and waits for a power-on signal (e.g., a high-level pulse signal generated by pressing a power key).
When controlling each hardware device to be powered on, the EC initializes, that is, sets the pin states of hardware devices such as a memory and a chip necessary for operating an operating system, so as to initialize the internal environment. For example, the EC sends a fingerprint sensor configuration to the fingerprint sensor, enabling the fingerprint sensor. The fingerprint sensor configuration may be a parameter such as a size of the fingerprint image, a resolution of the fingerprint image, etc.
After the EC initializes the internal hardware equipment, the BIOS performs self-test and program initialization of the hardware equipment.
S303, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
After the electronic device 100 is powered on and started, the operating system is operated, and other drivers such as a fingerprint sensor driver, a keyboard driver and the like are loaded.
S304, the system monitoring module informs the user login module to display a first user interface, wherein the first user interface is a fingerprint verification login interface.
The system monitoring module detects that the electronic device 100 is operating normally and notifies the user login module to display the first user interface. The first user interface may be a fingerprint verification login interface as shown in fig. 2B.
Alternatively, when the electronic device 100 has the function of "one-touch login" in the foregoing embodiment, step S304 may not be executed, that is, the fingerprint authentication login interface does not need to be displayed.
S305, the fingerprint sensor collects first fingerprint information of the first user.
The biosensor is used to capture biometric information, and the information captured by the biosensor can be used as a biometric sample. A single sample contains a single biometric data representative of a single individual. The system may average multiple samples for creating a biometric template and securely store the template. When the system receives a sample from an unknown user, it compares it to the stored templates, thereby verifying the user's identity.
The first user may be a user of the electronic device 100, and a first user account is established in the electronic device 100. For account security, the first user may preset information such as a password template, a fingerprint template, a face template, and the like in advance, and perform user identity authentication when logging in the system.
In some embodiments, when a user's finger presses a power button, a fingerprint sensor integrated with the power button may detect the user's finger touch and may capture the user's fingerprint. In particular, the data representation of the user's fingerprint may be a fingerprint image. The data corresponding to the user fingerprint image may be referred to as first fingerprint information.
S306, the fingerprint sensor driver acquires first fingerprint information from the fingerprint sensor.
Specifically, after the fingerprint sensor collects the first fingerprint information, the fingerprint sensor may notify the EC to acquire the first fingerprint information. In response to the notification by the fingerprint sensor, the EC may send a request to the fingerprint sensor to request acquisition of the first fingerprint information. The fingerprint sensor then returns the first fingerprint information collected by the fingerprint sensor to the EC. And the EC and the fingerprint sensor are communicated through an SPI interface. For example, the EC sends a request to the fingerprint sensor based on the SPI interface, and also reads the first fingerprint information in the fingerprint sensor based on the SPI interface. The communication between the EC and the fingerprint sensor may be performed a plurality of times to obtain the complete first fingerprint information. Because the amount of data that can be interacted with in one communication based on the SPI interface is limited, it is generally not possible to transmit a complete fingerprint image in one interaction. The complete fingerprint image is the fingerprint image actually acquired by the fingerprint sensor. The EC will store in a memory internal to the EC each time the first fingerprint information is read from the fingerprint sensor. A firmware program, a fingerprint encryption module, may be loaded within the EC. The EC may encrypt the user fingerprint stored therein through a fingerprint encryption module.
After the BIOS performs memory initialization, the BIOS may notify the EC of the shared memory address. The BIOS may also notify the fingerprint sensor driver running in the CPU of the shared memory address. The shared memory can be used for data communication between a fingerprint encryption module loaded in the EC and a fingerprint sensor driver running in the CPU.
The fingerprint sensor driver receives a fingerprint authentication request from the operating system. The following objectives exist for the operating system to obtain a user's fingerprint: 1. inputting a fingerprint template; 2. and carrying out user identity authentication. The present embodiment relates to the 2 nd object. The fingerprint authentication request may specifically come from a user login APP running on the operating system. In response to a fingerprint verification request from the operating system, the fingerprint sensor driver writes a fingerprint verification instruction into the shared memory to notify the EC to write the user fingerprint acquired by the fingerprint sensor into the shared memory. The fingerprint authentication instruction may be a particular command in a set of drive commands driven by the fingerprint sensor. The fingerprint sensor driver sends a notification (specific IO instruction) to the EC to trigger the EC to read the fingerprint verification instruction written by the fingerprint sensor driver from the shared memory. Specifically, the fingerprint sensor driver may send an a notification to the EC through the GPIO interface. The A notification is transmitted based on the GPIO interface, so that the transmission efficiency of the A notification can be improved, and the fingerprint interaction efficiency between the EC and the CPU is further improved. In response to the notification a, the EC may read the fingerprint verification command written by the fingerprint sensor driver from the shared memory through the S interface (specifically, the read interface). In response to the fingerprint verification instruction, the EC may write the encrypted user fingerprint into the shared memory through the S interface (specifically, the write interface). After writing the user fingerprint into the shared memory, the EC may send a B notification (a specific IO instruction) to the fingerprint sensor driver to notify the fingerprint sensor driver that the user fingerprint has been written into the shared memory. Specifically, the EC may send a B notification to the fingerprint sensor driver through the GPIO interface. The B notification is transmitted based on the GPIO interface, so that the transmission efficiency of the B notification can be improved, and the fingerprint interaction efficiency between the EC and the CPU is further improved. The fingerprint sensor driver can read the fingerprint of the user from the shared memory according to the notice B.
Therefore, the fingerprint sensor driver obtains the user fingerprint acquired by the fingerprint sensor, and the user fingerprint can be sent to the operating system, so that the operating system can be supported to carry out user identity verification according to the user fingerprint.
S307, the fingerprint verification module acquires first fingerprint information from the fingerprint sensor drive.
S308, the fingerprint verification module verifies the first fingerprint information, and if the verification is successful, the step S309 is executed.
The fingerprint verification login module can perform user identity verification according to the first fingerprint information. Firstly, the fingerprint verification login module can take out the encrypted fingerprint template from the local storage, and the fingerprint template is compared with the first fingerprint information encrypted in the same way. If the comparison result is judged to be the same, the fingerprint verification is successful, and the user can log in the operating system; otherwise the fingerprint authentication fails. When the fingerprint authentication fails, the user can be prompted to authenticate the fingerprint again or switch to a password authentication login interface. If the password is successfully verified and logged in, the timer in the system monitoring module is cleared, and the fingerprint verification login event is counted again. If the password authentication fails, the electronic device 100 may display an interface as shown in FIG. 4C. Such as prompting for password error information, remaining input times information, and password prompt information. Wherein the remaining number information may indicate that the user has 5 (or more or less positive integers) chances to continue entering the password and the reminder to use up the electronic device 100 will lock. The password prompt message displays the information related to the password set by the user, and prompts the user to recall the set password. When the remaining number information is used up, the electronic device 100 may have a chance to log in with fingerprint verification once after the electronic device is restarted, and if the fingerprint verification does not pass through the electronic device, the electronic device 100 may be locked.
S309, the user login module obtains the message that the fingerprint verification is successful, the first user can successfully log in the system, the electronic device 100 displays a third user interface, and the third user interface is a system desktop or an interface reserved in the last screen locking process.
And when the user login module receives the message of successful fingerprint verification, the user login module performs login operation, and the first user successfully logs in the operating system. At this time, the electronic device 100 displays the third user interface. The third user interface may be the interface shown in fig. 2B or a display interface of the electronic device 100 before the user locks the screen.
S310, the system monitoring module acquires an event that the first user successfully logs in the system through fingerprint verification.
The system monitoring module can monitor the user login module and acquire an event of the user logging in the system. And a timer is arranged in the system monitoring module, and when an event that the first user successfully logs in the system through fingerprint verification is acquired, the counting of the timer is increased by one.
S311, the timer of the system monitoring module monitors that the first parameter (for example, M days or N times) has been satisfied by an event that the first user successfully logs in the system through fingerprint authentication.
And the timer of the system monitoring module keeps timing. When it is detected that the number of times of the event that the first user successfully logs in the system through fingerprint authentication reaches N times (for example, 10 times) or when the event that the first user successfully logs in the system through fingerprint authentication continuously occurs for M days (for example, 10 days), the electronic device 100 may execute step S312 to switch the next login manner to a password authentication login manner. M, N herein may be any positive integer, and the present application is not intended to be limiting. In some embodiments, the electronic device 100 may display an interface 310 as shown in fig. 3A, where the interface 310 includes a prompt box 311 for prompting the user to log in to the operating system next time through password authentication.
S312, the system monitoring module informs the fingerprint verification module to continuously return the result of the fingerprint verification failure in the next verification.
Generally, for security, when it is detected that the user fails to input fingerprint information for S consecutive times (for example, 5 times), the system switches to a password authentication login mode to confirm the identity of the user.
Here, the system monitoring module may notify the fingerprint verification module to check whether the fingerprint information input by the user is correct or not when logging in next time, and directly and continuously return the result of fingerprint verification failure S times (for example, 5 times), so that the system switches to the password verification login mode.
The system monitoring module may send a third notification to the fingerprint verification module, where the third notification is used to notify the fingerprint verification module to generate an event that the fingerprint verification fails at the next login verification. The fingerprint verification module may generate an event of fingerprint verification failure in response to the third notification.
And (2) stage: password authentication login (step S313-S329)
S313, the electronic device 100 again detects that the power key is pressed by the first user.
The detailed description of steps S313-S319 can refer to steps S101-S117, and is not repeated here.
S314, the electronic device 100 is powered on.
S315, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
S316, the system monitoring module informs the user login module to display a first user interface, wherein the first user interface is a fingerprint verification login interface.
S317, the fingerprint sensor collects first fingerprint information of the first user.
S318, the fingerprint sensor driver acquires the first fingerprint information from the fingerprint sensor.
And S319, acquiring first fingerprint information from the fingerprint sensor drive by the fingerprint verification module.
And S320, the fingerprint verification module generates continuous failure events of fingerprint verification and sends the continuous failure events to the system monitoring module.
When the electronic device 100 is powered on/woken up/restarted/unlocked again, in response to the instruction of the system monitoring module in step S312, the fingerprint authentication module may directly and continuously return the result of fingerprint authentication failure S times (for example, 5 times) without verifying whether the fingerprint information input by the user is correct when receiving the first fingerprint information of the user, so that the system is switched to the password authentication login manner.
S321, the system monitoring module informs the user login module to display a second user interface, wherein the second user interface is a password verification login interface.
The system acquires a message that the fingerprint authentication continuously fails for more than a quota (for example, 5 times), and calls out a password authentication login interface.
S322, the first user inputs the first password through the keyboard.
Not limited to the keyboard, the password collecting device used by the user to input the password may also be a touch pad, a touch screen, or the like. The password may include, but is not limited to, a text password, a pattern password, a number password, combinations thereof, and the like.
And S323, the keyboard driver acquires the first password.
The keyboard driver may obtain a first password sent from the keyboard. The first password is a string of characters, including but not limited to numbers, english characters, punctuation marks, etc., typed by the first user through the keyboard for logging in the operating system this time.
S324, the password verification module acquires the first password from the keyboard driver.
The keyboard driver may send a first password to the password authentication module. The password verification module can take out the encrypted password template stored locally and compare the encrypted password template with a first password input by a first user. If the result is consistent, the verification is passed, and the user successfully logs in the operating system; otherwise, the verification fails. When the first password authentication fails, the electronic device 100 may display an interface as shown in fig. 4C, prompting the user to input again.
S325, the password verification module verifies the first password, and if the verification is successful, the step S326 is executed.
S326, the user login module obtains the message that the password verification is successful, the first user may successfully log in the system, and the electronic device 100 displays a fourth user interface, where the fourth user interface is a system desktop or an interface reserved when the screen is locked last time.
And when the user login module receives the message of successful password verification, the user login module performs login operation, and the first user successfully logs in the operating system. At this time, the electronic apparatus 100 displays the fourth user interface. The fourth user interface may be the interface shown in fig. 2B or a display interface of the electronic device 100 before the user locks the screen.
S327, the system monitoring module obtains an event that the first user successfully logs in the system through password authentication.
The system monitoring module can monitor the user login module and acquire an event of the user logging in the system.
And S328, the system monitoring module counts again the event that the first user successfully logs in the system through fingerprint verification.
After the event that the password is successfully verified to log in the system is obtained, the system monitoring module resets a timer, the timer counts the time and returns to zero, and counting of the event that the system is successfully logged in through fingerprint verification is restarted.
S329, the system monitoring module informs the fingerprint verification module that the verification function is recovered to be normal.
After the electronic device determines that the user passes the verification of the password verification mode, a system monitoring module of the electronic device can inform the fingerprint verification mode to recover to normal, and the fingerprint verification mode is cleared to generate a verification failure mark, namely the fingerprint verification module clears a mark flag which continuously returns a fingerprint verification failure result, and when the user logs in the system for verification next time, the verification function of the fingerprint verification module recovers to normal.
And (3) stage: fingerprint authentication login is restored again (steps S330-S337)
S330, the electronic device 100 detects that the power key is pressed by the first user again.
The description of steps S330-S337 may refer to steps S101-S108.
S331, the electronic device 100 is powered on.
S332, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
S333, the system monitoring module informs the user login module to display a first user interface, wherein the first user interface is a fingerprint verification login interface.
S334, the fingerprint sensor collects first fingerprint information of the first user.
And S335, the fingerprint sensor driver acquires first fingerprint information from the fingerprint sensor.
And S336, the fingerprint verification module acquires first fingerprint information from the fingerprint sensor drive.
S337, the function of the fingerprint verification module is recovered to be normal, and the fingerprint verification module verifies the first fingerprint information.
Since the fingerprint authentication module function has been restored to normal in step S329, the fingerprint authentication module can normally authenticate the first fingerprint information here.
Example 4
In embodiment 4, the electronic device 100 includes a power key (including a fingerprint sensor), a keyboard, a processor, and the like, where the processor includes functional modules such as a fingerprint sensor driver, a keyboard driver, a user login module, a fingerprint verification module, a password verification module, and a system monitoring module. The fingerprint verification module includes a biometric service, which may be used to manage a biometric acquisition device, such as a fingerprint sensor, and may also be used to obtain biometric information from the biometric acquisition device and to identify and verify the biometric information.
The electronic device 100 may switch to login to the system using the password authentication login manner when the system monitoring module detects that an event that the user continuously logs in to the system through the fingerprint authentication manner satisfies a first parameter (for example, M days or N times, M, N may be a positive integer), by disabling the biometric identification service, when the user logs in to the system next time. After the user successfully verifies the password and logs in the system, the electronic device 100 may restart the biometric service, the fingerprint verification login function is recovered to normal, and the system monitoring module re-counts the event that the user successfully logs in the system through fingerprint verification.
As shown in fig. 12, the method steps can be divided into three phases, phase 1: fingerprint authentication login (steps S401-S412), stage 2: password authentication login (steps S413-S425), stage 3: fingerprint authentication login is resumed again (steps S426-S433). Specifically, the method comprises the following steps:
stage 1: fingerprint authentication login (step S401-S412)
S401, the electronic device 100 detects that the power key is pressed by the first user.
Specifically, the EC (not shown) of the electronic device 100 may be responsible for detecting whether the power key is pressed.
S402, the electronic device 100 is powered on.
The EC is responsible for managing the running state of the notebook computer. EC determines that electronic device 100 is in the off state before the user's finger presses the power key. After the power key is pressed, the electronic device 100 starts to power up. Specifically, the EC in the electronic device 100 may power up each hardware device (e.g., a fingerprint sensor, a BIOS, a CPU, a display screen, a keyboard, etc.) according to a power sequence. In the power-off state, the EC also keeps running and waits for a power-on signal (e.g., a high-level pulse signal generated by pressing a power key).
When controlling each hardware device to be powered on, the EC initializes, that is, sets the pin states of hardware devices such as a memory and a chip necessary for operating an operating system, so as to initialize the internal environment. For example, the EC sends a fingerprint sensor configuration to the fingerprint sensor, enabling the fingerprint sensor. The fingerprint sensor configuration may be a parameter such as a size of the fingerprint image, a resolution of the fingerprint image, etc.
After the EC initializes the internal hardware equipment, the BIOS performs self-test and program initialization of the hardware equipment.
S403, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
After the electronic device 100 is powered on and started, the operating system is operated, and other drivers such as a fingerprint sensor driver, a keyboard driver and the like are loaded.
S404, the system monitoring module informs the user login module to display a first user interface, wherein the first user interface is a fingerprint verification login interface.
The system monitoring module detects that the electronic device 100 is operating normally and notifies the user login module to display the first user interface. The first user interface may be a fingerprint verification login interface as shown in fig. 2B.
S405, the fingerprint sensor collects first fingerprint information of the first user.
The first user may be a user of the electronic device 100, and a first user account is established in the electronic device 100. For account security, the first user may preset information such as a password template, a fingerprint template, a face template, and the like in advance, and perform user identity authentication when logging in the system.
In some embodiments, when a user's finger presses a power button, a fingerprint sensor integrated with the power button may detect the user's finger touch and may capture the user's fingerprint. In particular, the data representation of the user's fingerprint may be a fingerprint image. The data corresponding to the user fingerprint image may be referred to as first fingerprint information.
S406, the fingerprint sensor driver acquires first fingerprint information from the fingerprint sensor.
Specifically, after the fingerprint sensor collects the first fingerprint information, the fingerprint sensor may notify the EC to acquire the first fingerprint information. In response to the notification by the fingerprint sensor, the EC may send a request to the fingerprint sensor to request acquisition of the first fingerprint information. The fingerprint sensor then returns the first fingerprint information collected by the fingerprint sensor to the EC.
And the EC and the fingerprint sensor are communicated through an SPI interface. For example, the EC sends a request to the fingerprint sensor based on the SPI interface and also reads the first fingerprint information in the fingerprint sensor based on the SPI interface. The communication between the EC and the fingerprint sensor may be performed a plurality of times to obtain the complete first fingerprint information. Because the amount of data that can be interacted with in one communication based on the SPI interface is limited, it is generally not possible to transmit a complete fingerprint image in one interaction. The complete fingerprint image is the fingerprint image actually acquired by the fingerprint sensor.
The EC will store in a memory internal to the EC each time the first fingerprint information is read from the fingerprint sensor. A firmware program, a fingerprint encryption module, may be loaded within the EC. The EC may encrypt the user fingerprint stored therein through a fingerprint encryption module.
After the BIOS performs memory initialization, the BIOS may notify the EC of the shared memory address. The BIOS may also notify the fingerprint sensor driver running in the CPU of the shared memory address. The shared memory can be used for data communication between a fingerprint encryption module loaded in the EC and a fingerprint sensor driver running in the CPU.
The fingerprint sensor driver receives a fingerprint authentication request from the operating system. The following objectives exist for the operating system to obtain a user's fingerprint: 1. inputting a fingerprint template; 2. and carrying out user identity authentication. The present embodiment relates to the 2 nd object.
The fingerprint authentication request may specifically come from a user login APP running on the operating system. In response to a fingerprint verification request from the operating system, the fingerprint sensor driver writes a fingerprint verification instruction into the shared memory to notify the EC to write the user fingerprint acquired by the fingerprint sensor into the shared memory. The fingerprint authentication instruction may be a particular command in a set of drive commands driven by the fingerprint sensor.
The fingerprint sensor driver sends a notification (specific IO instruction) to the EC to trigger the EC to read the fingerprint verification instruction written by the fingerprint sensor driver from the shared memory. Specifically, the fingerprint sensor driver may send an a notification to the EC through the GPIO interface. The A notice is transmitted based on the GPIO interface, so that the transmission efficiency of the A notice can be improved, and further the fingerprint interaction efficiency between the EC and the CPU is improved. In response to the notification a, the EC may read the fingerprint verification command written by the fingerprint sensor driver from the shared memory through the S interface (specifically, the read interface). In response to the fingerprint verification instruction, the EC may write the encrypted user fingerprint into the shared memory through the S interface (specifically, the write interface). After writing the user fingerprint into the shared memory, the EC may send a B notification (a specific IO instruction) to the fingerprint sensor driver to notify the fingerprint sensor driver that the user fingerprint has been written into the shared memory. Specifically, the EC may send a B notification to the fingerprint sensor driver through the GPIO interface. The B notification is transmitted based on the GPIO interface, so that the transmission efficiency of the B notification can be improved, and the fingerprint interaction efficiency between the EC and the CPU is further improved. The fingerprint sensor driver can read the fingerprint of the user from the shared memory according to the notice B.
Therefore, the fingerprint sensor driver obtains the user fingerprint acquired by the fingerprint sensor, and the user fingerprint can be sent to the operating system, so that the operating system can be supported to carry out user identity verification according to the user fingerprint.
S407, the fingerprint verification module acquires first fingerprint information from the fingerprint sensor drive.
S408, the fingerprint verification login module verifies the first fingerprint information, and if the verification is successful, the step S409 is executed.
The fingerprint verification login module can perform user identity verification according to the first fingerprint information. Firstly, the fingerprint verification login module can take out the encrypted fingerprint template from the local storage, and the fingerprint template is compared with the first fingerprint information encrypted in the same way. If the comparison result is judged to be the same, the fingerprint verification is successful, and the user can log in the operating system; otherwise the fingerprint authentication fails. When the fingerprint authentication fails, the user can be prompted to authenticate the fingerprint again or switch to a password authentication login interface. If the password is successfully verified and logged in, the timer in the system monitoring module is cleared, and the fingerprint verification login event is counted again. If the password authentication fails, the electronic device 100 may display an interface as shown in FIG. 4C. Such as prompting for password error information, remaining input times information, and password prompt information. Wherein the remaining number information may indicate that the user has 5 (or more or less positive integers) chances to continue entering the password and the reminder to use up the electronic device 100 will lock. The password prompt message displays the information related to the password set by the user, and prompts the user to recall the set password. When the remaining number information is used up, the electronic device 100 may have a chance to log in with fingerprint verification once after the electronic device is restarted, and if the fingerprint verification does not pass through the electronic device, the electronic device 100 may be locked.
S409, the user login module obtains the message that the fingerprint verification is successful, the first user may successfully log in the system, and the electronic device 100 displays a third user interface, where the third user interface is a system desktop or an interface reserved when the screen is locked last time.
And when the user login module receives the message of successful fingerprint verification, the user login module performs login operation, and the first user successfully logs in the operating system. At this time, the electronic device 100 displays the third user interface. The third user interface may be the interface shown in fig. 2B or a display interface of the electronic device 100 before the user locks the screen.
S410, the system monitoring module acquires an event that the first user successfully logs in the system through fingerprint verification.
The system monitoring module can monitor the user login module and acquire an event of the user logging in the system. And a timer is arranged in the system monitoring module, and when an event that the first user successfully logs in the system through fingerprint verification is acquired, the count of the timer is increased by one.
S411, the timer of the system monitoring module monitors that an event that the first user successfully logs in the system through fingerprint verification has satisfied a first parameter (e.g., M days or N times).
And the timer of the system monitoring module keeps timing. When it is detected that the number of times of the event that the first user successfully logs in the system through fingerprint authentication reaches N times (for example, 10 times) or when the event that the first user successfully logs in the system through fingerprint authentication continuously occurs for M days (for example, 10 days), the electronic device 100 may execute step S412 to switch the next login manner to a password authentication login manner. M, N may be any positive integer, and the present application is not limited in this respect. In some embodiments, the electronic device 100 may display an interface 310 as shown in fig. 3A, where the interface 310 includes a prompt box 311 for prompting the user to log in to the operating system next time through password authentication.
S412, the system monitoring module notifies the fingerprint verification module to disable the biometric identification service when the fingerprint verification module is powered on/restarted/awakened next time.
The biological identification service is a system service for providing biological characteristic identification and verification. The system monitoring module may send a fourth notification to the fingerprint verification module. In response to the fourth notification, the fingerprint verification module disables the biometric service.
And (2) stage: password authentication login (steps S413-S425)
S413, the electronic device 100 again detects that the power key is pressed by the first user.
The steps S101 to S103 may be referred to for the detailed description of the steps S413 to S415, and are not described herein again.
S414, the electronic device 100 is powered on.
S415, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
S416, the system sets the biometric service disabled, and the system cannot use the fingerprint authentication function. After the biometric service is disabled, the system cannot acquire, identify, or verify biometric information.
S417, the system monitoring module informs the user login module to display a second user interface, wherein the second user interface is a password verification login interface.
For the detailed description of steps S417-S424, reference may be made to steps S116-S123, which are not described herein again.
S418, the first user inputs the first password through the keypad.
Not limited to the keyboard, the password collecting device used by the user to input the password may also be a touch pad, a touch screen, or the like. The password may include, but is not limited to, a text password, a pattern password, a number password, combinations thereof, and the like.
And S419, the keyboard driver acquires the first password.
The keyboard driver may obtain a first password sent from the keyboard. The first password is a string of characters, including but not limited to numbers, english characters, punctuation marks, etc., typed by the first user through the keyboard for logging in the operating system this time.
S420, the password verification module acquires a first password from the keyboard driver.
The keyboard driver may send the first password to the password authentication module. The password verification module can take out the encrypted password template stored locally and compare the encrypted password template with a first password input by a first user. If the result is consistent, the verification is passed, and the user successfully logs in the operating system; otherwise, the verification fails. When the first password authentication fails, the electronic device 100 may display an interface as shown in fig. 4C, prompting the user to input again.
S421, the password verifying module verifies the first password, and if the verification is successful, the step S422 is executed.
S422, the user login module obtains the message that the password verification is successful, the first user may successfully log in the system, and the electronic device 100 displays a fourth user interface, where the fourth user interface is a system desktop or an interface reserved when the screen is locked last time.
And when the user login module receives the message of successful password verification, the user login module performs login operation, and the first user successfully logs in the operating system. At this time, the electronic apparatus 100 displays the fourth user interface. The fourth user interface may be the interface shown in fig. 2B or a display interface of the electronic device 100 before the user locks the screen.
And S423, the system monitoring module acquires an event that the first user successfully logs in the system through password authentication.
The system monitoring module can monitor the user login module and acquire an event of the user logging in the system.
S424, the system monitoring module counts again the event that the first user successfully logs in the system through fingerprint verification.
After the event that the password is successfully verified to log in the system is obtained, the system monitoring module resets a timer, the timer counts the time and returns to zero, and counting of the event that the system is successfully logged in through fingerprint verification is restarted.
S425, the system monitoring module notifies the fingerprint verification module to re-enable the biometric identification service.
After the biological identification service is started again, the fingerprint verification function is recovered to be normal, and the system can identify and verify the fingerprint information again.
And (3) stage: fingerprint authentication login is resumed again (step S426-S433)
S426, the electronic device 100 detects again that the power key is pressed by the first user.
The detailed description of steps S426-S433 can refer to steps S101-S108, which are not described herein.
S427, the electronic device 100 powers up.
S428, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
And S429, the system monitoring module informs the user login module to display a first user interface, wherein the first user interface is a fingerprint verification login interface.
S430, the fingerprint sensor collects first fingerprint information of the first user.
S431, the fingerprint sensor driver acquires the first fingerprint information from the fingerprint sensor.
And S432, the fingerprint verification module acquires first fingerprint information from the fingerprint sensor driver.
And S433, the function of the fingerprint verification module is recovered to be normal, and the first fingerprint information is verified.
Example 5
In embodiment 5, the electronic device 100 includes a power key (including a fingerprint sensor), a keyboard, and a processor, where the processor includes functional modules such as a fingerprint sensor driver, a keyboard driver, a user login module, a fingerprint verification module, a password verification module, and a system monitoring module. The system monitoring module can comprise an interface A and an interface B, wherein the interface A is used for obtaining the fingerprint verification result, and the interface B is used for obtaining the password verification result.
When the system monitoring module monitors that an event that the user continuously logs in the system through a fingerprint authentication mode meets a first parameter (for example, M days or N times, M, N may be a positive integer), the electronic device 100 may preferentially invoke the interface B to obtain a password authentication result when the user logs in the system next time. After the user successfully verifies the password and logs in the system, the electronic device 100 may set the interface a to be preferentially called to obtain the fingerprint verification result, the fingerprint verification login function is normally used, and the system monitoring module re-counts the event that the user successfully logs in the system through fingerprint verification.
As shown in fig. 13, the method steps can be divided into three stages, stage 1: fingerprint authentication login (steps S501-S512), stage 2: password authentication login (steps S513-S524), stage 3: fingerprint authentication login is resumed again (steps S525 to S534). Specifically, the method comprises the following steps:
stage 1: fingerprint verification login (steps S501-S512)
S501, the electronic device 100 detects that the power key is pressed by the first user.
For the detailed description of steps S501-S511, reference may be made to steps S101-S111, which are not described herein again.
S502, the electronic device 100 is powered on.
S503, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
S504, the system monitoring module informs the user login module to display a first user interface, and the first user interface is a fingerprint verification login interface.
S505, the fingerprint sensor collects first fingerprint information of a first user.
S506, the fingerprint sensor driver acquires first fingerprint information from the fingerprint sensor.
And S507, the fingerprint verification module acquires first fingerprint information from the fingerprint sensor drive.
S508, the fingerprint authentication login module authenticates the first fingerprint information, and if the authentication is successful, step S509 is executed.
S509, the user login module acquires a message that the fingerprint verification is successful, the first user can successfully log in the system, the electronic device 100 displays a third user interface, and the third user interface is a system desktop or an interface reserved in the last screen locking process.
S510, the system monitoring module calls an interface A to acquire an event that the first user successfully logs in the system through fingerprint verification.
S511, the timer of the system monitoring module monitors that the first parameter (e.g., M days or N times) has been satisfied by the event that the first user successfully logs into the system through fingerprint verification.
S512, the system monitoring module sets that the interface B is called preferentially to obtain the password verification result in the next login.
In some embodiments, in order to preferentially call the B interface to obtain the password authentication result, the system may disable the fingerprint authentication module through the a interface, and the disabled format may be in the form of:
bool DisableLoginFunction(DWORD module,string tips);
wherein, the module is a variable of the biological identification module, for example, the fingerprint identification module is 0, the face identification module is 1, the iris identification module is 2, and the like; tips can be prompts that are displayed to the user when the module is disabled, such as: "detect you do not log in using password authentication for 7 days, please use password authentication to log in for your computer security", etc.
And (2) stage: password authentication login (step S513-S524)
S513, the electronic apparatus 100 again detects that the power key is pressed by the first user.
The detailed description of steps S513 to S523 may refer to steps S113 to S123, and will not be described herein.
And S514, powering on the electronic device 100.
S515, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
S516, the system monitoring module informs the user login module to display a second user interface, wherein the second user interface is a password verification login interface.
When the electronic device 100 is powered on/woken up/restarted/unlocked again, the system monitoring module preferably notifies the user login module to display the password authentication login interface.
S517, the first user inputs the first password through the keyboard.
Not limited to the keyboard, the password collecting device used by the user to input the password may also be a touch pad, a touch screen, or the like. The password may include, but is not limited to, a text password, a pattern password, a number password, combinations thereof, and the like.
And S518, the keyboard driver acquires the first password.
The keyboard driver may obtain a first password sent from the keyboard. The first password is a string of characters, including but not limited to numbers, english characters, punctuation marks, etc., typed by the first user through the keyboard for logging in the operating system this time.
And S519, the password verification module acquires a first password from the keyboard driver.
The keyboard driver may send a first password to the password authentication module. The password verification module can take out the encrypted password template stored locally and compare the encrypted password template with a first password input by a first user. If the result is consistent, the verification is passed, and the user successfully logs in the operating system; otherwise, the verification fails.
S520, the password verification module verifies the first password, and if the verification is successful, the step S521 is executed.
S521, the user login module obtains the message that the password verification is successful, the first user may successfully log in the system, and the electronic device 100 displays a fourth user interface, where the fourth user interface is a system desktop or an interface reserved when the screen is locked last time.
S522, the system monitoring module calls an interface B to acquire an event that the first user successfully logs in the system through password authentication.
S523, the system monitoring module re-counts the event that the first user successfully logs in the system through the fingerprint verification.
S524, the system monitoring module sets that the A interface is called preferentially to obtain the fingerprint verification result when logging in next time.
And (3) stage: fingerprint authentication login is restored again (steps S525-S534)
S525, the electronic device 100 detects again that the power key is pressed by the first user.
For the detailed description of steps S525-S533, reference may be made to steps S101-S109, which are not described herein again.
S526, the electronic device 100 is powered on.
S527, the electronic device 100 loads the fingerprint sensor driver and the keyboard driver.
S528, the system monitoring module informs the user login module to display a first user interface, wherein the first user interface is a fingerprint verification login interface.
When the system resumes the login with the fingerprint authentication priority, and the electronic device 100 is powered on/awakened/restarted/unlocked again, the system monitoring module preferably notifies the user login module to display a fingerprint authentication login interface.
S529, the fingerprint sensor collects first fingerprint information of the first user.
S530, the fingerprint sensor driver acquires first fingerprint information from the fingerprint sensor.
And S531, the fingerprint verification module acquires first fingerprint information from the fingerprint sensor drive.
S532, the fingerprint verification login module verifies the first fingerprint information, and if the verification is successful, the step S533 is executed.
S533, the user login module obtains the message that the fingerprint verification is successful, the first user may successfully log in the system, and the electronic device 100 displays a third user interface, where the third user interface is a system desktop or an interface reserved when the screen is locked last time.
S534, the system monitoring module calls the interface A to acquire the event that the first user successfully logs in the system through fingerprint verification.
The system calls the interface A preferentially to acquire the fingerprint verification result.
The above embodiments are mainly described in terms of an electronic device with a power key integrated with a fingerprint sensor, and it is understood that the login method provided by the present application may also be applied to an electronic device with a power key and a fingerprint sensor separated from each other. It is understood that when the user presses the power key integrated with the fingerprint sensor, the electronic device 100 may skip displaying the fingerprint authentication login interface, i.e., the first user interface, and directly authenticate the fingerprint and log in to the system.
In the foregoing embodiment of the present application, the system login method provided by the present application is described by taking a notebook computer as an example, and the method provided by the present application is not limited to the notebook computer, and can also be applied to other types of electronic devices, such as a mobile phone.
Fig. 14A illustrates a mobile phone 700 to which the system login method provided in the present application is applied. As shown in fig. 14A, the cell phone 700 may include a power key 701 and a fingerprint sensor 702. The hardware architecture and the software architecture of the mobile phone 700 can be implemented with reference to fig. 6 to 8, and the EC in the electronic device 100 may be a boot circuit, such as an Integrated Circuit (IC), corresponding to the mobile phone 700, and the boot circuit may have a strong computing capability and can encrypt the first fingerprint information.
As shown in fig. 14A, a power key 701 of the cellular phone 700 in the power-off state is pressed by a user's finger. The handset 700 is powered on in response to the user's finger pressing the power key 701. After power on, the handset 700 needs to log in using a password. When the screen is awakened again after the password is successfully verified, the user can touch the fingerprint sensor 702, and the fingerprint sensor 702 is used for collecting fingerprint information of the user. The mobile phone 700 may perform user authentication on the fingerprint information collected by the fingerprint sensor 702, and if the user authentication is passed, unlock the mobile phone and display a home screen interface 720.
Referring to the foregoing embodiment, in the system of the mobile phone 700, a timer may also be provided for monitoring password authentication login events and biometric authentication login events (such as fingerprint authentication login, face authentication login, voice print authentication login, etc.). For example, after detecting that the user logs in the system continuously for a certain time or a certain number of times in a fingerprint verification manner, the electronic device switches to use the password for verification login when logging in the system next time in order to remind the user to recall the password. The handset 700 may also display an interface 730 as shown in fig. 14B, such as a prompt "detect you have used the fingerprint authentication login system for ten consecutive days, this time please use password authentication login for device security", and display a password entry area. After verifying that the password entered by the user is correct, the handset 700 may resume using the fingerprint to unlock the access system by default.
It will be appreciated that the apparatus, in order to carry out the above-described functions, comprises corresponding functional blocks which perform the respective functions. Those of skill in the art will readily appreciate that the present application is capable of hardware or a combination of hardware and computer software implementing the various illustrative terminals and algorithm steps described in connection with the embodiments disclosed herein. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiment of the present application, the device may be divided according to the above method example, for example, each module or unit may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module may be implemented in the form of hardware, or may be implemented in the form of a software module or unit. The division of the modules or units in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
An embodiment of the present invention further provides a computer storage medium, where a computer program code is stored in the computer storage medium, and when a processor of an electronic device executes the computer program code, the device executes relevant method steps in any one of the foregoing embodiments to implement the method for booting the device in the foregoing embodiments.
The embodiment of the present invention further provides a computer program product, when the computer program product runs on a computer, the computer is enabled to execute the relevant method steps in any of the foregoing embodiments to implement the method for booting the device in the foregoing embodiments.
In addition, the electronic device, the computer storage medium, or the computer program product provided in the embodiments of the present invention are all used for executing the corresponding method provided above, and therefore, the beneficial effects achieved by the electronic device, the computer storage medium, or the computer program product may refer to the beneficial effects in the corresponding method provided above, and are not described herein again.
The above description is only an embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (33)

1. A system login method is applied to electronic equipment, the electronic equipment comprises a biological characteristic acquisition device, and the method comprises the following steps:
the electronic equipment starts a biological characteristic verification mode, the biological characteristic verification mode is used for determining whether the identity of the user passes the verification according to the biological characteristic information acquired by the biological characteristic acquisition device, if the identity of the user passes the verification, the system is logged in, otherwise, the system is not logged in;
the electronic equipment records the times or duration of logging in the system through the biological characteristic verification mode;
if the times exceed the first times or the time exceeds the first time, the electronic equipment starts a password authentication mode, the password authentication mode is used for determining whether the user identity passes authentication according to the collected first password, if the user identity passes authentication, the system login is executed, otherwise, the system login is not executed; the first password comprises one or more of: character password, symbol password, graphic password and digital password;
and the electronic equipment restarts the biometric authentication mode after determining that the user passes the authentication of the password authentication mode.
2. The method of claim 1, further comprising:
and if the times exceed the first times or the duration exceeds the first duration, the electronic equipment disables the driving of the biological feature acquisition device.
3. The method of claim 2, further comprising:
the electronic device re-enables the actuation of the biometric acquisition device after determining that the user passes the authentication of the password authentication mode.
4. The method of any one of claims 1-3, further comprising:
and if the times exceed the first times or the duration exceeds the first duration, the electronic equipment informs the basic input output system BIOS to set the enabling mark of the drive of the biological feature acquisition device in the ACPI Table of the advanced configuration and power management interface Table to be disabled when the system is started next time.
5. The method of claim 4, further comprising:
after the electronic equipment determines that the user passes the verification of the password verification mode, the electronic equipment informs the BIOS to set the enabling mark of the drive of the biological feature acquisition device in the ACPI Table to enable.
6. The method of any one of claims 1-5, further comprising:
and if the times exceed the first times or the duration exceeds the first duration, the electronic equipment generates an event of failure in biometric authentication, wherein the event is used for triggering the electronic equipment to start the password authentication mode.
7. The method of claim 6, further comprising:
after the user is confirmed to pass the verification of the password verification mode, the electronic equipment informs the biometric verification mode to recover to be normal, and the sign of the biometric verification mode generation verification failure is cleared.
8. The method of any one of claims 1-7, further comprising:
the electronic device disables a biometric service for identifying or verifying the biometric information if the number of times exceeds a first number of times or the duration exceeds a first duration.
9. The method of claim 8, further comprising:
upon determining that the user passes authentication of the password authentication mode, the electronic device re-enables biometric services.
10. The method of any one of claims 1-9, further comprising: and the electronic equipment acquires the result of the password authentication mode by calling a second interface and confirms whether to execute a login system or not.
11. The method of claim 10, further comprising:
after determining that the user passes the verification of the password verification mode, the electronic equipment acquires the result of the biometric verification mode by calling a first interface, and confirms whether to execute login of the system.
12. The method of any one of claims 1-11, wherein the biometric features include one or more of: fingerprint, face, iris, voice, palm print, gait, pulse.
13. The method of any one of claims 1-12, further comprising:
the electronic equipment collects the first password through a password collection device, wherein the password collection device comprises one or more of the following components: keyboard, mouse, touch panel or touch screen.
14. The method of any one of claims 1-13, wherein the biometric acquisition device is a fingerprint acquisition device integrated with a power key of the electronic device.
15. The method of any one of claims 1-14, wherein when the electronic device turns on the password authentication mode, further comprising: and displaying a password login interface, wherein the password login interface comprises a password input area.
16. The method of claim 15, wherein the password entry area comprises: a password entry box and/or a graphical entry area.
17. An electronic device, characterized in that the electronic device comprises: a biometric acquisition device, a memory having computer-executable instructions stored therein, and a processor coupled to the memory, the processor being configured to invoke the instructions to cause the electronic device to perform the steps of:
starting a biological characteristic verification mode, wherein the biological characteristic verification mode is used for determining whether the identity of the user passes the verification according to the biological characteristic information acquired by the biological characteristic acquisition device, if the identity of the user passes the verification, executing the login of the system, otherwise, not executing the login of the system;
recording the times or duration of logging in the system through the biological characteristic verification mode;
if the times exceed the first times or the time exceeds the first time, starting a password authentication mode, wherein the password authentication mode is used for determining whether the user identity passes authentication according to the collected first password, if the user identity passes authentication, executing login of the system, otherwise, not executing login of the system; the first password comprises one or more of: character password, symbol password, graphic password and digital password;
after determining that the user passes the authentication of the password authentication mode, re-starting the biometric authentication mode.
18. The electronic device of claim 17, wherein the processor invokes the instructions to cause the electronic device to further perform the following:
and if the times exceed the first times or the time length exceeds the first time length, forbidding the driving of the biological characteristic acquisition device.
19. The electronic device of claim 18, wherein the processor invokes the instructions to cause the electronic device to further perform the following:
re-enabling the actuation of the biometric acquisition device after determining that the user passes the authentication of the password authentication mode.
20. The electronic device of any of claims 17-19, wherein the processor invokes the instructions to cause the electronic device to further perform the following:
and if the times exceed the first times or the duration exceeds the first duration, informing the Basic Input Output System (BIOS) to set an enabling mark of the drive of the biological feature acquisition device in the advanced configuration and power management interface Table (ACPI) Table to be disabled when the system is started next time.
21. The electronic device of claim 20, wherein the processor invokes the instructions to cause the electronic device to further perform the following:
and after the user passes the verification of the password verification mode, informing the BIOS to set the enabling mark of the drive of the biological characteristic acquisition device in the ACPI Table to enable.
22. The electronic device of any of claims 17-21, wherein the processor invokes the instructions to cause the electronic device to further perform the following:
and if the times exceed the first times or the duration exceeds the first duration, generating an event of failure of the biometric authentication, wherein the event is used for triggering the opening of the password authentication mode.
23. The electronic device of claim 22, wherein the processor invokes the instructions to cause the electronic device to further perform the following:
after the user is confirmed to pass the verification of the password verification mode, the biometric verification mode is informed to recover to be normal, and the sign of verification failure generated by the biometric verification mode is cleared.
24. The electronic device of any of claims 17-23, wherein the processor invokes the instructions to cause the electronic device to further perform the following:
disabling a biometric service for identifying or verifying the biometric information if the number of times exceeds a first number of times or the duration exceeds a first duration.
25. The electronic device of claim 24, wherein the processor invokes the instructions to cause the electronic device to further perform the following:
re-enabling the biometric service after determining that the user passes authentication of the password authentication mode.
26. The electronic device of any of claims 17-25, wherein the processor invokes the instructions to cause the electronic device to further perform the following: and acquiring the result of the password authentication mode by calling a second interface, and determining whether to execute a login system.
27. The electronic device of claim 26, wherein the processor invokes the instructions to cause the electronic device to further perform the following:
after the user is confirmed to pass the verification of the password verification mode, whether to execute login of the system is confirmed by calling a first interface to obtain the result of the biological feature verification mode.
28. The electronic device of any one of claims 17-27, wherein the biometric features include one or more of: fingerprint, face, iris, voice, palm print, gait, pulse.
29. The electronic device of any one of claims 17-28, wherein the processor invokes the instructions to cause the electronic device to further perform the following:
collecting the first password by a password collection device, the password collection device comprising one or more of: keyboard, mouse, touch panel or touch screen.
30. The electronic device of any of claims 17-29, wherein the biometric acquisition device is a fingerprint acquisition device integrated with a power key of the electronic device.
31. The electronic device of any of claims 17-30, wherein upon opening the password authentication mode, the processor invokes the instructions causing the electronic device to further perform the following: and displaying a password login interface, wherein the password login interface comprises a password input area.
32. The electronic device of claim 31, wherein the password input area comprises: a password entry box and/or a graphical entry area.
33. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising executable instructions that, when executed by a processor, cause the processor to perform the method of any of claims 1-16.
CN202011198431.5A 2020-10-31 2020-10-31 System login method and electronic equipment Pending CN114528537A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011198431.5A CN114528537A (en) 2020-10-31 2020-10-31 System login method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011198431.5A CN114528537A (en) 2020-10-31 2020-10-31 System login method and electronic equipment

Publications (1)

Publication Number Publication Date
CN114528537A true CN114528537A (en) 2022-05-24

Family

ID=81619135

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011198431.5A Pending CN114528537A (en) 2020-10-31 2020-10-31 System login method and electronic equipment

Country Status (1)

Country Link
CN (1) CN114528537A (en)

Similar Documents

Publication Publication Date Title
KR102421267B1 (en) Device startup method and device
US9396380B2 (en) Finger print sensor and auxiliary processor integration in an electronic device
CN111125664B (en) Electronic equipment and method for logging in operating system
US20030199267A1 (en) Security system for information processing apparatus
US20050273845A1 (en) Information processing device, program therefor, and information processing system wherein information processing devices are connected via a network
CN107450839B (en) Control method and device based on black screen gesture, storage medium and mobile terminal
US20070255946A1 (en) Information processing apparatus and authentication method
US20070283431A1 (en) Information processing apparatus and authentication control method
CN109948310B (en) Locking method and related electronic equipment
US20090089588A1 (en) Method and apparatus for providing anti-theft solutions to a computing system
JP2001092554A (en) Information processor
CN117453441A (en) Abnormality recovery method and device for electronic equipment
EP3719688A1 (en) Operation authentication relay device, method, and program
CN107820598B (en) Fingerprint event processing device and method
US9218512B2 (en) Portable computer and operating method thereof
JP4247216B2 (en) Information processing apparatus and authentication control method
CN114528537A (en) System login method and electronic equipment
US11394707B2 (en) Clamshell device authentication operations
TWI430133B (en) Biosensing boot apparatus, boot management system controlled by biometric sensor and method thereof
JP2008158763A (en) Information processing device and security method
CN109376511A (en) The method for improving end message safety
US8702812B2 (en) Remote disablement of a computer system
CN116088658B (en) Abnormality recovery method for electronic equipment and electronic equipment
WO2023142743A1 (en) Device unlocking method and apparatus, electronic device and computer-readable storage medium
WO2023142748A1 (en) Device unlocking method and apparatus, electronic device and computer-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination