A control method and electronic device

By introducing an identity matching template into electronic devices to distinguish between authorized users and non-executable objects, and by processing authentication results differently, the security problem of the abuse of identity authentication features in existing technologies is solved, and a balance between security and usability is achieved.

CN122241672APending Publication Date: 2026-06-19LENOVO (BEIJING) LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
LENOVO (BEIJING) LTD
Filing Date
2026-03-24
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

When authenticating identities, the default authentication features of existing electronic devices are easily abused, affecting security, making it impossible to distinguish between malicious attacks and accidental touches, and leading to a decrease in device usability.

Method used

An identity matching template is introduced to distinguish between authorized users and objects exempt from execution. Differentiated processing of matching results avoids locking caused by accidental touches. The number of failed task records is counted, and thresholds are set to control the execution of target tasks.

Benefits of technology

It enhances the security and usability of electronic devices in different application scenarios, avoids frequent locking caused by accidental touches by family members, and maintains effective protection against threats from strangers.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122241672A_ABST
    Figure CN122241672A_ABST
Patent Text Reader

Abstract

This application discloses a control method and an electronic device. The control method includes: obtaining authentication information in response to a trigger command; matching the authentication information with an identity matching template to obtain a matching result, wherein the matching result is used to indicate whether to execute a target task; and not instructing the execution of a target task if the matching result indicates that the authentication information and the identity matching template are successfully matched.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of information processing technology, and more specifically to a control method and electronic device. Background Technology

[0002] Currently, when electronic devices perform authentication tasks, such as unlocking the screen or making electronic payments, users typically need to input identity verification information. Electronic devices can preset at least one user's identity verification characteristic. When the acquired identity verification information successfully matches the preset identity verification characteristic, the electronic device will execute the target task such as unlocking or making a payment; when the match fails, the device will refuse to execute the corresponding target task.

[0003] In this processing mode, all pre-defined authentication features have the authority to perform the target task. These permissions are easily abused, affecting the security of electronic devices. Summary of the Invention

[0004] In view of the above, this application provides the following technical solution:

[0005] A control method, comprising:

[0006] In response to a trigger command, obtain identity authentication information;

[0007] The identity authentication information is matched with the identity matching template to obtain a matching result, which is used to indicate whether to execute the target task.

[0008] If the matching result indicates that the identity authentication information matches the identity matching template successfully, the target task is not instructed to be executed.

[0009] Optionally, the matching result is also used to indicate whether to execute a counting task, which is used to record the number of times the matching result is that the identity authentication information and the identity matching template fail to match. If the number of times reaches a threshold, the execution of the target task based on the identity authentication information is prohibited.

[0010] If the matching result indicates that the identity authentication information and the identity matching template match successfully, the step of not instructing the execution of the target task includes:

[0011] If the matching result indicates that the identity authentication information matches the identity matching template successfully, the target task is not instructed to be executed, nor is the counting task instructed to be executed.

[0012] If the matching result is that the identity authentication information does not match the identity matching template successfully, the target task is not instructed to be executed, and the counting task is instructed to be executed.

[0013] Optionally, the identity matching template includes at least a first identity matching template and a second identity matching template; the matching result is also used to indicate whether to execute a counting task, the counting task being used to record the number of times the matching result indicates that the identity authentication information and the identity matching template have failed to match, and if the number reaches a threshold, the execution of the target task based on the identity authentication information is prohibited;

[0014] If the matching result indicates that the identity authentication information and the identity matching template match successfully, the step of not instructing the execution of the target task includes:

[0015] If the matching result includes a successful match between the identity authentication information and the first identity matching template, the execution module is instructed to execute the target task; the execution module is used to execute the target task, causing the electronic device to switch from a first state to a second state;

[0016] If the matching result includes a successful match between the identity authentication information and the second identity matching template, the execution module is not instructed to execute the target task, so that the electronic device remains in the first state and the counting task is not executed.

[0017] Optionally, matching the identity authentication information with the identity matching template includes:

[0018] The matching order is determined based on the priority of the first identity matching template and the second identity matching template;

[0019] Based on the matching order, the identity authentication information is matched with the identity matching template sequentially.

[0020] Optionally, the first identity matching template has a higher priority than the second identity matching template, and the step of matching the identity authentication information with the identity matching templates sequentially based on the matching order includes:

[0021] Match the identity authentication information with the first identity matching template;

[0022] If the matching result indicates that the identity authentication information does not match the first identity matching template successfully, the target task is not instructed to be executed; and the identity authentication information is matched with the second identity matching template.

[0023] If the matching result includes a successful match between the identity authentication information and the second identity matching template, the counting task is not instructed to be executed.

[0024] If the matching result indicates that the identity authentication information does not match the second identity matching template successfully, the counting task is instructed to be executed.

[0025] Optionally, the identity matching template includes at least a first identity matching template, and the step of not instructing the execution of the target task if the matching result is that the identity authentication information matches the identity matching template successfully includes:

[0026] If the matching result includes a failure to match the identity authentication information with the first identity matching template, the target task is not instructed to be executed, but the counting task is instructed to be executed.

[0027] If the triggering instruction is obtained based on the target network environment, the identity authentication information is recorded based on the counting task;

[0028] In response to the counting task corresponding to the first identity authentication information reaching a first threshold, a reference identity matching template is generated based on the first identity authentication information, and the reference identity matching template is stored as a second identity matching template; in response to the counting task reaching a second threshold, the execution of the target task based on the first identity authentication information is prohibited.

[0029] Wherein, the first threshold is less than the second threshold.

[0030] Optionally, matching the identity authentication information with the identity matching template includes:

[0031] Analyze the identity authentication information;

[0032] If the identity authentication information includes the first biometric information of the first user and the second biometric information of the second user, the first biometric information and the second biometric information are respectively matched with the identity matching template, and the first user and the second user are different;

[0033] The step of not instructing the execution of the target task if the matching result is that the identity authentication information and the identity matching template are successfully matched also includes:

[0034] If the matching result includes the first biometric information failing to match the first identity matching template and the matching similarity being greater than the similarity threshold, and the second biometric information successfully matching the second identity matching template, then the target task is instructed to be executed, but the counting task is not instructed to be executed.

[0035] Optionally, the second identity matching template includes at least a first second identity matching template and a second second identity matching template, wherein the first second identity matching template and the second second identity matching template correspond to different users;

[0036] The step of not instructing the execution of the target task if the matching result is that the identity authentication information and the identity matching template are successfully matched also includes:

[0037] If the matching result includes a successful match between the first biometric information and the first and second identity matching templates, and a successful match between the second biometric information and the second and second identity matching templates, then the target task is instructed to be executed; otherwise, the counting task is not instructed to be executed.

[0038] An electronic device, comprising:

[0039] The data acquisition device, in response to a trigger command, obtains identity authentication information;

[0040] Processor, used for:

[0041] The identity authentication information is matched with the identity matching template to obtain a matching result, which is used to indicate whether to execute the target task.

[0042] If the matching result indicates that the identity authentication information matches the identity matching template successfully, the target task is not instructed to be executed.

[0043] Optionally, the processor includes:

[0044] A first processor is configured to execute the computer program to perform the following steps:

[0045] The identity authentication information is matched with the identity matching template to obtain a matching result, which is used to indicate whether to execute the target task.

[0046] If the matching result indicates that the identity authentication information matches the identity matching template successfully, the target task is not instructed to be executed.

[0047] The second processor is used to execute the target task based on the matching result. Attached Figure Description

[0048] To more clearly illustrate the technical solutions in the embodiments of this application, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only embodiments of this application. For those skilled in the art, other drawings can be obtained based on the provided drawings without creative effort.

[0049] Figure 1 A flowchart illustrating a control method provided in an embodiment of this application;

[0050] Figure 2 A schematic diagram of an identity recognition process provided in an embodiment of this application;

[0051] Figure 3 A schematic diagram illustrating the processing flow of a verification scenario for unlocking an electronic device, provided in an embodiment of this application;

[0052] Figure 4 A schematic diagram illustrating a process for manually adding and generating a second identity matching template, provided for an embodiment of this application;

[0053] Figure 5 A flowchart illustrating an automatic learning process for generating an identity matching template, provided as an embodiment of this application;

[0054] Figure 6 A flowchart illustrating an LRU (Least Recently Used) replacement mechanism provided in an embodiment of this application;

[0055] Figure 7 This is a schematic diagram of a biometric processing flow provided in an embodiment of this application;

[0056] Figure 8 This is a schematic diagram of a failure identification process provided in an embodiment of this application;

[0057] Figure 9 This application provides a schematic diagram of an automatic exemption queue generation process.

[0058] Figure 10 This application provides a schematic diagram of the overall process for handling biometric recognition failures.

[0059] Figure 11 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation

[0060] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0061] The terms "first" and "second," etc., used in this application are used to distinguish different objects, not to describe a specific order. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or device that includes a series of steps or units may include steps or units not listed, but may include steps or units not listed.

[0062] The control method provided in this application can be applied to various electronic devices requiring authentication, such as smartphones, tablets, smart locks, and payment terminals. When the device performs target tasks such as screen unlocking, electronic payment, or application access, the user inputs identity authentication information such as a digital password, face, or fingerprint. The electronic device matches the authentication information with a preset identity matching template (which may include the identity information of the object to be exempted from execution). Based on the matching result, it determines whether the current authentication behavior belongs to different scenarios such as stranger authentication or trusted accidental touch, and performs differentiated processing based on the matching result, thereby achieving security for the electronic device in different scenarios. The executing entity of this method can be the aforementioned electronic device itself, or a processor, controller, or chip module with authentication function within the device.

[0063] See Figure 1 The diagram illustrates a flow chart of a control method provided in an embodiment of this application. The control method may include the following steps:

[0064] S101. In response to the trigger command, obtain identity authentication information.

[0065] A trigger command is a signal or event that initiates an authentication process. It can be generated by user actions or automatically triggered by the system. For example, in unlocking an electronic device, actions such as pressing the power button, double-tapping the screen, or lifting the device to wake it can generate a trigger command. In a payment scenario, the system automatically generates a verification command after the user clicks the "Confirm Payment" button on the payment interface. In an application access scenario, the system generates a trigger command when the user clicks an encrypted application icon and is required to verify their identity. Trigger commands are used to request the execution of a target task, which is an operation that requires authentication, such as switching an electronic device from a locked to an unlocked state, completing a payment transaction, or accessing an encrypted application.

[0066] Identity authentication information is a credential provided by a user to prove their identity, and it can take many forms. For example, it can be a numeric password or pattern password entered by the user through a touchscreen; or it can be a facial image captured by the device through a camera, fingerprint features captured by a fingerprint sensor, or voiceprints captured by a microphone, etc.

[0067] In some embodiments of this application, when the electronic device receives a trigger command, if the authentication information is a digital password, the user-inputted password sequence can be obtained through the sensor on the electronic device's touchscreen. If the authentication information is a facial image, the user's facial image can be captured by the electronic device's front-facing camera, and facial feature data can be generated after preprocessing. If the authentication information is a fingerprint feature, the user's fingerprint image can be captured by a capacitive or optical fingerprint sensor, and feature points can be extracted to generate a fingerprint template. If the authentication information is a voiceprint feature, the user's voice signal can be captured by the electronic device's microphone, and voiceprint features can be extracted. Taking a smartphone unlocking scenario as an example, when the user picks up the phone, the device detects the lifting action through an accelerometer, automatically triggering a facial recognition request. The front-facing camera then captures the current user's facial image, and facial feature data is generated after preprocessing, serving as the authentication information for this instance.

[0068] S102. Match the identity authentication information with the identity matching template to obtain the matching result.

[0069] An identity matching template is pre-stored baseline data used to compare with currently acquired identity authentication information. The matching result indicates whether the identity authentication information successfully matches the identity matching template, and this matching result is subsequently used to indicate whether to execute the target task. In one embodiment of this application, the pre-set identity matching template can be stored in a matching library. The matching library is a dataset stored in the local secure area of ​​an electronic device (such as a trusted execution environment or a security chip) or a cloud server, containing at least one identity matching template. The identity matching template corresponds to different types of non-executable objects. A non-executable object refers to an object whose identity authentication information, when recognized, cannot trigger the execution of the target task, but whose authentication failure behavior will not result in the accumulation of failure counts. For example, in an unlocking scenario, the non-executable object could be a family member.

[0070] The matching process described above can be performed locally on the electronic device, or the identity authentication information can be encrypted and uploaded to the cloud for comparison, with the server returning the matching result. Local matching offers fast response times and does not rely on a network. Cloud-based matching is suitable for scenarios requiring cross-device sharing of a list of exempt objects, such as multiple devices in a household sharing the same set of family member face templates. Taking smartphone unlocking as an example, the device's local secure storage area pre-stores family member face feature templates (i.e., identity matching templates). The device compares the currently collected user's facial features with these family member templates, calculating the feature similarity. When the similarity exceeds a preset threshold, a successful match is determined, and the matching result is "Match Successful"; otherwise, the matching result is "Match Unsuccessful".

[0071] S103. If the matching result shows that the identity authentication information matches the identity matching template successfully, do not instruct the execution of the target task.

[0072] In traditional identity authentication scenarios, only a single type of identity matching template is configured, namely the identity information of the authorized user (such as the device owner). When the acquired identity authentication information matches the template successfully, the device executes the target task (such as unlocking); when the match fails, the device refuses to execute the target task. This processing mode categorizes all unsuccessful identity authentication attempts as invalid authentications, resulting in direct rejection of authentication failures triggered by non-malicious factors (such as accidental touches by family members, or input of historical passwords) in electronic device application scenarios, failing to distinguish the differences between different authentication failure scenarios. In the embodiments of this application, the identity matching template includes identity information corresponding to an object exempt from execution. An object exempt from execution refers to an object whose identity authentication information, when verified, does not have the permission to execute the target task, but whose authentication failure will not be considered a malicious verification scenario such as a stranger's verification. This can effectively distinguish between malicious identity verification and accidental touch scenarios in the actual application scenarios of electronic devices.

[0073] This application embodiment achieves refined classification and processing of identity authentication failure events by setting an identity matching template corresponding to the non-executable object. When the identity authentication information successfully matches the non-executable object, it indicates that the current authentication behavior belongs to a non-malicious scenario such as accidental touch by a family member. When the identity authentication information fails to match any identity matching template, it indicates that the current authentication behavior may come from a stranger or pose a security threat. Through the above method, this application embodiment solves the problem of traditional processing modes being unable to distinguish between malicious attacks and daily accidental touches, and can perform differentiated processing according to different types of authentication behavior, thereby improving the security of electronic devices in different application scenarios.

[0074] This application provides a control method that, in response to a trigger command, obtains authentication information, matches the authentication information with an identity matching template, obtains a matching result indicating whether to execute a target task, and, if the match is successful, does not instruct the execution of the target task. In this application embodiment, when the authentication information successfully matches the identity matching template of the object to be exempted from execution, it only refrains from instructing the execution of the target task without identifying it as malicious authentication, thereby achieving refined identification and differentiated processing of everyday accidental triggering scenarios such as accidental touches by family members. Compared to the existing technology's approach of treating all matching failures uniformly, this application improves device usability and user experience while maintaining a security baseline (i.e., refusing unauthorized users from executing target tasks).

[0075] In this embodiment, when the identity authentication information successfully matches the identity matching template, no target task is instructed to be executed, and further, no processing task related to authentication enhancement is instructed to be executed. Authentication enhancement tasks refer to auxiliary mechanisms used to strengthen device security, including counting tasks that record the number of authentication failures, locking tasks that temporarily disable specific authentication methods, upgrade tasks that prompt the user to perform higher-level verification, and prompting tasks that send security alerts to the user. These authentication enhancement tasks collectively constitute the device's security protection system, and their triggering conditions are usually associated with authentication failure events.

[0076] In one embodiment of this application, the matching result is further used to indicate whether to execute a counting task. The counting task is used to record the number of times the matching result indicates that the identity authentication information and the identity matching template have failed to match. If the number of times reaches a threshold, it is prohibited to indicate the execution of the target task based on the identity authentication information. Correspondingly, if the matching result indicates that the identity authentication information and the identity matching template have successfully matched, not indicating the execution of the target task includes: if the matching result indicates that the identity authentication information and the identity matching template have successfully matched, not indicating the execution of the target task and not indicating the execution of the counting task; if the matching result indicates that the identity authentication information and the identity matching template have failed to match, not indicating the execution of the target task and indicating the execution of the counting task.

[0077] In this embodiment, the counting task is used to record the number of times the identity authentication information fails to match the identity matching template. It can run in the processor of the electronic device, and the counting data is stored in the memory of the electronic device. This counting data is associated with the type of biometric identification and the triggering scenario. Further fine-grained counting can also be implemented; for example, the counting task can be a failure counter task for the biometric identification lockout mechanism in the electronic device's system. The thresholds set in the counting task can include a short-term lock threshold (e.g., 5 times) and a permanent lock threshold (e.g., 10 times). When the number of failures in the counting task reaches the short-term lock threshold, the electronic device triggers a short-term lock on the biometric identification function (e.g., 30 seconds), prohibiting the execution of the target task based on the identity authentication information during the lock period. When the number of failures reaches the permanent lock threshold, a permanent lock on the biometric identification function is triggered, forcing the user to unlock it through master password verification before the biometric identification function can be restored.

[0078] Specifically, by introducing a counting task and its association with the matching results, fine-grained counting processing of authentication failure events is achieved. When the authentication information successfully matches the identity matching template (i.e., identified as an object exempt from execution), the device not only refuses to execute the target task but also does not trigger the counting task. This authentication failure is not counted in the failure count and will not affect the subsequent lockout status. Conversely, when the authentication information fails to match the identity matching template (i.e., neither an authorized user nor an object exempt from execution), the device refuses to execute the target task and triggers the counting task to record a failure.

[0079] Taking smartphone unlocking as an example, the device pre-stores facial templates of the owner's family members. When a family member picks up the phone, facial recognition obtains the facial information to be verified and successfully matches it with the family member's facial template. The device remains locked and does not trigger a counting task, so the number of failures remains unchanged. When a stranger attempts to unlock, the facial features do not match the owner's family member's facial template. The device remains locked and triggers a counting task, increasing the number of failures. When the cumulative number of failures reaches a temporary lock threshold (e.g., 5 times), the device triggers a temporary lock on the biometric function, for example, prohibiting unlocking based on facial recognition for 30 seconds. When the number of failures reaches a permanent lock threshold (e.g., 10 times), the device triggers a permanent lock, forcing the user to unlock via master password verification. After successful verification, the biometric function can be restored.

[0080] Through the above processing, this embodiment retains traditional lock enhancement mechanisms (such as the Lockout mechanism) and introduces an identity matching template so that non-malicious scenarios such as accidental touches by family members no longer consume failure counts, effectively solving the problem of frequent device lockouts caused by daily accidental touches. At the same time, it still retains complete counting and lockout protection against malicious attempts by strangers, achieving a balance between security and usability.

[0081] In some embodiments of this application, the identity matching template includes at least a first identity matching template and a second identity matching template. The matching result is also used to indicate whether a counting task should be executed. The counting task records the number of times the matching result indicates a failure to match the identity authentication information with the identity matching template. If the number of failures reaches a threshold, the execution of the target task based on the identity authentication information is prohibited.

[0082] If the matching result shows that the authentication information matches the identity matching template successfully, no instruction is given to execute the target task. This includes: if the matching result shows that the authentication information matches the first identity matching template successfully, the execution module is instructed to execute the target task. If the matching result shows that the authentication information matches the second identity matching template successfully, the execution module is not instructed to execute the target task, and the electronic device remains in the first state, and no instruction is given to execute the counting task.

[0083] See Figure 2 This illustrates a schematic diagram of an identity recognition processing flow provided in an embodiment of this application. Figure 2 The identity verification process shown in the illustration may include an identity verification process and an identity matching template setting process. In this embodiment, the first identity matching template corresponds to the identity information of an authorized user who can perform the target task, such as the owner of the electronic device. The second identity matching template corresponds to an object exempt from execution, such as a family member of the owner or an object that can be exempted from execution by the owner. It should be noted that in this embodiment, the second identity matching template can be the user corresponding to the first identity matching template (such as the owner), manually entered through the identity setting interface provided by the electronic device, or it can be the second identity matching template automatically analyzed and identified by the analysis engine of the electronic device (the process of automatically identifying and generating the second identity matching template will be described in detail in subsequent embodiments of this application, and will not be described in detail here). When the matching result, including the identity authentication information, successfully matches the first identity matching template, the execution module is instructed to execute the target task. The execution module is used to execute the target task, causing the electronic device to switch from a first state to a second state. For example, the first state is a locked state, and the second state is an unlocked state; or the first state is a pending verification state before payment, and the second state is a payment completed state. For example, in an unlocking scenario, the execution module could be the system's lock screen management service, responsible for controlling the screen's locking and unlocking; in a payment scenario, the execution module could be the transaction processing module of a payment application, responsible for interacting with the payment server to complete the transaction. By separating the matching result from the execution module's instructions, this embodiment decouples identity authentication from the execution of the target task, facilitating flexible control of the execution behavior corresponding to different identity authentication results. Correspondingly, when the matching result, including identity authentication information, successfully matches the second identity matching template, the execution module is not instructed to execute the target task, allowing the electronic device to remain in its first state, and no counting task is instructed to be executed.

[0084] In this embodiment, when the identity matching template includes a first identity matching template and a second identity matching template, the process of matching the identity authentication information with each identity matching template can be implemented in various ways. For example, a parallel matching method can be used, that is, the identity authentication information is compared with the first identity matching template and the second identity matching template simultaneously to obtain a matching result; a random matching method can also be used, that is, a random identity matching template is selected for comparison first, and if a match is successful, the matching process is terminated, otherwise the comparison with other templates continues; a sequential matching method can also be used, that is, the identity authentication information is compared with each identity matching template in a preset order.

[0085] In practical applications, in order to optimize matching efficiency and user experience, it is usually necessary to set the matching order according to the importance or frequency of use of the identity matching template. In one implementation of this application embodiment, matching identity authentication information with identity matching templates includes: determining the matching order based on the priority of the first identity matching template and the second identity matching template; and matching the identity authentication information with the identity matching templates in sequence based on the matching order.

[0086] The priority of the first and second identity matching templates can be determined based on a variety of factors, including the importance of the corresponding object, usage frequency, security level, and historical matching success rate. Specifically, the priority can be statically configured, such as by the system or the user, or it can be dynamically adjusted, such as by automatically updating based on historical usage data.

[0087] For example, the first identity matching template (corresponding to the target user authorized to perform the target task, such as the device owner) is more important than the second identity matching template (corresponding to the exempted object, such as a family member). Therefore, by default, the first identity matching template can be set to have a higher priority than the second identity matching template to ensure that the device owner's authentication request is processed first and the target task such as unlocking is completed quickly.

[0088] For frequently used identity matching templates, higher priority can be assigned to reduce average matching time and improve user experience. For example, if statistics show that family members use the device more frequently than the owner (e.g., children often use tablets for learning), the priority of the second identity matching template can be dynamically adjusted to be higher than the first identity matching template, allowing family members' authentication requests to receive matching results faster. For scenarios with high security requirements (e.g., payment verification), the priority of the first identity matching template can be set higher than the second identity matching template to prioritize verifying whether the user is the owner; for scenarios with lower security requirements (e.g., device unlocking), the priority can be flexibly adjusted according to actual usage. Priorities can be dynamically adjusted in different application scenarios. For example, in a home network environment, where family members are more likely to use the device, the priority of the second identity matching template can be appropriately increased; in public places, where the risk of strangers attempting to unlock is higher, the high priority of the first identity matching template should be maintained.

[0089] Then, based on the established priorities, the matching order is determined. High-priority identity matching templates are matched first, followed by low-priority templates. Based on this matching order, the identity authentication information is matched against each identity matching template sequentially. During the matching process, if the current template matches successfully, appropriate processing can be performed based on the matching result, and subsequent matching will terminate; if the current template fails to match, matching continues with the next higher priority template until all templates have been matched.

[0090] This embodiment prioritizes authentication requests based on usage frequency or importance, enabling rapid responses to high-frequency or high-priority user authentication requests, reducing average matching time, and improving user experience. Priorities can be dynamically adjusted based on scenario information to adapt to changing needs in different usage environments, such as prioritizing family members in a home environment and maintaining the owner's priority in public places. On resource-constrained devices, priority-based matching can reduce unnecessary computational overhead, especially when the matching database storing identity matching templates is large.

[0091] In one implementation of this application, the first identity matching template has a higher priority than the second identity matching template. The process of sequentially matching identity authentication information with the identity matching templates based on the matching order includes: matching the identity authentication information with the first identity matching template; if the matching result indicates that the identity authentication information and the first identity matching template are not successfully matched, no target task is instructed to be executed; and matching the identity authentication information with the second identity matching template; if the matching result indicates that the identity authentication information and the second identity matching template are successfully matched, no counting task is instructed to be executed; if the matching result indicates that the identity authentication information and the second identity matching template are not successfully matched, a counting task is instructed to be executed.

[0092] See Figure 3 It illustrates a schematic diagram of the processing flow for a verification scenario of unlocking an electronic device provided in an embodiment of this application. Figure 3 The target task in this context represents the task of switching an electronic device from a locked state to an unlocked state. The first identity matching template is the biometric template of the target user (i.e., the owner) of the electronic device, such as the owner's facial feature data. This template is used to identify the user authorized to perform the unlocking operation. The second identity matching template is the biometric template of the object to be unlocked, such as the facial feature data of a family member. The identity authentication information to be verified is a facial image. Figure 3 The processing steps for the application scenario shown may include the following:

[0093] S301. In response to the trigger command, obtain the face image to be verified.

[0094] When an electronic device detects a user action (such as pressing the power button or raising the device to wake it up), it activates the front-facing camera to capture the user's facial image as authentication information to be verified.

[0095] S302. Match the face image with the facial feature data of the device owner.

[0096] The device first compares the captured facial image with the stored first identity matching template, i.e., the facial feature data of the device owner, and calculates the feature similarity.

[0097] S303. Determine whether the facial feature data matches that of the device owner.

[0098] If the similarity between the face image and the facial feature data of the device owner exceeds a preset threshold, the match is considered successful and proceeds to step S304; otherwise, the match is considered unsuccessful and proceeds to step S305.

[0099] S304. Switch the electronic device from locked state to unlocked state.

[0100] A successful match indicates that the current user is the owner of the device. The device then instructs the user to perform the target task, namely the unlocking operation. The electronic device switches from the locked state to the unlocked state, and the process ends.

[0101] S305. Match the face image with the facial feature data of family members.

[0102] A failed match indicates that the current user is not the owner of the device, and the device will continue to compare the facial image with the second identity matching template, namely the facial feature data of a family member.

[0103] S306. Determine whether the facial feature data matches that of a family member.

[0104] If the similarity between the face image and the facial feature data of a family member exceeds a preset threshold, the match is considered successful and proceeds to step S308; otherwise, the match is considered unsuccessful and proceeds to step S307.

[0105] S307, Unlocking is prohibited; execute counting task.

[0106] A failed match indicates that the current user is neither the owner nor a family member (e.g., a stranger). The device remains locked (unlocking is prohibited) and a counting task is triggered to add this authentication failure to the failure count. When the cumulative number of failures reaches a threshold, the device will enter an enhanced lockout state.

[0107] S308, Unlocking is prohibited; counting task will not be performed.

[0108] A successful match indicates that the current user is a family member (the object of no execution). The device remains locked (unlocking is prohibited), but the counting task is not triggered. That is, this authentication failure is not counted in the failure count and does not affect subsequent unlocking attempts.

[0109] Through the above steps Figure 3 The process shown fully realizes differentiated processing for three different user groups: device owner, family members, and strangers. While ensuring device security, it avoids frequent locking caused by accidental touches by family members, thus improving the user experience.

[0110] In this embodiment, the identity matching template can be manually added by the user or pre-generated by the electronic device processing system. However, in actual applications, the identity characteristics of the exempt object corresponding to the identity matching template may not be pre-recorded, but frequent authentication failure events can still lead to unnecessary device locking. To solve this problem, in this embodiment, when the identity matching template includes at least a first identity matching template, if the matching result is that the identity authentication information matches the identity matching template successfully, the execution of the target task is not indicated. This includes: if the matching result shows that the identity authentication information does not match the first identity matching template successfully, the execution of the target task is not indicated, but the execution of the counting task is indicated; if the trigger instruction is obtained based on the target network environment, the identity authentication information is recorded based on the counting task; in response to the number of counting tasks corresponding to the first identity authentication information reaching a first threshold, a reference identity matching template is generated based on the first identity authentication information, and the reference identity matching template is stored as a second identity matching template; in response to the number of counting tasks reaching a second threshold, the execution of the target task based on the first identity authentication information is prohibited; wherein, the first threshold is less than the second threshold.

[0111] In its initial state, the electronic device's matching library may contain a first identity matching template, which includes the identity information of the target user (such as the device owner). Alternatively, the matching library may contain both a first and a second identity matching template (the second identity matching template may include the identity information of the object to be exempted from execution). To ensure that the identity recognition process is more tailored to different application scenarios for the electronic device, thereby improving its security, this application also provides an automatic learning processing mode for identity information based on the target network environment. By statistically analyzing frequently occurring authentication failure identity features in relevant application scenarios, it automatically identifies and generates corresponding second identity matching templates, enabling the second identity matching templates to dynamically adapt to different application scenarios and user needs.

[0112] A target network environment refers to a pre-defined, trusted network environment, such as a home Wi-Fi network or a company office network. Electronic devices can identify whether they are in a target network environment by detecting the identifier of the currently connected wireless network (such as SSID), IP address range, and base station information. For example, when a device connects to a wireless network named "Home_WiFi," it determines that it is currently in a target network environment. The target network environment can be manually configured by the user or automatically learned by the system based on usage habits. For example, if the system detects that a device frequently connects to a certain Wi-Fi network at night, it can automatically mark it as a target network environment.

[0113] In this embodiment, a first threshold is used to trigger automatic learning to generate a second identity matching template, and a second threshold is used to trigger a lock-enhanced state. The first threshold is less than the second threshold, which allows for the identification of high-frequency accidental touches leading to authentication failures and the generation of a second identity matching template before the electronic device is locked, thus solving the problem of subsequent accidental touches causing the electronic device to enter enhanced mode and lock. For example, in one implementation, the electronic device maintains an independent counter for each identity authentication information that fails to match in the target network environment. When an identity authentication information fails to match for the first time in the target network environment, the device creates a count record for that information and initializes the counter to 1. Subsequently, whenever the identity authentication information fails to match again in the target network environment, the device increments the counter by 1. When the counter count for a certain identity authentication information reaches the first threshold, the device triggers an automatic learning mechanism, extracts the feature data of that identity authentication information, encapsulates it into a template format that can be compared with subsequent identity authentication information, and stores it in the matching library as a second identity matching template. The first threshold can be set according to actual needs, for example, to 3 or 5 times. This threshold should not be set too high, otherwise it may cause high-frequency accidental touch features to accumulate too many failures before learning; nor should it be set too low, otherwise occasional events may be mistakenly learned as objects exempt from execution. When the total number of failures recorded by the counting task (i.e., the cumulative number of times all identity authentication information fails to match the first identity matching template) reaches the second threshold, the device prohibits the execution of the target task based on the identity authentication information and enters a locked enhanced state. For example, the second threshold can be set to 5 times. When the cumulative number of failures reaches 5 times, if the identity authentication information is biometric information, the electronic device temporarily disables the biometric function for 30 seconds, or forces the user to unlock by verifying the master password.

[0114] Taking a home network scenario as an example, suppose a user sets their home Wi-Fi as the target network environment, setting a first threshold of 3 attempts and a second threshold of 5 attempts. Family member B's facial features are not pre-registered in the matching database for a second identity verification template. When family member B picks up the phone for the first time, facial recognition fails, and the device creates a count record for family member B's facial features, with a counter of 1 and a cumulative failure count of 1. On the second failure, the counter increases to 2, and the cumulative failure count remains 2. On the third failure, the counter reaches 3, exceeding the first threshold, and the device automatically generates and stores a second identity matching template for family member B's facial features. At this point, the cumulative failure count is 3. On the fourth attempt, family member B's face matches the second template successfully. The device does not instruct unlocking and does not trigger a counting task; the cumulative failure count remains 3 and does not increase further. Afterward, if a stranger attempts to unlock, the cumulative failure count increases from 3, triggering a lock when it reaches 5. Through this mechanism, family member B's accidental touches no longer consume failure counts after learning, while malicious attempts by strangers will still count normally and trigger a lock, achieving a balance between security and usability.

[0115] This application also provides a method for users to manually add identity information as a second identity matching template. Specifically, users can add corresponding identity information as a second identity matching template through the system interface for adding identity information provided by the electronic device. Taking biometric information (such as facial images, fingerprint information, etc.) as an example, the process of manually adding biometric information of an object without execution is described in the following example. Figure 4 This illustrates a flowchart of a process for manually adding and generating a second identity matching template, provided in an embodiment of this application. Figure 4 The user is the authenticated user of the electronic device (such as the device owner). The system interface is the interface provided by the electronic device for manually entering the biological information of the object that does not require execution. The biological service is the module that collects and processes the corresponding biological information.

[0116] Specifically, in Figure 4 The user first accesses the "Trust List Management" interface provided by the electronic device. This interface is used to manage the identity information of objects exempt from execution. In this interface, the user selects to add a new trusted object. The system interface responds to the user's action by sending a request to the biometric service module (in...). Figure 4The system sends a command to initiate biometric data collection. Upon receiving the command, the Biometric Service module initiates the corresponding biometric data collection function. Taking facial features as an example, the Biometric Service module uses the front-facing camera to display a preview on the system interface, prompting the user to align the face to be added with the camera. After the user completes the facial image collection as prompted, the Biometric Service module extracts the collected facial feature data and temporarily stores it in a temporary storage area. After collection, the system interface requests password verification from the user, displaying a password input box and prompting the user to enter a master password. After the user provides the master password, the system verifies it to confirm that the current operator is an authenticated user (i.e., the account holder). Upon successful verification, the Biometric Service module associates the collected biometric data with the user information, encrypts it, and stores it in the matching library as a secondary identity matching template. During storage, the system can mark the template to distinguish it as a manually added type, allowing for appropriate capacity limits and eviction strategies during subsequent management (e.g., manually added templates have a fixed capacity of 3 and can only be removed by the user's active deletion).

[0117] After storage, the biometric service module returns the operation result to the system interface, which displays a "Successfully Added" message, informing the user that the identity information of the exempted object has been successfully added. Users can view the added trust list through the "Trust List Management" interface and delete or edit added templates. Through this manual addition process, users can manage the identity information of exempted objects according to their actual needs. For example, they can add the facial features of family members or the fingerprint information of frequently used contacts as secondary identity matching templates, enabling the device to recognize the authentication behavior of these trusted users and perform differentiated processing, further improving the device's flexibility and user experience.

[0118] In another embodiment of this application, the authentication information of failed authentications can be autonomously analyzed based on time-period statistics to generate a second identity matching template. For example, the electronic device records the authentication information corresponding to the first identification failure event in each statistical period, using a preset duration (e.g., 72 hours) as a statistical period. The electronic device can also maintain a temporary cache pool to store candidate authentication information recorded in each statistical period, and manage it using a rolling time window method, for example, retaining data from the most recent five statistical periods and automatically removing data from older periods that exceed the window. When the same authentication information appears in at least two different statistical periods, it indicates that the feature has the characteristic of periodic repetition. The device generates a second identity matching template corresponding to the authentication information and stores it in the matching library. In this way, the system can effectively identify regular accidental touch features, avoid mislearning single, occasional events as non-executable objects, and ensure the timeliness of statistical data. Figure 5As shown, Figure 5 This illustration shows a flowchart of an automatic learning and generation of identity matching templates provided in an embodiment of this application. Figure 5 The document demonstrates the operation mechanism of the background maintenance thread, the management of the temporary cache pool, and the generation process of the second identity matching template.

[0119] In this embodiment, biometric information is used as identity information, and biometric authentication is used as an example. Even when a user continuously performs a target task (such as unlocking a device) using biometric authentication, the system will still force periodic master password verification. By default, a master password verification request is triggered every 72 hours, requiring the user to enter the master password. Each successful master password verification is considered a trusted operation anchor point, triggering the following actions: resetting the biometric usage cycle timer and activating the periodic rotation check of the temporary cache pool. By forcing master password input, control of the electronic device is ensured to remain in the hands of the authenticated user (such as the device owner), while providing a reliable time window benchmark for accidental touch feature analysis.

[0120] This embodiment adopts a storage architecture that separates the temporary cache pool managed by the rolling time window from the automatically generated queue, as shown in Table 1 below.

[0121] Table 1

[0122] storage layer Data content Storage strategy capacity Temporary cache pool All first-time appearances of biological characteristics 72-hour x 5-cycle rolling window Dynamic adjustment Automatically generated second identity matching template Confirmed accidental touch characteristics LRU phase-out Fixed capacity 5 Manually added second identity matching template User-added features Permanent storage (can be manually deleted) Fixed capacity 3

[0123] Each statistical period is 72 hours, and the system always retains data from the most recent 5 periods (total duration 360 hours). Data from older periods that exceed the window is automatically removed to ensure the timeliness of statistical data and avoid the influence of outdated data on current judgments. Features must meet the following conditions to be automatically entered into the second identity matching template: recognition failure occurs in at least two different 72-hour periods; there is at least one recognition failure record in each period.

[0124] The following is a specific timeline example illustrating the automatic learning process (assuming each cycle is 1, 2, 3, 4, 5, and 72 hours), see Table 2.

[0125] Table 2

[0126] cycle Time range Occurrence of Feature A Temporary cache pool status Period 1 Day 0-3 Failed once New record: (A, Period 1) Period 2 Days 3-6 No appearance Record keeping Period 3 Days 6-9 Failed twice New record: (A, Period 3) Period 4 Days 9-12 No appearance Automatically meet cross-cycle conditions, then move to the automatically generated second identity matching template. Period 5 Days 12-15 Window sliding, period 1 data removal Only retain records from period 3.

[0127] The data processing methods for different storage layers are shown in Table 3.

[0128] Table 3

[0129] stage Temporary cache pool processing Exemption queue processing Write trigger When the first recognition fails Meets cross-cycle conditions / Manually added Storage duration Maximum 5 x 72 hours Permanent (manual) or LRU (automatic) replacement Data Elimination Automatic removal after timeout LRU evicts when capacity is full Safety impact Record only, no exemption Actual impact on Lockout count

[0130] The temporary cache pool is a storage area in electronic devices used to temporarily store candidate identity authentication information, recording the identity features corresponding to matching failure events occurring in the target network environment. The temporary cache pool is managed using a rolling time window approach, with a statistical period of 72 hours as an example. The rolling window means the temporary cache pool retains data from the most recent 5 statistical periods. Data from older periods exceeding this time window is automatically removed to ensure the timeliness of statistical data. When a certain identity authentication information first fails to match in the target network environment, the system creates a new record for that feature in the temporary cache pool and starts a 72-hour period timer for that record. When the same identity authentication information reappears subsequently, the system updates the last appearance time of the record for subsequent eviction decisions. When a certain identity authentication information in the temporary cache pool meets preset conditions (i.e., recognition failure events occur in at least two different statistical periods), the system moves it to an automatically generated second identity matching template. The capacity management of the temporary cache pool uses a combination of rolling window eviction and the LRU (Least Recently Used) algorithm. Rolling window eviction refers to automatically removing data from the temporary cache pool for data that has appeared more than 5 periods, regardless of its frequency, ensuring that the cache pool always retains the most recent valid data. LRU eviction refers to removing the least recently identified feature based on the last appearance time of each record when the temporary cache pool reaches its capacity limit (a maximum of 5 periods of data can be retained, i.e., the capacity is dynamic but limited by the time window), making room for newly appearing features.

[0131] See Figure 6 The diagram illustrates the LRU (Least Recently Used) eviction mechanism. When a new feature arrives, the system first checks if the queue (which stores second identity matching templates) is full. If the queue is not full, the new feature's second identity matching template is directly inserted into the queue. If the queue is full, the system searches for the second identity matching template containing the least recently accessed feature, removes it, and then inserts the new feature. Through this mechanism, the automatically generated second identity matching templates maintain a fixed capacity (5 templates) and prioritize retaining the most recently identified features while evictring the least recently accessed features.

[0132] Figure 7 This illustration shows a schematic diagram of a biometric processing flow provided in an embodiment of this application, demonstrating the complete processing logic for matching identity authentication information with a trusted database (first identity matching template) and an exemption list (second identity matching template). Figure 7 As shown, when a biometric request arrives, it first checks whether it matches the trusted library: if the match is successful, the device is unlocked; if the match fails, it continues to check whether it matches the exemption list: if the match is successful, the unlock is refused and no count is made; if the match fails, the normal Lockout counting process begins. If the count reaches a specific threshold, the master password is verified, and then the circular queue is updated. Figure 8A schematic diagram of the failure handling process is shown, such as Figure 8 As shown, when recognition fails, the system first checks whether the current biometric feature is in the exemption list: if it is in the exemption list, a rejection message is displayed and no count is performed; if it is not in the exemption list, the Lockout count is incremented and it is checked whether the lockout threshold has been reached: if the threshold has been reached, the lockout enhancement state is triggered; if the threshold has not been reached, the process ends.

[0133] Figure 9 A schematic diagram of the automatic exemption queue generation process is shown. Figure 9 As shown, when the period ends, the system determines whether the number of occurrences of each feature within the statistical period reaches or exceeds 2 periods: if yes, the feature is added to the automatic exemption queue (automatically generated second identity matching template); if no, it further determines whether the time of the record is greater than 5 periods: if yes, the record is discarded; if no, it is retained for continued observation. Figure 10 A schematic diagram illustrating the overall process for handling biometric recognition failures is shown. Figure 10 As shown, when biometric identification fails, the system determines whether it matches the exemption list: if the match is successful, it performs a rejection process without counting, maintaining the availability of the biometric function; if the match fails, it enters the normal Lockout process, which may trigger an enhanced lockout state. Through the above mechanism, this embodiment achieves that features in the exemption list only exempt the user from triggering the enhanced lockout state, but still cannot perform the target task (such as unlocking the device); failed attempts to match the exemption list do not affect the failure count, that is, they are not counted in the number of times the enhanced lockout state is triggered.

[0134] Furthermore, embodiments of this application can also acquire and store the second identity matching template through various other methods. For example, the image library stored locally on the electronic device can be learned, and by scanning frequently appearing images of people in the album, their biometric features can be extracted and candidate identity matching templates can be generated. After user confirmation, these templates are stored as the second identity matching template. Another example is that publicly available image data can be obtained from the user's social network platform (image data requiring user authorization or publicly available from the user), identifying individuals who frequently interact with the user (such as family members and friends), and extracting their features as candidates for exemption from execution. Yet another example is that by analyzing the user's address book and contact information, combined with historical interaction data, users who may become exemption targets can be inferred, and the user can be proactively prompted to add them. In addition, stored exemption target information can be obtained from other associated devices of the user (such as devices shared by family members) through cross-device synchronization, achieving matching library sharing and synchronization across multiple devices. Through these various methods, embodiments of this application can acquire the identity information of exemption targets in a richer and more intelligent way, further improving the completeness of the matching library and the user experience.

[0135] In practical applications of electronic devices, these devices may simultaneously collect biometric information from multiple users, such as when multiple people appear in the device's camera field of view at the same time, or when the device simultaneously uses multimodal authentication methods such as facial recognition and fingerprint recognition. To address these complex scenarios where multiple biometric features appear simultaneously, this application further provides a processing method for multi-biometric joint authentication. The process of matching identity authentication information with an identity matching template may include:

[0136] S401. Analyze identity authentication information.

[0137] After obtaining authentication information, electronic devices first analyze the information to determine the types and number of biometric features it contains. The analysis process may include: determining whether the authentication information is a single biometric feature or multiple biometric features; if multiple biometric features, further distinguishing the biometric feature type corresponding to each feature (such as face, fingerprint, iris, etc.) and whether each feature may originate from different users. For example, when a device captures an image through a camera, a multi-object detection algorithm can be used to analyze whether the image contains multiple face regions; when the device simultaneously enables face recognition and fingerprint recognition, it can identify whether the current authentication request simultaneously contains face images and fingerprint data.

[0138] S402. If the identity authentication information includes the first biometric information of the first user and the second biometric information of the second user, match the first biometric information and the second biometric information with the identity matching template respectively.

[0139] In this system, the first user and the second user are different. When the analysis results indicate that the identity authentication information contains multiple biometric information from different users, the device performs independent matching processing on each biometric information. Specifically, the first user's first biometric information is matched with the identity matching template to obtain a first matching result; the second user's second biometric information is matched with the identity matching template to obtain a second matching result. During the matching process, each biometric information is compared with the identity matching template according to a preset matching order (such as priority order).

[0140] Correspondingly, if the matching result shows that the identity authentication information matches the identity matching template successfully, and the target task is not executed, the process also includes:

[0141] If the matching result includes the first biometric information failing to match the first identity matching template and the matching similarity being greater than the similarity threshold, and the second biometric information successfully matching the second identity matching template, then the target task is instructed to be executed, but the counting task is not instructed to be executed.

[0142] When the first biometric information fails to match the first identity matching template but the similarity is greater than the similarity threshold, it indicates that the current user is likely the target user. However, due to certain objective factors (such as facial occlusion, angle deviation, insufficient lighting, sensor damage, etc.), the quality of the collected biometrics has decreased, failing to meet the strict matching threshold required for unlocking. In this case, if the second biometric information that appears simultaneously matches the second identity matching template successfully, confirming the presence of an object exempt from execution (such as a family member), it can be reasonably inferred that the current scenario is a normal usage scenario for the target user in a trusted environment, and the execution of the target task should be allowed.

[0143] In the embodiments of this application, the similarity threshold can be a fixed value preset by the system, or it can be dynamically adjusted based on historical data. For example, the system records the matching similarity distribution of users in different environments and adaptively determines a reasonable similarity threshold. Alternatively, different similarity thresholds can be used in different usage scenarios. For example, a lower similarity threshold can be used in a home network environment (more convenient), while a higher similarity threshold can be used in public places (more secure).

[0144] For example, a smart door lock is configured with: a first identity matching template, which is the homeowner's facial features (unlock threshold 90%). A second identity matching template, such as family members' fingerprint features, with a similarity threshold set to 70%.

[0145] One day, the homeowner's face was sweaty, causing poor facial recognition performance, while a family member was present. The door lock camera captured the homeowner's face, and the fingerprint sensor simultaneously captured the family member's fingerprints: the homeowner's face was compared with the first template, showing a 75% similarity, which was below the unlock threshold but above the 70% similarity threshold. The family member's fingerprint was compared with the second identity matching template, and the match was successful. The joint authentication conditions were met, and the door lock indicated that it would unlock, without performing a counting task.

[0146] This embodiment introduces a multi-biometric joint authentication mechanism. When the biometric matching of the target user fails due to factors such as occlusion or angle, it uses the features of the simultaneously appearing non-executable object for auxiliary verification, which effectively improves the authentication pass rate in complex scenarios. At the same time, by setting a similarity threshold, it ensures that the target task is only allowed to be executed when there is a highly suspected target user and a trusted accompanying person, thereby optimizing the user experience while ensuring security.

[0147] It should be noted that the above embodiments use biometric information (such as face and fingerprint) as examples for identity authentication information. However, in this embodiment, identity authentication information can also be digital password information, and the second identity matching template can store historical password information previously used by the user. Correspondingly, the first identity matching template stores the user's currently valid password information. When the user's entered digital password successfully matches the first identity matching template, the device executes the target task (such as completing the payment); when the user's entered digital password fails to match the first identity matching template but successfully matches the historical password stored in the second identity matching template, it indicates that the current authentication behavior is a scenario of mistakenly entering an old password due to user memory confusion. The device refuses to execute the target task and does not trigger the counting task, thus avoiding temporary locking of the payment function due to multiple mistaken entries of old passwords.

[0148] The following example illustrates an electronic payment scenario. User C sets a 6-digit numeric payment password in a mobile payment app. Recently, for security reasons, User C changed the payment password, but the old password is still stored in the matching database as a secondary identity matching template. When User C checks out at a supermarket, they use the mobile payment app to scan a QR code to pay. The payment app pops up a password input interface, and User C habitually enters the old password (the password before the change). The payment app uses the user's entered password as authentication information and compares it with the identity matching template. Since the entered password matches the historical password template exactly but does not match the currently valid password, the matching result is determined to be a successful match with an object exempt from execution. Based on this matching result, the payment app does not instruct the execution of the payment task, the transaction fails, but this password error is not counted in the payment failure count. After receiving the "password error" prompt, User C immediately realizes that they entered the old password, then enters the new password, and the payment is successful. Because the old password error was not counted in the failure count, User C does not need to unlock their account or wait, and the payment experience is unaffected. Under existing technology, entering old passwords would also count towards the payment failure count. Multiple incorrect entries could lead to temporary account lockouts, requiring users to use more complex authentication methods (such as SMS verification codes or human customer service) to unlock their accounts, severely impacting the payment experience. This embodiment, through the above method, effectively avoids frequent account lockouts caused by users forgetting and confusing old passwords, while ensuring payment security (the old password still cannot complete the payment), thus improving the user experience in payment scenarios.

[0149] In practical applications, there may be multiple objects that are exempt from execution, each without the authority to execute the target task independently, but which, when combined, can form a reliable use case. For such application scenarios, in this embodiment, the second identity matching template includes at least a first second identity matching template and a second second identity matching template, with the first and second identity matching templates corresponding to different users. Specifically, if the matching result shows a successful match between the identity authentication information and the identity matching template, execution of the target task is not indicated. Furthermore, if the matching result includes a successful match between the first biometric information and the first and second identity matching templates, and a successful match between the second biometric information and the second second identity matching template, execution of the target task is indicated, but execution of the counting task is not indicated.

[0150] In this embodiment, the second identity matching template includes at least a first second identity matching template (such as the identity matching template for user C) and a second second identity matching template (such as the identity matching template for user D). The first second identity matching template and the second second identity matching template correspond to different users. Both templates are execution-free objects, meaning that even if a match is successful on their own, they are not authorized to execute the target task (such as unlocking), but they will not trigger a counting task either.

[0151] After the electronic device's data acquisition unit detects a trigger command (active / passive trigger), if multiple biometric features are detected simultaneously (e.g., two people facing a facial recognition camera simultaneously, or two people pressing a fingerprint sensor simultaneously), it collects the raw biometric data of each user separately, extracts feature point data independently, and forms multiple sets of identity authentication sub-information (e.g., the identity authentication sub-information of the first user, the identity authentication sub-information of the second user), which is used as the overall identity authentication information for this instance. If only a single biometric feature is detected, the feature is collected and extracted in the conventional manner to form a single set of identity authentication information. After receiving the combined identity authentication information, the electronic device first splits it to obtain the identity authentication sub-information of each user. Then, it matches each identity authentication sub-information with a subset of the corresponding second identity matching template. Simultaneously, it matches the combined identity authentication information with the first identity matching template (the user themselves). The matching process still follows the principle that the first identity matching template has the highest priority. If a match with the first identity matching template is successful, the subsequent matching is terminated and the unlocking task is executed. If a match with the first identity matching template fails, the individual matching of each second identity matching template is completed, generating an overall matching result containing the matching results of each sub-information. If the matching result includes a successful match between the first biometric information and the first and second identity matching templates, and a successful match between the second biometric information and the second and second identity matching templates, then the target task is instructed to be executed; otherwise, the counting task is not instructed to be executed.

[0152] For example, in a typical family setting, a user might pre-set a first and second identity matching template (spouse's facial information) and a second identity matching template (child's facial information) for their phone's facial recognition function. Both are manually added second identity matching templates (i.e., facial features of the user who doesn't require execution). When the spouse and child both pick up the phone to unlock and view the family photo album, the phone's camera simultaneously captures their facial features. After matching, the spouse's features successfully match the first and second identity matching templates, and the child's features successfully match the second identity matching template. The system then immediately performs the unlock operation, without requiring the user's presence and without triggering any counting operations.

[0153] When a spouse picks up the phone to check notifications, only their facial features are captured and successfully matched with the first and second identity matching templates. The system will then classify this as a routine accidental touch, and will not perform an unlock operation, but it will also be exempt from counting. If a stranger and a child appear in front of the camera at the same time, only the child's features will match successfully while the stranger's features will not match. The system will still keep the screen locked and will not count the touches, thus satisfying the convenience of family sharing while ensuring the data security of electronic devices.

[0154] See Figure 11 In this application embodiment, an electronic device is also provided, including:

[0155] The data acquisition device 10, in response to a trigger command, obtains identity authentication information;

[0156] Processor 20 is configured to execute the computer program to perform the following steps:

[0157] The identity authentication information is matched with the identity matching template to obtain a matching result, which is used to indicate whether to execute the target task.

[0158] If the matching result indicates that the identity authentication information matches the identity matching template successfully, the target task is not instructed to be executed.

[0159] In one possible implementation, the processor includes:

[0160] A first processor is configured to execute the computer program to perform the following steps:

[0161] The identity authentication information is matched with the identity matching template to obtain a matching result, which is used to indicate whether to execute the target task.

[0162] If the matching result indicates that the identity authentication information matches the identity matching template successfully, the target task is not instructed to be executed.

[0163] The second processor is used to execute the target task based on the matching result.

[0164] In this embodiment, the processor includes a first processor and a second processor. The first processor is mainly used to perform security processing tasks related to identity authentication, including matching identity authentication information with an identity matching template, obtaining matching results, and determining whether to instruct the execution of a target task based on the matching results. The second processor is mainly used to actually execute the operation corresponding to the target task based on the matching results output by the first processor, such as controlling the electronic device to switch from a locked state to an unlocked state, executing payment transactions, or authorizing access to sensitive applications. By separating identity authentication processing and target task execution to different processors, this embodiment achieves decoupling of security control and function execution. The first processor can be deployed in a trusted execution environment (such as a TEE) or a security chip to ensure the security of the identity authentication process; the second processor is responsible for the specific function implementation. The two work together to ensure both the security and reliability of the authentication process and the efficiency and flexibility of the target task execution.

[0165] It should be noted that the specific implementation of the processor in this embodiment can be referred to the corresponding content above, and will not be described in detail here.

[0166] In another embodiment of this application, a readable storage medium is also provided, on which a computer program is stored, which, when executed by a processor, implements the control method as described above.

[0167] The various embodiments in this specification are described in a progressive manner, with each embodiment focusing on its differences from other embodiments. Similar or identical parts between embodiments can be referred to interchangeably. For the apparatus disclosed in the embodiments, since they correspond to the methods disclosed in the embodiments, the description is relatively simple; relevant parts can be referred to the method section.

[0168] Those skilled in the art will further recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both. To clearly illustrate the interchangeability of hardware and software, the components and steps of the various examples have been generally described in terms of functionality in the foregoing description. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.

[0169] The steps of the methods or algorithms described in conjunction with the embodiments disclosed herein can be implemented directly by hardware, a software module executed by a processor, or a combination of both. The software module can be located in random access memory (RAM), main memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other form of storage medium known in the art.

[0170] The above description of the disclosed embodiments enables those skilled in the art to make or use this application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of this application. Therefore, this application is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A control method, comprising: In response to a trigger command, obtain identity authentication information; The identity authentication information is matched with the identity matching template to obtain a matching result, which is used to indicate whether to execute the target task. If the matching result indicates that the identity authentication information matches the identity matching template successfully, the target task is not instructed to be executed.

2. The method according to claim 1, wherein the matching result is further used to indicate whether to execute a counting task, the counting task being used to record the number of times the matching result indicates that the identity authentication information and the identity matching template have failed to match, and if the number reaches a threshold, the execution of the target task based on the identity authentication information is prohibited; If the matching result indicates that the identity authentication information and the identity matching template match successfully, the step of not instructing the execution of the target task includes: If the matching result indicates that the identity authentication information matches the identity matching template successfully, the target task is not instructed to be executed, nor is the counting task instructed to be executed. If the matching result is that the identity authentication information does not match the identity matching template successfully, the target task is not instructed to be executed, and the counting task is instructed to be executed.

3. The method according to claim 1, wherein the identity matching template includes at least a first identity matching template and a second identity matching template; the matching result is further used to indicate whether to execute a counting task, wherein the counting task is used to record the number of times the matching result indicates that the identity authentication information and the identity matching template have failed to match, and if the number of times reaches a threshold, the execution of the target task based on the identity authentication information is prohibited; If the matching result indicates that the identity authentication information and the identity matching template match successfully, the step of not instructing the execution of the target task includes: If the matching result includes a successful match between the identity authentication information and the first identity matching template, the execution module is instructed to execute the target task. The execution module is used to execute the target task, causing the electronic device to switch from a first state to a second state; If the matching result includes a successful match between the identity authentication information and the second identity matching template, the execution module is not instructed to execute the target task, so that the electronic device remains in the first state and the counting task is not executed.

4. The method of claim 3, wherein, Matching the identity authentication information with the identity matching template includes: The matching order is determined based on the priority of the first identity matching template and the second identity matching template; Based on the matching order, the identity authentication information is matched with the identity matching template sequentially.

5. The method according to claim 4, wherein the priority of the first identity matching template is higher than the priority of the second identity matching template, and the step of matching the identity authentication information with the identity matching templates sequentially based on the matching order includes: Match the identity authentication information with the first identity matching template; If the matching result indicates that the identity authentication information does not match the first identity matching template successfully, the target task is not instructed to be executed; and the identity authentication information is matched with the second identity matching template. If the matching result includes a successful match between the identity authentication information and the second identity matching template, the counting task is not instructed to be executed. If the matching result indicates that the identity authentication information does not match the second identity matching template successfully, the counting task is instructed to be executed.

6. The method according to claim 3, wherein the identity matching template includes at least a first identity matching template, and the step of not instructing the execution of the target task if the matching result is that the identity authentication information matches the identity matching template successfully includes: If the matching result includes a failure to match the identity authentication information with the first identity matching template, the target task is not instructed to be executed, but the counting task is instructed to be executed. If the triggering instruction is obtained based on the target network environment, the identity authentication information is recorded based on the counting task; In response to the counting task corresponding to the first identity authentication information reaching a first threshold, a reference identity matching template is generated based on the first identity authentication information, and the reference identity matching template is stored as a second identity matching template. In response to the counting task reaching a second threshold, execution of the target task based on the first identity authentication information is prohibited; Wherein, the first threshold is less than the second threshold.

7. The method of claim 3, wherein, Matching the identity authentication information with the identity matching template includes: Analyze the identity authentication information; If the identity authentication information includes the first biometric information of the first user and the second biometric information of the second user, the first biometric information and the second biometric information are respectively matched with the identity matching template, and the first user and the second user are different; The step of not instructing the execution of the target task if the matching result is that the identity authentication information and the identity matching template are successfully matched also includes: If the matching result includes the first biometric information failing to match the first identity matching template and the matching similarity being greater than the similarity threshold, and the second biometric information successfully matching the second identity matching template, then the target task is instructed to be executed, but the counting task is not instructed to be executed.

8. The method according to claim 3, wherein the second identity matching template includes at least a first second identity matching template and a second second identity matching template, the first second identity matching template and the second second identity matching template corresponding to different users; The step of not instructing the execution of the target task if the matching result is that the identity authentication information and the identity matching template are successfully matched also includes: If the matching result includes a successful match between the first biometric information and the first and second identity matching templates, and a successful match between the second biometric information and the second and second identity matching templates, then the target task is instructed to be executed; otherwise, the counting task is not instructed to be executed.

9. An electronic device, comprising: The data acquisition device, in response to a trigger command, obtains identity authentication information; Processor, used for: The identity authentication information is matched with the identity matching template to obtain a matching result, which is used to indicate whether to execute the target task. If the matching result indicates that the identity authentication information matches the identity matching template successfully, the target task is not instructed to be executed.

10. The electronic device of claim 9, wherein the processor comprises: A first processor is configured to execute the computer program to perform the following steps: The identity authentication information is matched with the identity matching template to obtain a matching result, which is used to indicate whether to execute the target task. If the matching result indicates that the identity authentication information matches the identity matching template successfully, the target task is not instructed to be executed. The second processor is used to execute the target task based on the matching result.