Risk alerting method and mobile device
By assessing the characteristics of mobile devices to quantify risks and dynamically adjusting the digital key encryption method, the problem of traditional encryption schemes being easily cracked is solved, enabling users to conduct real-time risk assessments and improve security during the unlocking process.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- GUANGZHOU XIAOPENG MOTORS TECH CO LTD
- Filing Date
- 2026-05-08
- Publication Date
- 2026-07-10
AI Technical Summary
In traditional encryption schemes, digital keys are easily cracked by attackers, and users have difficulty understanding the risks during the vehicle unlocking process in real time, which affects vehicle safety and property security.
By acquiring the characteristics of the first and second mobile devices, the communication security between the unlocking device and the unlocked device is assessed, the risk level is quantified, and the encryption method of the digital key is dynamically adjusted based on the risk score to generate risk warning information.
This enhances the security of digital keys across all scenarios, allowing users to promptly understand the risk level of unlocking operations and make corresponding adjustments, thereby improving the overall security and user experience of the unlocking process.
Smart Images

Figure CN122372979A_ABST
Abstract
Description
Technical Field
[0001] This application belongs to the field of communication security technology, specifically relating to a risk warning method and a mobile device. Background Technology
[0002] A vehicle's digital key is a virtual key that utilizes vehicle-to-everything (V2X) communication technology and cryptographic algorithms. It replaces the traditional physical key and can be integrated into mobile terminals such as smartphones and smart wearable devices. Digital keys provide users with a convenient and secure entry point for vehicle control, enabling basic operations such as unlocking doors and starting the vehicle. They also support remote authorization for vehicle use, hierarchical access control, and other functions, adapting to diverse vehicle usage needs.
[0003] Traditional encryption schemes use fixed encryption algorithms to encrypt digital keys, making it easy for attackers to crack the verification logic and unlock the digital key using techniques such as relaying and replay attacks. This poses a serious threat to users' vehicle and property security. Throughout the vehicle unlocking process, users cannot monitor the risk of attack in real time, making it difficult to take timely countermeasures to strengthen vehicle protection. Summary of the Invention
[0004] This application aims to address at least one of the technical problems existing in the prior art. To this end, this application proposes a risk warning method and mobile device that can quantify the risk level of the unlocking process, helping users to understand the current risk level in a timely manner and make corresponding adjustments, thereby improving the overall security of the unlocking process.
[0005] Firstly, this application provides a risk warning method, including: Obtain the first feature collected by the first mobile device; A risk score is received, wherein the risk score is determined based on the first feature and the second feature collected by the second mobile device; one of the first mobile device and the second mobile device is the unlocking device and the other is the unlocked device; the encryption method of the digital key used between the unlocking device and the unlocked device is determined based on the risk score; the features collected by the unlocking device include features generated based on the activities of the target object using the unlocking device; the features collected by the unlocked device include features corresponding to the associated devices of the unlocked device; The system displays risk warning information regarding the unlocking operation, which is generated based on the risk score.
[0006] Secondly, this application provides a mobile device including a memory, a processor, and a display screen; the memory stores a computer program, and the processor executes the aforementioned risk warning method by calling the computer program stored in the memory; the display screen is used to display a graphical user interface.
[0007] The risk alert method and mobile device provided in this application involve acquiring a first feature collected by a first mobile device and a second feature collected by a second mobile device. One of the first and second mobile devices is the unlocking device, and the other is the unlocked device. Therefore, the combination of the first and second features includes: features generated based on the activities of the target object using the unlocking device, and features corresponding to the associated devices of the unlocked device. By analyzing and evaluating the first and second features, the communication security between the unlocking device and the unlocked device can be determined, thereby obtaining a risk score.
[0008] Risk scoring is used to quantify the risk level of the unlocking process. Based on the risk score, the encryption method of the digital key used in the unlocking process is determined, which can realize graded protection and dynamic response, and improve the security of digital keys in all scenarios.
[0009] Based on the risk score, corresponding risk warnings are generated and displayed on the first mobile device, providing information related to the unlocking operation. The first mobile device can be either the unlocking device or the device being unlocked. Therefore, regardless of whether the user is near the unlocking or unlocking device, they can promptly understand the risk level of the current unlocking operation and make appropriate adjustments, thereby improving the overall security of the unlocking process and the user experience.
[0010] Additional aspects and advantages of embodiments of this application will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of embodiments of this application. Attached Figure Description
[0011] To more clearly illustrate the technical solutions in the embodiments of this application, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort. Wherein: Figure 1 This is an application scenario diagram of the risk warning method provided in the embodiments of this application; Figure 2 This is a first flowchart illustrating the risk warning method provided in this application embodiment; Figure 3 This is a second flowchart illustrating the risk warning method provided in the embodiments of this application; Figure 4 This is a schematic diagram of the risk warning method provided in this application embodiment displayed on a terminal; Figure 5 This is a schematic diagram of the risk warning method provided in this application embodiment displayed on the target vehicle; Figure 6 This is a third flowchart illustrating the risk warning method provided in the embodiments of this application; Figure 7 This is a schematic diagram of the fourth process of the risk warning method provided in the embodiments of this application; Figure 8 This is a fifth flowchart illustrating the risk warning method provided in the embodiments of this application; Figure 9 This is a schematic diagram of the sixth process of the risk warning method provided in the embodiments of this application; Figure 10 This is a schematic diagram of the seventh process of the risk warning method provided in the embodiments of this application; Figure 11 This is a schematic diagram of the module of the risk warning device provided in the embodiments of this application; Figure 12 This is a schematic diagram of the structure of the mobile device provided in the embodiments of this application. Detailed Implementation
[0012] The embodiments of this application are described in detail below. Examples of the embodiments of this application are shown in the accompanying drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary and are only used to explain this application, and should not be construed as limiting this application.
[0013] In the description of this application, it should be understood that the terms "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated. Therefore, features defined as "first" or "second" may explicitly or implicitly include one or more features. In the description of this application, "multiple" means two or more, unless otherwise explicitly specified.
[0014] In the description of this application, it should be noted that, unless otherwise expressly specified and limited, the terms "installation," "connection," and "linking" should be interpreted broadly. For example, they can refer to fixed connections, detachable connections, or integral connections. They can refer to mechanical connections, electrical connections, or communication connections. They can refer to direct connections or indirect connections through an intermediate medium, and can refer to the internal communication of two components or the interaction between two components. Those skilled in the art can understand the specific meaning of the above terms in this application according to the specific circumstances.
[0015] Based on the problems existing in the background technology, this application provides a risk warning method and a mobile device.
[0016] Please see Figure 1 , Figure 1 This is an application scenario diagram of a risk warning method provided in an embodiment of this application. The application scenario provided in this application includes a risk warning system 100 and a user. The risk warning system 100 includes a terminal 10, a target vehicle 20, a cloud 30, and a network. The terminal 10, the target vehicle 20, and the cloud 30 are connected via network communication. The risk warning method provided in this application can be executed by the risk warning system 100 or a part thereof.
[0017] Terminal 10 is an electronic device integrating communication, computing, and interaction functions. Terminal 10 can interact with the user, providing information related to the target vehicle 20 through visual, auditory, and tactile means, and generating corresponding commands in response to user actions on the terminal 10. Terminal 10 can collect user-related biometric data, such as the user's voice, fingerprint, iris scan, displacement data, posture data of holding the terminal 10, and specific location. Terminal 10 can also acquire a digital key transmitted from the cloud 30, and transmit the acquired digital key to the target vehicle 20, either after certain processing or without processing, in an attempt to unlock the target vehicle 20. Optionally, the terminal 10 may include, but is not limited to, smartphones, tablets, laptops, smart TVs, wearable smart devices, etc., and this application embodiment does not limit this.
[0018] The target vehicle 20 receives a digital key transmitted from the terminal 10 to determine whether to unlock itself. The target vehicle 20 can also receive a digital key transmitted from the cloud 30 and store it locally. After receiving the digital key transmitted from the terminal 10, it retrieves the local digital key and compares it with the digital key transmitted from the terminal 10 to determine whether to unlock itself.
[0019] The target vehicle 20 may include a positioning system (such as GPS or BDS), which generates its own positioning data. The target vehicle 20 can communicate with the terminal 10 via a network to obtain the user's real-time location information, thereby determining the relative position changes between the target vehicle 20 and the user. The target vehicle 20 may include a Bluetooth module and / or a Wi-Fi module. Both the Bluetooth and Wi-Fi modules can periodically send scanning signals to scan for surrounding network devices and obtain information about the number of network devices around the target vehicle 20.
[0020] Among them, Cloud 30 is a remote server cluster and supporting service system supported by cloud computing technology. Cloud 30 can be used to generate and encrypt digital keys. Cloud 30 communicates and interacts with Terminal 10 through the network, and can obtain user-related biometric data collected by Terminal 10 and transmit encrypted digital keys to Terminal 10; Cloud 30 also communicates and interacts with target vehicle 20 through the network, and can obtain relevant data collected by target vehicle 20 and transmit encrypted digital keys to target vehicle 20.
[0021] Optionally, the cloud 30 can be a server. The server can be a standalone physical server, a server cluster or distributed system composed of multiple physical servers (such as a Telematics Service Provider, or TSP platform), or a cloud server that provides basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (CDNs), and big data and artificial intelligence platforms. This application embodiment does not limit this.
[0022] Terminal 10, target vehicle 20, and cloud 30 collaborate via a network to generate and encrypt a digital key, and use the digital key to unlock the target vehicle 20, enhancing security, controllability, and user convenience. The network may include, but is not limited to, wireless local area networks (WLANs), local area networks (LANs), cellular networks, 4G networks, 5G networks, and satellite communication networks; this embodiment does not limit the specific network used.
[0023] Based on the above description of the relevant scenarios, this application provides a risk warning method, which will be described in detail below: Please see Figure 2 The risk warning method provided in this application embodiment is implemented by steps 011, 012 and 013, which are described in detail below.
[0024] Step 011: Obtain the first feature collected by the first mobile device; Step 012: Receive risk score; the risk score is determined based on the first feature and the second feature collected by the second mobile device; Step 013: Display risk warning information for the unlocking operation. The risk warning information is generated based on the risk score.
[0025] In this system, one of the first mobile device and the second mobile device is the unlocking device, and the other is the unlocked device. The features collected by the unlocking device include features generated based on the activities of the target object using the unlocking device; the features collected by the unlocked device include features corresponding to the associated device of the unlocked device.
[0026] The features collected by the unlocking device based on the activities of the target object using the unlocking device may include, but are not limited to: the gait features of the target object, the posture data and pressure data of the unlocking device, the voiceprint features of the target object, the unlocking event sequence of the unlocking device unlocking the unlocked device, and the iris features of the target object; the features collected by the unlocked device corresponding to the associated device of the unlocked device may include, but are not limited to: the location change features of the unlocking device, the number of network devices around the unlocked device, and the historical unlocking time of the unlocking device, etc., which are not limited in this embodiment.
[0027] Optionally, when the first mobile device is an unlocking device and the second mobile device is the unlocked device, the first mobile device is a terminal or a combination of a terminal and the cloud; the second mobile device is the target vehicle. In this case, the feature collected by the unlocking device is the first feature collected by the first mobile device, and the feature collected by the unlocked device is the second feature collected by the second mobile device.
[0028] Optionally, when the first mobile device is the device to be unlocked and the second mobile device is the unlocking device, the first mobile device is the target vehicle, and the second mobile device is a terminal or a combination of a terminal and the cloud. In this case, the feature collected by the unlocking device is the second feature collected by the second mobile device, and the feature collected by the unlocked device is the first feature collected by the first mobile device.
[0029] The risk score is used to characterize the risk level of the unlocking operation. Therefore, the encryption method of the digital key used between the unlocking device and the unlocked device is determined based on the risk score, so that the encryption method of the digital key matches the current risk level, realizing graded protection and dynamic response, thereby improving the overall security of the unlocking operation.
[0030] Risk warning information refers to notification information generated based on risk scoring and used to alert to abnormalities. Optionally, risk warning information includes at least one of the following: sound warning information (such as voice broadcast, vehicle horn, etc.), visual warning information (such as pop-up text display, flashing lights, etc.), and vibration warning information (such as terminal vibration, etc.).
[0031] Specifically, the process involves acquiring a first feature from a first mobile device and a second feature from a second mobile device. One of the first and second mobile devices is the unlocking device, and the other is the unlocked device. The first and second features include features generated based on the activities of the target object using the unlocking device, as well as features corresponding to the associated devices of the unlocked device. By analyzing the first and second features, the communication security between the unlocking device and the unlocked device can be determined, thereby obtaining a risk score.
[0032] Risk scoring is used to quantify the risk level of the unlocking process. Based on the risk score, the encryption method of the digital key used in the unlocking process is determined, which can realize graded protection and dynamic response, and improve the security of digital keys in all scenarios.
[0033] Based on the risk score, corresponding risk warnings are generated and displayed on the first mobile device, providing information related to the unlocking operation. The first mobile device can be either the unlocking device or the device being unlocked. Therefore, regardless of whether the user is near the unlocking or unlocking device, they can promptly understand the risk level of the current unlocking operation and make appropriate adjustments, thereby improving the overall security of the unlocking process and the user experience.
[0034] For example, in a scenario where the first mobile device is the unlocking device and the second mobile device is the unlocked device, and the first mobile device is a combination of a terminal and the cloud, the first feature is the relevant characteristics of the target object using the terminal (such as gait, voiceprint, etc.), which can be understood as the target object's bio-dynamic behavioral characteristics; the second feature is the feature affecting the communication security between the terminal and the target vehicle (such as the number of surrounding network devices, etc.). Communication risk assessment is the process of determining the level of communication security between the terminal and the target vehicle; the risk score is used to characterize the level of communication security between the terminal and the target vehicle in the current scenario.
[0035] It is understandable that, since the biometric characteristics of real users are unique, there will be significant differences between the first characteristics collected when a terminal is used by a genuine user and when it is used by an imposter. By comparing the first characteristics collected by the current terminal with the pre-stored relevant characteristics of real users, communication risk assessment can be performed to determine the authenticity and accuracy of the user using the terminal.
[0036] Specifically, the terminal collects a first feature through its internally integrated components (such as an inertial measurement unit, gyroscope, microphone, and camera); the target vehicle collects a second feature through its internal components (such as a positioning system, Bluetooth module, and Wi-Fi module). Since the terminal is typically carried and used by the user, the first feature collected by the terminal can characterize the relevant characteristics of the target object using the terminal (i.e., a real user or an imposter); the second feature can characterize the relevant characteristics of the target vehicle. Different specific circumstances of the second risk feature have different impacts on the communication between the terminal and the target vehicle.
[0037] For example, pre-stored, accurate user characteristics and communication security features between the terminal and the target vehicle are integrated into a preset scoring model. Then, the first and second characteristics are input into the preset scoring model, which outputs a corresponding risk score. Therefore, (which can be executed in the cloud) communication risk assessment based on the first and second characteristics can accurately quantify the communication security between the terminal and the target vehicle, yielding an accurate risk score.
[0038] In one alternative embodiment, please refer to Figure 3 Step 013 includes steps 0131 and / or 0132, which are explained in detail below.
[0039] Step 0131: Display the risk score value on the screen of the first mobile device; Step 0132: Based on the target scoring range where the risk score is located, display the corresponding visual effects. The target scoring range can be any preset scoring range, and different preset scoring ranges correspond to different visual effects.
[0040] Specifically, since the first mobile device is an unlocking device or a device that is being unlocked, the display screen of the first mobile device displays the value of the risk score, including displaying the specific value of the risk score on the display screen of the terminal (such as a mobile phone screen) and / or the target vehicle (such as a central control screen), and can also display the risk level of the target score range corresponding to the risk score at the same time.
[0041] For example, in a scenario where the first mobile device is an unlocked device and includes a terminal. See also... Figure 4 , Figure 4 To display the risk score as "37" in the S1 control corresponding to the risk score on the terminal's screen, the risk level can be displayed as "Medium Risk" in the S2 control. Additionally, a risk details view control S3 can be displayed, allowing users to view the specific communication risk situation. This helps users quickly and clearly understand the quantified risk results of the unlocking operation.
[0042] Displaying the visuals corresponding to the target rating range helps users quickly determine the current risk level. For example, in a scenario where the first mobile device is an unlocked device and is the target vehicle. See also... Figure 5 , Figure 5 To display the visual effects corresponding to the target score range on the central control screen of the target vehicle. The preset score range for low risk corresponds to control A1 with a green background and a checkmark icon; the preset score range for medium risk corresponds to control A2 with a yellow background and an exclamation mark; and the preset score range for high risk corresponds to control A3 with a red background and a warning icon. Since the risk score is 37, the target score range is the medium-risk preset score range, so control A2 is highlighted and enlarged with a high-brightness border to help the user confirm that the current risk level is medium. Optionally, the visual effects corresponding to each preset score range can be displayed simultaneously, with the visual effect corresponding to the target score range highlighted (e.g., enlarged, centered, and with a thicker border).
[0043] Optionally, step 013 includes: Step 0133: If the target rating interval is the preset rating interval with the largest average rating, issue a risk warning message in the form of a pop-up window and highlight it.
[0044] Specifically, the higher the average score of the target scoring range, the lower the communication security and the easier it is for the digital key to be cracked. Therefore, the stronger the risk warning message, the more likely the target user of the unlocking device and / or the unlocked device will be to notice any abnormalities in the unlocking process in a timely manner, thus preventing the unlocked device from being unlocked illegally.
[0045] For example, in a scenario where the first mobile device is an unlocking device and includes a terminal: the risk warning information includes audio warning information. The average score of the target score range in the three scenarios increases sequentially, and the reminder intensity of the corresponding risk warning information increases sequentially, namely: the terminal emits a short "beep", the terminal emits a continuous alarm sound, and the terminal broadcasts the voice "High risk, activate enhanced encryption".
[0046] In one alternative embodiment, please refer to Figure 6 Before receiving the risk score, the risk alert method also includes steps 014, 015 and 016 to calculate the risk score, which are explained in detail below.
[0047] Step 014: Calculate the first risk score based on the first feature; The first risk score is data that characterizes the spoofing of the target using the first mobile device. The higher the first risk score, the more likely the target using the first mobile device is a fake user; the lower the first risk score, the more likely the target using the first mobile device is a real and accurate user.
[0048] Specifically, in scenarios where the first mobile device is an unlocking device and includes a terminal, the terminal pre-stores relevant features of the real and accurate user. By comparing the first feature collected by the current terminal with the stored relevant features of the real and accurate user, the similarity between the target object using the current terminal and the real and accurate user can be determined. The higher the similarity, the lower the likelihood of fraud, i.e., the lower the first risk score; conversely, the lower the similarity, the higher the likelihood of fraud, i.e., the higher the first risk score. For example, by integrating the pre-stored relevant features of the real and accurate user into a preset scoring model, and inputting the first feature into the preset scoring model, a first risk score can be output.
[0049] In one alternative embodiment, please refer to Figure 7 Step 014 includes steps 0141 and 0142, which are explained in detail below.
[0050] Step 0141: Calculate the similarity of the first target; Specifically, step 0141 includes at least one of steps 01411, 01412, and 01413.
[0051] Step 01411: Calculate the first similarity between the gait features of the target object and the preset gait features; Step 01412: Based on the terminal's posture data and pressure data, construct a grip posture model of the target object, and calculate the second similarity between the grip posture model and the preset grip model; Step 01413: Calculate the third similarity between the voiceprint features of the target object and the preset voiceprint features; The first target similarity includes, but is not limited to: first similarity, second similarity, and third similarity.
[0052] The first feature includes at least one of the following: the target object's gait characteristics, the terminal's posture and pressure data, and the target object's voiceprint characteristics. The target object's gait characteristics can be acquired by the terminal's inertial measurement unit (IMU), the terminal's posture and pressure data can be acquired by the terminal's gyroscope and pressure sensor, and the target object's voiceprint characteristics can be acquired by the terminal's microphone.
[0053] Optionally, the first feature may include the target object's heart rate characteristics to effectively identify the disguise of the 3D-printed mask. The terminal can emit high-frequency electromagnetic waves through its own millimeter-wave radar to accurately capture micro-amplitude physiological movements such as chest rise and fall caused by human breathing and vascular pulsation driven by heart rate, and convert these micro-motion signals into analyzable heart rate feature data.
[0054] Among them, preset gait features refer to the relevant features of the walking gait of real and accurate users (such as stride period, peak acceleration, etc.); preset grip model refers to the relevant features of the posture of the terminal and the pressure it is subjected to when the real and accurate user holds the terminal (such as tilt angle change threshold, pressure value); preset voiceprint features refer to the acoustic features of real and accurate users, such as multi-dimensional feature vectors.
[0055] Specifically, for the first similarity, the gait feature data of the target object (such as the temporal motion sequence of the target object's skeletal joints) from the first feature is input into a preset model (such as a Spatial-Temporal Graph Convolutional Network (ST-GCN) model, a Transformer fusion network, etc.) to output a high-dimensional gait feature vector of the target object; the preset gait features are input into the same preset model to output a true baseline gait feature vector. The similarity between the high-dimensional gait feature vector of the target object and the baseline gait feature vector can be calculated using relevant algorithms (such as Dynamic Time Warping (DTW) algorithm), and this similarity is the first similarity.
[0056] For the second similarity, features (such as the mean of posture angles) are extracted based on the terminal's posture and pressure data. After integrating these extracted features, a grip posture model of the target object holding the terminal can be constructed. Then, the grip posture model of the target object holding the terminal is compared with a real and accurate preset grip model using an algorithm to calculate the matching degree between the two, which is the second similarity.
[0057] Optionally, the system can analyze whether there are any anomalies in the terminal's posture and pressure data. For example, the terminal's posture data may indicate an anomaly in torsion (e.g., a sudden change in angle of 22 degrees, exceeding the set threshold of 15 degrees), or the terminal's pressure data may indicate an anomaly in pressure (e.g., a pressure value of 200 kPa, exceeding the set threshold of 150 kPa). If there are anomalies in the terminal's posture and pressure data, and the second similarity is lower than the corresponding preset threshold (e.g., 85%), an abnormal grip is determined to exist.
[0058] For the third similarity, due to potential environmental noise (such as 65dB background noise in a parking lot), noise in the target object's voiceprint feature data (second feature) is first filtered using an anti-interference algorithm (such as noise reduction filtering), retaining the clear voiceprint feature data of the target object. Mel-Frequency Cepstral Coefficients (MPCCs) are extracted from the filtered voiceprint feature data of the target object, and the resulting 32-dimensional MPCC feature vector is the voiceprint feature of the target object. The similarity between this 32-dimensional MPCC feature vector and a preset voiceprint feature (such as a baseline feature vector) is calculated; this similarity is the third similarity.
[0059] Step 0142: Determine the first risk score based on the first target similarity, wherein the first risk score is negatively correlated with the first target similarity.
[0060] Specifically, based on the above description of steps 01411, 01412, and 01413, it can be seen that: in the first target similarity, the higher the first similarity, the more likely the target object using the terminal is to be a real and accurate user; the higher the second similarity, the more likely the target object using the terminal is to be a real and accurate user; the higher the third similarity, the more likely the target object using the terminal is to be a real and accurate user.
[0061] Since the first risk score is used to characterize the degree of falsehood between the target object using the terminal and the real and accurate user, the first risk score can be calculated based on the values of the first similarity, second similarity, and / or third similarity. First, the weighted average of each of the first, second, and third similarities is calculated; the first risk score is 1 minus this weighted average. The weights corresponding to each similarity are preset values, for example, the weight corresponding to the first similarity is 0.3, the weight corresponding to the second similarity is 0.3, and the weight corresponding to the third similarity is 0.4. Optionally, the weighted average can be replaced by the average value; or, the first risk score can be set to a maximum of 100 points, and the obtained weighted average or average value multiplied by 100 is used as the first risk score.
[0062] For example, when the first feature only includes the gait features of the target object, step 0141 includes step 01411, where the first risk score is 1 minus the first similarity. When the first feature includes the gait features of the target object, as well as the terminal's posture data and stress data, step 0141 includes steps 01411 and 01412, calculating the weighted average of the first similarity and the second similarity, where the first risk score is 1 minus the weighted average.
[0063] For example, when the first feature includes the gait features of the target object, the posture data and pressure data of the terminal, and the voiceprint features of the target object, step 0141 includes steps 01411, 01412 and 01413, calculating the weighted average of each similarity in the first similarity, the second similarity and the third similarity, and the first risk score is 1 minus the weighted average.
[0064] Optionally, if the first similarity is less than the corresponding preset threshold (e.g., 90%), it indicates that the gait of the target object is significantly different from the gait of the real and accurate user, i.e., gait abnormality; if the second similarity is less than the corresponding preset threshold (e.g., 85%), it indicates that the behavior of the target object holding the terminal is significantly different from the behavior of the real and accurate user holding the terminal, i.e., holding abnormality; if the third similarity is less than the corresponding preset threshold, it indicates that the voiceprint of the target object is significantly different from the voiceprint of the real and accurate user, i.e., voiceprint abnormality.
[0065] Optionally, the numerical values of the similarity scores (first, second, and third) being less than the corresponding preset thresholds indicate the degree of abnormality. In the presence of gait abnormalities, grip abnormalities, and / or voiceprint abnormalities, the value of the first risk score is increased accordingly based on the degree of abnormality.
[0066] For example, in the case of only gait abnormalities, if the difference between the first similarity (25%) and the corresponding preset threshold (90%) is greater than 50%, it indicates a high degree of gait abnormality. The first similarity used to calculate the first risk score is set to 0 instead of 25% to improve the value of the first risk score. If the difference between the first similarity (60%) and the corresponding preset threshold (90%) is less than 50%, it indicates a low degree of gait abnormality. The value of the first similarity used to calculate the first risk score is halved to 30% instead of retaining the original value of 60% to improve the value of the first risk score. In one alternative embodiment, please refer to Figure 5 The risk warning method also includes steps 0143 and 0144, which are explained in detail below.
[0067] Step 0143: If the first similarity is less than the preset similarity threshold, perform the unlock confirmation operation to obtain the operation result, which includes whether the terminal's unlock confirmation is successful. Step 0144: Update the first risk score based on the operation results.
[0068] The preset similarity threshold is a default value set based on experience or a user-defined value, such as 90%; the unlock confirmation operation is a process used to perform secondary verification on the target object using the terminal.
[0069] Specifically, if the first similarity is less than the preset similarity threshold, it indicates that the target object's gait is significantly different from the real and accurate user's gait, thus confirming the existence of gait abnormality. Considering that the user's gait may change due to carrying heavy objects, leg injuries, or other issues, a secondary verification is performed through an unlock confirmation operation to further determine whether the gait is abnormal.
[0070] The unlock confirmation operation includes popping up a command on the terminal, requiring the target object operating the terminal to respond according to the pop-up command, comparing the response of the target object with the stored real and accurate user information, and then determining the operation result; optionally, the unlock confirmation operation may include, but is not limited to, voiceprint verification, face verification, iris verification, fingerprint verification, etc., and the embodiments of this application do not limit this.
[0071] For example, if the terminal displays the command text "Please say the password 'Confirm Unlock'", the terminal obtains feedback from the user operating the terminal via its microphone. If the terminal displays the command text "Please Verify Fingerprint", the terminal obtains feedback from the user operating the terminal. If the terminal displays the command text "Please Perform Iris Verification", the terminal obtains feedback from the user operating the terminal via its dedicated camera.
[0072] Optionally, if the terminal unlock confirmation fails, it is determined that there is a gait abnormality, and the value of the first risk score is increased according to the degree of gait abnormality. The specific process has been described in detail in step 0142 and will not be repeated here; if the terminal unlock confirmation passes, it is determined that there is no gait abnormality, and the value of the first risk score is not increased accordingly.
[0073] Step 015: Calculate the second risk score based on the second feature; The second risk score is data that characterizes the level of communication risk between the terminal and the target vehicle. A higher second risk score indicates a higher level of communication risk between the terminal and the target vehicle; a lower second risk score indicates a lower level of communication risk between the terminal and the target vehicle.
[0074] Specifically, in a scenario where the second mobile device is an unlocked device and is the target vehicle, the features in the second feature that affect the communication security between the terminal and the target vehicle are matched with pre-stored limited values and / or value ranges to determine whether there is an anomaly, and thus determine the specific value of the second risk score. For example, by integrating the pre-stored limited values and / or value ranges into a preset scoring model and inputting the second feature into the preset scoring model, the second risk score can be output.
[0075] In one alternative embodiment, please refer to Figure 8Step 015 includes steps 0151 and 0152, which are explained in detail below.
[0076] Step 0151: Calculate the target deviation; Specifically, step 0151 includes at least one of steps 01511, 01512, and 01513.
[0077] Step 01511: Calculate the terminal's position change characteristics and position deviation within the preset coordinate change range; Step 01512: Determine the signal interference deviation based on the increment of the number of network devices around the target vehicle; Step 01513: Calculate the time deviation between the terminal's historical unlock time and the preset unlock time interval; The second feature includes at least one of the following: the location change characteristics of the terminal, the number of network devices around the target vehicle, and the historical unlocking time of the terminal. The target vehicle determines its specific location through a positioning system and determines the location changes between the target vehicle and the target object using the terminal by communicating with the terminal, thereby obtaining the location change characteristics of the terminal; the target vehicle obtains the number of network devices around it through its Bluetooth module and / or Wi-Fi module; and the time when the target vehicle receives the digital key sent by the terminal determines the historical unlocking time of the terminal's attempts to unlock the target vehicle.
[0078] The preset coordinate change range is a default value set based on experience or a user-defined value range, such as [0, 10] meters per second. The preset unlock time range is a time range defined based on the actual and accurate unlocking time of users; for example, if the actual and accurate user habitually unlocks the target vehicle between 5 PM and 6 PM, then the preset unlock time range can be set to the time period between 5 PM and 6 PM.
[0079] Specifically, for position deviation, the position change characteristic of the terminal is the terminal's moving speed. When the terminal's moving speed is within a preset coordinate change range, the position deviation is determined to be 0. When the terminal's moving speed is not within the preset coordinate change range, the position deviation is determined based on the difference between the terminal's moving speed and the maximum value of the preset coordinate change range. For example, the position deviation is calculated proportionally to this difference, or the position deviation is calculated based on the preset stage range in which the difference is located.
[0080] For signal interference deviation, the increment of the number of network devices around the target vehicle at different times is determined based on the number of network devices in the area before the terminal unlocks the target vehicle (a preset time length). The signal interference deviation is calculated proportionally to this increment, or according to a preset stage interval in which the increment falls. Optionally, the signal interference deviation is a percentage value.
[0081] For example, if the number of network devices is stable at 15 for a period of time before the terminal unlocks the target vehicle, and then increases to 35 when the terminal unlocks the target vehicle (an increase of 20, or 133% – omitting the decimal part), the signal interference deviation is determined based on the preset range of the increase (120%, 140%). If the increase is too large (133% is greater than the preset increase of 50%), the target vehicle is marked as being subjected to a "signal interference attack". Optionally, if the increase is too large (e.g., greater than the preset increase) and the position deviation is not 0, it is determined that the target vehicle has received a relay attack.
[0082] Regarding the time deviation, if the terminal's historical unlock time is within the preset unlock time interval, the time deviation is 0; if the terminal's historical unlock time is not within the preset unlock time interval, the time deviation is determined based on the difference between the terminal's historical unlock time and the nearest boundary of the preset unlock time interval; for example, the time deviation is calculated proportionally to this difference, or the time deviation is calculated based on the preset stage interval in which this difference is located.
[0083] Step 0152: Based on the target deviation, determine the second risk score, which is positively correlated with the target deviation.
[0084] Specifically, based on the above description, the greater the location deviation, the more likely the target user is to be a fake user, and the higher the communication risk between the terminal and the target vehicle; the greater the signal interference deviation, the higher the communication risk between the terminal and the target vehicle; and the greater the time deviation (e.g., unlocking the target vehicle late at night), the more likely the target user is to be a fake user, and the higher the communication risk between the terminal and the target vehicle.
[0085] Since the second risk score is used to characterize the degree of communication risk between the terminal and the target vehicle, it can be calculated based on the position deviation, signal interference deviation, and / or time deviation. First, the values of position deviation, signal interference deviation, and time deviation are standardized (e.g., standardized as percentages). Then, a weighted average of the three is calculated, and the second risk score is 1 minus this weighted average. The weights corresponding to each similarity are preset values. For example, if the position deviation is 70% with a corresponding weight of 0.5, the signal interference deviation is 60% with a corresponding weight of 0.2, and the time deviation is 10% with a corresponding weight of 0.3, then the corresponding second risk score is 50%. Optionally, the weighted average can be replaced by the average value; or, the second risk score can also be set to a maximum score of 100, and the obtained weighted average or average value multiplied by 100 is used as the second risk score.
[0086] Step 016: Calculate the risk score based on the first risk score and the second risk score.
[0087] Specifically, the risk score can be the weighted average or average of the first and second risk scores. If a weighted average is used, the weights of the first and second risk scores are preset values, for example, the weight of the first risk score is 0.4 and the weight of the second risk score is 0.6 (assuming that the communication security between the terminal and the target vehicle has a more significant impact). For example, using a maximum score of 100, if the first risk score is 40 points and the second risk score is 50 points, and the weights of both the first and second risk scores are 0.5, then the weighted average risk score is 45 points.
[0088] Thus, the first risk score accurately reflects the falsity of the target object using the terminal, and the second risk score accurately reflects the degree of communication risk between the terminal and the target vehicle. By combining the first and second risk scores, an accurate risk assessment of the terminal unlocking the target vehicle with a digital key can be obtained.
[0089] In one alternative embodiment, please refer to Figure 6 After the risk score is calculated in step 016, the risk warning method also includes step 017, which is explained in detail below.
[0090] Step 017: If the risk score is greater than the preset score threshold, generate a digital key based on quantum key distribution technology.
[0091] Digital keys are electronic credentials that replace physical keys, enabling vehicle unlocking and authorization based on digital technology. Preset scoring thresholds are either default values set based on experience or user-defined values, such as 70 points. Quantum Key Distribution (QKD) technology is an encrypted communication technology that utilizes the properties of quantum states to generate and transmit absolutely secure keys.
[0092] Specifically, when the risk score falls within the preset score range with the highest mean, it indicates the highest risk of the unlocking process being attacked or cracked, requiring a strong alert to be triggered promptly to remind the user. Therefore, a risk warning message is displayed in the form of a pop-up window and highlighted (e.g., highlighting the pop-up window border, text, and background color) to ensure that the user pays attention to the high-risk alert in a timely manner, thereby enabling the user to take timely countermeasures (such as remotely locking the vehicle).
[0093] Specifically, if the risk score exceeds a preset threshold, it indicates a high risk of the digital key being compromised during vehicle unlocking. Therefore, a more difficult-to-crack method is used to generate the digital key. QKD technology is employed to generate an absolutely secure quantum key using a quantum true random number generator. This quantum key serves as the security root of the digital key, combined with the target vehicle's unique identifier, accurate user permissions, timestamps, and other information, to generate a digital key with anti-hacking and anti-tampering properties. Optionally, the quantum key update cycle is shorter than a set time (e.g., 30 seconds) to effectively reduce the exposure window of the quantum key and enhance the encryption system's anti-hacking capabilities.
[0094] This ensures the uniqueness and unforgeability of digital keys, effectively improving overall security.
[0095] Optionally, if the risk score is less than or equal to a preset score threshold, it indicates a low risk of the terminal being hacked during the process of unlocking the vehicle using the digital key. Therefore, a low-cost and easy-to-implement method is used to generate the digital key. A pseudo-random number key is generated using an algorithm. This pseudo-random number key is used as the security root and combined with the unique identifier of the target vehicle, accurate user permissions, timestamps, and other information to generate the digital key.
[0096] In one alternative embodiment, please continue to refer to Figure 6 In a scenario where the first mobile device is an unlocking device and includes a terminal and a cloud, and the second mobile device is the unlocked device and is the target vehicle, after the risk score is calculated in step 016, the risk warning method also includes steps 018 and 019, which are explained in detail below.
[0097] Step 018: Based on the target scoring range where the risk score is located, determine the target encryption strategy of the digital key. The target scoring range is any preset scoring range, and different preset scoring ranges correspond to different preset encryption strategies. The target encryption strategy is the preset encryption strategy corresponding to the target scoring range. Among them, the preset scoring range is a pre-defined risk scoring range; the preset encryption strategy is a pre-defined encryption scheme of digital keys that is bound to the scoring range.
[0098] Specifically, different preset scoring ranges correspond to different levels of communication security. The lower the communication security in the current scenario, the more difficult it is to crack the preset encryption strategy to encrypt the digital key. Depending on the preset scoring range in which the risk score is located, the encryption strategy of the digital key can be dynamically adjusted to reduce the risk of the digital key being cracked.
[0099] In one optional embodiment, the preset scoring intervals include a first preset scoring interval, a second preset scoring interval, and a third preset scoring interval; the average values of the first preset scoring interval, the second preset scoring interval, and the third preset scoring interval increase sequentially, and the corresponding safety levels increase sequentially; for example, the maximum risk score is 100 points, the first preset scoring interval is [0, 30), the second preset scoring interval is [30, 70], and the third preset scoring interval is (70, 100). The first preset scoring interval corresponds to the preset encryption strategy of the Data Encryption Standard (DES) algorithm. In the DES algorithm, the 64-bit plaintext block digital key (padding to the required length if the digital key is less than 64 bits) and the 56-bit key are first subjected to initial permutation and key expansion, generating 16 different subkeys. Each subkey undergoes a process of "block permutation + nonlinear substitution + subkey XOR", completing 16 rounds of iteration. After this process, the 64-bit ciphertext is obtained through inverse initial permutation, thus encrypting the digital key. The DES algorithm has a simple structure, fewer rounds, high computational efficiency, and low deployment cost, and can meet the encryption protection needs of low-risk scenarios.
[0100] The second preset scoring range corresponds to the preset encryption strategy of the Advanced Encryption Standard (AES)-256 algorithm. In the AES-256 algorithm, the digital key is grouped into 128-bit blocks (padding if necessary). The original 256-bit key is expanded into 44 round keys of 32 bits each. These round keys are iterated over 14 rounds. After each iteration, all the block ciphertexts are concatenated to form the encrypted digital key. The AES-256 algorithm has advantages such as strong resistance to brute-force attacks, high security strength, no significant reduction in response speed, and strong versatility, meeting the encryption protection needs of medium-risk scenarios.
[0101] The third preset scoring range corresponds to the preset encryption strategy of the Advanced Encryption Standard-256 algorithm, which combines quantum key distribution (QKD) technology. QKD technology can provide unconditionally secure quantum keys, detect eavesdropping in real time, prevent key leakage at the source, ensure long-term security, significantly reduce the risk of being cracked, and improve the security of digital keys in high-risk scenarios.
[0102] Step 019: Encrypt the digital key based on the target encryption strategy so that the unlocking device can unlock the unlocked device based on the encrypted digital key; Specifically, after determining the target encryption strategy based on the target scoring range, the digital key is encrypted according to the target encryption strategy to generate an encrypted digital key. Once the terminal obtains the encrypted digital key, it sends it to the target vehicle. The target vehicle then restores the digital key according to the decryption rules of the corresponding target encryption strategy and performs a validity verification based on the digital key. Upon successful verification, the target vehicle is unlocked.
[0103] Optionally, step 019 includes: Step 0191: Generate the first digital key of the terminal and the second digital key of the target vehicle based on the encrypted digital key; Step 0192: When the target vehicle receives the first digital key sent by the terminal, unlocking verification is performed based on the first digital key and the second digital key to obtain the verification result, which includes verification successful or verification unsuccessful. Step 0193: If the verification is successful, control the target vehicle to perform the unlocking operation.
[0104] Among them, unlock verification refers to the security verification process by which the target vehicle verifies the legitimacy of the unlock request.
[0105] Specifically, it can be that the encrypted complete digital key is distributed to the terminal and the target vehicle, so that the contents of the first digital key and the second digital key are both the encrypted complete digital key; or it can be that the encrypted complete digital key is split into two fragments according to a preset method and distributed to the terminal and the target vehicle respectively, so that the contents of the first digital key and the second digital key combined are the same as the encrypted complete digital key.
[0106] The terminal then sends the first digital key to the target vehicle. The target vehicle's Body Control Module (BCM) can call the pre-stored second digital key and perform a consistency and integrity check on the contents of the first and second digital keys using a preset algorithm. If the first and second digital keys match, the verification is successful, and the target vehicle unlocks; if the first and second digital keys do not match, the verification fails, and the target vehicle refuses to unlock.
[0107] For example, in high-risk scenarios, the cloud generates a quantum key using QKD technology, and then generates a digital key based on this key, which is then split and encrypted. The cloud splits the quantum key into two parts: one part of the quantum key and the encrypted digital key are sent to the terminal to generate the first digital key; the other part of the quantum key and the encrypted digital key are sent to the target vehicle to generate the second digital key. During the process of unlocking the target vehicle, the terminal sends the acquired quantum key and the first digital key to the target vehicle. The target vehicle uses zero-knowledge succinct non-interactive knowledge arguments (zk-SNARKs) to verify the quantum key transmitted by the terminal to determine the legitimacy of the terminal. The quantum entanglement property of the quantum key ensures that the first digital key cannot be stolen or forged; in the event of abnormal access (the quantum key transmitted by the terminal is attacked), the quantum entanglement collapse is automatically triggered, causing the first digital key to become invalid, thus preventing the leakage of the quantum key and the first digital key.
[0108] Optionally, step 0192 further includes: generating a receiving timestamp corresponding to the first digital key when the target vehicle receives the first digital key sent by the terminal; Calculate the time difference between the sending timestamp based on the first digital key and the receiving timestamp based on the first digital key; If the time difference is greater than the preset time threshold, the verification result is determined to be verification failure.
[0109] The preset time threshold is a time threshold set based on experience or defined by the user, such as 50 milliseconds.
[0110] Specifically, when the terminal generates the first digital key, it simultaneously adds a sending timestamp to record the precise time of the first digital key's generation; when the target vehicle receives the first digital key, a corresponding receiving timestamp is generated to record the receiving time. This shortens the effective window of the digital key, improving its timeliness, preventing replay attacks, and avoiding attackers intercepting the legitimate first digital key and then delaying its transmission to the target vehicle for unlocking.
[0111] In one alternative embodiment, please refer to Figure 9 After the risk score is calculated in step 016, the risk warning method also includes steps 020 and 021. Step 018 includes step 0181, which will be explained in detail below.
[0112] Step 020: Calculate the third risk score based on the third feature collected by the first mobile device; In the scenario where the first mobile device is an unlocking device and includes a terminal, the third feature includes the gait characteristics of the target object and the timing of the unlocking event when the terminal unlocks the target vehicle; the third risk score is used to characterize the falsity of the target object's behavior using the terminal. The higher the third risk score, the less the target object's behavior using the terminal conforms to real and accurate user behavior; the lower the third risk score, the more the target object's behavior using the terminal conforms to real and accurate user behavior.
[0113] Specifically, the system pre-stores relevant characteristics of real and accurate user behavior. By comparing the third feature collected by the current terminal with the stored relevant characteristics of real and accurate users, it can determine the similarity between the target object using the current terminal and the real and accurate user. The higher the similarity, the lower the falsehood, i.e., the lower the third risk score; the lower the similarity, the higher the falsehood, i.e., the higher the third risk score.
[0114] In one optional embodiment, step 020 includes steps 0201 and 0202, which are described in detail below.
[0115] Step 0201: Calculate the similarity of the second target; Specifically, step 0201 includes at least one of steps 02011 and 02012.
[0116] Step 02011: Calculate the first similarity between the gait features of the target object and the preset gait features; It can be understood that the gait features of the target object in the third feature are the same as the gait features of the target object in the first feature; therefore, the principle of calculating the first similarity in step 02011 is basically similar to the principle of step 01411. To avoid repetition, it will not be elaborated here.
[0117] Optionally, the risk warning method also includes step 022, and step 02011 includes steps 02013, 02014 and 02015, which are explained in detail below.
[0118] Step 022: Train a pre-defined gait analysis model based on the historical gait characteristics of the target object; Historical gait features are accurate records of a user's past gait characteristics, which can be collected through the terminal. Preset gait analysis models are algorithmic models used to identify and analyze human walking posture features, such as the ST-GCN model and Convolutional Neural Network (CNN).
[0119] Specifically, the process begins by acquiring raw data related to the historical gait features of the target object. This raw data is then preprocessed to remove outliers and standardize the data. Key gait features are then extracted as historical gait features, forming a training dataset. These historical gait features are input into a pre-defined gait analysis model, and the model parameters are continuously adjusted through backpropagation.
[0120] Then, the gait-related data of the target object and other objects are used as the test dataset. The test dataset is input into the model with each adjusted model parameter. The model outputs whether the object corresponding to the gait-related data is the target object and calculates the accuracy. If the accuracy reaches the corresponding preset threshold, the training of the preset gait analysis model is considered complete.
[0121] Step 02013: Input the gait features of the target object into the trained gait analysis model to output the target gait feature vector; Step 02014: Input the preset gait features into the trained gait analysis model to output the preset gait feature vector; Step 02015: Calculate the similarity between the target gait feature vector and the preset gait feature vector, and use it as the first similarity.
[0122] Among them, preset gait features refer to real and accurate historical gait information of users.
[0123] Specifically, algorithms such as the DTW algorithm can be used to calculate the similarity between the sequence of high-dimensional gait feature vectors of the target object and the sequence of reference gait feature vectors; this similarity is called the first similarity. Due to differences in gait frequency among different individuals, the sequence lengths of the target gait feature vector and the preset gait feature vector may differ; the DTW algorithm can solve the problems of inconsistent gait sequence lengths and temporal misalignment.
[0124] The process of calculating the first similarity using the DTW algorithm is as follows: Assuming the target gait feature vector contains m vectors and the preset gait feature vector contains n vectors, first calculate the Euclidean distance between any vector in the target gait feature vector and any vector in the preset gait feature vector, obtaining m*n Euclidean distances. These m*n Euclidean distances form an m*n distance matrix. Then, use dynamic programming to find the optimal alignment path with the minimum cumulative distance, so that the total distance between the target gait feature vector and the preset feature vector is minimized. The normalized value of the minimum total distance is the similarity between the target gait feature vector and the preset gait feature vector, i.e., the first similarity.
[0125] Step 02012: Based on the timing of the unlocking events of the target vehicle unlocked by the terminal, determine the timing similarity value with the timing of historical unlocking events; Among them, the historical unlock event sequence refers to the data on the actual and accurate sequence of a user's past legitimate unlocking operations on the target vehicle. The sequence similarity value is used to characterize the similarity between the unlock event sequence of the terminal unlocking the target vehicle and the historical unlock event sequence.
[0126] It is understandable that in a scenario where the first mobile device is the unlocking device (including the terminal), and the second mobile device is the unlocked device (a vehicle): the more similar the timing of the unlocking event of the terminal unlocking the target vehicle is to the timing of historical unlocking events, the higher the legitimacy of the current vehicle unlocking process and the lower the probability of an attack risk. Therefore, the similarity between two unlocking event timings is quantified by calculating a timing similarity value, thereby quantifying the security risk. The smaller the timing similarity value, the more the current unlocking timing deviates from the normal pattern, and the higher the probability of an attack risk.
[0127] For example, the historical unlocking event sequence is such that the average interval between the three commands "unlock, open door, start" is 2 seconds; the terminal unlocking the target vehicle's unlocking event sequence is such that the "start" command is triggered immediately after "unlocking", with an interval of less than 0.5 seconds; then the similarity between the two unlocking event sequences is low, and the terminal unlocking the target vehicle's unlocking event sequence in this unlocking is very likely to be a relay attack forgery.
[0128] Optionally, the risk warning method also includes step 023, and step 02012 includes steps 02016 and 02017, which are explained in detail below.
[0129] Step 023: Based on the historical unlocking event sequence when the terminal normally unlocks the target vehicle, train a preset temporal autoencoder; Step 02016: Input the feature vector of the event sequence of the terminal unlocking the target vehicle into the trained temporal autoencoder to output the reconstructed vector; Step 02017: Calculate the temporal similarity value based on the feature vector and reconstructed vector of the event time series.
[0130] Among them, the preset temporal autoencoder is a predefined network structure used to learn temporal data features and output reconstructed vectors.
[0131] Specifically, the historical unlocking event sequence when the terminal normally unlocks the target vehicle is converted into a feature vector. The converted feature vector is then input into a preset temporal autoencoder for training. The preset temporal autoencoder learns the core features of the normal historical unlocking sequence through an encoding-decoding process, and finally obtains a well-trained model that can accurately reconstruct the feature vector of the normal time sequence.
[0132] Then, the feature vector of the event sequence of the terminal unlocking the target vehicle is input into a trained temporal autoencoder. The trained temporal autoencoder reconstructs the input feature vector based on learned normal temporal patterns and outputs a reconstructed vector. Next, the mean squared error (MSE) of the event sequence feature vector and the reconstructed vector is calculated. 1 minus this MSE gives the temporal similarity value. The more similar the unlocking event sequence of the terminal unlocking the target vehicle is to the historical unlocking event sequence, the closer the output reconstructed vector is to the input feature vector of the terminal unlocking the target vehicle's event sequence, and the greater the temporal similarity value.
[0133] Optionally, after completing steps 02011 and 02012, the risk warning method also includes steps 024 and 025, which are explained in detail below.
[0134] Step 024: If the first similarity is less than the preset similarity threshold, the control terminal and / or the target vehicle perform an identity authentication operation to obtain the authentication result, which includes whether the identity authentication of the target object is successful. Step 025: If the identity authentication fails and / or the timing similarity value is less than the preset error value, the terminal is prohibited from unlocking the target vehicle, and the terminal and / or the target vehicle are controlled to issue a prohibition on unlocking prompt message.
[0135] The identity authentication process is used to verify the identity of the target object using the terminal. The unlock-prohibited message indicates that the vehicle cannot be unlocked; this message may include the reason for the unlock prohibition (such as suspected relay attack) and subsequent measures (such as re-unlocking the vehicle, freezing the vehicle, etc.). The preset error value is an empirically set value, for example, 0.15.
[0136] Specifically, if the first similarity is less than the preset similarity threshold, it indicates that the gait of the target object is significantly different from the gait of the real and accurate user, and it is determined that there is a gait abnormality. Considering that the user may have gait changes due to carrying heavy objects, leg injuries, or other issues, additional identity verification is performed through identity authentication to further verify the legitimacy of the target object.
[0137] The authentication operation includes issuing instructions to the terminal and / or the target vehicle, requiring the operating terminal and / or the target object near the target vehicle to respond according to the issued instructions, comparing the response of the target object with the corresponding information of the real and accurate user stored, and then determining the authentication result; optionally, the authentication operation may include, but is not limited to, voiceprint verification, face verification, iris verification, fingerprint verification, etc., and the embodiments of this application do not limit this.
[0138] Step 0202: Based on the temporal similarity value of the second target similarity, determine the third risk score. The third risk score is negatively correlated with the second target similarity and positively correlated with the temporal similarity value.
[0139] Step 021: Update the risk score based on the third risk score; Step 0181: Determine the target encryption strategy for the digital key based on the target score range where the updated risk score falls.
[0140] It is understandable that a higher first similarity indicates a more authentic and legitimate target object using the terminal; similarly, a higher temporal similarity value also indicates a more authentic and legitimate target object using the terminal. Since the third risk score is used to characterize the falsity of the target object's behavior using the terminal, the value of the third risk score can be calculated based on the first similarity and / or the temporal similarity value. Based on the specific value of the third risk score or its corresponding set range, the risk score is adjusted accordingly to make the updated risk score more consistent with the communication risk level of the current unlocking scenario. Based on the target score range where the updated risk score falls, the target encryption strategy is determined. The specific process is basically similar to step 018, and will not be repeated here to avoid repetition.
[0141] Optionally, if the temporal similarity value is less than a preset error value, a sequence anomaly is determined to exist; if a sequence anomaly exists, a network attack is confirmed, and the risk score is directly increased by a set value (e.g., by 20 points). If no sequence anomaly exists, the risk score remains unaffected.
[0142] In one alternative embodiment, please refer to Figure 9In the scenario where the first mobile device is an unlocking device and includes a terminal, and the second mobile device is an unlocked device and is the target vehicle, after updating the risk score according to the third risk score in step 021, the risk warning method also includes steps 026, 027 and 028, which are explained in detail below.
[0143] Step 026: Obtain the target risk score, which is at least one of the first risk score, the second risk score, and the third risk score; Step 027: Perform communication security detection on the unlocked device based on the target risk score to obtain the detection results, including whether the unlocked device has received a network attack; Step 028: If the risk score is greater than the preset score threshold and the target vehicle is subjected to a network attack, control the unlocked device to send false status information. The false status information is used to indicate that the unlocked device is in a state where it cannot be unlocked and started.
[0144] Among them, communication security detection is the operation process used to detect whether a target vehicle has been subjected to a network attack; false status information is information used to confuse attackers by fabricating a failure status.
[0145] Optionally, based on the first similarity corresponding to the first risk score and the third risk score, an authentication result can be obtained respectively. The authentication result includes whether the target object's identity authentication has passed. If either authentication result indicates that the target object's identity authentication has failed, the detection result is determined to be that the target vehicle has received a network attack; if abnormal gait and / or abnormal grip are determined, the target vehicle has received a network attack.
[0146] Optionally, if the increase in the number of network devices around the target vehicle corresponding to the second risk score is too large (greater than the preset increase), it is determined that the target vehicle has received a signal interference attack; if the increase in the number of network devices around the target vehicle corresponding to the second risk score is too large (greater than the preset increase) and the corresponding position deviation is not 0 (abnormal position change), it is determined that the target vehicle has received a relay attack. Optionally, if the temporal similarity value corresponding to the third risk score indicates the presence of a sequence anomaly, it is determined that the target vehicle has been subjected to a relay attack.
[0147] Optionally, communication security detection is achieved through a risk identification model. This model is trained using training samples and can identify whether a network attack exists during the unlocking process corresponding to the training sample, and the type of such attack. The training samples are generated by learning the characteristic patterns of network attack behavior through a pre-trained Generative Adversarial Network (GAN) model. The first, second, and third features are input into the risk identification model, which outputs the detection result. If the output result indicates that the target vehicle has received a network attack, the risk identification model also outputs the type of network attack.
[0148] By comparing the updated risk score with the preset score threshold and combining the detection results obtained from communication security detection, the system uses multi-dimensional risk-related data cross-validation to determine whether the target vehicle is reporting false status information.
[0149] If the risk score exceeds a preset threshold and the target vehicle is subjected to a cyberattack, to ensure the vehicle's security, the target vehicle triggers active defense by sending false status information (such as mechanical failure preventing startup, or "Do not start if battery is below 10%)," disguising itself as unable to unlock or start, misleading attackers into believing the vehicle is unusable and thus guiding them to abandon further attack attempts. While the target vehicle is sending false status information, it can also simultaneously flash its lights at a preset frequency and for a preset number of times to reinforce the credibility of the false "unable to unlock or start" status.
[0150] In one alternative embodiment, please refer to Figure 10 After displaying the risk warning information in step 013, the risk warning method also includes steps 029 and / or 030, which are explained in detail below.
[0151] Step 029: In response to the triggered operation of the risk warning information, display the risk details information corresponding to the risk warning information; Step 030: If the target scoring range is the preset scoring range with the largest average score, display the risk details information corresponding to the risk warning information. The risk details information includes the risk information corresponding to at least one of the first feature, the second feature, and the third feature, as well as the risk handling measures information.
[0152] The triggering of risk warning information is an operation performed by the user using a medium such as a finger, voice, or stylus. For example, tapping the risk warning information on the terminal's display screen with a finger, or using voice commands to display detailed risk information on the terminal or the target vehicle.
[0153] Specifically, in a scenario where the first mobile device is an unlocking device (including a terminal), and the second mobile device is the unlocked device (and the target vehicle), after the terminal and / or the target vehicle issue a risk warning, the user can perform a trigger operation. The terminal and / or the target vehicle respond to the trigger operation and then display the corresponding risk details, allowing the user to clearly understand the specific circumstances of the communication risk. When the risk score is within a preset score range with the highest average score, indicating the highest communication risk in the current scenario, the risk details are automatically displayed without requiring a user trigger operation, ensuring that the user is promptly aware of the serious risk threat and can take appropriate action to mitigate the risk impact.
[0154] For example, if the target score range indicates low risk, the terminal displays a green icon as a risk warning. After the user taps the green icon, detailed risk information such as "Gait verification normal, identity authentication normal" is displayed. If the target score range indicates the highest risk, the terminal automatically displays a red background with an alarm icon, along with detailed risk information such as "Unlock event timing abnormal, please temporarily freeze the target vehicle."
[0155] Optionally, in a scenario where the first mobile device is an unlocking device and includes a terminal, and the second mobile device is an unlocked device and is the target vehicle, the risk warning method further includes steps 031 and 032, which are described in detail below.
[0156] Step 031: Display information related to each historical risk event. Each historical risk event includes historical risk events with different preset risk levels. The preset risk levels and preset scoring ranges correspond one-to-one. Step 032: In response to the selection of the target risk level, display information related to historical risk events corresponding to the target risk level. The target risk level includes at least one preset risk level.
[0157] Historical risk events refer to information related to past cyberattacks. Preset risk levels are pre-defined grading standards characterizing the severity of risks; for example, preset risk levels include high, medium, and low. Selecting the target risk level refers to the operation performed by the user using their finger, voice, or by controlling a mouse, stylus, or other medium.
[0158] Specifically, based on all identified historical risk events, relevant information such as the occurrence time, risk type, risk score, and handling results of all historical risk events is stored (e.g., stored in a security log). When needed, the relevant information of all stored historical risk events is visualized on the display screen of the terminal and / or the target vehicle to facilitate accurate querying of historical risk events of different risk levels.
[0159] Thus, by providing a visualized view of the information related to historical risk events, it is beneficial to conduct statistical analysis of historical risk events and provide complete data support for optimizing the security defense strategy for target vehicles.
[0160] Optionally, in a scenario where the first mobile device is an unlocking device and includes a terminal, and the second mobile device is an unlocked device and is the target vehicle, the risk warning method further includes step 033, which is explained in detail below.
[0161] Step 033: If the target encryption policy changes, issue a change notification message for the encryption policy. The change notification message may include encryption policy upgrade information or encryption policy downgrade information.
[0162] The change notification message is used to inform users of changes to the encryption policy of the digital key. Specifically, when the target encryption policy is adjusted, the terminal and / or the target vehicle will issue a change notification message to ensure that relevant personnel are aware of the encryption security status of the digital key in real time, and to avoid security misjudgments due to lack of awareness of the encryption policy change.
[0163] Optionally, in a scenario where the first mobile device is an unlocking device and includes a terminal, and the second mobile device is an unlocked device and is the target vehicle, the risk warning method may further include steps 034 and 035, or steps 034 and 036, as detailed below.
[0164] Step 034: In response to the mode switching operation, determine the target encryption mode and control the terminal and / or the target vehicle to display the mode prompt information corresponding to the target encryption mode, wherein the target encryption mode is the first encryption mode or the second encryption mode; Step 035: When the target encryption mode is the first encryption mode, encrypt the digital key based on the preset encryption strategy corresponding to the preset score interval with the largest average score. Step 036: If the target encryption mode is the second encryption mode, encrypt the digital key based on the target encryption strategy.
[0165] The mode switching operation is an interactive operation used to switch the encryption mode of the digital key; for example, it can be performed by the user using their finger, voice, or by controlling a medium such as a mouse, keyboard, or stylus. The first encryption mode is the encryption method used to address the highest risk. The second encryption mode is the encryption method used when no high risk is detected. Mode prompts inform the user of the current encryption mode.
[0166] Specifically, users can actively change the target encryption mode of the digital key through a mode switching operation, thereby altering the encryption mechanism of the digital key. In the first encryption mode, regardless of which preset scoring range the risk score falls within, the preset encryption strategy corresponding to the preset scoring range with the highest average value is used—that is, the most secure encryption strategy—to enhance protection. In the second encryption mode, encryption is performed according to the basic preset encryption strategy corresponding to the target scoring range of the risk score, ensuring daily security while reducing the computing power consumption of the terminal and the target vehicle.
[0167] In this way, by switching modes, users can flexibly adjust the encryption mode according to the actual scenario, enhancing their sense of control over the security of the target vehicle.
[0168] Optionally, in a scenario where the first mobile device is an unlocking device and includes a terminal, and the second mobile device is an unlocked device and is the target vehicle, the risk warning method further includes steps 037, 038, and 039, which are explained in detail below.
[0169] Step 037: Encrypt the digital key, the first feature, and the second feature based on the target encryption strategy; Step 038: Perform a consistency comparison between the encrypted first feature and the first feature local to the terminal; Step 039: Perform a consistency comparison on the encrypted second feature based on the second feature local to the target vehicle.
[0170] Among them, consistency comparison is a verification process that checks whether the encrypted features completely match the original local features.
[0171] Specifically, while the digital key is encrypted using the target encryption strategy in the cloud and distributed to the terminal and the target vehicle respectively, the cloud also encrypts the first feature and the second feature using the target encryption strategy, and transmits the encrypted first feature to the terminal and the encrypted second feature to the target vehicle. The terminal decrypts the received encrypted first feature and compares it with the first feature stored locally to determine whether the two first features are completely identical; the target vehicle decrypts the received encrypted second feature and compares it with the second feature stored locally to determine whether the two first features are completely identical.
[0172] Optionally, if the consistency comparisons in steps 038 and 039 both pass (completely consistent), it is determined that the feature information has not been tampered with, and subsequent operations such as unlocking the target vehicle are permitted. If the consistency comparison in either step 038 or 039 fails, it is determined that the first feature and / or the second feature has been tampered with or replaced, the permissions of the encrypted digital key are frozen, subsequent operations such as unlocking the target vehicle are refused, and an alarm is triggered.
[0173] This effectively detects network attacks, avoids security vulnerabilities caused by the failure of a single verification, and improves overall security.
[0174] Optionally, in a scenario where the first mobile device is an unlocking device and includes a terminal, and the second mobile device is an unlocked device and is the target vehicle, the risk warning method further includes steps 040 and 041, which are described in detail below.
[0175] Step 040: Based on the hash values corresponding to the operation logs of the cloud, terminal and target vehicle, perform log verification to obtain the log verification result, which includes verification passed and verification failed. Step 041: If the verification passes, synchronize the operation logs of the cloud, terminal and target vehicle.
[0176] Among them, the operation log is structured data that records the safe operations and events of the cloud, terminal and target vehicle; the hash value is a unique fixed-length value obtained by performing a hash algorithm on the data (such as the operation log); the log verification is the process of verifying the consistency of the operation logs of the cloud, terminal and target vehicle.
[0177] Specifically, due to the uniqueness of hash values, any modification to the operation log will result in a completely different hash value. When the digital key is updated, the cloud generates new operation logs based on the updated digital key and distributes the encrypted updated digital key to the terminal and target vehicle. Upon receiving the digital key, the terminal and target vehicle generate their respective operation logs. Then, based on the hash values corresponding to the operation logs in the cloud, terminal, and target vehicle, log verification is performed to check the consistency of each hash value. If all hash values are consistent, the verification passes, and the synchronization of operation logs across the cloud, terminal, and target vehicle is completed. If the operation log of any node (cloud, terminal, or target vehicle) is tampered with, or if the node fails, the hash values will be inconsistent, the log verification result will be a failure, triggering a security warning and marking the node corresponding to the abnormal hash value for further investigation.
[0178] In this way, it is possible to quickly identify whether the operation log has been tampered with, provide real and reliable raw data for the unlocking process, ensure data consistency between the cloud, terminal and target vehicle, and improve the reliability of the defense system.
[0179] Optionally, the log verification process employs a Practical Byzantine Fault Tolerance (PBFT) mechanism. If the hash values of the three nodes (cloud, terminal, or target vehicle) are inconsistent, and more than two-thirds of the nodes have the same hash value, then the inconsistent hash values are determined to be due to non-malicious attack factors such as transmission delay or temporary node failure. In this case, the log verification result is determined to be successful. Thus, the PBFT mechanism achieves efficient fault tolerance, ensuring log consistency across the entire system even if a single node fails.
[0180] Optionally, in a scenario where the first mobile device is an unlocking device and includes a terminal, and the second mobile device is the unlocked device and is the target vehicle, the risk warning method further includes: In the event of a malfunction in the target vehicle's communication module, a pre-stored mirror communication module is read from the target vehicle's memory, and the mirror communication module is run to enable communication.
[0181] The mirror communication module is a backup program stored in the target vehicle that is identical to the original communication module. The mirror communication module stores configuration data and a full set of operation logs that are completely identical to those of the original communication module.
[0182] Specifically, the target vehicle's communication module may experience hardware or software failures (such as receiving malicious code injection during a network attack), preventing it from completing secure communication operations such as digital key verification and log synchronization. In this case, a pre-stored mirror communication module in the target vehicle is used to replace the faulty communication module to handle communication tasks as an emergency measure. The entire process does not require restarting the target vehicle's system, enabling hot-swap recovery of communication and ensuring uninterrupted security functions.
[0183] This ensures the continued effectiveness of the target vehicle's safety system and enhances its safety redundancy protection capabilities.
[0184] All of the above technical solutions can be combined in any way to form optional embodiments of this application, and will not be described in detail here.
[0185] Based on the method described in the above embodiments, this application also provides a risk warning device for performing the steps in the above risk warning method. Please refer to... Figure 11 , Figure 11 This is a schematic diagram of a risk warning device provided in an embodiment of this application. The risk warning device 200 includes: Acquisition module 201 is used to acquire the first feature collected by the first mobile device; The receiving module 202 is used to receive a risk score; wherein the risk score is determined based on a first feature and a second feature collected by a second mobile device; one of the first mobile device and the second mobile device is the unlocking device and the other is the unlocked device; the encryption method of the digital key used between the unlocking device and the unlocked device is determined based on the risk score; the features collected by the unlocking device include features generated based on the activities of the target object using the unlocking device; the features collected by the unlocked device include features corresponding to the associated device of the unlocked device; The display module 203 is used to display risk warning information for the unlocking operation. The risk warning information is generated based on the risk score.
[0186] It should be noted that the specific details of each module unit in the above-mentioned risk warning device have been described in detail in the embodiments of the above-mentioned risk warning method, and will not be repeated here.
[0187] In the embodiments of this application, the terms "module" or "unit" refer to a computer program or part of a computer program that has a predetermined function and works with other related parts to achieve a predetermined goal, and can be implemented wholly or partially using software, hardware (such as processing circuitry or memory), or a combination thereof. Similarly, a processor (or multiple processors or memory) can be used to implement one or more modules or units. Furthermore, each module or unit can be part of an overall module or unit that includes the functionality of that module or unit.
[0188] In one optional embodiment, the risk warning device in this application embodiment can be implemented in hardware, such as a risk warning system or a component in the risk warning system, such as an integrated circuit or a chip; the risk warning device can also be implemented in software, such as as an application installed in the risk warning system.
[0189] This application also provides a mobile device, including a memory, a processor, and a display screen. The memory stores a computer program, and the processor executes various processes of the above-described risk warning method embodiments by calling the computer program stored in the memory, achieving the same technical effects. To avoid repetition, these details will not be repeated here. The display screen is used to display a graphical user interface.
[0190] In one optional embodiment, the mobile device includes at least one of a cloud server, a terminal, and a target vehicle. The cloud server may uniformly generate the encrypted digital key and distribute it to both the terminal and the target vehicle to enable subsequent unlocking of the target vehicle. Alternatively, the digital key may be encrypted on the terminal and sent directly to the vehicle for unlocking. Or, the digital key may be generated and encrypted locally on the target vehicle.
[0191] Optionally, the terminal may include, but is not limited to, smartphones, tablets, laptops, smart TVs, wearable smart devices, etc. The cloud server may be a standalone physical server, a server cluster or distributed system (such as a TSP platform) composed of multiple physical servers, or a cloud server providing basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (CDN), and big data and artificial intelligence platforms. This application does not limit this aspect.
[0192] In one alternative embodiment, please refer to Figure 12 , Figure 12 This is a schematic diagram of the structure of a mobile device provided in an embodiment of this application. The mobile device 300 includes a processor 301, a memory 302, and a display screen 303. The memory 302 stores a computer program 304 that can run on the processor 301. When the computer program 304 is executed by the processor 301, it implements the various processes of the above-described risk warning method embodiments and achieves the same technical effects. To avoid repetition, it will not be described again here. The display screen 303 is used to display a graphical user interface.
[0193] This application also provides a computer-readable storage medium storing a computer program. When the computer program is executed by a processor, it implements the various processes of the above-described risk warning method embodiments and achieves the same technical effect. To avoid repetition, it will not be described again here.
[0194] The processor can be the processor in the mobile device described in the above embodiments. The computer-readable storage medium can be a computer read-only memory (ROM), random access memory (RAM), magnetic disk, or optical disk, etc.
[0195] Computer-readable media can include computer storage media and communication media. Computer storage media includes volatile and non-volatile, removable and non-removable media implemented by any method or technology for storing information such as computer-readable instructions, data structures, program modules, or other data. Computer storage media include RAM, ROM, erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other solid-state storage technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape cassettes, magnetic tape, disk storage, or other magnetic storage devices. Of course, those skilled in the art will recognize that computer storage media are not limited to the above-mentioned types.
[0196] This application also provides a computer program product, including computer instructions that, when executed by a processor, implement the aforementioned risk warning method. The processor may be a processor in the mobile device described in the above embodiments. When the computer instructions are executed by the processor, they implement various processes of the embodiments of the aforementioned risk warning method and achieve the same technical effects; therefore, to avoid repetition, they will not be described again here.
[0197] It is understood that in the specific implementation of this application, data related to user identity or characteristics is involved. When the above embodiments of this application are applied to specific products or technologies, user permission or consent is required, and the collection, use and processing of related data must comply with the relevant laws, regulations and standards of the relevant countries and regions.
[0198] In the description of this specification, the references to terms such as "certain embodiments," "an alternative embodiment," and "exemplarily" indicate that a specific feature, structure, material, or characteristic described in connection with an embodiment or example is included in at least one embodiment or example of this application. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples. Moreover, without contradiction, those skilled in the art can combine and integrate the different embodiments or examples described in this specification, as well as the features of different embodiments or examples.
[0199] Any process or method description in the flowchart or otherwise herein can be understood as representing a module, segment, or portion of code comprising one or more executable instructions for implementing a particular logical function or process, and the scope of the preferred embodiments of this application includes additional implementations in which functions may be performed not in the order shown or discussed, including substantially simultaneously or in reverse order according to the functions involved, as should be understood by those skilled in the art to which embodiments of this application pertain.
[0200] Although embodiments of this application have been shown and described, those skilled in the art will understand that various changes, modifications, substitutions and alterations can be made to these embodiments without departing from the principles and spirit of this application, the scope of which is defined by the claims and their equivalents.
Claims
1. A risk warning method, characterized in that, Applied to a first mobile device, including: Obtain the first feature collected by the first mobile device; Receive a risk score; wherein the risk score is determined based on the first feature and the second feature collected by the second mobile device; one of the first mobile device and the second mobile device is the unlocking device and the other is the unlocked device; the encryption method of the digital key used between the unlocking device and the unlocked device is determined based on the risk score; the features collected by the unlocking device include: features generated based on the activities of the target object using the unlocking device; the features collected by the unlocked device include: features corresponding to the associated device of the unlocked device; The system displays risk warning information regarding the unlocking operation, which is generated based on the risk score.
2. The risk warning method according to claim 1, characterized in that, The displayed risk warning information regarding the unlocking operation includes: The risk score value is displayed on the screen of the first mobile device; and / or Based on the target scoring range in which the risk score is located, the corresponding visual effects are displayed. The target scoring range can be any preset scoring range, and different preset scoring ranges correspond to different visual effects.
3. The risk warning method according to claim 1, characterized in that, The encryption method of the digital key is determined based on the target scoring range in which the risk score is located. The target scoring range is any preset scoring range, and different preset scoring ranges correspond to different preset encryption strategies.
4. The risk warning method according to any one of claims 1-3, characterized in that, Prior to receiving the risk score, the method further includes: Calculate the first risk score based on the first feature; Calculate the second risk score based on the second feature; The risk score is calculated based on the first risk score and the second risk score.
5. The risk warning method according to claim 4, characterized in that, The first feature includes at least one of the following: gait features of the target object using the first mobile device, posture data and pressure data of the first mobile device, and voiceprint features of the target object; The calculation of the first risk score based on the first feature includes: Calculate the similarity of the first target; Based on the first target similarity, the first risk score is determined; wherein the first risk score is negatively correlated with the first target similarity. The calculation of the first target similarity includes calculating at least one of the following similarities: Calculate the first similarity between the gait features of the target object and the preset gait features; Based on the posture data and pressure data of the first mobile device, a grip posture model of the target object is constructed, and a second similarity between the grip posture model and a preset grip model is calculated. Calculate the third similarity between the voiceprint features of the target object and the preset voiceprint features.
6. The risk warning method according to claim 4, characterized in that, The second feature includes at least one of the following: location change features of the first mobile device, the number of network devices around the second mobile device, and the historical unlock time of the first mobile device; The calculation of the second risk score based on the second feature includes: Calculate the target deviation; Based on the target deviation, a second risk score is determined, and the second risk score is positively correlated with the target deviation. The calculation of the target deviation includes calculating at least one of the following deviations: Calculate the position change characteristics of the first mobile device and the position deviation within a preset coordinate change range; The signal interference deviation is determined based on the increment of the number of network devices around the second mobile device; Calculate the time deviation between the historical unlock time and the preset unlock time interval of the first mobile device.
7. The risk warning method according to claim 4, characterized in that, After calculating the risk score based on the first risk score and the second risk score, the method further includes: A third risk score is calculated based on the third features collected by the first mobile device, wherein the third features include the gait features of the target object using the first mobile device and the timing of the unlocking events of the first mobile device unlocking the second mobile device; The risk score is updated based on the third risk score; The calculation of the third risk score based on the third feature collected by the first mobile device includes: Calculate the similarity of the second target; Based on the second target similarity, a third risk score is determined, and the third risk score is negatively correlated with the second target similarity. The calculation of the second target similarity includes calculating at least one of the following similarities: Calculate the first similarity between the gait features of the target object and the preset gait features; Based on the timing of the unlocking events of the first mobile device unlocking the second mobile device, the timing similarity with the timing of historical unlocking events is determined.
8. The risk warning method according to claim 7, characterized in that, After updating the risk score based on the third risk score, the method further includes: Obtain a target risk score, wherein the target risk score includes at least one of the first risk score, the second risk score, and the third risk score; Based on the target risk score, the unlocked device is subjected to communication security detection to obtain detection results, including whether the unlocked device has received a network attack. If the risk score is greater than a preset score threshold and the unlocked device receives a network attack, the unlocked device is controlled to issue false status information, which is used to indicate that the unlocked device is in a state where it cannot be unlocked and started.
9. The risk warning method according to claim 1 or 2, characterized in that, Also includes: In response to the triggering operation of the risk warning information, display the risk details information corresponding to the risk warning information; and / or If the target scoring range where the risk score is located is a preset scoring range with the largest average score, the risk details information corresponding to the risk warning information is displayed. The risk details information includes risk information corresponding to at least one of the first feature and the second feature, as well as risk handling measures information.
10. A mobile device, characterized in that, It includes a memory, a processor, and a display screen; the memory stores a computer program, and the processor executes the risk warning method as described in any one of claims 1-9 by calling the computer program stored in the memory; The display screen is used to display a graphical user interface.