A communication method, electronic equipment, chip system and storage medium

By obtaining authentication results and outputting prompts during communication between terminal devices, the problem of communication fraud is solved, the reliability and security of communication are improved, and the user experience is enhanced.

CN122372997APending Publication Date: 2026-07-10HUAWEI TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
HUAWEI TECH CO LTD
Filing Date
2025-01-10
Publication Date
2026-07-10

Smart Images

  • Figure CN122372997A_ABST
    Figure CN122372997A_ABST
Patent Text Reader

Abstract

This application relates to the field of terminal technology, providing a communication method, electronic device, chip system, and storage medium. The method enables the acquisition of an authentication result during communication between a first terminal device and a second terminal device. The authentication result indicates whether the communication object is the target object. The communication object is the user using the second terminal device for communication, and the target object is a real-name user who has passed real-name authentication through the second terminal device. Based on the authentication result, a prompt message is output to indicate the communication security status. In this way, users can prevent communication fraud based on the prompt message, ensuring the reliability and security of communication services and improving the user's communication experience.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of terminals, and more particularly to a communication method, electronic device, chip system, and storage medium. Background Technology

[0002] With the continuous development of communication technology, communication between users via electronic devices has become increasingly common. However, this communication process also brings some security issues, such as telecommunications fraud. During communication, criminals can impersonate various identities and fabricate false information to induce users to transfer money or provide sensitive information, such as bank card numbers or passwords. This can lead to financial losses for users and diminish their communication experience. Summary of the Invention

[0003] This application provides a communication method, electronic device, chip system, and storage medium that can enhance users' awareness of preventing communication fraud, thereby improving users' communication experience.

[0004] Firstly, a communication method is provided, comprising: during communication between a first terminal device and a second terminal device, obtaining an authentication result, wherein the authentication result indicates whether the communication object is a target object, the communication object is the object using the second terminal device for communication, and the target object is a real-name user who has been authenticated through the second terminal device; and outputting a prompt message based on the authentication result, wherein the prompt message is used to indicate the communication security status. The process of obtaining the authentication result and outputting the prompt message to indicate the communication security status can be referred to as an anti-fraud authentication process.

[0005] The method can be executed by the first terminal device, or by a module (such as a processor, chip, or chip system) applied in the first terminal device, or by a logic module or software that can implement all or part of the functions of the terminal device.

[0006] Based on the above scheme, during the communication service between the first terminal device and the second terminal device, a prompt message for the communication security status can be output based on the identity authentication result, so that users can prevent communication fraud based on the prompt message, ensuring the reliability and security of the communication service and improving the user's communication experience.

[0007] It should be understood that the first terminal device can be a terminal device that initiates communication in a communication service, and the second terminal device can be a terminal device that receives communication in a communication service. Of course, the first terminal device can also be a terminal device that receives communication in a communication service, and the second terminal device can be a terminal device that initiates communication in a communication service.

[0008] The first terminal device and the second terminal device can communicate directly, or they can communicate through a server.

[0009] It should be noted that the communication method provided in this paper can be applied only to the terminal device initiating the communication service or only to the terminal device receiving the communication service during the communication process between the first terminal device and the second terminal device. Alternatively, it can be applied to both the terminal device initiating the communication service and the terminal device receiving the communication service; that is, anti-fraud authentication is bidirectional during the communication process between the first terminal device and the second terminal device.

[0010] In one possible implementation, the authentication result may be sent by the second terminal device. Alternatively, the authentication result may be determined by the first terminal device based on the first biometric data of the communication object and the second biometric data of the target object sent by the second terminal device.

[0011] In one possible implementation, obtaining the authentication result includes: receiving first data and a first signature corresponding to the first data from a second terminal device, wherein the first data is used to determine the authentication result; verifying the first signature, and if the verification passes, determining the authentication result based on the first data. The first data and the first signature can be sent directly from the second terminal device to the first terminal device; alternatively, the first data and the first signature can also be sent from the second terminal device to the first terminal device via a server.

[0012] The first data and its corresponding first signature can be actively sent by the second terminal device. This indicates that the anti-fraud authentication is triggered by the second terminal device during the communication process.

[0013] Of course, the first data and the corresponding first signature can also be sent by the second terminal device based on an acquisition request, which is a request sent by the first terminal device to acquire the first data. In this case, it can be indicated that the anti-fraud authentication is triggered by the first terminal device.

[0014] Based on the above scheme, by verifying the first signature, the integrity and authenticity of the first data used to obtain the identity authentication result can be ensured, and the first data can be prevented from being tampered with or forged during transmission, thereby enhancing data security.

[0015] In one possible implementation, the first data is the identity authentication result.

[0016] Based on the above scheme, the second terminal device can obtain the identity authentication result without performing any additional processing steps, which simplifies the process of obtaining the identity authentication result and improves the efficiency of obtaining the identity authentication result.

[0017] In one possible implementation, the first data consists of first biometric data of the communication object and second biometric data of the target object. Determining the identity authentication result based on the first data includes: matching the first biometric data and the second biometric data to obtain the identity authentication result.

[0018] It should be understood that the first signature is used to prevent the first data from being tampered with during transmission from the second terminal device to the first terminal device. By verifying the first signature, the integrity, authenticity, security, and trustworthiness of the first data used to obtain the authentication result can be ensured.

[0019] In one possible implementation, the first terminal device includes a first trusted application (TA), which is set in the trusted execution environment (TEE) of the first terminal device. The method further includes: verifying the first signature using the device's anti-fraud public key through the first TA.

[0020] Among them, TEE provides an isolated trusted execution environment that can protect sensitive data and business logic from external attacks.

[0021] Based on the above scheme, verifying the first signature in the TEE can ensure that the first signature is not tampered with or forged during the verification process, thereby enhancing the reliability of the verification.

[0022] In one possible implementation, the device anti-fraud public key is obtained by: receiving a device certificate and a first anti-fraud certificate from a second terminal device, wherein the first anti-fraud certificate is generated based on the device private key and is used to prove the identity of the second terminal device; if the device certificate is deemed valid based on the device root public key, extracting the device public key corresponding to the device private key from the device certificate; and if the first anti-fraud certificate is deemed valid based on the device public key, extracting the device anti-fraud public key from the first anti-fraud certificate.

[0023] Among them, the device root public key is the root public key of the device PKI system.

[0024] In one possible implementation, the device anti-fraud public key is obtained by: receiving a second anti-fraud certificate from a second terminal device; and extracting the device anti-fraud public key from the second anti-fraud certificate if the second anti-fraud certificate is deemed legitimate based on the anti-fraud authentication root public key.

[0025] The anti-fraud authentication root public key is the root public key of the anti-fraud PKI system. The second anti-fraud certificate is verified using the anti-fraud authentication root public key; if the verification passes, the second anti-fraud certificate is deemed legitimate.

[0026] In one possible implementation, before receiving the first data and the first signature corresponding to the first data from the second terminal device, the method further includes: sending an acquisition request to the second terminal device to acquire the first data.

[0027] Based on the above scheme, by sending an acquisition request to obtain the first data, it can be shown that the anti-fraud authentication in the communication service is actively triggered by the first terminal device, so that the identity authentication result can be determined based on the first data and the prompt information can be output based on the identity authentication result. This can enhance the user's awareness of preventing communication fraud and thus improve the user's call experience.

[0028] In one possible implementation, the first data is the authentication result, and the acquisition request can be a request for acquiring the authentication result; or, the first data is the first biometric data of the communication object and the second biometric data of the target object, and the acquisition request can be a request for acquiring the first biometric data of the communication object and the second biometric data of the target object.

[0029] In one possible implementation, the retrieval request carries a session random number.

[0030] Based on the above scheme, by including a session random number in the retrieval request, it can be ensured that the retrieval request is unique, and thus the data obtained based on the retrieval request is also unique. This method can effectively prevent replay attacks and avoid attackers using historically obtained first-time data for communication fraud.

[0031] In one possible implementation, based on the authentication result, a prompt message is output, including: if the authentication result indicates that the communication object is the target object, a prompt message carrying the user information of the target object is output.

[0032] Based on the above solution, users can determine whether the communication recipient is a known person or a stranger based on the user information in the prompt message. If it is a known person, users can communicate with peace of mind; if it is a stranger, users can further assess whether there is any communication risk. This approach enhances users' awareness of preventing communication fraud, thereby improving their communication experience.

[0033] In one possible implementation, user information includes, but is not limited to, at least one of the following: at least part of the name of the communication object (e.g., last name, first name, and last name), number (telephone number) / account (user account of the communication application).

[0034] In one possible implementation, user information is obtained by receiving ciphertext from a second terminal device and decrypting the ciphertext to obtain the user information.

[0035] Based on the above scheme, transmitting user information in encrypted form can effectively prevent user information from being stolen during transmission, thereby avoiding privacy leaks of the target and improving the security of user information transmission.

[0036] In one possible implementation, during the communication service between the first terminal device and the second terminal device, the authentication result is periodically obtained, and based on the authentication result, a prompt message is output to indicate the communication security status.

[0037] The above solution can periodically perform anti-fraud authentication (e.g., every minute) during communication between the first terminal device and the second terminal device, and output prompt information to indicate the communication security status. This can enhance users' awareness of preventing communication fraud, reduce the risk of being deceived, and further improve the security and reliability of the communication process.

[0038] It should be noted that when the communication service is a call service, the communication method provided in this paper can be applied to the stage when a call is initiated but not yet connected during the call service, and / or the stage when a call is connected during the call service.

[0039] Secondly, a communication method is provided, which can be executed by a second terminal device, by a component of the second terminal device, or by a logic module or software that can implement or partially implement the functions of the second terminal device.

[0040] The method includes: during the communication service between a first terminal device and a second terminal device, acquiring first data, the first data being used to determine an identity authentication result, the identity authentication result indicating whether the communication object is a target object, the communication object being an object using the second terminal device for communication, and the target object being a real-name user who has been authenticated by the second terminal device; signing the second data containing the first data to obtain a first signature; and sending the first data and the first signature to the first terminal device.

[0041] Based on the above scheme, during the communication service between the first terminal device and the second terminal device, first data can be obtained and sent to the first terminal device along with the first signature corresponding to the first data. This allows the first terminal device to determine the identity authentication result based on the first data if the first signature verification is successful, and output a prompt message to indicate the communication security status based on the identity authentication result. This enables users communicating using the first terminal device to prevent communication fraud based on the prompt message, ensuring the reliability and security of the communication service and improving the user's communication experience.

[0042] In one possible implementation, the first data is the first biometric data of the communication object and the second biometric data of the target object; or, the first data is the authentication result, which is determined based on the first biometric data of the communication object and the second biometric data of the target object.

[0043] It should be understood that the first data may be actively collected by the second terminal device during the communication process between the first terminal device and the second terminal device; in this case, it can be indicated that the anti-fraud authentication is triggered by the second terminal device during the communication process.

[0044] Alternatively, the first data may be collected by the second terminal device in response to an acquisition request from the first terminal device during communication between the first and second terminal devices. This acquisition request is used to acquire the first data. In this case, it can be indicated that the anti-fraud authentication is triggered by the first terminal device during the communication process.

[0045] In one possible implementation, before collecting the first data during the communication service between the first terminal device and the second terminal device, the method further includes: in response to a user operation, obtaining the identity information to be authenticated; sending an authentication request for real-name authentication to the server, the authentication request carrying the identity information to be authenticated; receiving the real-name authentication result from the server; and if the real-name authentication result indicates that the real-name authentication is successful, using the object corresponding to the identity information to be authenticated as the target object.

[0046] In one possible implementation, the authentication result is determined based on the first biometric data of the communication object and the second biometric data of the target object. The second biometric data is obtained by using the biometric data in the identity information to be authenticated as the second biometric data.

[0047] Based on the above scheme, the second biometric data can be obtained directly from the identity information to be authenticated, which simplifies the process of obtaining the second biometric data and improves the efficiency of obtaining the second biometric data.

[0048] In one possible implementation, the second biometric data is obtained by: acquiring first multimedia data for the target object through the multimedia data acquisition component of the second terminal device; and extracting biometric features from the first multimedia data to obtain the second biometric data.

[0049] Based on the above scheme, after successful real-name authentication, the multimedia data acquisition component of the second terminal device collects first multimedia data targeting the object, and then determines the second biometric data based on the first multimedia data. In this way, determining the second biometric data using the first multimedia data ensures that the collected second biometric data is more comprehensive, further improving the accuracy of the subsequent identity authentication results generated based on the second and first biometric data.

[0050] In one possible implementation, the first multimedia data is image data of the target object, and the second biometric data can be facial data of the target object; or the first multimedia data is image data and audio data of the target object, and the second biometric data can be facial data and voiceprint data of the target object. The facial data can be a facial image or facial feature data extracted from a facial image. Facial feature data includes features such as the shape of facial features and facial contours. Voiceprint data includes features such as pitch, timbre, and speech rate.

[0051] In one possible implementation, after obtaining the second biometric data, the second terminal device stores the second biometric data in a TEE. This ensures the security of the second biometric data.

[0052] In one possible implementation, the second terminal device includes a second trusted application (TA), which is set in the trusted execution environment (TEE) of the second terminal device. The first biometric data is obtained by: collecting second multimedia data through the multimedia data acquisition component of the second terminal device during communication services between the first terminal device and the second terminal device; and determining the first biometric data based on the second multimedia data through the second TA.

[0053] Based on the above scheme, the first biometric data is determined in the TEE environment of the second terminal device through the second TA and the second multimedia data. Due to the security isolation mechanism of the TEE environment, it can effectively prevent the access and tampering of malicious software, thereby significantly enhancing the reliability and security of the determined first biometric data.

[0054] In one possible implementation, determining the first biometric data based on the second multimedia data includes: if there is no reproduced image in the second multimedia data and the object corresponding to the second multimedia data is a living object, then the biometric data obtained by extracting biometric features from the second multimedia data is determined as the first biometric data.

[0055] Based on the above scheme, it is possible to effectively identify reproduced or forged images, ensuring that the image data used for biometric extraction is authentic and unaltered. Simultaneously, by combining it with liveness detection technology, the system further verifies that the object corresponding to the image data is a real living being, thereby improving the accuracy and reliability of the collected primary biometric data, further enhancing the reliability and accuracy of the output alerts, strengthening users' awareness of communication fraud prevention, and improving the user's communication experience.

[0056] In one possible implementation, the second terminal device includes a second trusted application (TA), which is set in the TEE of the second terminal device. The second TA signs the second data containing the first data to obtain a first signature, including: signing the second data using the device's anti-fraud private key through the second TA to obtain the first signature.

[0057] Based on the above scheme, the second data is signed in the TEE through the second TA, which ensures the security of the signing process.

[0058] In one possible implementation, the TEE contains a device certificate for the second terminal device, which is used to prove the identity of the second terminal device. The method further includes: sending a device certificate and a first anti-fraud certificate to the first terminal device. The first anti-fraud certificate is generated based on the device's private key and carries a device anti-fraud public key corresponding to the device's anti-fraud private key. The device certificate carries a device public key corresponding to the device's private key. Alternatively, sending a second anti-fraud certificate to the first terminal device. The second anti-fraud certificate is generated based on the anti-fraud authentication root private key and carries a device anti-fraud public key.

[0059] In one possible implementation, the second anti-fraud certificate is obtained by: signing the device anti-fraud public key based on the device public key to obtain a second signature; sending a processing request to the server to generate the second anti-fraud certificate, the processing request carrying the device anti-fraud public key, the second signature, and the device certificate; and receiving the second anti-fraud certificate from the server, the second anti-fraud certificate being generated based on the device anti-fraud public key, the second signature, and the device certificate.

[0060] In one possible implementation, the method further includes: receiving an acquisition request from a first terminal device, the acquisition request being used to acquire first data.

[0061] In one possible implementation, the first data is the authentication result, and the acquisition request is a request to acquire the authentication result; or, the first data is the first biometric data of the communication object and the second biometric data of the target object, and the acquisition request is a request to acquire the first biometric data of the communication object and the second biometric data of the target object.

[0062] In one possible implementation, sending the first data and the first signature to the first terminal device includes: in response to an acquisition request, sending the first data and the first signature to the first terminal device.

[0063] In one possible implementation, the retrieval request carries a session random number, and the second data also includes the session random number. That is, the second data includes the first data and the session random number.

[0064] Based on the above scheme, by signing the first data and the session random number, replay attacks can be effectively prevented, thus avoiding attackers from using historically obtained first data to commit communication fraud.

[0065] In one possible implementation, the first data is the authentication result. If the authentication result indicates that the communication object is the target object, ciphertext is sent to the first terminal device, and the ciphertext carries the user information of the target object.

[0066] In one possible implementation, the first data is the authentication result. If the authentication result indicates that the communication object is the target object, the second data also includes ciphertext, which carries the user information of the target object.

[0067] Based on the above scheme, by encrypting and signing user information before transmission, the theft and tampering of user information during transmission can be prevented, thereby improving the security of user information transmission and enhancing the user experience.

[0068] In one possible implementation, the user information can be obtained by the second terminal device from the identity information to be authenticated after the real-name authentication is successful.

[0069] The beneficial effects of each implementation method in the second aspect can be found in the description of the first aspect, and will not be repeated here.

[0070] Thirdly, a communication method is provided, which can be executed by a server, by a component of the server (such as a processor, chip, or chip system), or by a logic module or software capable of implementing all or part of the server's functions.

[0071] The method includes: during the communication service between the first terminal device and the second terminal device, receiving first data and a first signature corresponding to the first data from the second terminal device, wherein the first data is used to determine the identity authentication result, the identity authentication result indicates whether the communication object is the target object, the communication object is the object using the second terminal device for communication, and the target object is a real-name user who has been real-name authenticated through the second terminal device; and forwarding the first data and the first signature to the first terminal device.

[0072] Based on the above scheme, the system can receive first data and first signature from the second terminal device and forward the first data and first signature to the first terminal device. This allows the first terminal device to determine the identity authentication result based on the first data when the first signature is verified, and output a prompt message based on the identity authentication result. This enables users who use the first terminal device for communication to prevent communication fraud based on the prompt message, ensuring the reliability and security of communication services and improving the user's communication experience.

[0073] In one possible implementation, during the communication service between the first terminal device and the second terminal device, before receiving the first data and the first signature corresponding to the first data from the second terminal device, the method further includes: receiving an acquisition request from the first terminal device, the acquisition request being used to acquire the first data; and forwarding the acquisition request to the second terminal device.

[0074] In one possible implementation, the retrieval request carries a session random number.

[0075] In one possible implementation, during the communication service between the first terminal device and the second terminal device, before receiving the first data and the first signature corresponding to the first data from the second terminal device, the method further includes: receiving a processing request from the second terminal device for generating a second anti-fraud certificate, the processing request carrying a device anti-fraud public key, a second signature, and a device certificate, the device certificate being used to prove the identity of the second terminal device; if the second signature is verified successfully based on the device certificate, generating a second anti-fraud certificate using the anti-fraud authentication root private key, the second anti-fraud certificate carrying the device anti-fraud public key; and sending the second anti-fraud certificate to the second terminal device.

[0076] In one possible implementation, during the communication service between the first terminal device and the second terminal device, before receiving the first data and the first signature corresponding to the first data from the second terminal device, the method further includes: receiving an authentication request for real-name authentication from the second terminal device, the authentication request carrying identity information to be authenticated; sending an authentication request to a real-name authentication center; receiving a real-name authentication result from the real-name authentication center; and sending the real-name authentication result to the second terminal device.

[0077] The beneficial effects of each implementation method in the third aspect can be found in the description of the first aspect, and will not be repeated here.

[0078] Fourthly, a communication method is provided, which can be executed by a server, by a component of the server (such as a processor, chip, or chip system), or by a logic module or software capable of implementing all or part of the server's functions.

[0079] The method includes: receiving a processing request from a second terminal device for generating a second anti-fraud certificate, the processing request carrying a device anti-fraud public key, a second signature, and a device certificate, the device certificate being used to prove the identity of the second terminal device; if the second signature is verified successfully based on the device certificate, generating a second anti-fraud certificate using an anti-fraud authentication root private key, the second anti-fraud certificate carrying the device anti-fraud public key; and sending the second anti-fraud certificate to the second terminal device.

[0080] The beneficial effects of each implementation method in the fourth aspect can be found in the description of the first aspect, and will not be repeated here.

[0081] Fifthly, a communication system is provided, comprising a first terminal device and a second terminal device, wherein a communication connection is established between the first terminal device and the second terminal device, wherein:

[0082] The second terminal device is used to acquire first data during communication between the first terminal device and the second terminal device. The first data is used to determine the identity authentication result, which indicates whether the communication object is the target object. The communication object is the object using the second terminal device for communication, and the target object is a real-name user who has been authenticated by the second terminal device. The second terminal device signs the second data containing the first data to obtain a first signature. The second terminal device sends the first data and the first signature to the first terminal device. The first terminal device is used to receive the first data and the first signature corresponding to the first data from the second terminal device. The first signature is verified, and if the verification is successful, the identity authentication result is determined based on the first data. Based on the identity authentication result, the first terminal device outputs a prompt message, which is used to indicate the communication security status.

[0083] In one possible implementation, the second terminal device includes a second trusted application (TA), which is set in the TEE of the second terminal device. Specifically, the second terminal device is used to sign the identity authentication result using the device anti-fraud private key through the second TA to obtain a first signature.

[0084] In one possible implementation, the first terminal device includes a first TA, which is set in the TEE of the first terminal device, wherein: the first terminal device is specifically used to verify the first signature by using the first TA and the device anti-fraud public key corresponding to the device anti-fraud private key.

[0085] In one possible implementation, the communication system further includes a server, wherein: the second terminal device is further configured to, in response to a user operation, obtain identity information to be authenticated; send an authentication request for real-name authentication to the server, the authentication request carrying the identity information to be authenticated; the server is configured to receive the authentication request; send the authentication request to the real-name authentication center; receive the real-name authentication result from the real-name authentication center; and send the real-name authentication result to the second terminal device; the second terminal device is further configured to receive the real-name authentication result and determine, based on the real-name authentication result, whether the object corresponding to the identity information to be authenticated is the target object.

[0086] Sixthly, a communication system is provided, comprising a first terminal device, a second terminal device, and a server, wherein the server establishes communication connections with both the first terminal device and the second terminal device, wherein:

[0087] The second terminal device is used to acquire first data during communication between the first terminal device and the second terminal device. The first data is used to determine the identity authentication result, which indicates whether the communication object is the target object. The communication object is the object using the second terminal device for communication, and the target object is a real-name user who has been authenticated by the second terminal device. The second terminal device signs the second data containing the first data to obtain a first signature. The second terminal device sends the first data and the first signature to the server. The server receives the first data and the first signature and forwards the first data and the first signature to the first terminal device. The first terminal device receives the first data and the first signature. If the first signature is verified, the second terminal device determines the identity authentication result based on the first data. Based on the identity authentication result, the first terminal device outputs a prompt message to indicate the communication security status.

[0088] In one possible implementation, the second terminal device includes a second trusted application (TA), which is set in the TEE of the second terminal device. Specifically, the second terminal device is used to sign the identity authentication result using the device anti-fraud private key through the second TA to obtain a first signature.

[0089] In one possible implementation, the first terminal device includes a first TA, which is set in the TEE of the first terminal device, wherein: the first terminal device is specifically used to verify the first signature by using the first TA and the device anti-fraud public key corresponding to the device anti-fraud private key.

[0090] In one possible implementation, the second terminal device is further configured to, in response to a user operation, obtain the identity information to be authenticated; send an authentication request for real-name authentication to the server, the authentication request carrying the identity information to be authenticated; the server is configured to receive the authentication request; send the authentication request to the real-name authentication center; receive the real-name authentication result from the real-name authentication center; send the real-name authentication result to the second terminal device; and the second terminal device is further configured to receive the real-name authentication result.

[0091] In a seventh aspect, embodiments of this application provide an electronic device, which includes a processor and a memory. The memory is used to store a computer program, and the processor is used to call and run the computer program from the memory, causing the electronic device to perform the method in any of the above aspects or any possible implementation of any of the above aspects.

[0092] Eighthly, embodiments of this application provide a computer-readable storage medium storing a computer program that, when executed by a processor, causes the processor to perform the method in any of the above aspects or any possible implementations of any of the above aspects.

[0093] Ninthly, embodiments of this application provide a computer program product, which includes: computer program code, which, when executed by an electronic device, causes the electronic device to perform the method in any of the above aspects or any possible implementation of any of the above aspects.

[0094] In a tenth aspect, embodiments of this application provide a chip system, which includes a processing circuit and a storage medium storing computer program instructions; the computer program instructions are executed by the processing circuit using the methods in any of the above aspects or any possible implementations of any of the above aspects.

[0095] Optionally, the processing circuitry in the above-mentioned chip system can be replaced by a processor, and the storage medium can be replaced by a memory. Optionally, the chip system may also include a communication interface for enabling communication between the chip system and external devices.

[0096] The beneficial effects of the technical solutions in the second to tenth aspects of this application can be referred to the beneficial effects of the technical solutions in the first aspect, and will not be repeated here. Attached Figure Description

[0097] Figure 1 This is a schematic diagram of the structure of a terminal device provided in an embodiment of this application;

[0098] Figure 2 This is a software structure block diagram of the electronic device 100 according to an embodiment of this application;

[0099] Figure 3This is a schematic diagram illustrating the interface changes of a terminal device in a communication method provided in an embodiment of this application.

[0100] Figure 4 This is a schematic diagram illustrating the interface changes of a group of terminal devices in a communication method provided in an embodiment of this application.

[0101] Figure 5 This is a schematic diagram illustrating the interface changes of another set of terminal devices in a communication method provided in an embodiment of this application.

[0102] Figure 6 This application provides a schematic diagram illustrating the interface changes of a communication method and a set of terminal devices according to an embodiment of the present application.

[0103] Figure 7 A schematic diagram illustrating interface changes of a terminal device in another communication method provided in this application embodiment;

[0104] Figure 8 A schematic diagram illustrating interface changes of a group of terminal devices in another communication method provided in an embodiment of this application;

[0105] Figure 9 A schematic diagram illustrating interface changes of another group of terminal devices in another communication method provided in an embodiment of this application;

[0106] Figure 10 A schematic diagram illustrating interface changes of another set of terminal devices for another communication method provided in an embodiment of this application;

[0107] Figure 11 This is a schematic diagram illustrating the changes in the user experience at the receiving end in a communication method provided in an embodiment of this application;

[0108] Figure 12 A flowchart illustrating a communication method 1200 provided in an embodiment of this application;

[0109] Figure 13 A flowchart illustrating another communication method 1300 provided in an embodiment of this application;

[0110] Figure 14 A flowchart illustrating another communication method 1400 provided in an embodiment of this application;

[0111] Figure 15 A flowchart illustrating another communication method 1500 provided in an embodiment of this application;

[0112] Figure 16 A flowchart illustrating another communication method 1600 provided in an embodiment of this application;

[0113] Figure 17A schematic diagram of a first registration process for a communication method applicable to this application, provided as an embodiment of this application;

[0114] Figure 18 A schematic diagram of a second registration process for a communication method applicable to this application, provided as an embodiment of this application;

[0115] Figure 19 A schematic diagram of a third registration process for a communication method applicable to this application, provided as an embodiment of this application;

[0116] Figure 20 This is a schematic diagram of the structure of a communication system 20 provided in an embodiment of this application;

[0117] Figure 21 A flowchart illustrating a communication method 2100 provided in an embodiment of this application;

[0118] Figure 22 A flowchart illustrating a communication method 2200 provided in an embodiment of this application;

[0119] Figure 23 A flowchart illustrating a communication method 2300 provided in an embodiment of this application;

[0120] Figure 24 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation

[0121] The technical solutions in the embodiments of this application will now be described with reference to the accompanying drawings.

[0122] In the description of the embodiments of this application, unless otherwise stated, " / " means "or"; for example, A / B can mean A or B; "and / or" in this document is merely a description of the relationship between related objects, indicating that three relationships can exist; for example, A and / or B can mean: A exists alone, A and B exist simultaneously, or B exists alone. Furthermore, in the description of the embodiments of this application, "multiple" refers to two or more.

[0123] Hereinafter, the terms "first," "second," and "third" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated. Thus, a feature defined as "first," "second," or "third" may explicitly or implicitly include one or more of that feature.

[0124] This application provides an electronic device for executing the communication method provided in this application. In some embodiments of this application, the electronic device may be a mobile phone, tablet computer, wearable device, in-vehicle device, augmented reality (AR) / virtual reality (VR) device, laptop computer, ultra-mobile personal computer (UMPC), netbook, personal digital assistant (PDA), etc., or may be other devices or apparatuses capable of communication. This application does not limit the specific type of electronic device.

[0125] For example, Figure 1 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application.

[0126] like Figure 1 As shown, the electronic device 100 may include a processor 101, an external memory interface 102, an internal memory 103, a universal serial bus (USB) interface 104, a button 105, a display screen 106, an antenna 1, an antenna 2, a mobile communication module 107, a wireless communication module 108, an audio module 109, a speaker 110, a receiver 111, a microphone 112, and a camera 113.

[0127] It is understood that the structures illustrated in the embodiments of this application do not constitute a specific limitation on the electronic device 100. In other embodiments of this application, the electronic device 100 may include more or fewer components than illustrated, or combine some components, or split some components, or have different component arrangements. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

[0128] Processor 101 may include one or more processing units, such as: application processor (AP), modem processor, graphics processing unit (GPU), image signal processor (ISP), controller, memory, video codec, digital signal processor (DSP), baseband processor, and / or neural network processing unit (NPU), etc. The different processing units may be independent devices or integrated into one or more processors.

[0129] The controller can be the nerve center and command center of the electronic device 100. The controller can generate operation control signals according to the instruction opcode and timing signals to complete the control of fetching and executing instructions.

[0130] The processor 101 may also include a memory for storing instructions and data. In some embodiments, the memory in the processor 101 is a cache memory. This memory can store instructions or data that the processor 101 has just used or that are used repeatedly. If the processor 101 needs to use the instruction or data again, it can retrieve it directly from the memory. This avoids repeated accesses, reduces the waiting time of the processor 101, and thus improves the efficiency of the system.

[0131] The processor 101 and the display screen 106 communicate through a display serial interface (DSI) to realize the display function of the electronic device 100.

[0132] The wireless communication function of electronic device 100 can be implemented through antenna 1, antenna 2, mobile communication module 107, wireless communication module 108, modem processor, and baseband processor.

[0133] Antenna 1 and antenna 2 are used to transmit and receive electromagnetic wave signals. Figure 1 The structures of antennas 1 and 2 shown are merely one example. Each antenna in electronic device 100 can be used to cover one or more communication frequency bands. Different antennas can also be multiplexed to improve antenna utilization. For example, antenna 1 can be multiplexed as a diversity antenna for a wireless local area network. In some other embodiments, the antennas can be used in conjunction with a tuning switch.

[0134] Electronic device 100 implements display functions through a GPU, display screen 106, and application processor. The GPU is a microprocessor for image processing, connected to the display screen 106 and the application processor. The GPU is used to perform mathematical and geometric calculations and for graphics rendering. Processor 101 may include one or more GPUs, which execute program instructions to generate or modify display information.

[0135] The display screen 106 is used to display images, videos, etc. The display screen 106 includes a display panel. The display panel can be a liquid crystal display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (AMOLED), a flexible light-emitting diode (FLED), a Miniled LED, a MicroLED, a Micro-OLED, a quantum dot light-emitting diode (QLED), etc. In some embodiments, the electronic device 100 may include one or N display screens 106, where N is a positive integer greater than 1.

[0136] The external storage interface 102 can be used to connect an external memory card, such as a Micro SD card, to expand the storage capacity of the electronic device 100. The external memory card communicates with the processor 101 through the external storage interface 102 to perform data storage functions. For example, music, video, and other files can be saved on the external memory card.

[0137] Buttons 105 include a power button, volume buttons, etc. Buttons 105 can be mechanical buttons or touch-sensitive buttons. The electronic device 100 can receive button input and generate key signal inputs related to user settings and function control of the electronic device 100.

[0138] The processor 101 can be coupled to the audio module 109 via the integrated circuit sound (I2S) bus to enable communication between the processor 101 and the audio module 109. In some embodiments, the audio module 109 can transmit audio signals to the wireless communication module 108 via the I2S bus to enable the function of answering phone calls through a Bluetooth headset.

[0139] Pulse code modulation (PCM) interfaces can also be used for audio communication, sampling, quantizing, and encoding analog signals. In some embodiments, audio module 109 can also transmit audio signals to wireless communication module 108 via the PCM interface, enabling the function of answering phone calls through a Bluetooth headset. Both I2S and PCM interfaces can be used for audio communication.

[0140] The Universal Asynchronous Receiver / Transmitter (UART) interface is a universal serial data bus used for asynchronous communication. This bus can be a bidirectional communication bus. In some embodiments, the audio module 109 can transmit audio signals to the wireless communication module 108 through the UART interface to enable music playback via Bluetooth headphones.

[0141] Electronic device 100 can perform shooting functions through ISP, camera 113, video codec, GPU, display screen and application processor 101.

[0142] The ISP (Image Signal Processor) is used to process data fed back from the camera 113. For example, when taking a picture, the shutter is opened, and light is transmitted through the lens to the photosensitive element of the camera 113. The light signal is converted into an electrical signal, and the photosensitive element of the camera 113 transmits the electrical signal to the ISP for processing, converting it into an image visible to the naked eye. The ISP can also perform algorithmic optimization on image noise and brightness. The ISP can also optimize parameters such as exposure and color temperature of the shooting scene. In some embodiments, the ISP can be set in the camera 113.

[0143] Camera 113 is used to capture still images or videos. An object is projected onto a photosensitive element by generating an optical image through the lens. The photosensitive element can be a charge-coupled device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The photosensitive element converts the light signal into an electrical signal, which is then passed to an ISP for conversion into a digital image signal. The ISP outputs the digital image signal to a DSP for processing. The DSP converts the digital image signal into image signals in standard RGB, YUV, or other formats. In some embodiments, the electronic device 100 may include one or N cameras 113, where N is a positive integer greater than 1.

[0144] The software system of electronic device 100 can adopt a layered architecture, event-driven architecture, microkernel architecture, microservice architecture, or cloud architecture. This application embodiment uses a layered Android system as an example to illustrate the software structure of electronic device 100.

[0145] Figure 2 This is a software structure block diagram of an electronic device 100 according to an embodiment of this application.

[0146] It should be understood that a layered architecture can divide software into several layers, each with a clear role and division of labor; the layers can communicate with each other through software interfaces.

[0147] like Figure 2 As shown, the Android system can be divided into four layers: from top to bottom, the application layer, the application framework layer, the Android runtime and system libraries, and the kernel layer. The application layer can include a series of application packages.

[0148] like Figure 2 As shown, the application package can include applications such as camera, gallery, map, navigation, WLAN, Bluetooth, music, SMS, and communication applications. Communication applications include telecommunications applications and internet audio / video applications. For example, a telecommunications application could be a telephone service. An internet audio / video application could be a streaming service like MeeTime.

[0149] The application framework layer provides application programming interfaces (APIs) and a programming framework for applications in the application layer. The application framework layer includes some predefined functions.

[0150] like Figure 2 As shown, the application framework layer may include a window manager, content provider, view system, phone manager, resource manager, notification manager, etc.

[0151] The application framework layer provides application programming interfaces (APIs) and a programming framework for applications in the application layer. The application framework layer includes some predefined functions.

[0152] like Figure 2 As shown, the application framework layer may include a window manager, content provider, view system, phone manager, resource manager, notification manager, etc.

[0153] The window manager is used to manage windowed applications. It can retrieve screen size, determine the presence of a status bar, lock the screen, and capture screenshots, among other things.

[0154] Content providers store and retrieve data, making that data accessible to applications. This data can include videos, images, audio, phone calls made and received, browsing history and bookmarks, phone books, and more.

[0155] A view system includes visual controls, such as controls for displaying text and controls for displaying images. View systems can be used to build applications. A display interface can consist of one or more views.

[0156] The phone manager is used to provide communication functions for electronic device 100. For example, it manages call status (including connection and disconnection).

[0157] The file explorer provides applications with various resources, such as localized strings, icons, images, layout files, video files, and more.

[0158] The notification manager allows applications to display notification information in the status bar. It can be used to convey informational messages and can disappear automatically after a short time without user interaction.

[0159] The Android runtime consists of core libraries and a virtual machine. The Android runtime is responsible for scheduling and managing the Android system.

[0160] The core library consists of two parts: one part is the functionalities that need to be called by the Java language, and the other part is the Android core library.

[0161] The application layer and application framework layer run in a virtual machine. The virtual machine executes the Java files of the application layer and application framework layer as binary files. The virtual machine is used to perform functions such as object lifecycle management, stack management, thread management, security and exception management, and garbage collection.

[0162] The system library can include multiple functional modules, such as: surface manager, media libraries, 3D graphics processing libraries (e.g., OpenGL ES for embedded systems) and 2D graphics engines (e.g., Skia graphics library (SGL)).

[0163] The Surface Manager is used to manage the display subsystem and provides the blending of 2D and 3D layers for multiple applications.

[0164] The media library supports playback and recording of various audio and video formats, as well as still image files. It supports multiple audio and video encoding formats, such as MPEG4, H.264, Moving Picture Experts Group Audio Layer III (MP3), Advanced Audio Coding (AAC), Adaptive Multi-rate (AMR), Joint Photographic Experts Group (JPG), and Portable Network Graphics (PNG).

[0165] The 3D graphics processing library is used to implement 3D graphics drawing, image rendering, compositing, and layer processing.

[0166] A 2D graphics engine is a graphics engine for 2D drawing.

[0167] The kernel layer is the layer between hardware and software. The kernel layer contains at least the display driver, camera driver, audio driver, and sensor driver.

[0168] To facilitate understanding of the technical solution of this application, the relevant terms involved in this application are introduced below:

[0169] Generative artificial intelligence (AIGC) technology refers to the technology that uses artificial intelligence techniques such as generative adversarial networks and large-scale pre-trained models to learn from and recognize existing data, thereby possessing appropriate generalization capabilities and generating relevant content.

[0170] Deepfake technology refers to artificial intelligence technology that uses deep learning and generative adversarial networks to learn from a large number of samples, splicing together facial expressions, sounds and body movements from images or videos to generate fake content that is indistinguishable from real ones.

[0171] Artificial intelligence (AI) refers to a technology that uses computer technology to simulate certain human thought processes and intelligent behaviors.

[0172] A rich execution environment (REE) is an open execution environment that allows various general-purpose operating systems and applications to run. The operating system can be, for example, a... wait.

[0173] A Trusted Execution Environment (TEE) is a secure area built on a computing platform using hardware and software methods, ensuring that code and data loaded within this secure area are protected. A TEE can serve as a trusted application runtime environment.

[0174] Trusted application (TA): refers to a trusted application running in a TEE.

[0175] A trusted UI (TUI) refers to a user interface that runs within a TEE (Trusted Interface Environment). It ensures that when users interact with the TUI, their data and operations are protected from being stolen or tampered with by malware or attackers.

[0176] Deepfake technology refers to artificial intelligence technology that uses deep learning and generative adversarial networks to learn from a large number of samples, splicing together facial expressions, sounds and body movements from images or videos to generate fake content that is indistinguishable from real ones.

[0177] Public key infrastructure (PKI) is a cryptographic system based on the public-private key hierarchy, including PKI policies, hardware and software systems, certificate authorities (CAs), registration authorities (RAs), certificate issuance systems, and PKI applications.

[0178] Replay attack: A replay attack is a type of network attack in which the attacker repeatedly sends previously intercepted valid data packets to deceive the receiving end.

[0179] To facilitate understanding, the communication method provided in the embodiments of this application will be specifically described below with reference to the accompanying drawings and application scenarios. Exemplarily, the first terminal device, the second terminal device, or the server in the following embodiments may be... Figure 1 and Figure 2 The electronic device shown.

[0180] Currently, security issues such as telecommunications fraud are common during communication. The following explanation uses telecommunications fraud during a phone call as an example.

[0181] For example, malicious actors collect audio and video footage of their targets (such as a user's relatives or friends), then use this footage, AIGC technology, and Deepfake technology to train a model capable of generating audio and video content highly similar to the target. The criminals then inject this fake audio and video content into the call, making the user believe they are speaking to a real relative or friend. During the call, the criminals often fabricate emergencies to trick the user into transferring money or providing sensitive information such as bank card numbers or passwords. This fraudulent activity leads to financial losses for the user and degrades their call experience.

[0182] In related technologies, phone number tagging is commonly used to reduce call risks. This approach relies on the spontaneous actions of a large number of users, who tag phone numbers, and then a specialized tagging website aggregates and organizes this data. When a user receives an incoming call, the phone number and its tagging information are displayed as a risk warning. However, this phone number tagging method depends on human intervention, which limits its accuracy, resulting in relatively poor call security and a degraded user experience.

[0183] Therefore, improving communication security is an urgent problem that needs to be solved.

[0184] Based on this, embodiments of this application provide a communication method applied to a first terminal device. This method, during communication between the first and second terminal devices, obtains an authentication result. This authentication result indicates whether the communication object is a real-name user who has passed real-name authentication on the second terminal device. Based on the authentication result, a prompt message is output to indicate the communication security status. In this way, users can prevent communication fraud based on the prompt message, ensuring the reliability and security of communication services and improving the user's communication experience.

[0185] It should be understood that the notification message may be presented in at least one of the following forms: text, icon, vibration, light, etc.

[0186] In one possible implementation, communication services include voice calls, SMS messages, and file transfers. Voice calls can be either audio or video calls. Audio calls can be implemented through telecommunications applications or internet audio / video applications. For example, a telecommunications application could be a telephone service, and an internet audio / video application could be a streaming service like MeeTime. When the communication service is a voice call, the communication object can be represented as the call recipient.

[0187] It should be understood that the first terminal device can be a terminal device that initiates communication in a communication service, and the second terminal device can be a terminal device that receives communication in a communication service. Of course, the first terminal device can also be a terminal device that receives communication in a communication service, and the second terminal device can be a terminal device that initiates communication in a communication service.

[0188] It should be noted that the communication method provided in this paper can be applied only to the terminal device initiating the communication service or only to the terminal device receiving the communication service during the communication process between the first terminal device and the second terminal device. Alternatively, it can be applied to both the terminal device initiating the communication service and the terminal device receiving the communication service; that is, anti-fraud authentication is bidirectional during the communication process between the first terminal device and the second terminal device.

[0189] When the communication service is a call service, the communication method provided in this paper can be applied to the stage of a call service where the call has been initiated but not yet connected, and / or the stage of a call service where the call has been connected.

[0190] The following provides an exemplary explanation of how the interface changes of the communication method provided in the embodiments of this application change in specific scenarios.

[0191] First, let's take a mobile phone as the first terminal device and telephone call service as an example for explanation.

[0192] Example 1: During a phone call, the mobile phone can display... Figure 3 The first display interface 31 shown. When the obtained identity authentication result indicates that the call recipient is a real-name user who has been authenticated through the second terminal device, it can be displayed. Figure 4 The second display interface 41 shown in (a) is shown in the figure. Figure 4 The third display interface 42 shown in (b) is or Figure 4 The fourth display interface 43 is shown in (c). The second display interface 41 displays a prompt message: "Friendly reminder: The call recipient is a registered user." The third display interface 42 displays a prompt message: "Friendly reminder: There is no risk in the call." The fourth display interface 43 displays a prompt message: "Friendly reminder: The call recipient is a registered user XXX." No prompt is displayed when the authentication result indicates that the call recipient is not a registered user verified through the second terminal device, or when an authentication result cannot be obtained; otherwise, the phone continues to display... Figure 3 The first display interface 31 shown.

[0193] Based on the above scheme, during a phone call, the user is only prompted when the identity authentication result indicates that the caller is a real-name user who has been authenticated through the second terminal device, allowing the user to make a call with peace of mind. In other cases, the user is not prompted to avoid disturbing the user and improve the user experience.

[0194] Example 2: During a phone call, the phone can display... Figure 3 The first display interface 31 shown. When the obtained identity authentication result indicates that the call recipient is a real-name user who has been authenticated through the second terminal device, or when the identity authentication result cannot be obtained, no prompt is made; that is, the phone continues to display... Figure 3 The first display interface 31 is shown. When the obtained identity authentication result indicates that the call recipient is not a real-name user who has been authenticated through the second terminal device, the mobile phone can display... Figure 5 The fifth display interface 51 shown in (a) is shown in the figure. Figure 5The sixth display interface 52 shown in (b) is or Figure 5 The seventh display interface 53 is shown in (c). The fifth display interface 51 displays a warning message: "Warning: The call recipient is not a registered user." The sixth display interface 52 displays a warning message: "Warning: There is a risk associated with the call." The seventh display interface 53 displays a warning message: "Warning: There is a risk of impersonation in the call."

[0195] Based on the above scheme, during a telephone call, the user is only prompted when the identity authentication result indicates that the caller is not a real-name user who has been authenticated through the second terminal device. This allows the user to quickly realize the potential security threat and take corresponding preventive measures, thereby improving the security of the call. In other cases, the user is not prompted to avoid disturbing the user and improve the user experience.

[0196] Example 3: During a phone call, the mobile phone can display... Figure 3 The first display interface 31 shown. When the obtained identity authentication result indicates that the call recipient is a real-name user who has been authenticated through the second terminal device, it can be displayed. Figure 4 The second display interface 41 shown in (a) is shown in the figure. Figure 4 The third display interface 42 shown in (b) is or Figure 4 The fourth display interface 43 is shown in (c). When the obtained identity authentication result indicates that the call recipient is not a real-name user who has been authenticated through the second terminal device, the mobile phone can display... Figure 5 The fifth display interface 51 shown in (a) is shown in the figure. Figure 5 The sixth display interface 52 shown in (b) is or Figure 5 The seventh display interface 53 is shown in (c) in the diagram.

[0197] Based on the above scheme, regardless of whether the identity authentication result indicates that the call recipient is a real-name user who has been authenticated through the second terminal device, or whether the identity authentication result indicates that the call recipient is not a real-name user who has been authenticated through the second terminal device, a prompt can be given to the user, enabling the user to fully understand the current call environment, so as to make corresponding judgments and actions, improve call security, and further improve the user's call experience.

[0198] There are two possible reasons why an identity verification result cannot be obtained: First, the other party's device is not part of the anti-fraud system, which can also be understood as the other party's device not having activated the anti-fraud authentication service. Second, the other party's device cannot be verified, meaning the other party's device may be a virtual device. In other words, the second terminal device may be a virtual device.

[0199] In the example above, the user may not be prompted if an authentication result cannot be obtained. However, the user may also be prompted if an authentication result cannot be obtained.

[0200] For example, if it is detected that the other party's device has not started the anti-fraud authentication service, the following can be displayed: Figure 6 The eighth display interface 61 is shown in (a) above; the eighth display interface 61 displays a prompt message that reads "Warning: The other party's device has not started the anti-fraud authentication service." When the other party's device cannot be verified, the following can be displayed: Figure 6 The ninth display interface 62 shown in (b) or as shown in the figure Figure 6 The tenth display interface 63 is shown in (c). The ninth display interface 62 displays a message stating "Warning: Unable to verify the other party's device." The tenth display interface 63 displays a message stating "Warning: The other party's device may be a virtual device."

[0201] Based on the above solution, the user can be notified when the identity authentication result of the other party's device cannot be obtained, allowing the user to understand the current call status in detail, thereby enhancing the user's awareness of preventing call fraud and improving the user's call experience.

[0202] The following explanation uses a mobile phone as the first terminal device and a video call scenario as the communication scenario.

[0203] Example 1: During a video call, the phone can display... Figure 7 The eleventh display interface 71 is shown. When the obtained identity authentication result indicates that the call recipient is a real-name user who has been authenticated through the second terminal device, it can be displayed. Figure 8 The twelfth display interface 81 shown in (a) is... Figure 8 The thirteenth display interface 82 shown in (b) is either Figure 8 The fourteenth display interface 83 is shown in (c). The twelfth display interface 81 displays a prompt message: "Friendly reminder: The call recipient is a registered user." The thirteenth display interface 82 displays a prompt message: "Friendly reminder: There is no risk in the call." The fourteenth display interface 83 displays a prompt message: "Friendly reminder: The call recipient is a registered user XXX." When the obtained identity authentication result indicates that the call recipient is not a registered user verified through the second terminal device, or when an identity authentication result cannot be obtained, no prompt is displayed; the phone continues to display... Figure 7 The eleventh display interface 71 is shown.

[0204] Based on the above solution, during a video call, the user is only prompted when the identity authentication result indicates that the caller is a real-name user who has been authenticated through the second terminal device, allowing the user to make a call with peace of mind. In other cases, the user is not prompted to avoid disturbing the user and improve the user experience.

[0205] Example 2: During a video call, the phone can display... Figure 7 The eleventh display interface 71 is shown. When the obtained identity authentication result indicates that the call recipient is a real-name user who has been authenticated through the second terminal device, or when the identity authentication result cannot be obtained, no prompt is made; the phone continues to display... Figure 7 The eleventh display interface 71 is shown. When the obtained identity authentication result indicates that the call recipient is not a real-name user who has been authenticated through the second terminal device, the mobile phone can display... Figure 9 The fifteenth display interface 91 shown in (a) is as follows. Figure 9 The sixteenth display interface 92 shown in (b) is... Figure 9 The seventeenth display interface 93 is shown in (c). The fifteenth display interface 91 displays a warning message: "Warning: The call recipient is not a registered user." The sixteenth display interface 92 displays a warning message: "Warning: There is a risk associated with the call." The seventeenth display interface 93 displays a warning message: "Warning: There is a risk of impersonation in the call."

[0206] Based on the above scheme, during a telephone call, the user is only prompted when the identity authentication result indicates that the caller is not a real-name user who has been authenticated through the second terminal device. This allows the user to quickly realize the potential security threat and take corresponding preventive measures, thereby improving the security of the call. In other cases, the user is not prompted to avoid disturbing the user and improve the user experience.

[0207] Example 3: During a video call, the phone can display... Figure 7 The eleventh display interface 71 is shown. When the obtained identity authentication result indicates that the call recipient is a real-name user who has been authenticated through the second terminal device, it can be displayed. Figure 8 The twelfth display interface 81 shown in (a) is... Figure 8 The thirteenth display interface 82 shown in (b) is either Figure 8 The fourteenth display interface 83, shown in (c), can be displayed when the obtained identity authentication result indicates that the caller is not a real-name user who has been authenticated through the second terminal device. Figure 9 The fifteenth display interface 91 shown in (a) is as follows. Figure 9 The sixteenth display interface 92 shown in (b) is... Figure 9The seventeenth display interface 93 is shown in (c).

[0208] Based on the above scheme, regardless of whether the identity authentication result indicates that the call recipient is a real-name user who has been authenticated through the second terminal device, or whether the identity authentication result indicates that the call recipient is not a real-name user who has been authenticated through the second terminal device, a prompt can be given to the user, enabling the user to fully understand the current call environment, so as to make corresponding judgments and actions, improve call security, and further improve the user's call experience.

[0209] In addition, if the anti-fraud authentication service is not activated on the other party's device, the following can be displayed: Figure 10 The eighteenth display interface 1001 shown in (a) is displayed; the eighteenth display interface 1001 displays a prompt message that reads "Warning: The other party's device has not started the anti-fraud authentication service." When the other party's device cannot be verified, the following can be displayed: Figure 10 The nineteenth display interface 1002 shown in (b) is displayed, or the display... Figure 10 The twentieth display interface 1003 is shown in (c). The nineteenth display interface 1002 displays a message stating "Warning: Unable to verify the other party's device." The twentieth display interface 1003 displays a message stating "Warning: The other party's device may be a virtual device."

[0210] Based on the above solution, the user can be notified when the identity authentication result cannot be obtained, allowing the user to understand the current call status in detail, thereby enhancing the user's awareness of preventing call fraud and improving the user's call experience.

[0211] In video call scenarios, when the caller is a real-name user who has been verified through a second terminal device, the caller is not a fake person created using deepfake technology.

[0212] The following example illustrates the changes in user experience when the communication method provided in this application is applied to the first terminal device (i.e., the device of the receiving user) in a communication service, with the second terminal device being the terminal device that initiates communication in a communication service (i.e., the device of the sending user).

[0213] like Figure 11As shown, if the receiving user confirms that the communication recipient (i.e., the sending user) is a known person with their real name based on the prompt information, they can be certain that the current communication is reliable and secure, thus enabling them to communicate with peace of mind. If the receiving user confirms that the communication recipient is a stranger with their real name based on the prompt information, it can help the user further confirm whether there is any risk in the current communication, thereby enhancing the user's awareness of preventing communication fraud and further improving the user's communication experience.

[0214] If the prompt message indicates that the communication target is not a real-name user, then the prompt message can be left blank, and the current communication interface can be maintained to ensure compatibility with the current communication and that the receiving user's experience remains consistent with the existing one.

[0215] The communication method provided in this application will be explained in detail below with reference to several embodiments.

[0216] Figure 12 This is a flowchart illustrating a communication method 1200 provided in an embodiment of this application. The communication method 1200 is applied to a first terminal device. Both the first and second terminal devices have communication applications installed, including internet audio / video applications, telecommunications applications, and SMS applications; the telecommunications application can be a telephone call. This communication method 1200 can, for example, be applied to scenarios where communication services are conducted between the communication applications on the first and second terminal devices. Figure 12 As shown, the communication method 1200 includes S1201 to S1202. This communication method 1200 does not rely on... Figure 12 The specific order is a limitation. It should be understood that in other embodiments, the order of some steps in this communication method 1200 can be interchanged according to actual needs, or some steps can be omitted or deleted. The following provides a detailed explanation of each step.

[0217] S1201. During the communication service between the first terminal device and the second terminal device, an identity authentication result is obtained. The identity authentication result indicates whether the communication object is the target object. The communication object is the object that uses the second terminal device to communicate. The target object is the real-name user who has been authenticated by the second terminal device.

[0218] It should be understood that communication services can include voice calls, video calls, SMS messages, file transfers, and other similar services. Voice calls can be implemented through telecommunications applications or internet audio / video applications. Examples of telecommunications applications include telephones, while examples of internet audio / video applications include MeeTime. The first terminal device and the second terminal device can communicate directly, or they can communicate through a server.

[0219] The identity authentication result can be obtained by matching the first biometric data of the communication object with the second biometric data of the target object. The first biometric data can be collected by the second terminal device during communication between the first and second terminal devices. The second biometric data can be obtained by the second terminal device after real-name authentication.

[0220] In this embodiment, the authentication result may be sent by the second terminal device. Alternatively, it may be determined by the first terminal device based on the first biometric data of the communication object and the second biometric data of the target object sent by the second terminal device.

[0221] In one possible implementation, the determination of the second biometric data based on the first biometric data of the communication object and the second biometric data of the target object is achieved in the following manner: if the matching degree between the first biometric data and the second biometric data is greater than or equal to a target matching degree threshold, then an authentication result indicating that the communication object is the target object is generated. If the matching degree is less than the target matching degree threshold, then an authentication result indicating that the communication object is not the target object is generated.

[0222] In one possible implementation, obtaining the authentication result in S1201 includes: receiving first data and a first signature corresponding to the first data from the second terminal device, wherein the first data is used to determine the authentication result; verifying the first signature, and if the verification passes, determining the authentication result based on the first data. The first data and the first signature can be sent directly from the second terminal device to the first terminal device; of course, the first data and the second signature can also be sent from the second terminal device to the first terminal device through a server.

[0223] The first data and its corresponding first signature can be actively acquired and sent by the second terminal device. This indicates that the anti-fraud authentication is triggered by the second terminal device during the communication process.

[0224] Of course, the first data and the corresponding first signature can also be obtained and sent by the second terminal device based on an acquisition request, which is a request sent by the first terminal device to obtain the first data. In this case, it can be indicated that the anti-fraud authentication is triggered by the second terminal device during the communication service.

[0225] Based on the above scheme, by verifying the first signature, the integrity and authenticity of the first data used to obtain the identity authentication result can be ensured, and the first data can be prevented from being tampered with or forged during transmission, thereby enhancing the security of the first data.

[0226] In one possible implementation, first biometric data is determined based on first data, wherein the first data is an identity authentication result; or, the first data is first biometric data and second biometric data.

[0227] In one possible implementation, the first terminal device includes a first TA, which is set in the TEE of the first terminal device. The verification of the first signature can be achieved by using the device's anti-fraud public key through the first TA.

[0228] The TEE (Trusted Execution Environment) provides an isolated, trusted execution environment that protects sensitive data and business logic from external attacks. The device anti-fraud public key is generated by the second terminal device based on the device certificate stored in its TEE. This device certificate is used to verify the identity of the second terminal device. The device anti-fraud public key can be passed from the second terminal device to the first terminal device via either the first or second anti-fraud certificate.

[0229] Based on the above scheme, verifying the first signature in the TEE can ensure that the first signature is not tampered with or forged during the verification process, thereby enhancing the security and reliability of the verification.

[0230] S1202. Based on the authentication result, output a prompt message. The prompt message is used to indicate the communication security status.

[0231] Among these, communication security status can reflect the authentication results and / or whether there are risks in the communication. The notification information can be presented in at least one of the following forms: text, icons, vibration, light, etc.

[0232] In this embodiment, based on the authentication result, a prompt message is output to indicate the communication security status. This prompt message, by alerting the user to the communication security status, enhances the user's awareness of communication fraud, prevents fraudulent activities, and thus improves the user's communication experience.

[0233] In this embodiment, a corresponding prompt can be given regardless of the matching result. Of course, it is also possible to determine whether to give a prompt based on the matching result.

[0234] The following section provides a detailed explanation of the prompt information output based on the identity authentication result in S1202, combined with application scenarios.

[0235] In one possible implementation, the prompt message is a first prompt message. If the authentication result indicates that the communication object is the target object, the first prompt message is output, indicating that the communication object is a verified user, the communication object is verified user XXX, and that there is no risk in the communication. If the authentication result indicates that the communication object is not the target object, no prompt is given.

[0236] For example, in a telephone call service, the communication object can be represented as the call object. The first notification information is used to indicate that the call object is a registered user; for example, the first notification information is... Figure 4 The text "Friendly Reminder: The call recipient is a real-name registered user" appears in the second display interface 41 shown in (a). Alternatively, the first notification message is used to indicate that there is no risk in the call; the first notification message may be, for example, Figure 4 The text "Friendly Reminder: There is no risk in the call" in the third display interface 42 shown in (b) is an example. Alternatively, the first notification message may be used to indicate that the call recipient is a registered user XXX. For example, the first notification message might be... Figure 4 The text “Friendly reminder: The call recipient is real-name user XXX” in the fourth display interface 43 shown in (c) is shown in the image.

[0237] For example, in a video call scenario, the communication object can be represented as the call object. The first prompt information is used to indicate that the call object is a real-name user; the first prompt information is, for example, […]. Figure 8 The text "Friendly Reminder: The call recipient is a real-name registered user" appears in the twelfth display interface 81 shown in (a). Alternatively, the first prompt message is used to indicate that there is no risk in the call; the first prompt message may be something like... Figure 8 The text "Friendly Reminder: There is no risk in the call" in the thirteenth display interface 82 shown in (b) is an example. Alternatively, the first notification message might be... Figure 8 The text "Friendly reminder: The call recipient is real-name user XXX" appears in the fourteenth display interface 83 shown in (c).

[0238] Based on the above scheme, when the identity authentication result indicates that the communication object is the target object, the first prompt message can be output to remind the user that the communication is safe, so that the user can communicate with peace of mind. In other cases, no prompt message is given to the user to avoid disturbing the user and improve the user experience.

[0239] In one possible implementation, the prompt message is a second prompt message. If the authentication result indicates that the communication object is the target object, no prompt is given. If the authentication result indicates that the communication object is not the target object, the second prompt message is output. The second prompt message is used to indicate that the communication object is not a verified user or that the communication poses a risk.

[0240] For example, in a telephone call scenario, the communication object can be represented as the call object. The second prompt message is used to indicate that the call object is not a registered user; the second prompt message may be, for example, a... Figure 5 The text "Warning: The call recipient is not a registered user" appears in the fifth display interface 51 shown in (a). Alternatively, the second prompt message is used to warn of potential risks during the call; the second prompt message may be, for example, […]. Figure 5 The text "Warning: Call Risk" in the sixth display interface 52 shown in (b) of the diagram. Alternatively, the second notification message might be, for example... Figure 5 The text "Warning: There is a risk of call spoofing" appears in the seventh display interface 53 shown in (c).

[0241] For example, in a video call scenario, the communication object can be the caller. The second prompt message is used to indicate that the caller is not a registered user; for example, the second prompt message might be... Figure 9 The text "Warning: The call recipient is not a registered user" appears in the fifteenth display interface 91 shown in (a). Alternatively, the second prompt message is used to warn of potential risks in the communication; the second prompt message may be, for example,... Figure 9 The text "Warning: Call Risk" in the sixteenth display interface 92 shown in (b) or the second prompt message, such as Figure 9 The text "Warning: There is a risk of call spoofing" appears in the seventeenth display interface 93 shown in (c).

[0242] Based on the above scheme, a second prompt message can be output only when the communication recipient is not the target recipient, alerting the user that the communication may be insecure. This allows the user to quickly recognize the potential security threat and take appropriate preventative measures, thereby improving communication security. In other cases, no prompt is given to the user to avoid disturbing them and enhance the user experience.

[0243] In one possible implementation, if the authentication result indicates that the communication object is the target object, a first prompt message is output; if the authentication result indicates that the communication object is not the target object, a second prompt message is output.

[0244] Based on the above scheme, when the authentication result indicates that the communication recipient is the target, outputting a first prompt enhances the user's trust and sense of security in the current communication. When the authentication result indicates that the communication recipient is not the target, outputting a second prompt allows the user to quickly recognize potential security threats and take appropriate preventative measures, thereby improving communication security. In this way, users gain a comprehensive understanding of the current communication environment, enhancing the security and reliability of the communication process.

[0245] It should be noted that in practical applications, the presentation format and timing of prompts can be flexibly set, enabling users to understand the current communication security status in a timely manner, thereby preventing communication fraud and improving the user's communication experience.

[0246] This application provides a communication method that, during communication between a first terminal device and a second terminal device, outputs a prompt message based on the obtained identity authentication result to indicate the communication security status. This allows users to enhance their awareness of preventing communication fraud based on the prompt message, thereby improving the user's communication experience.

[0247] Figure 13 This is a flowchart illustrating another communication method 1300 provided in an embodiment of this application. Communication method 1300 can be a refinement of communication method 1200 in the above embodiments. This communication method 1300 does not... Figure 13 The specific order is a limitation. It should be understood that in other embodiments, the order of some steps in this communication method 1300 can be interchanged according to actual needs, or some steps can be omitted or deleted. The following is a detailed explanation of each step.

[0248] S1301. During the communication service between the first terminal device and the second terminal device, the second terminal device obtains first data. The first data is used to determine the identity authentication result. The identity authentication result indicates whether the communication object is the target object. The communication object is the object that uses the second terminal device to communicate. The target object is the real-name user who has been authenticated by the second terminal device.

[0249] The first data can be actively acquired by the second terminal device, or it can be acquired by the second terminal device in response to an acquisition request, and the acquisition request is used to acquire the first data.

[0250] In one possible implementation, the first data is collected by the second terminal device in response to an acquisition request. Here, the first data is an authentication result, and the acquisition request can be a request to acquire the authentication result. Alternatively, the first data may be first biometric data of a communication object and second biometric data of a target object, and the acquisition request can be a request to acquire both the first and second biometric data.

[0251] S1302, The second terminal device signs the second data containing the first data to obtain the first signature.

[0252] Based on the above scheme, by signing the second data containing the first data, it is possible to prevent the first data from being tampered with during transmission, thereby improving the security of the first data transmission.

[0253] In one possible implementation, the second terminal device can obtain the first signature by signing the second data using the device's anti-fraud private key in the second terminal device's TEE environment via the second TA.

[0254] TEE (Transfer Entity Environment) is a secure environment combining hardware and software, providing an isolated space for protecting the storage and processing of sensitive data. Within the TEE, a second TA (Transaction Transfer Agreement) is used to sign the second data, ensuring the security of the signing process.

[0255] S1303, the second terminal device sends the first data and the first signature to the first terminal device.

[0256] S1304, The first terminal device receives the first data and the first signature.

[0257] S1305. The first terminal device verifies the first signature.

[0258] Based on the above scheme, by verifying the first signature, the integrity and authenticity of the first data used to determine the identity authentication result can be ensured, and the first data can be prevented from being tampered with or forged during transmission.

[0259] S1306. If the verification is successful, the first terminal device determines the identity authentication result based on the first data.

[0260] In this case, if the first signature verification is successful, it indicates that the first data has not been tampered with and is trustworthy.

[0261] In one possible implementation, the first data is the identity authentication result, which is determined by the second terminal device based on the first biometric data of the communication object and the second biometric data of the target object.

[0262] In one possible implementation, the first data consists of the first biometric data of the communication object and the second biometric data of the target object, and the authentication result is determined by the first terminal device based on the first biometric data of the communication object and the second biometric data of the target object.

[0263] The authentication result based on the first biometric data of the communication object and the second biometric data of the target object is determined in the following way: if the matching degree between the first and second biometric data is greater than or equal to a target matching degree threshold, an authentication result indicating that the communication object is the target object is generated. If the matching degree is less than the target matching degree threshold, an authentication result indicating that the communication object is not the target object is generated.

[0264] S1307. The first terminal device outputs a prompt message based on the identity authentication result.

[0265] The implementation process of S1307 is the same as that of the aforementioned embodiment S1202. For details, please refer to the implementation process of S1202. This application embodiment will not repeat the details here.

[0266] This application provides a communication method that, during communication between a first terminal device and a second terminal device, outputs a prompt message based on the obtained identity authentication result to indicate the communication security status. This allows users to enhance their awareness of preventing communication fraud based on the prompt message, thereby improving the user's communication experience.

[0267] Figure 14 This is a flowchart illustrating another communication method 1400 provided in an embodiment of this application. Communication method 1400 can be a refinement of the above-described communication method embodiments. This communication method 1400 does not... Figure 14 The specific order is a limitation. It should be understood that in other embodiments, the order of some steps in this communication method 1400 can be interchanged according to actual needs, or some steps can be omitted or deleted. The following is a detailed explanation of each step.

[0268] S1401. During the communication service between the first terminal device and the second terminal device, the first terminal device sends a request to the second terminal device to obtain the identity authentication result. The identity authentication result indicates whether the communication object is the target object. The communication object is the object that uses the second terminal device to communicate, and the target object is the real-name user who has been authenticated by the second terminal device.

[0269] S1402, The second terminal device receives the acquisition request.

[0270] S1403, the second terminal device responds to the acquisition request and collects the first biometric data of the communication object.

[0271] In this embodiment of the application, in response to the acquisition request, second multimedia data of the communication object can be collected, and first biometric data can be determined based on the second multimedia data. The second multimedia data includes image data and / or audio data.

[0272] In one possible implementation, the communication service is a video call service, and the second terminal device can capture image data within its field of view using a front-facing camera, using it as the second multimedia data. Alternatively, the second terminal device can capture image data within its field of view using a front-facing camera, and audio data within its pickup range using a microphone, using both image and audio data as the second multimedia data.

[0273] The first biometric data can be obtained by a second terminal device through processing such as face recognition, liveness detection, image capture detection, and biometric extraction based on the second multimedia data. Face recognition can be performed using a front-facing camera, and voiceprint extraction can be performed using an audio chip. The camera can be a Swing camera, meaning it can acquire images and perform face recognition in low-power mode.

[0274] For example, if the second multimedia data is image data, the second terminal device can perform image re-capture detection and liveness detection based on the image data. If the image data represented by the image re-capture detection result does not contain a re-captured image and the object corresponding to the image data represented by the liveness detection result is a live object, the face data obtained by extracting facial features from the image data will be used as the first biometric data. Here, biometric extraction refers to face feature extraction.

[0275] For example, if the second multimedia data consists of image data and audio data, the second terminal device can perform image re-engraving detection on the image data and liveness detection based on the image data and audio data. If the image data represented by the image re-engraving detection result does not contain a re-engraved image, and the object corresponding to the image data and audio data represented by the liveness detection result is a live object, the face data obtained by extracting facial features from the image data and the voiceprint data obtained by extracting voiceprint features from the audio data are used as the first biometric data. The biometric extraction includes face feature extraction and voiceprint feature extraction.

[0276] It should be noted that the order of face recognition, image capture detection, liveness detection, and biometric extraction can be flexibly configured according to business requirements. This application embodiment does not impose a limitation on the order of face recognition, image capture detection, liveness detection, and biometric extraction.

[0277] Based on the above scheme, it is possible to effectively identify reproduced or forged images, ensuring that the image data used for biometric extraction is authentic and unaltered. Simultaneously, by combining it with liveness detection technology, the system further verifies that the object corresponding to the image data is a real living being, thereby improving the accuracy and reliability of the collected primary biometric data, further enhancing the reliability and accuracy of the output alerts, strengthening users' awareness of communication fraud prevention, and improving the user's communication experience.

[0278] In one possible implementation, facial data can be a facial image or facial feature data extracted from a facial image. Facial feature data includes features such as the shape of facial features and facial contours. Voiceprint data includes features such as pitch, timbre, and speech rate.

[0279] In one possible implementation, the communication service is a voice call service, and the second terminal device can collect audio data within the pickup range through a microphone and use the audio data as the second multimedia data.

[0280] For example, liveness detection can be performed based on audio data. If the liveness detection indicates that the object corresponding to the audio data is a live object, then the voiceprint data obtained by extracting voiceprint features from the audio data can be used as the first biometric data. Here, biometric extraction is voiceprint feature extraction.

[0281] It should be noted that the order of liveness detection and voiceprint feature extraction can be flexibly set according to business needs. This application embodiment does not limit the order of liveness detection and voiceprint feature extraction.

[0282] Based on the above scheme, it is ensured that the acquired first biometric data comes from a real living object, which enhances the reliability and accuracy of subsequent identity verification based on the first and second biometric data, and further improves the reliability and accuracy of the output prompt information.

[0283] S1404, the second terminal device matches the first biometric data with the second biometric data of the target object to obtain the identity authentication result.

[0284] In this embodiment, the first biometric data and the second biometric data of the target object are matched. If the matching degree between the first and second biometric data is greater than or equal to a target matching degree threshold, an authentication result indicating that the communication object is the target object is generated. If the matching degree is less than the target matching degree threshold, an authentication result indicating that the communication object is not the target object is generated.

[0285] In one possible implementation, the second biometric data can be extracted by the second terminal device from the identity information used in the real-name authentication process after successful real-name authentication. Alternatively, the second biometric data can be determined based on the first multimedia data re-collected by the second terminal device targeting the target object after successful real-name authentication.

[0286] S1405, the second terminal device sends the identity authentication result and the first signature corresponding to the identity authentication result to the first terminal device. The first signature is obtained by signing the second data containing the identity authentication result.

[0287] In this embodiment of the application, the second terminal device uses the device anti-fraud private key to sign the second data containing the identity authentication result to obtain the first signature.

[0288] In one possible implementation, the second terminal device uses a second TA (Second Transaction Acquisition) and its anti-fraud private key to sign the second data to obtain a first signature. The second TA is stored in the second terminal device's TEE (Trusted Equipment Environment). The anti-fraud private key and anti-fraud public key can be generated by the second terminal device based on its device certificate stored in its TEE; this device certificate is used to verify the identity of the second terminal device.

[0289] It should be understood that a TEE (Technical Equipment Environment) is a secure environment combining hardware and software. It provides an isolated space for protecting the storage and processing of sensitive data, ensuring the security of device certificates during storage. Within the TEE, a second TA (Technical Agreement) is used to sign the second data, ensuring the security of the signing process.

[0290] In this embodiment, the manufacturer embeds the device certificate and device private key into the TEE (Transport Equipment Environment) when the terminal device leaves the factory. This ensures the authenticity and integrity of the device certificate and device private key, providing a solid foundation for subsequent verification of the identity of a second terminal device based on the device certificate. The device certificate carries the device public key corresponding to the device private key. The device certificate is generated based on the root private key of the device PKI system.

[0291] In one possible implementation, the second data could be the authentication result.

[0292] In another possible implementation, the second data includes the authentication result and a session random number. The session random number can be carried in a retrieval request used to obtain the authentication result.

[0293] Based on the above scheme, by signing the session random number and the authentication result, replay attacks can be effectively prevented, thus avoiding attackers from using historically obtained authentication results to commit communication fraud.

[0294] S1406. The first terminal device receives the authentication result and the first signature corresponding to the authentication result from the second terminal device.

[0295] S1407. The first terminal device verifies the first signature.

[0296] In this embodiment, the first terminal device verifies the first signature using a device anti-fraud public key via a first TA. The device anti-fraud public key is carried in either a first anti-fraud certificate or a second anti-fraud certificate.

[0297] In one possible implementation, the first terminal device includes a first TA, which is stored in the first terminal device's TEE. The first terminal device receives a device certificate and a first anti-fraud certificate from the second terminal device. Using the first TA and the device root public key, it verifies the device certificate. If the device certificate verification is successful, it indicates the device certificate is legitimate, and the device public key can be extracted from the device certificate. Based on the device public key, the first anti-fraud certificate is verified. If the verification is successful, the device anti-fraud public key is extracted from the first anti-fraud certificate and used to verify the first signature. Here, the device root public key refers to the root public key in the device's PKI system.

[0298] The first anti-fraud certificate is generated by the second terminal device using its private key within the device PKI system. The first anti-fraud certificate carries the device's anti-fraud public key corresponding to its private key, while the device certificate carries the device's public key corresponding to its private key. Both the device private key and the device certificate are set in the second terminal device's TEE (Transmission Equipment) at the time of manufacture.

[0299] In one possible implementation, the first terminal device includes a first TA, which is stored in the first terminal device's TEE. The first terminal device receives a second anti-fraud certificate from a second terminal device. The first terminal device can verify the second anti-fraud certificate based on the anti-fraud authentication root public key, and if the verification is successful, extract the device's anti-fraud public key from the second anti-fraud certificate. Subsequently, the device's anti-fraud public key is used to verify the first signature. The anti-fraud authentication root public key may be sent to the first terminal device by the server.

[0300] The second anti-fraud certificate is generated by the server based on the anti-fraud authentication root private key in the anti-fraud PKI system, after the second terminal device requests the server.

[0301] Based on the above scheme, by verifying the first signature, the integrity and authenticity of the identity authentication result used to generate the prompt message can be ensured, preventing the identity authentication result from being tampered with or forged during transmission, thereby enhancing data security.

[0302] S1408. If the first signature verification is successful, the first terminal device outputs a prompt message based on the identity authentication result. The prompt message is used to indicate the communication security status.

[0303] In practical applications, the presentation format and timing of notification messages can be flexibly set, enabling users to understand the current communication security status in a timely manner, thereby preventing communication fraud and improving the user's communication experience.

[0304] The implementation process of S1408 is the same as that of the aforementioned embodiment S1202. For details, please refer to the implementation process of S1202. This application embodiment will not repeat the details here.

[0305] It should be noted that the descriptions of the same steps and contents in the embodiments of this application as in other embodiments can be referred to the descriptions in other embodiments, and will not be repeated here.

[0306] This application provides a communication method that, during communication between a first terminal device and a second terminal device, outputs a prompt message based on the obtained identity authentication result to indicate the communication security status. This allows users to enhance their awareness of preventing communication fraud based on the prompt message, thereby improving the user's communication experience.

[0307] Figure 15 This is a flowchart illustrating another communication method 1500 provided in an embodiment of this application. Communication method 1500 can be a refinement of the above-described communication method embodiments. This communication method 1500 does not... Figure 15 The specific order is a limitation. It should be understood that in other embodiments, the order of some steps in this communication method 1500 can be interchanged according to actual needs, or some steps can be omitted or deleted. The following is a detailed explanation of each step.

[0308] S1501, the second terminal device responds to the user's operation by obtaining the identity information to be authenticated and generating an authentication request for real-name authentication, the authentication request carrying the identity information to be authenticated.

[0309] In one possible implementation, the user action is an operation for entering identity information, such as at least one of the following operations on the interface of the first terminal device: editing, selection, or uploading. The identity information to be authenticated can be determined in response to the user action.

[0310] For example, the identity information to be authenticated includes at least one of the following: name, unique identifier, and facial image that has passed liveness detection.

[0311] In one possible implementation, the authentication request includes the identity information to be authenticated and a corresponding signature. The signature is obtained by the second terminal device signing the identity information using a second TA. The signature is used to prevent the identity information from being tampered with during transmission.

[0312] S1502, The second terminal device sends the authentication request to the server.

[0313] S1503. The server receives the authentication request and sends the authentication request to the real-name authentication center.

[0314] The real-name authentication center can be a platform responsible for verifying the authenticity and validity of user identity information.

[0315] S1504. Based on the authentication request, the real-name authentication center sends the real-name authentication result to the server.

[0316] In this embodiment, the real-name authentication center can respond to the authentication request by performing real-name authentication based on the identity information to be authenticated, and obtain a real-name authentication result. The real-name authentication result is used to indicate whether the real-name authentication is successful, or to indicate whether the object corresponding to the identity information to be authenticated is a real-name user.

[0317] In one possible implementation, the authentication request carries a signature corresponding to the identity information to be authenticated. The real-name authentication center can verify the signature. If the verification passes, it indicates that the identity information to be authenticated has not been tampered with, and then real-name authentication can be performed based on the identity information to obtain the real-name authentication result.

[0318] In one possible implementation, the authentication request carries ciphertext of the identity information to be authenticated. The real-name authentication center can decrypt the ciphertext to obtain the identity information to be authenticated and its corresponding signature. If the signature verification is successful, it indicates that the identity information to be authenticated has not been tampered with, and real-name authentication can then be performed based on this information to obtain the authentication result. The ciphertext of the identity information to be authenticated is obtained by encrypting the identity information to be authenticated and its corresponding signature using the second terminal device.

[0319] Based on the above scheme, by transmitting the identity information to be authenticated in encrypted form, the identity information to be authenticated can be prevented from being stolen during transmission, thus improving the security of data transmission.

[0320] In one possible implementation, the real-name authentication center sends the authentication result encrypted text to the server, which carries the real-name authentication result.

[0321] Based on the above scheme, by transmitting the real-name authentication result in encrypted form, the real-name authentication result can be prevented from being stolen during transmission, thus improving the security of data transmission.

[0322] S1505. The server receives the real-name authentication result and sends the real-name authentication result to the second terminal device.

[0323] S1506, The second terminal device receives the real-name authentication result.

[0324] S1507. When the real-name authentication result indicates that the real-name authentication has passed, the second terminal device will take the object corresponding to the identity information to be authenticated as the target object.

[0325] S1508, The second terminal device uses the biometric data in the identity information to be authenticated as the second biometric data.

[0326] In one possible implementation, the second biometric data includes at least a facial image.

[0327] For example, the second biometric data may be a face image that has passed liveness detection in the identity information to be authenticated.

[0328] S1508. The second terminal device collects first multimedia data for the target object through the multimedia data acquisition component, and extracts biometric features from the first multimedia data to obtain second biometric data.

[0329] In one possible implementation, the first multimedia data includes, but is not limited to, image data and / or audio data of the target object. The second biometric data includes, but is not limited to, facial data and / or voiceprint data. Facial data can be a facial image or facial feature data extracted from a facial image. Facial feature data includes features such as the shape of facial features and facial contours. Voiceprint data includes features such as pitch, timbre, and speech rate.

[0330] S1501 to S1508 are the process steps for real-name authentication and obtaining the second biometric data of the target object during the registration phase.

[0331] S1509. During the communication service between the first terminal device and the second terminal device, the first terminal device sends a request to the second terminal device to obtain the authentication result. The authentication result indicates whether the communication object is the target object, and the communication object is the object that uses the second terminal device to communicate.

[0332] S1510, the second terminal device receives the acquisition request.

[0333] S1511, The second terminal device responds to the acquisition request and collects the first biometric data of the communication object.

[0334] S1512, The second terminal device matches the first biometric data with the second biometric data of the target object to obtain the identity authentication result.

[0335] S1513. The second terminal device signs the second data containing the identity authentication result to obtain the first signature.

[0336] S1514. The second terminal device sends the authentication result and the first signature to the first terminal device.

[0337] S1515, The first terminal device receives the identity authentication result and the first signature.

[0338] S1516. If the first signature verification is successful, the first terminal device outputs a prompt message based on the identity authentication result. The prompt message is used to indicate the communication security status.

[0339] It should be noted that the descriptions of the same steps and contents in the embodiments of this application as in other embodiments can be referred to the descriptions in other embodiments, and will not be repeated here.

[0340] This application provides a communication method that, during communication between a first terminal device and a second terminal device, outputs a prompt message based on the obtained identity authentication result to indicate the communication security status. This allows users to enhance their awareness of preventing communication fraud based on the prompt message, thereby improving the user's communication experience.

[0341] Figure 16 This is a flowchart illustrating another communication method 1600 provided in an embodiment of this application. This communication method 1600 can be a refinement of the above-described communication method embodiments. This communication method 1600 does not... Figure 16 The specific order is a limitation. It should be understood that in other embodiments, the order of some steps in this communication method 1600 can be interchanged according to actual needs, or some steps can be omitted or deleted. The following is a detailed explanation of each step.

[0342] S1601, the second terminal device responds to the user's operation by obtaining the identity information to be authenticated and generating an authentication request for real-name authentication, the authentication request carrying the identity information to be authenticated.

[0343] S1602. The second terminal device sends an authentication request for real-name authentication to the server, and the authentication request carries the identity information to be authenticated.

[0344] S1603. The server receives the authentication request and sends the authentication request to the real-name authentication center.

[0345] S1604. Based on the authentication request, the real-name authentication center sends the real-name authentication result to the server.

[0346] S1605. The server receives the real-name authentication result and sends the real-name authentication result to the second terminal device.

[0347] S1606. The second terminal device receives the real-name authentication result.

[0348] S1607. If the real-name authentication result indicates that the real-name authentication has passed, the second terminal device shall take the object corresponding to the identity information to be authenticated as the target object.

[0349] S1608. The second terminal device uses the biometric data in the identity information to be authenticated as the second biometric data.

[0350] S1608. The multimedia data acquisition component of the second terminal device acquires first multimedia data for the target object, and performs biometric extraction on the first multimedia data to obtain second biometric data.

[0351] S1609. During the communication service between the first terminal device and the second terminal device, the first terminal device sends a request to the second terminal device to obtain the authentication result. The authentication result indicates whether the communication object is the target object, and the communication object is the object that uses the second terminal device to communicate.

[0352] S1609. During the communication service between the first terminal device and the second terminal device, the first terminal device sends an acquisition request to the server to obtain the authentication result, and the server receives the acquisition request and forwards the acquisition request to the second terminal device.

[0353] S1610, the second terminal device receives the acquisition request, which carries a session random number.

[0354] S1611, The second terminal device responds to the acquisition request and collects the first biometric data of the communication object.

[0355] S1612, The second terminal device matches the first biometric data and the second biometric data to obtain the identity authentication result.

[0356] S1613. The second terminal device uses the second TA and the device's anti-fraud private key to sign the identity authentication result and the session random number to obtain the first signature.

[0357] The second TA is located in the TEE of the second terminal device.

[0358] The device anti-fraud private key can be generated by the second terminal device based on the device certificate of the second terminal device stored in the TEE. This device certificate is used to prove the identity of the second terminal device.

[0359] It should be understood that a TEE (Technical Equipment Environment) is a secure environment combining hardware and software. It provides an isolated space for protecting the storage and processing of sensitive data, ensuring the security of device certificates during storage. Within the TEE, a second TA (Technical Agreement) is used to sign the second data, ensuring the security of the signing process.

[0360] In this embodiment, the manufacturer embeds the device certificate and device private key into the TEE (Transport Equipment Environment) when the terminal device leaves the factory. This ensures the authenticity and integrity of the device certificate, providing a solid foundation for subsequent verification of the identity of the second terminal device based on the device certificate. The device certificate carries the device public key corresponding to the device private key. The device certificate is generated based on the root private key of the device PKI system.

[0361] It should be noted that signing the authentication results and session random numbers can effectively prevent replay attacks and prevent attackers from using historically obtained authentication results to commit communication fraud.

[0362] S1614. The second terminal device sends the authentication result and the first signature to the first terminal device.

[0363] S1614. The second terminal device sends the authentication result and the first signature to the server. The server receives the authentication result and the first signature and forwards the authentication result and the first signature to the first terminal device.

[0364] S1615, The first terminal device receives the identity authentication result and the first signature.

[0365] S1616. The first terminal device verifies the first signature through the first TA.

[0366] S1617. If the first signature verification is successful, the first terminal device outputs a prompt message based on the identity authentication result. The prompt message is used to indicate the communication security status.

[0367] It should be noted that the descriptions of the same steps and contents in the embodiments of this application as in other embodiments can be referred to the descriptions in other embodiments, and will not be repeated here.

[0368] This application provides a communication method that, during communication between a first terminal device and a second terminal device, outputs a prompt message based on the obtained identity authentication result to indicate the communication security status. This allows users to enhance their awareness of preventing communication fraud based on the prompt message, thereby improving the user's communication experience.

[0369] The above text provides a detailed introduction to methods 1200, 1300, 1400, 1500, and 1600, as well as their possible implementations. To facilitate understanding, the following text will further explain methods 1200, 1300, 1400, 1500, and 1600, as well as their possible implementations, in conjunction with the architecture and application scenarios of the communication system.

[0370] In the above method embodiments, the first and second anti-fraud certificates can be generated during the registration phase before the start of communication services. The first anti-fraud certificate is generated by the second terminal device within the device PKI system. The second anti-fraud certificate is generated by the server within the anti-fraud PKI system upon request from the second terminal device. The following describes the process in conjunction with... Figure 17 A detailed explanation of how to generate a second anti-fraud certificate is provided.

[0371] Figure 17 This is a schematic diagram of a first registration process for a communication method applicable to this application, provided as an embodiment of this application. For example... Figure 17 As shown, the application environment of the terminal device includes REE and TEE, where the anti-fraud authentication service is configured in the REE and the TA is configured in the TEE. The terminal device can be, for example, the first terminal device and the second terminal device in the above embodiments. Figure 17 As shown, the first registration process specifically includes the following steps:

[0372] S1701, Activate anti-fraud authentication service.

[0373] Among them, the anti-fraud authentication service is a service provided by the operating system to identify and prevent telecommunications fraud.

[0374] In this embodiment of the application, the anti-fraud authentication service may be started automatically during the operation of the terminal device or in response to user operation.

[0375] For example, the terminal device's settings interface has a tab for user management of whether to enable the anti-fraud authentication service. Users can click this tab to access the permission configuration page. On this permission configuration page, clicking the option to enable the anti-fraud authentication service will cause the terminal device to respond to the user's action and activate the anti-fraud authentication service. This settings interface can be a registration interface; users can find the registration interface in the system settings or navigate to it from the communication settings.

[0376] S1702. The anti-fraud authentication service sends an acquisition request to the TA, which is used to obtain the device anti-fraud public key for the terminal device.

[0377] S1703, TA receives the acquisition request.

[0378] S1704. In response to the acquisition request, TA generates a device anti-fraud public-private key pair based on the device certificate of the terminal device stored in TEE.

[0379] The device anti-fraud public-private key pair includes the device anti-fraud public key and the device anti-fraud private key.

[0380] Device certificates are used for authentication of terminal devices, ensuring that the terminal devices are legitimate and trusted. TEE is a secure environment combining hardware and software, providing an isolated space for protecting the storage and processing of sensitive data, and ensuring the security of device certificates during storage.

[0381] S1705, TA storage device anti-fraud private key, and send device anti-fraud public key to anti-fraud authentication service.

[0382] S1706, Anti-fraud authentication service receives the anti-fraud public key from the device.

[0383] S1707. The anti-fraud authentication service sends a processing request to the server to generate a device anti-fraud certificate. The processing request carries the device certificate, the device anti-fraud public key, and the signature corresponding to the device anti-fraud public key.

[0384] The device certificate is obtained by the anti-fraud authentication service from the TA. The signature corresponding to the device anti-fraud public key is obtained by the TA signing the device anti-fraud public key using the device's private key.

[0385] S1708, The server receives and processes the request.

[0386] S1709. In response to the processing request, the server verifies the device certificate using the root public key of the device PKI system (i.e., the device root public key). If the verification is successful, the server retrieves the device public key from the device certificate.

[0387] S1710. The server uses the device public key to verify the signature corresponding to the device anti-fraud public key. If the verification is successful, the server uses the root private key of the anti-fraud PKI system (i.e., the anti-fraud authentication root private key) to generate a device anti-fraud certificate. The device anti-fraud certificate carries the device anti-fraud public key.

[0388] The anti-fraud authentication root private key is generated by the server.

[0389] In one possible implementation, the anti-fraud authentication root private key is used to sign information such as the device anti-fraud public key, the validity period of the device anti-fraud certificate, and the identifier of the terminal device to obtain the device anti-fraud certificate.

[0390] S1711. The server generates the end-to-cloud communication key and encrypts the end-to-cloud communication key using the device anti-fraud public key to obtain the end-to-cloud communication key ciphertext.

[0391] S1712. The server sends the anti-fraud authentication root public key, the device anti-fraud certificate, and the end-to-cloud communication key ciphertext to the anti-fraud authentication service.

[0392] S1713, The anti-fraud authentication service receives the anti-fraud authentication root public key, the device anti-fraud certificate, and the encrypted end-to-cloud communication key.

[0393] S1714. The anti-fraud authentication service decrypts the encrypted end-to-end cloud communication key to obtain the end-to-end cloud communication key.

[0394] S1715, The anti-fraud authentication service sends the anti-fraud authentication root public key, the device anti-fraud certificate, and the end-to-cloud communication key to the TA.

[0395] S1716, TA stores the anti-fraud authentication root public key, the device anti-fraud certificate, and the end-to-cloud communication key.

[0396] The terminal-cloud communication key is used for communication between the terminal device and the server in communication services; the second anti-fraud certificate is used for communication between the terminal device and other terminal devices in communication services. This provides a trusted cryptographic foundation for communication between the terminal device and the server, and between the terminal device and other terminal devices.

[0397] Moreover, the device certificate is configured in the TEE of the terminal device at the factory. It cannot be forged or tampered with, which ensures the authenticity and integrity of the device certificate. Based on the device certificate, the system can effectively exclude virtual devices, thereby providing a security guarantee for subsequent communication services.

[0398] For example, when Figure 17 When the terminal device shown is the second terminal device in the above embodiments, Figure 17 The device anti-fraud certificate generated in the above embodiment is the second anti-fraud certificate, and the signature corresponding to the device anti-fraud public key is the second signature in the above embodiment.

[0399] Furthermore, in one possible implementation, the registration phase includes a second, third, and fourth registration process. The second registration process is for real-name authentication. The third registration process collects the biometric data of the real-name user upon successful real-name authentication. The fourth registration process associates the anti-fraud authentication service with a specific communication application identifier and application user identifier. When the communication application is a telephone, the application user identifier is the telephone number or its token ID; when the communication application is an internet audio / video application, the application user identifier is the user account or token ID. This allows users to independently choose which communication applications to initiate the anti-fraud authentication process during communication, thereby increasing the security and reliability of the communication process.

[0400] The second and third registration processes are explained in detail below.

[0401] Figure 18 This is a schematic diagram of a second registration process for a communication method applicable to this application, provided as an embodiment of this application. For example... Figure 18As shown, the application environment of the terminal device includes REE and TEE, where the anti-fraud authentication service is configured in the REE and the TA is configured in the TEE. The terminal device can be, for example, the first terminal device and the second terminal device in the above embodiments. Figure 18 As shown, the second registration process specifically includes the following steps:

[0402] S1801. The anti-fraud authentication service obtains the identity information to be authenticated entered by the user. The identity information to be authenticated includes the name, unique identifier, and a face image that has passed the liveness detection.

[0403] S1802. The anti-fraud authentication service generates an authentication request for real-name authentication, which carries the identity information to be authenticated.

[0404] S1803. The anti-fraud authentication service sends the authentication request to the server.

[0405] S1804. The server receives the authentication request.

[0406] S1805, The server sends the authentication request to the real-name authentication center.

[0407] S1806. The real-name authentication center receives the authentication request and responds to it by performing real-name authentication based on the identity information to be authenticated to obtain the real-name authentication result.

[0408] S1807. The real-name authentication center encrypts the real-name authentication result to obtain the ciphertext of the authentication result.

[0409] S1808. The real-name authentication center sends the encrypted authentication result to the server.

[0410] S1809. The server receives the encrypted authentication result and sends the encrypted authentication result to the anti-fraud authentication service.

[0411] S1810, Anti-fraud authentication service receives encrypted authentication results.

[0412] S1811, The anti-fraud authentication service sends the authentication result in encrypted form to the TA.

[0413] S1812. TA receives the encrypted authentication result and decrypts it to obtain the real-name authentication result.

[0414] S1813. If the real-name authentication result indicates that the real-name authentication has been passed, determine that the object corresponding to the identity information to be authenticated is a real-name user.

[0415] In one possible implementation, the biometric data of a registered user can be obtained in the following way:

[0416] The biometric data in the identity information to be authenticated is used as the biometric data of the real-name user. The biometric data of the real-name user is, for example, the face image in the identity information to be authenticated that has passed the liveness detection.

[0417] For example, Figure 18 When the terminal device shown is a second terminal device, the biometric data of the real-name user can be the second biometric data in the above embodiment.

[0418] The above scheme enables real-name authentication during the registration phase. If the real-name authentication result indicates successful authentication, the entity corresponding to the identity information to be authenticated is confirmed as a real-name user. Subsequently, the biometric data of the real-name user can be obtained, allowing for anti-fraud authentication in subsequent communication services based on this data. This ensures the security and reliability of communication services, thereby improving the user's communication experience.

[0419] Figure 19 This is a schematic diagram of a third registration process for a communication method applicable to this application, provided as an embodiment of this application. For example... Figure 19 As shown, the application environment of the terminal device includes REE and TEE, where the anti-fraud authentication service is configured in the REE and the TA is configured in the TEE. The terminal device can be, for example, the first terminal device and the second terminal device in the above embodiments. Figure 19 As shown, the third registration process specifically includes the following steps:

[0420] S1901. When the real-name authentication result indicates that the real-name authentication has been passed, the anti-fraud authentication service collects multimedia data of the real-name user.

[0421] In the case of a real-name authentication result indicating that the real-name authentication has been passed, it means that the object corresponding to the identity information to be authenticated is a real-name user.

[0422] S1902, The anti-fraud authentication service sends the multimedia data to TA.

[0423] S1903 and TA extract biometric data from multimedia data to obtain biometric data of real-name users.

[0424] For example, Figure 19 The terminal device shown can be a second terminal device, and the multimedia data of the real-name user collected by the anti-fraud authentication service is the first multimedia data in the above embodiment. The biometric data of the real-name user is the second biometric data in the above embodiment.

[0425] Figure 20This is a schematic diagram of the structure of a communication system 20 provided in an embodiment of this application. Methods 1200, 1300, 1400, 1500, and 1600 described above can be applied to this communication system 20. For example... Figure 20 As shown, the communication system 20 includes a first terminal device, a second terminal device, and a server. Both the first and second terminal devices include communication applications, services, a TA (Technical Information Provider), and multimedia data acquisition components. Communication applications include telecommunications applications, internet audio / video applications, or SMS applications; for example, a telephone application or an internet audio / video application like a mobile connection. Services include anti-fraud authentication services. For clarity, the first terminal device includes a first communication application, a first anti-fraud authentication service, and a first TA. The second terminal device includes a second communication application, a second anti-fraud authentication service, and a second TA.

[0426] like Figure 20 As shown, during communication between the first terminal device and the second terminal device, the second terminal device can collect the first biometric data of the communication target through its own multimedia data, and match the first biometric data with the second biometric data of the target object to obtain an identity authentication result. The identity authentication result is then signed by the second TA to obtain a first signature, and the first signature and the identity authentication result are given to the second anti-fraud authentication service for transmission.

[0427] The first terminal device can provide the first signature and identity authentication result to the first TA through the first anti-fraud authentication service. The first TA verifies the first signature. If the verification is successful, the device outputs a prompt message to indicate the communication security status based on the identity authentication result, thereby enhancing the user's awareness of preventing communication fraud and improving the user's communication experience.

[0428] For example, if the authentication result indicates that the communication object is the target object, the prompt message could be something like "Friendly reminder: The communication object is a real-name user"; or "Friendly reminder: The communication object is a real-name user XXX". If the authentication result indicates that the communication object is not the target object, the prompt message could be something like "Friendly reminder: The communication object is not a real-name user".

[0429] In one possible implementation, the notification message may be presented in the form of text and / or icons. The notification message may be displayed on the interface of the first communication application; or, the notification message may be displayed on the system interface through the first anti-fraud authentication service; or, the notification message may also be displayed on the TUI interface through the first TA.

[0430] Based on the foregoing embodiments, this application provides a communication method 2100, which is applied to the aforementioned communication system 20. Figure 21 This is a flowchart illustrating a communication method 2100 provided in an embodiment of this application. Both the first terminal device and the second terminal device have a communication application installed, such as an internet audio / video application. This communication method 2100 can be applied to scenarios where communication services are conducted between the internet audio / video application on the first terminal device and the internet audio / video application on the second terminal device, such as voice calls or video calls. This communication method 2100 does not rely on... Figure 21 The specific order is a limitation. It should be understood that in other embodiments, the order of some steps in this communication method 2100 can be interchanged according to actual needs, or some steps can be omitted or deleted. The following is a detailed explanation of each step.

[0431] S2101, The first communication application sends a request to obtain the authentication result, and the request carries a session random number.

[0432] S2102, The second communication application receives the acquisition request.

[0433] S2103. The second communication application transmits an acquisition request to the second TA via the second anti-fraud authentication service.

[0434] S2104. In response to the acquisition request, the second TA acquires image data of the communication object through the multimedia data acquisition component, and performs liveness detection and re-photographing detection based on the image data to obtain credible biometric data of the object using the second terminal device (i.e., the communication object).

[0435] The trusted biometric data of the object using the second terminal device is the second biometric data in the above embodiment.

[0436] S2105, the second TA matches the trusted biometric data with the biometric data of the real-name user to obtain the identity authentication result.

[0437] S2106. The second TA signs the authentication result and the session random number to obtain the first signature.

[0438] S2107, The second TA sends the authentication result and the first signature to the second communication application.

[0439] S2108. The second communication application sends the identity authentication result, the first signature, and the second anti-fraud certificate to the first communication application.

[0440] S2109, The first terminal device receives the identity authentication result, the first signature, and the second anti-fraud certificate.

[0441] S2110, The first communication application sends the identity authentication result, the first signature, and the second anti-fraud certificate to the first anti-fraud authentication service.

[0442] S2111, The first anti-fraud authentication service sends the identity authentication result, the first signature, and the second anti-fraud certificate to the first TA.

[0443] S2112. The first TA uses the anti-fraud authentication root public key to verify the second anti-fraud certificate. If the verification is successful, the device anti-fraud public key is extracted from the second anti-fraud certificate and used to verify the first signature.

[0444] S2113. If the verification is successful and the identity authentication result indicates that the object of communication using the second terminal device is a real-name user who has been authenticated through the second terminal device, output a prompt message carrying user information. This prompt message is used to indicate that the communication object is a real-name user XXX.

[0445] In one possible implementation, user information is sent from the second terminal device to the first terminal device when the authentication result indicates that the communication object is the target object.

[0446] In one possible implementation, user information can be sent to the first terminal device in encrypted form.

[0447] Based on the above scheme, transmitting user information in encrypted form can effectively prevent user information from being stolen during transmission, thereby avoiding privacy leaks of the target and improving the security of user information transmission.

[0448] In one possible implementation, user information includes, but is not limited to, at least one of the following: at least part of the name of the communication object (e.g., last name, first name, and last name), number (telephone number) / account (user account of the communication application).

[0449] S2114. If the verification is successful and the identity authentication result indicates that the object communicating using the second terminal device is not a real-name user who has been authenticated by the second terminal device, output a prompt message. The prompt message is used to indicate that the communication object is not a real-name user, or the prompt message is used to indicate that there is a risk in the communication.

[0450] It should be noted that the descriptions of the same steps and contents in the embodiments of this application as in other embodiments can be referred to the descriptions in other embodiments, and will not be repeated here.

[0451] This application provides a communication method that, during communication between a first terminal device and a second terminal device, outputs a prompt message based on the received identity authentication result to indicate the communication security status. This allows users to enhance their awareness of preventing communication fraud based on the prompt message, thereby improving the user's communication experience.

[0452] Based on the foregoing embodiments, this application provides a communication method 2200, which is applied to the aforementioned communication system 20. Figure 22 This is a flowchart illustrating a communication method 2200 provided in an embodiment of this application. Both the first terminal device and the second terminal device have communication applications installed, such as telecommunications applications or internet audio / video applications. This communication method 2200 can be applied to scenarios where communication services are conducted between the communication applications on the first terminal device and the second terminal device, such as voice calls or video calls. This communication method 2200 does not... Figure 22 The specific order is a limitation. It should be understood that in other embodiments, the order of some steps in this communication method 2200 can be interchanged according to actual needs, or some steps can be omitted or deleted. The following is a detailed explanation of each step.

[0453] S2201, The first anti-fraud service sends a request to the first TA to obtain a session random number.

[0454] S2202. The first TA responds to the request, generates a session random number, and sends the session random number to the first anti-fraud authentication service.

[0455] S2203. The first anti-fraud authentication service sends a request to the server to obtain the identity authentication result. The request carries a session random number.

[0456] S2204. The server forwards the request to the second anti-fraud authentication service.

[0457] S2205, The second anti-fraud authentication service receives the request.

[0458] S2206, The second anti-fraud authentication service sends an acquisition request to the second TA.

[0459] S2207. In response to the acquisition request, the second TA acquires image data of the communication object through the multimedia data acquisition component, and performs liveness detection and re-photographing detection based on the image data to obtain credible biometric data of the object using the second terminal device (i.e., the communication object).

[0460] S2208, the second TA matches the trusted biometric data with the biometric data of the real-name user to obtain the identity authentication result.

[0461] S2209. The second TA signs the authentication result and the session random number to obtain the first signature.

[0462] The identity authentication result is determined in the TEE through the second TA, and malicious deepfake cannot affect the identity authentication result.

[0463] S2210, the second TA sends the identity authentication result and the first signature to the second anti-fraud authentication service.

[0464] S2211, The second anti-fraud authentication service sends the identity authentication result, the first signature, and the second anti-fraud certificate to the server.

[0465] S2212, The server forwards the identity authentication result, the first signature, and the second anti-fraud certificate to the first anti-fraud authentication service.

[0466] S2213, The first anti-fraud authentication service receives the identity authentication result, the first signature, and the second anti-fraud certificate.

[0467] S2214. The first anti-fraud authentication service sends the identity authentication result, the first signature, and the second anti-fraud certificate to the first TA.

[0468] S2215. The first TA uses the anti-fraud authentication root public key to verify the second anti-fraud certificate. If the verification is successful, the device anti-fraud public key is extracted from the second anti-fraud certificate and used to verify the first signature.

[0469] S2216. If the verification is successful and the identity authentication result indicates that the communication object using the second terminal device is a real-name user who has been authenticated through the second terminal device, output a prompt message carrying user information. This prompt message is used to indicate that the communication object is a real-name user XXX.

[0470] S2217. If the verification is successful and the identity authentication result indicates that the object communicating using the second terminal device is not a real-name user who has been authenticated by the second terminal device, output a prompt message. The prompt message is used to indicate that the communication object is not a real-name user, or the prompt message is used to indicate that there is a risk in the communication.

[0471] For example, the communication method 2200 can be applied to call service scenarios between Internet audio and video applications, as well as to call service scenarios between telecommunications applications. For call service scenarios between telecommunications applications, if these applications cannot directly establish a communication connection, anti-fraud authentication can be achieved through anti-fraud authentication services and server forwarding.

[0472] It should be noted that the descriptions of the same steps and contents in the embodiments of this application as in other embodiments can be referred to the descriptions in other embodiments, and will not be repeated here.

[0473] This application provides a communication method that, during communication between a first terminal device and a second terminal device, outputs a prompt message based on the received identity authentication result to indicate the communication security status. This allows users to enhance their awareness of preventing communication fraud based on the prompt message, thereby improving the user's communication experience.

[0474] Before S2201 in the communication method 2200 provided in the foregoing embodiment, communication method 2300 can also be executed. Figure 23 This is a flowchart illustrating a communication method 2300 provided in an embodiment of this application. The communication method 2300 is used to establish a communication link between a first anti-fraud authentication service on a first terminal device and a second anti-fraud authentication service on a second terminal device. This communication link includes a server, which is used to forward data between the first and second anti-fraud authentication services. The steps are explained in detail below.

[0475] S2301. During the communication service between the first terminal device and the second terminal device, the second communication application sends a start request to the second anti-fraud authentication service to initiate an anti-fraud authentication session.

[0476] In one possible implementation, the communication service is a call service. In step S2301, during the communication service between the first terminal device and the second terminal device, the second communication application sends a start request to the second anti-fraud authentication service to initiate an anti-fraud authentication session. This includes: during the call service, before the call is connected, the second communication application sends the start request to the second anti-fraud authentication service; or, during the call service, during the call connection phase, the second communication application sends the start request to the second anti-fraud authentication service. Correspondingly, the second anti-fraud authentication service receives the start request.

[0477] S2302, The second anti-fraud authentication service sends a notification message to the second communication application, which is used to notify that the startup request has been received.

[0478] S2303, the second anti-fraud authentication service sends a connection request 1 to the server to establish a communication anti-fraud session. The connection request 1 carries the identifier of the second communication application (e.g., "telephone"), the user identifier of the source communication application (i.e., the user identifier of the second communication application), and the user identifier of the target communication application (i.e., the user identifier of the first communication application).

[0479] S2304. The server sends a notification message to the second anti-fraud authentication service, which is used to notify that the connection request 1 has been received.

[0480] S2305. During the communication service between the first terminal device and the second terminal device, the first communication application sends a start request to the first anti-fraud authentication service to initiate an anti-fraud authentication session.

[0481] In one possible implementation, the communication service is a call service. In step S2305, during the communication service between the first terminal device and the second terminal device, the first communication application sends a start request to the first anti-fraud authentication service to initiate an anti-fraud authentication session. This includes: during the call service, before the call is connected, the first communication application sends the start request to the first anti-fraud authentication service; or, during the call service, after the call is connected, the first communication application sends the start request to the first anti-fraud authentication service. Correspondingly, the first anti-fraud authentication service receives the start request.

[0482] S2306. The first anti-fraud authentication service sends a notification message to the first communication application, which is used to notify that the startup request has been received.

[0483] S2307. The first anti-fraud authentication service sends a connection request 2 to the server to establish a communication anti-fraud session. The connection request 2 carries the identifier of the first communication application (e.g., "telephone"), the user identifier of the source communication application (i.e., the user identifier of the first communication application), and the user identifier of the target communication application (i.e., the user identifier of the second communication application).

[0484] S2308. The server sends a notification message to the first communication application, which is used to notify that the connection request 2 has been received.

[0485] It should be noted that S2301 to S2304 and S2305 to S2308 are executed asynchronously.

[0486] S2309. Based on connection request 1 and connection request 2, the server establishes a communication link between the first anti-fraud authentication service and the second anti-fraud authentication service.

[0487] This communication link includes a server.

[0488] For example, if the server determines, based on connection request 1 and connection request 2, that the identifier of the first communication application matches the identifier of the second communication application, the user identifier of the second communication application matches, and the user identifier of the first communication application matches, then the server establishes a communication link between the first anti-fraud authentication service and the second anti-fraud authentication service.

[0489] In one possible implementation, the following steps may be performed after S2309: the server sends a target notification message to the first anti-fraud authentication service, which is used to notify that a communication link has been established between the first anti-fraud authentication service and the second anti-fraud authentication service.

[0490] In the communication method provided in this paper, the first anti-fraud authentication service and the second anti-fraud authentication service are incorporated into a unified PKI system, and the first anti-fraud service and the second anti-fraud service can communicate securely with each other.

[0491] The communication method provided by the embodiments of this application has been described in detail above. In the various embodiments of this application, unless otherwise specified or logically conflicting, the terms and / or descriptions between the various embodiments are consistent and can be referenced by each other. The technical features in different embodiments can be combined to form new embodiments according to their inherent logical relationship.

[0492] It is understood that, in order to achieve the above-mentioned functions, electronic devices include hardware structures and / or software modules corresponding to the execution of each function. Those skilled in the art should readily recognize that, based on the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein, this application can be implemented in hardware or a combination of hardware and computer software. Whether a function is executed in hardware or by computer software driving hardware depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application. This application can divide the execution of communication methods into functional units based on the above method examples; for example, each function can be divided into separate functional units, or two or more functions can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit. It should be noted that the unit division in this application is illustrative and only represents one logical functional division; other division methods may exist in actual implementation.

[0493] The following is combined with Figure 24 This application provides a detailed description of the electronic device provided in its embodiments. It should be understood that the descriptions of the device embodiments correspond to the descriptions of the method embodiments; therefore, any content not described in detail can be found in the above method embodiments, and for the sake of brevity, will not be repeated here.

[0494] Figure 24 A schematic diagram of the structure of an electronic device provided in this application is shown. Figure 24 The dashed line indicates that the unit or module is optional. Electronic device 24 can be used to implement the methods described in the above method embodiments. Electronic device 24 can be a first terminal device, a second terminal device, or a server, or it can be a chip (system).

[0495] The electronic device 24 includes one or more processors 2401, which can support the electronic device 24 in implementing the methods in the above-described method embodiments. The processor 2401 can be a general-purpose processor or a dedicated processor. For example, the processor 2401 can be a central processing unit (CPU). The CPU can be used to control the electronic device 24, execute software programs, and process data from the software programs. The electronic device 24 may also include a communication unit 2405 for implementing signal input (reception) and output (transmission).

[0496] The aforementioned electronic device 24 may be a chip (system) including a memory and a processor, wherein the processor is configured to execute a computer program stored in the memory to implement the methods shown in the various embodiments above.

[0497] The communication unit 2405 may be an input and / or output circuit of the chip (system), or the communication unit 2405 may be a communication interface of the chip (system), and the chip (system) may be a component of the electronic device 24.

[0498] For example, the communication unit 2405 may be a transceiver of the electronic device 24, or the communication unit 2405 may be a transceiver circuit of the electronic device 24. The electronic device 24 may include one or more memories 2402, which store a program 2404. The program 2404 can be executed by the processor 2401 to generate instructions 2403, causing the processor 2401 to execute the method described in the above method embodiments according to the instructions 2403. Optionally, the memory 2402 may also store data. Optionally, the processor 2401 may also read data stored in the memory 2402, which may be stored at the same memory address as the program 2404, or the data may be stored at a different memory address than the program 2404.

[0499] The processor 2401 and memory 2402 can be configured separately or integrated together, for example, integrated on a system-on-chip (SOC) of an electronic device. For details on how the processor 2401 performs the bag detection method, please refer to the relevant description in the method embodiments.

[0500] It should be understood that the steps of the above method embodiments can be implemented by hardware logic circuits or software instructions in the processor 2401. The processor 2401 may be a CPU, a digital signal processor (DSP), a field programmable gate array (FPGA), or other programmable logic devices, such as discrete gate, transistor logic devices, or discrete hardware components.

[0501] This application also provides a computer program product that, when executed by processor 2401, implements the method of any of the method embodiments in this application. The computer program product can be stored in memory 2402, for example, as program 2404. Program 2404 undergoes preprocessing, compilation, assembly, and linking processes to ultimately be converted into an executable object file that can be executed by processor 2401.

[0502] This application also provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a computer, implements the method of any of the method embodiments of this application. The computer program may be a high-level language program or an executable object program.

[0503] The computer-readable storage medium is, for example, memory 2402. Memory 2402 can be volatile memory or non-volatile memory, or memory 2402 can include both volatile and non-volatile memory. The non-volatile memory can be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), or flash memory. The volatile memory can be random access memory (RAM), which is used as an external cache. By way of example, but not limitation, many forms of RAM are available, such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDR SDRAM), Enhanced Synchronous DRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and Direct Rambus RAM (DRRAM).

[0504] Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working process and technical effects of the above-described apparatus and equipment can be referred to the corresponding processes and technical effects in the foregoing method embodiments, and will not be repeated here.

[0505] The systems, apparatuses, and methods disclosed in the embodiments provided in this application can be implemented in other ways. For example, some features of the method embodiments described above may be omitted or not performed. The apparatus embodiments described above are merely illustrative; the division of units is only a logical functional division, and in actual implementation, there may be other division methods. Multiple units or components may be combined or integrated into another system. Furthermore, the coupling between units or components can be direct or indirect, including electrical, mechanical, or other forms of connection.

[0506] The above embodiments are only used to illustrate the technical solutions of this application, and are not intended to limit them. Although this application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of this application, and should all be included within the protection scope of this application.

[0507] Finally, the above are merely specific embodiments of this application, but the scope of protection of this application is not limited thereto. Any changes or substitutions within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A communication method, characterized in that, Applied to a first terminal device, the method includes: During the communication service between the first terminal device and the second terminal device, an identity authentication result is obtained. The identity authentication result indicates whether the communication object is the target object. The communication object is the object that uses the second terminal device to communicate. The target object is a real-name user who has been authenticated by the second terminal device. Based on the authentication result, a prompt message is output, which is used to indicate the communication security status.

2. The method according to claim 1, characterized in that, The acquisition of identity authentication results includes: Receive first data and a first signature corresponding to the first data from the second terminal device, wherein the first data is used to determine the identity authentication result; The first signature is verified, and if the verification passes, the identity authentication result is determined based on the first data.

3. The method according to claim 2, characterized in that, The first data is the identity authentication result.

4. The method according to claim 2, characterized in that, The first data consists of the first biometric data of the communication object and the second biometric data of the target object. Determining the authentication result based on the first data includes: The first biometric data and the second biometric data are matched to obtain the identity authentication result.

5. The method according to any one of claims 2 to 4, characterized in that, The first terminal device includes a first trusted application (TA), which is configured in the trusted execution environment (TEE) of the first terminal device. The method further includes: The first signature is verified using the device's anti-fraud public key via the first TA.

6. The method according to claim 5, characterized in that, The device's anti-fraud public key is obtained through the following methods: Receive a device certificate and a first anti-fraud certificate from the second terminal device. The first anti-fraud certificate is generated based on the device private key. The device certificate is used to prove the identity of the second terminal device. If the device certificate is deemed valid based on the device root public key, the device public key corresponding to the device private key is extracted from the device certificate. If the first anti-fraud certificate is deemed legitimate based on the device's public key, the device's anti-fraud public key is extracted from the first anti-fraud certificate.

7. The method according to claim 5, characterized in that, The device's anti-fraud public key is obtained through the following methods: Receive the second anti-fraud certificate from the second terminal device; If the second anti-fraud certificate is deemed legitimate based on the anti-fraud authentication root public key, the device anti-fraud public key is extracted from the second anti-fraud certificate.

8. The method according to any one of claims 2 to 7, characterized in that, Before receiving the first data from the second terminal device and the first signature corresponding to the first data, the method further includes: Send a request to the second terminal device to obtain the first data.

9. The method according to claim 8, characterized in that, The request contains a session random number.

10. The method according to any one of claims 1 to 9, characterized in that, Based on the identity authentication result, the output of prompt information includes: If the authentication result indicates that the communication object is the target object, a prompt message carrying the user information of the target object is output.

11. The method according to claim 10, characterized in that, The user information is obtained through the following methods: Receive encrypted text from the second terminal device; The encrypted text is decrypted to obtain the user information.

12. A communication method, characterized in that, Applied to a second terminal device, the method further includes: During the communication service between the first terminal device and the second terminal device, first data is acquired. The first data is used to determine the identity authentication result. The identity authentication result indicates whether the communication object is the target object. The communication object is the object that uses the second terminal device to communicate. The target object is a real-name user who has been real-name authenticated through the second terminal device. Sign the second data containing the first data to obtain the first signature; Send the first data and the first signature to the first terminal device.

13. The method according to claim 12, characterized in that, The first data is the first biometric data of the communication object and the second biometric data of the target object, or the first data is the identity authentication result, which is determined based on the first biometric data and the second biometric data.

14. The method according to claim 12 or 13, characterized in that, Before collecting the first data during the communication service between the first terminal device and the second terminal device, the method further includes: In response to user actions, obtain the identity information to be authenticated; Send an authentication request for real-name authentication to the server, the authentication request carrying the identity information to be authenticated; Receive the real-name authentication result from the server; If the real-name authentication result indicates that the real-name authentication is successful, the object corresponding to the identity information to be authenticated shall be taken as the target object.

15. The method according to claim 14, characterized in that, The authentication result is determined based on the first biometric data of the communication object and the second biometric data of the target object, wherein the second biometric data is obtained in the following manner: The biometric data in the identity information to be authenticated is used as the second biometric data.

16. The method according to any one of claims 12 to 15, characterized in that, The authentication result is determined based on the first biometric data of the communication object and the second biometric data of the target object, wherein the second biometric data is obtained in the following manner: The multimedia data acquisition component of the second terminal device acquires first multimedia data for the target object. Biometric features are extracted from the first multimedia data to obtain the second biometric data.

17. The method according to any one of claims 12 to 16, characterized in that, The second terminal device includes a second trusted application (TA), which is configured in the trusted execution environment (TEE) of the second terminal device. The authentication result is determined based on the first biometric data of the communication object and the second biometric data of the target object. The first biometric data is obtained in the following manner: During the communication service between the first terminal device and the second terminal device, second multimedia data is collected through the multimedia data acquisition component of the second terminal device. The first biometric data is determined based on the second multimedia data using the second TA.

18. The method according to claim 17, characterized in that, The step of determining the first biometric data based on the second multimedia data includes: If there are no reproduced images in the second multimedia data and the object corresponding to the second multimedia data is a living object, the biometric data obtained by extracting biometric features from the second multimedia data will be determined as the first biometric data.

19. The method according to any one of claims 12 to 18, characterized in that, The second terminal device includes a second trusted application (TA), which is configured in the TEE of the second terminal device. The step of signing the second data containing the first data to obtain a first signature includes: The second data is signed using the device's anti-fraud private key via the second TA to obtain the first signature.

20. The method according to claim 19, characterized in that, The TEE contains a device certificate for the second terminal device, which is used to verify the identity of the second terminal device. The method further includes: Send the device certificate and the first anti-fraud certificate to the first terminal device. The first anti-fraud certificate is generated based on the device private key and carries a device anti-fraud public key corresponding to the device anti-fraud private key. The device certificate carries a device public key corresponding to the device private key; or, Send a second anti-fraud certificate to the first terminal device. The second anti-fraud certificate is generated based on the anti-fraud authentication root private key and carries the device's anti-fraud public key.

21. The method according to claim 20, characterized in that, The second anti-fraud certificate was obtained through the following methods: A second signature is obtained by signing the device's anti-fraud public key based on the device's private key; A processing request for generating the second anti-fraud certificate is sent to the server, the processing request carrying the device's anti-fraud public key, the second signature, and the device certificate; Receive a second anti-fraud certificate from the server, the second anti-fraud certificate being generated based on the device's anti-fraud public key, the second signature, and the device certificate.

22. The method according to any one of claims 12 to 21, characterized in that, The method further includes: Receive an acquisition request from the first terminal device, the acquisition request being used to acquire the first data; Accordingly, sending the first data and the first signature to the first terminal device includes: In response to the acquisition request, the first data and the first signature are sent to the first terminal device.

23. The method according to claim 22, characterized in that, The acquisition request carries a session random number, and the second data also includes the session random number.

24. The method according to any one of claims 12 to 23, characterized in that, The first data is the identity authentication result. If the identity authentication result indicates that the communication object is the target object, the second data also includes ciphertext, which carries the user information of the target object.

25. A communication method, characterized in that, Applied to a server, the method includes: During the communication service between the first terminal device and the second terminal device, the device receives first data and a first signature corresponding to the first data from the second terminal device. The first data is used to determine the identity authentication result. The identity authentication result indicates whether the communication object is the target object. The communication object is the object that uses the second terminal device to communicate. The target object is a real-name user who has been real-name authenticated by the second terminal device. The first data and the first signature are forwarded to the first terminal device.

26. The method according to claim 25, characterized in that, Before receiving the first data and the first signature corresponding to the first data from the second terminal device during the communication service between the first terminal device and the second terminal device, the method further includes: Receive an acquisition request from the first terminal device, the acquisition request being used to acquire the first data; The acquisition request is forwarded to the second terminal device.

27. The method according to claim 26, characterized in that, The request contains a session random number.

28. The method according to any one of claims 25 to 27, characterized in that, Before receiving the first data and the first signature corresponding to the first data from the second terminal device during the communication service between the first terminal device and the second terminal device, the method further includes: The system receives a processing request from the second terminal device to generate a second anti-fraud certificate. The processing request carries the device's anti-fraud public key, a second signature, and a device certificate, which is used to prove the identity of the second terminal device. If the second signature is verified successfully based on the device certificate, a second anti-fraud certificate is generated using the anti-fraud authentication root private key. The second anti-fraud certificate carries the device anti-fraud public key. Send the second anti-fraud certificate to the second terminal device.

29. The method according to any one of claims 25 to 28, characterized in that, Before receiving the first data and the first signature corresponding to the first data from the second terminal device during the communication service between the first terminal device and the second terminal device, the method further includes: Receive an authentication request for real-name authentication from the second terminal device, wherein the authentication request carries the identity information to be authenticated; Send the authentication request to the real-name authentication center; Receive the real-name authentication result from the real-name authentication center; The real-name authentication result is sent to the second terminal device.

30. A communication system, characterized in that, The communication system includes: a first terminal device and a second terminal device, wherein a communication connection is established between the first terminal device and the second terminal device, wherein: The second terminal device is configured to, during communication between the first terminal device and the second terminal device, acquire first data, the first data being used to determine an identity authentication result, the identity authentication result indicating whether the communication object is a target object, the communication object being an object using the second terminal device for communication, and the target object being a real-name user who has been authenticated through the second terminal device; sign the second data containing the first data to obtain a first signature; and send the first data and the first signature to the first terminal device. The first terminal device is configured to receive the first data and the first signature corresponding to the first data from the second terminal device; verify the first signature, and if the verification is successful, determine the identity authentication result based on the first data; and output a prompt message based on the identity authentication result, the prompt message being used to indicate the communication security status.

31. The communication system according to claim 30, characterized in that, The second terminal device includes a second trusted application (TA), which is configured in the trusted execution environment (TEE) of the second terminal device, wherein: The second terminal device is specifically used to sign the second data using the device's anti-fraud private key via the second TA to obtain the first signature.

32. The communication system according to claim 31, characterized in that, The first terminal device includes a first TA, which is configured in the TEE of the first terminal device, wherein: The first terminal device is specifically used to verify the first signature using the first TA and the device anti-fraud public key corresponding to the device anti-fraud private key.

33. The communication system according to any one of claims 30 to 32, characterized in that, The communication system also includes a server, wherein: The second terminal device is also used to obtain the identity information to be authenticated in response to user operations; Send an authentication request for real-name authentication to the server, the authentication request carrying the identity information to be authenticated; The server is used to receive the authentication request; Send the authentication request to the real-name authentication center; Receive the real-name authentication result from the real-name authentication center; Send the real-name authentication result to the second terminal device; The second terminal device is further configured to receive the real-name authentication result and determine, based on the real-name authentication result, whether the object corresponding to the identity information to be authenticated is the target object.

34. A communication system, characterized in that, The communication system includes: a first terminal device, a second terminal device, and a server, wherein the server establishes communication connections with both the first terminal device and the second terminal device. The second terminal device is configured to, during communication between the first terminal device and the second terminal device, acquire first data, the first data being used to determine an authentication result, the authentication result indicating whether the communication object is a target object, the communication object being an object using the second terminal device for communication, and the target object being a real-name user who has been authenticated through the second terminal device; sign the second data containing the first data to obtain a first signature; and send the first data and the first signature to the server. The server is configured to receive the first data and the first signature; and forward the first data and the first signature to the first terminal device. The first terminal device receives first data and the first signature; if the first signature is verified, it determines the identity authentication result based on the first data; based on the identity authentication result, it outputs a prompt message, which is used to indicate the communication security status.

35. The communication system according to claim 34, characterized in that, The second terminal device includes a second trusted application (TA), which is configured in the trusted execution environment (TEE) of the second terminal device, wherein: The second terminal device is specifically used to sign the second data using the device's anti-fraud private key via the second TA to obtain the first signature.

36. The communication system according to claim 35, characterized in that, The first terminal device includes a first TA, which is configured in the TEE of the first terminal device, wherein: The first terminal device is specifically used to verify the first signature using the first TA and the device anti-fraud public key corresponding to the device anti-fraud private key.

37. The communication system according to any one of claims 34 to 36, characterized in that, The second terminal device is further configured to respond to user operations by obtaining identity information to be authenticated; and to send an authentication request for real-name authentication to the server, wherein the authentication request carries the identity information to be authenticated. The server is used to receive the authentication request; Send the authentication request to the real-name authentication center; Receive the real-name authentication result from the real-name authentication center; Send the real-name authentication result to the second terminal device; The second terminal device is also used to receive the real-name authentication result.

38. An electronic device, characterized in that, include: A memory, one or more processors, and one or more programs; wherein the one or more programs are stored in the memory; When the one or more processors execute the one or more programs, they cause the electronic device to perform the method of any one of claims 1 to 11, any one of claims 12 to 24, or any one of claims 25 to 29.

39. A chip system, characterized in that, The chip system includes a memory and a processor, the processor being configured to execute a computer program stored in the memory to implement the method as claimed in any one of claims 1 to 11, 12 to 24, or 25 to 29.

40. A computer-readable storage medium having a computer program or instructions stored thereon, characterized in that, When the computer program or instructions are executed, they cause the computer to perform the method as described in any one of claims 1 to 11, 12 to 24, or 25 to 29.

41. A computer program product, characterized in that, It includes computer program instructions that cause the computer to perform the method as claimed in any one of claims 1 to 11, 12 to 24, or 25 to 29.