WO2018145286A1 - Authentication method based on biological features, authentication apparatus, and electronic device - Google Patents

Authentication method based on biological features, authentication apparatus, and electronic device Download PDF

Info

Publication number
WO2018145286A1
WO2018145286A1 PCT/CN2017/073167 CN2017073167W WO2018145286A1 WO 2018145286 A1 WO2018145286 A1 WO 2018145286A1 CN 2017073167 W CN2017073167 W CN 2017073167W WO 2018145286 A1 WO2018145286 A1 WO 2018145286A1
Authority
WO
WIPO (PCT)
Prior art keywords
biometric
verification code
sample
feature points
feature
Prior art date
Application number
PCT/CN2017/073167
Other languages
French (fr)
Chinese (zh)
Inventor
陆向远
刘和兴
Original Assignee
深圳市汇顶科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市汇顶科技股份有限公司 filed Critical 深圳市汇顶科技股份有限公司
Priority to CN201780000076.6A priority Critical patent/CN107077558B/en
Priority to PCT/CN2017/073167 priority patent/WO2018145286A1/en
Publication of WO2018145286A1 publication Critical patent/WO2018145286A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Definitions

  • the technical solution disclosed by the present invention relates to the field of communications technologies, and in particular, to a biometric-based authentication method, an authentication device, and an electronic device.
  • the biological characteristics of the human body are often used for security authentication between communication devices because they are unique and are not easily copied or stolen.
  • biometric samples transmitted during secure authentication need to be encrypted and decrypted; the implementation of encryption and decryption requires the use of a key negotiated in advance by the communication device.
  • the above technical solutions have at least the following drawbacks: (1) The encrypted and decrypted keys need to be shared by the electronic devices in advance negotiation, which makes the initial security authentication process between the electronic devices cumbersome. (2) Only biometric samples for security authentication are verified, and biometric templates for security authentication are not verified, and there is a hidden danger of communication security.
  • the technical solution disclosed by the present invention can at least solve the following technical problems: obtaining a key for encryption and decryption in a manner of non-advance negotiation; realizing two-way verification of a biometric sample and a biometric template.
  • the first authentication device includes: collecting a biometric sample; quantifying feature points of the biometric sample; calculating a key based on the quantized feature points of the biometric sample; identifying a singular point of the biometric sample; The singular point calculation assists the alignment parameter; generates a first verification code; encrypts the first verification code using the key; and sends the auxiliary alignment parameter and the encrypted first verification to a second authentication device And comparing, when the second verification code returned by the second authentication device, the second verification code and the first verification code, if the second verification code and the first verification code Consistently, the biometric samples collected by the first authentication device pass the authentication.
  • the quantizing the feature points of the biometric sample comprises: performing signal preprocessing on the biometric sample; and extracting feature points of the signal preprocessed biometric sample.
  • the biometric sample includes a fingerprint feature sample; and quantifying feature points of the fingerprint feature sample includes: quantifying a grain direction of feature points of the fingerprint feature sample to be equally spaced In the N directions, N is an integer of ⁇ 1; the position of the feature point of the fingerprint feature sample is quantized into M values with respect to the position of the singular point, and M is an integer of ⁇ 1.
  • the feature points of the fingerprint feature sample include: endpoints of the texture and/or bifurcation points of the texture.
  • the calculating a key based on the quantized feature points of the biometric sample comprises: converting the quantized feature points of the biometric sample into a numerical value; A hash value of the value or a signature value; the hash value or the signature value is the key.
  • the identifying the singular point of the biometric sample comprises: identifying a center point and/or a triangle point of the biometric sample as a singular point.
  • the calculating the auxiliary alignment parameter based on the singular point The number includes: calculating a distribution range of feature points of the biometric sample based on the singular point; and calculating a distribution range of feature points of the biometric sample as the auxiliary alignment parameter.
  • One or more embodiments of the present invention also disclose a biometric-based authentication method, which is applied to a second authentication device, including: receiving an auxiliary alignment parameter sent by a first authentication device and an encrypted first verification code; Obtaining a preset biometric template, acquiring a feature point of a corresponding position in the biometric template according to the auxiliary alignment parameter; calculating a key based on a feature point of a corresponding position in the biometric template; using the key pair Decrypting the encrypted first verification code to obtain a second verification code; transmitting the second verification code to the first authentication device; and when the second verification code passes the authentication of the first authentication device And the biometric template of the second authentication device passes the authentication.
  • the method further comprises quantifying feature points of the biometric template.
  • the auxiliary alignment parameter is: the first authentication device calculates a distribution range of feature points of the biometric sample based on the singular point of the biometric sample; Acquiring a feature point of the corresponding position in the biometric template according to the auxiliary alignment parameter includes: identifying a distribution range of feature points of the biometric sample to the biometric template; and acquiring the biometric template A feature point of a corresponding position within a distribution range of feature points of the biometric sample.
  • One or more embodiments of the present invention further disclose a first authentication device, including: a first acquisition module, configured to collect biometric samples; and a first quantization module, configured to quantize feature points of the biometric samples; a first key module, configured to calculate a key based on the quantized feature points of the biometric sample; a first singular point module, configured to identify a singular point of the biometric sample; and a first auxiliary alignment parameter module, Calculating the auxiliary alignment parameter based on the singular point; the first verification code module is configured to generate a first verification code; and the first encryption module is configured to encrypt the first verification code by using the key; a first transceiver module, configured to send the auxiliary alignment parameter and the encrypted first verification code to a second authentication device; and the first comparison module receives a second verification returned by the second authentication device And determining, by the second verification code and the first verification code, if the second verification code is consistent with the first verification code, the biometric sample of the first authentication device passes the authentication.
  • the first authentication device further includes: a first pre-processing module, configured to perform signal pre-processing on the biometric sample; and a first extraction module, configured to extract a signal Feature points of the pre-processed biometric samples.
  • the first quantization module is configured to quantize feature points of the fingerprint feature samples, including: quantizing a texture direction of the feature points of the fingerprint feature samples into N directions of equal intervals , N is an integer of ⁇ 1; the position of the feature point of the fingerprint feature sample is quantized to M values with respect to the position of the singular point, and M is an integer of ⁇ 1.
  • the first key module calculates a key based on the quantized feature points of the biometric sample, including: converting the quantized feature points of the biometric sample into a value; a hash value or a signature value of the value is calculated; the hash value or the signature value is the key.
  • the first singular point module identifying the singular point of the biometric sample comprises: identifying a center point and/or a triangle point of the biometric sample as a singular point.
  • the first auxiliary alignment parameter module calculates an auxiliary alignment parameter based on the singular point, including: calculating a distribution range of feature points of the biometric sample based on the singular point; The calculated distribution range of the feature points of the biometric sample is the auxiliary alignment parameter.
  • One or more embodiments of the present invention also disclose a second authentication apparatus, including: a sending module, configured to receive the auxiliary alignment parameter sent by the first authentication device and the encrypted first verification code; the second feature point module is configured to retrieve the preset biometric template, and obtain the a feature point corresponding to the location in the biometric template; a second key module, configured to calculate a key based on a feature point of the corresponding location in the biometric template; and a second decryption module, configured to encrypt the encryption using the key
  • the first first verification code is decrypted to obtain a second verification code; the second transceiver module is further configured to send the second verification code to the first authentication device.
  • the second authenticating apparatus further includes: the apparatus further comprising: a second quantization module, configured to quantize feature points of the biometric template.
  • the auxiliary alignment parameter is: the first authentication device calculates a distribution range of feature points of the biometric sample based on the singular point of the biometric sample; Acquiring the feature points of the corresponding positions in the biometric template according to the auxiliary alignment parameters includes: identifying a distribution range of the feature points of the biometric samples to the biometric template; acquiring the biological A feature point of a corresponding position within a distribution range of feature points of the biometric sample on the feature template.
  • the first authentication device calculates a key based on the feature point of the quantized biometric sample, encrypts the first verification code generated by the calculated key pair, and then encrypts And transmitting the encrypted first verification code and the auxiliary alignment parameter to the second authentication device.
  • the second authenticating device acquires the feature points of the quantized biometric samples from the preset quantized biometric template according to the received auxiliary alignment parameters, and then calculates a key according to the acquired feature points of the quantized biometric samples. Therefore, the first authentication device and the second authentication device can each calculate the key, that is, the first authentication device and the second authentication device can obtain the key in a non-advance negotiation manner.
  • the first authentication device sends the encrypted first authentication code to the second authentication device, Rather than the quantified feature points of the biometric sample, the first authentication device can indirectly authenticate whether the second authentication device has the correct biometric template.
  • FIG. 1 is a flowchart of a biometric-based authentication method according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of quantizing feature points of a biometric sample in an embodiment of the present invention
  • FIG. 3 is a schematic diagram showing alignment of a quantized biometric sample and a quantized biometric template in a quadrilateral region according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram showing alignment of a quantized biometric sample and a quantized biometric template in a circular area according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram of a workflow of mutual authentication between an electronic device X and an electronic device Y according to another embodiment of the present invention.
  • FIG. 6 is a schematic diagram of a workflow for mutually authenticating an electronic device 1 and an electronic device 2 according to still another embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a biometric-based first authentication device according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of a biometric-based second authentication device according to an embodiment of the present invention.
  • FIG. 9 is a schematic diagram of an electronic device according to another embodiment of the present invention.
  • FIG. 1 a flowchart of a biometric-based authentication method in accordance with an embodiment of the present invention.
  • the biometric-based authentication method is applied to other electronic devices having wireless and/or wired communication functions, such as smart phones, tablets, and notebook computers.
  • an identity authentication before a Bluetooth communication data transmission is established between a smartphone and a laptop, and the steps performed by the smartphone include but are not limited to the following:
  • Step 101 The smartphone collects biometric samples.
  • biometric samples collected by the smartphone include, but are not limited to, fingerprints and/or faces and/or irises.
  • Step 102 The smartphone quantizes feature points of the biometric sample; and then calculates a key based on the quantized feature points of the biometric sample.
  • Step 103 The smartphone identifies a singular point of the biometric sample; and then based on the singular point Calculate the auxiliary alignment parameters.
  • the auxiliary alignment parameter is used by the notebook computer to acquire feature points of the quantized biometric sample according to the biometric template.
  • Step 104 The smart phone generates a first verification code; and then encrypts the first verification code by using the key.
  • Step 105 The smart phone sends the auxiliary alignment parameter and the encrypted first verification code to the laptop; and when the smart phone receives the second verification code returned by the laptop, comparing the second verification And the first verification code, if the second verification code is consistent with the first verification code, the biometric sample collected by the smart phone passes the authentication.
  • the second verification code is consistent with the first verification code, and the second verification code is the same as the first verification code.
  • the second verification code and the first verification code are both 123456.
  • the quantizing the feature points of the biometric sample comprises: performing signal preprocessing on the biometric sample; and extracting feature points of the signal preprocessed biometric sample.
  • the performing signal preprocessing on the biometric sample includes: removing interference information in the biometric sample, and enhancing useful information in the biometric sample.
  • the biometric sample includes, but is not limited to, a fingerprint feature sample; quantifying feature points of the fingerprint feature sample includes: quantifying a grain direction of feature points of the fingerprint feature sample to be equally spaced In the N directions, N is an integer of ⁇ 1; the position of the feature point of the fingerprint feature sample is quantized into M values with respect to the position of the singular point, and M is an integer of ⁇ 1.
  • the feature points of the fingerprint feature sample include: endpoints of the texture and/or bifurcation points of the texture.
  • the identifying the singular point of the biometric sample comprises: identifying a center point and/or a triangle point of the biometric sample as a singular point.
  • FIG. 2 a schematic diagram of quantizing feature points of a biometric sample in an embodiment of the present invention.
  • the process of quantifying the feature points of a biometric sample is briefly summarized as follows: The feature space of the biometric sample is quantized (digitized) at an appropriate spacing. The feature points of the biometric sample are sampled. The feature points of the sampled biometric samples will be forced to the nearest quantization point. The above quantization process can ensure that the feature points of the biometric sample feature points of the same user are always the same.
  • the calculating a feature point based on the quantized feature points of the biometric sample includes: converting the quantized feature points of the biometric sample into a numerical value; calculating a hash value or a signature value of the numerical value; The hash value or the signature value is the key.
  • the biometric sample is a fingerprint feature sample
  • the quantized feature points of the fingerprint feature sample are converted into numerical values.
  • the biometric sample is a face feature sample or an iris feature sample
  • the quantized face feature sample or the iris feature sample is converted into a numerical value.
  • the converted value is then calculated to obtain a hash value or a signature value. For example, the converted value is calculated according to a hash algorithm to obtain a hash value.
  • the calculating the auxiliary alignment parameter based on the singular point includes: calculating a distribution range of the feature points of the biometric sample based on the singular point; and calculating a distribution range of the feature points of the biometric sample as a Said auxiliary alignment parameters.
  • the smart phone in the above method calculates a key based on the feature points of the quantized biometric samples, encrypts the first verification code generated by the calculated key pair, and then encrypts the encrypted
  • the first verification code and the auxiliary alignment parameters are sent to the laptop.
  • the notebook computer acquires the feature points of the quantized biometric samples from the preset quantized biometric template according to the received auxiliary alignment parameters, and then calculates a key according to the acquired feature points of the quantized biometric samples.
  • the smartphone and the laptop can each calculate the key, ie the smartphone and the laptop can obtain the key in a non-advanced negotiation.
  • the encrypted first verification code is The non-quantized feature points of the biometric sample, so that the notebook can only authenticate the biometric samples collected by the smartphone when it has the correct biometric template. That is, when the biometric sample collected by the smartphone is correct and the laptop does not have the correct biometric template (or for example, the laptop is not a legitimate laptop that matches the smartphone), the smartphone will not receive the The second verification code returned by the laptop, or the second verification code received by the smart phone is inconsistent with the first verification code. Therefore, the smartphone can also indirectly authenticate whether the laptop has the correct biometric template.
  • the steps performed by the laptop include but are not limited to the following:
  • Step 201 The notebook computer receives the auxiliary alignment parameter sent by the smart phone and the encrypted first verification code.
  • Step 202 The notebook computer retrieves a preset biometric template, and acquires feature points of corresponding positions in the biometric template according to the auxiliary alignment parameter.
  • Step 203 The notebook computer calculates a key based on feature points of corresponding positions in the biometric template.
  • Step 204 The notebook computer decrypts the encrypted first verification code by using the key to obtain a second verification code.
  • Step 205 The notebook computer sends the second verification code to the smart phone.
  • the biometric template of the notebook computer passes the authentication.
  • the method further comprises quantifying feature points of the biometric template.
  • the auxiliary alignment parameter is: the first authentication device calculates a distribution range of feature points of the biometric sample based on the singular point of the biometric sample; Acquiring the feature points of the corresponding positions in the biometric template includes: identifying a distribution range of feature points of the biometric sample to the biometric template; and acquiring the biometric sample on the biometric template Feature points of corresponding locations within the distribution of feature points.
  • the identifying the distribution range of the feature points of the biometric sample to the biometric template comprises: aligning the quantized biometric sample with the quantized biometric template.
  • FIG. 3 it is a schematic diagram of a quantized biometric sample aligned with a quantized biometric template in a quadrilateral region according to an embodiment of the invention.
  • FIG. 4 it is a schematic diagram of a quantized biometric sample aligned with a quantized biometric template in a circular area according to an embodiment of the invention.
  • the process of aligning the quantized biometric sample with the quantized biometric template is briefly summarized as follows: identifying a singular point of the quantized biometric sample, and identifying the singular point to the quantized Biometric template.
  • the feature points of the quantized biometric samples are calculated according to the auxiliary alignment parameters, and the feature points are identified to the quantized biometric template. For example, as shown in FIG. 3, the singular points and feature points of the quantized biometric samples are identified to the abcd region. It is also possible to identify the singular points and feature points of the quantized biometric samples to a circular area of radius R as shown in FIG.
  • the process of aligning the quantized biometric sample with the quantized biometric template, identifying the singular point of the quantized biometric sample and the feature point of the quantized biometric sample by using the quantized biometric template thus, the quantized biometric sample can be aligned with the quantized biometric template.
  • the notebook computer in the above method does not directly obtain the characteristics of the quantized biometric sample Point, but acquiring the feature points of the quantized biometric samples from the preset quantized biometric template according to the received auxiliary alignment parameters. Therefore, if the notebook computer in the above method does not have the correct quantized biometric template, the feature points of the quantized biometric sample cannot be obtained, and the key cannot be calculated. So for a smart phone, in the identity authentication process before the Bluetooth communication data transmission with the laptop, if the laptop does not return the correct second verification code, the laptop will most likely not have the correct biometric template. . The holder of the smartphone will be able to operate the smartphone to refuse to establish Bluetooth communication with the laptop.
  • FIG. 5 it is a schematic diagram of a workflow for mutual authentication between an electronic device X and an electronic device Y according to another embodiment of the present invention. Assuming that the electronic device X needs to transfer a certain amount of money to the electronic device Y, the electronic device X and the electronic device Y need to perform transaction security authentication for the security of the transaction.
  • the electronic device X obtains the quantized biometric sample by the steps of collecting and the like, and the electronic device Y presets the quantized biometric template.
  • the electronic device X calculates a key based on the quantized feature points of the biometric sample, and then generates a first verification code and encrypts the generated first verification code using the key, and calculates a singularity based on the singularity Auxiliary alignment parameters.
  • the electronic device X transmits the auxiliary alignment parameter and the encrypted first verification code to the electronic device Y.
  • the electronic device Y retrieves the quantized biometric template, and acquires feature points of corresponding positions in the biometric template according to the auxiliary alignment parameter. A key is then calculated based on feature points of corresponding locations in the biometric template. The electronic device Y decrypts the encrypted first verification code by using the key to obtain a second verification code.
  • the electronic device Y transmits the second verification code to the electronic device X.
  • the electronic device X compares the second verification code with the first verification code.
  • the biometric sample collected by the electronic device X passes the authentication of the electronic device Y.
  • the electronic device X also indirectly verifies whether the electronic device Y has the correct biometric template, which is beneficial to improve transaction security between the electronic device X and the electronic device Y.
  • FIG. 6 is a schematic diagram of a workflow for mutually authenticating an electronic device 1 and an electronic device 2 according to still another embodiment of the present invention. It is assumed that the electronic device 1 can copy a confidential file from the electronic device 2 and store a confidential file into the electronic device 2. At this time, for the security of the information, the electronic device 1 and the electronic device 2 need to perform mutual authentication.
  • the electronic device 2 obtains the quantized biometric sample by the steps of collecting and the like, and the electronic device 1 presets the quantized biometric template.
  • the electronic device 2 obtains the verification code B1 and the encrypted verification code B2 after performing the relevant steps in the above embodiment.
  • the electronic device 2 transmits the auxiliary alignment parameter and the encrypted verification code B2 to the electronic device 1.
  • the electronic device 1 decrypts the encrypted verification code B2, obtains the verification code B3, and then feeds back the verification code B3 to the electronic device 2.
  • the electronic device 2 compares the verification code B3 with the verification code B1. When the verification code B3 coincides with the verification code B1, the quantized biometric sample of the electronic device 2 passes the verification.
  • the electronic device 2 receives the verification code B3 fed back by the electronic device 1, and the verification code B3 is consistent with the verification code B1, the process of obtaining the verification code B3 by the electronic device 1 is not necessarily consistent with the preset, so it is necessary for the electronic device 1 to take the initiative. Initiate authentication of the quantified biometric template. A brief overview of the process is as follows:
  • the electronic device 1 obtains the verification code A1 and the encrypted verification code A2 after performing the relevant steps in the above embodiment.
  • the electronic device 1 transmits the encrypted verification code A2 to the electronic device 2.
  • the electronic device 2 decrypts the encrypted verification code A2, obtains the verification code A3, and then feeds back the verification code A3 to the electronic device 1.
  • the electronic device 1 compares the verification code A3 with the verification code A1. When the verification code A3 coincides with the verification code A1, the quantized biometric template of the electronic device 1 passes the verification.
  • the electronic device 1 will not be able to generate a new key without the quantized biometric template, that is, if the electronic device 1 does not have the quantized creature
  • the feature template will not be able to obtain the valid verification code A2. Therefore, the method for mutual authentication between the electronic device 1 and the electronic device 2 in the above embodiment improves the communication security between the electronic device 1 and the electronic device 2.
  • FIG. 7 is a schematic diagram of a biometric-based first authentication device in another embodiment of the present invention.
  • the biometric-based first authentication device includes:
  • the first collection module 701 is configured to collect biometric samples
  • a first quantization module 702 configured to quantize feature points of the biometric sample
  • a first key module 703, configured to calculate a key based on the quantized feature points of the biometric sample
  • a first singular point module 704 configured to identify a singular point of the biometric sample
  • a first auxiliary alignment parameter module 705, configured to calculate an auxiliary alignment parameter based on the singular point
  • a first verification code module 706, configured to generate a first verification code
  • a first encryption module 707 configured to encrypt the first verification code by using the key
  • the first transceiver module 708 is configured to send the auxiliary alignment parameter to the second authentication device and after the encryption The first verification code;
  • a first comparison module 709 configured to compare the second verification code with the first verification code, if the second verification code is received when the second verification code returned by the second authentication device is received Consistent with the first verification code, the biometric samples collected by the first authentication device pass the authentication.
  • the device further includes: a first pre-processing module for performing signal pre-processing on the biometric sample; and a first extracting module, configured to extract feature points of the signal-preprocessed biometric sample.
  • the first quantization module 702 is configured to quantize the feature points of the fingerprint feature samples, including: quantizing the texture direction of the feature points of the fingerprint feature samples into N directions of equal intervals, where N is an integer of ⁇ 1; The position of the feature point of the fingerprint feature sample is quantized into M values with respect to the position of the singular point, and M is an integer of ⁇ 1.
  • the calculating, by the first key module 703, the key based on the quantized feature points of the biometric sample includes: converting the quantized feature points of the biometric sample into a numerical value; calculating a hash value of the numerical value or a signature value; the key is the hash value or the signature value.
  • the first singular point module 704 identifying the singular point of the biometric sample includes: identifying a center point and/or a triangle point of the biometric sample as a singular point.
  • the calculating, by the first auxiliary alignment parameter module 705, the auxiliary alignment parameter based on the singular point includes: calculating a distribution range of feature points of the biometric sample based on the singular point; and calculating the calculated biometric sample
  • the distribution range of the feature points is the auxiliary alignment parameter.
  • the biometric-based first authentication device and the biometric-based second authentication device cooperate to implement the biometric-based authentication method in the foregoing method embodiments, which is beneficial to improving communication security.
  • FIG. 8 is a schematic diagram of a biometric-based second authentication device according to another embodiment of the present invention.
  • the biometric-based second authentication device includes:
  • the second transceiver module 801 is configured to receive the auxiliary alignment parameter sent by the first authentication device and the encrypted first verification code;
  • a second feature point module 802 configured to retrieve a preset biometric template, and acquire a feature point of a corresponding position in the biometric template according to the auxiliary alignment parameter;
  • a second key module 803, configured to calculate a key based on a feature point of a corresponding location in the biometric template
  • a second decryption module 804 configured to decrypt the encrypted first verification code by using the key, and when the decryption is successful, to obtain a second verification code
  • the second transceiver module 801 is further configured to send the second verification code to the first authentication device.
  • the apparatus also includes a second quantization module for quantizing feature points of the biometric template.
  • the auxiliary alignment parameter is: the first authentication device calculates a distribution range of feature points of the biometric sample based on the singular point of the biometric sample; the second feature point module 802 is configured according to the auxiliary alignment Obtaining a feature point of the corresponding position in the biometric template includes: identifying a distribution range of feature points of the biometric sample to the biometric template; and acquiring feature points of the biometric sample on the biometric template The feature points of the corresponding locations within the distribution range.
  • the biometric-based second authentication device and the biometric-based first authentication device cooperate to implement the biometric-based authentication method in the foregoing method embodiments, which is beneficial to improving communication security.
  • FIG. 9 a schematic diagram of an electronic device in another embodiment of the present invention.
  • An electronic device including but not limited to a smart phone, a tablet computer, a notebook computer, and the like, having other wireless and/or wired communication functions, for implementing any of the above-mentioned first authentication devices A biometric-based authentication method.
  • the electronic device includes: at least one first processor 901, and at least one first memory 902; the at least one first processor 901 is communicatively coupled to the at least one first memory 902.
  • the at least one first processor 901 shown in FIG. 9 is communicably connected to the at least one first memory 902 via a first bus 903.
  • the at least one first memory 902 stores instructions executable by the at least one first processor 901 to cause the electronic device to perform a biometric-based authentication method performed by any one of the first authentication devices described above .
  • Another embodiment of the present invention discloses another electronic device for implementing a biometric-based authentication method performed by any of the above-described second authentication devices.
  • the electronic device includes, but is not limited to, a server, a smart phone, a tablet, a notebook computer, and the like, and other electronic devices having wireless and/or wired communication functions.
  • the electronic device includes: at least one second processor, and at least one second memory; the at least one second processor communicatively coupled to the at least one second memory.
  • the at least one second memory stores instructions executable by the at least one second processor to cause the electronic device to perform a biometric-based authentication method performed by any one of the second authentication devices described above.
  • Another embodiment of the present invention discloses a steering system composed of an active pen and a terminal with a touch screen.
  • the active pen may perform a biometric-based authentication method performed by any one of the first authentication devices, and the terminal with a touch screen may perform a biometric-based authentication method performed by any one of the foregoing second authentication devices.
  • the active pen collects a biometric sample (eg, a fingerprint sample) of the user.
  • Place The terminal with the touch screen verifies the biometric sample collected by the active pen according to the preset biometric template to determine whether the active pen has the right to operate the terminal with the touch screen.
  • the active pen can also verify the biometric template in the touch screen enabled terminal when the control system supports multiple users to operate the touch screen enabled terminal through the active pen.
  • Another embodiment of the present invention discloses a non-transitory computer storage medium storing computer executable instructions for performing any of the above biometric-based authentication methods.
  • biometric-based authentication method the authentication device, the non-transitory computer storage medium, and the electronic device in the above embodiments may also be implemented in other manners.
  • Computer instructions and/or data for implementing the various embodiments described above may be stored in a computer readable medium or transmitted as one or more instructions or code on a readable medium.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
  • a storage medium can be any available media that can be stored by a computer.
  • the computer readable medium can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage media or other magnetic storage device, or can be carried or stored in the form of an instruction or data structure.
  • any connection can suitably be a computer readable medium.
  • coaxial cable For example, if the software is transmitted from a website, server, or other remote source using coaxial cable, optical brazing, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then coaxial Cables, optical braces, twisted pairs, DSL, or wireless technologies such as infrared, wireless, and microwave are included in the definition of the medium to which they belong.
  • coaxial Cables, optical braces, twisted pairs, DSL, or wireless technologies such as infrared, wireless, and microwave are included in the definition of the medium to which they belong.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

Disclosed in the embodiments of the present invention are an authentication method based on biological features, an authentication apparatus, and an electronic device, relating to the technical field of communication. The method comprises: collecting a biological feature sample; quantifying feature points of the biological feature sample; calculating a key based on the quantified feature points of the biological feature sample; marking singularity points of the biological feature sample; calculating auxiliary alignment parameters on the basis of the singularity points; generating a first verification code; using the key to encrypt the first verification code; sending the auxiliary alignment parameters and the encrypted first verification code to a second authentication apparatus; and, when receiving a second verification code returned by the second authentication apparatus, comparing the second verification code and the first verification code. The embodiments of the present invention can acquire an encrypted and decrypted key using a non-advance negotiation method, and implement biological feature sample and biological feature template two-way verification.

Description

基于生物特征的认证方法、认证装置及电子设备Biometric-based authentication method, authentication device, and electronic device 技术领域Technical field
本发明公开的技术方案涉及通信技术领域,尤其涉及基于生物特征的认证方法、认证装置及电子设备。The technical solution disclosed by the present invention relates to the field of communications technologies, and in particular, to a biometric-based authentication method, an authentication device, and an electronic device.
背景技术Background technique
随着通信技术的飞速发展,通信的安全问题变得日益严峻。因此,电子设备之间建立信道时,为了确保通信安全,一般需要经过安全认证。With the rapid development of communication technology, the security of communication has become increasingly serious. Therefore, when establishing a channel between electronic devices, in order to ensure communication security, it is generally required to undergo security authentication.
人体的生物特征(例如手指的指纹、脸部的构造等)由于具备唯一性,也不容易被仿造或者盗取,所以常被应用于通信设备之间的安全认证。The biological characteristics of the human body (such as the fingerprint of a finger, the structure of a face, etc.) are often used for security authentication between communication devices because they are unique and are not easily copied or stolen.
发明人在研究本发明时,发现现有技术中:安全认证时传输的生物特征样本需要经过加密和解密;加密和解密的实现需要使用通信设备之间提前协商分享的密钥。上述技术方案至少存在以下缺陷:(1)加密和解密的密钥需要电子设备之间通过提前协商分享,致使电子设备之间的初次安全认证过程繁琐。(2)只验证用于安全认证的生物特征样本,不验证用于安全认证的生物特征模板,存在通信安全的隐患。When the inventors studied the present invention, it was found that in the prior art, biometric samples transmitted during secure authentication need to be encrypted and decrypted; the implementation of encryption and decryption requires the use of a key negotiated in advance by the communication device. The above technical solutions have at least the following drawbacks: (1) The encrypted and decrypted keys need to be shared by the electronic devices in advance negotiation, which makes the initial security authentication process between the electronic devices cumbersome. (2) Only biometric samples for security authentication are verified, and biometric templates for security authentication are not verified, and there is a hidden danger of communication security.
发明内容Summary of the invention
本发明公开的技术方案至少能够解决以下技术问题:以非提前协商的方式获得加密和解密的密钥;实现生物特征样本与生物特征模板的双向验证。The technical solution disclosed by the present invention can at least solve the following technical problems: obtaining a key for encryption and decryption in a manner of non-advance negotiation; realizing two-way verification of a biometric sample and a biometric template.
本发明的一个或者多个实施例公开了一种基于生物特征的认证方法,应用 于第一认证装置,包括:采集生物特征样本;量化所述生物特征样本的特征点;基于量化后的所述生物特征样本的特征点计算密钥;标识所述生物特征样本的奇异点;基于所述奇异点计算辅助对齐参数;生成第一验证码;使用所述密钥对所述第一验证码进行加密;向第二认证装置发送所述辅助对齐参数以及加密后的所述第一验证码;当接收到所述第二认证装置回传的第二验证码时,比对所述第二验证码与所述第一验证码,若所述第二验证码与所述第一验证码一致,则所述第一认证装置采集的生物特征样本通过认证。One or more embodiments of the present invention disclose a biometric based authentication method, application The first authentication device includes: collecting a biometric sample; quantifying feature points of the biometric sample; calculating a key based on the quantized feature points of the biometric sample; identifying a singular point of the biometric sample; The singular point calculation assists the alignment parameter; generates a first verification code; encrypts the first verification code using the key; and sends the auxiliary alignment parameter and the encrypted first verification to a second authentication device And comparing, when the second verification code returned by the second authentication device, the second verification code and the first verification code, if the second verification code and the first verification code Consistently, the biometric samples collected by the first authentication device pass the authentication.
在本发明的一个或者多个实施例中,所述量化所述生物特征样本的特征点包括:对所述生物特征样本进行信号预处理;提取经信号预处理后的生物特征样本的特征点。In one or more embodiments of the present invention, the quantizing the feature points of the biometric sample comprises: performing signal preprocessing on the biometric sample; and extracting feature points of the signal preprocessed biometric sample.
在本发明的一个或者多个实施例中,所述生物特征样本包括指纹特征样本;量化所述指纹特征样本的特征点包括:将所述指纹特征样本的特征点的纹路方向量化为等间距的N个方向,N为≧1的整数;将所述指纹特征样本的特征点相对于奇异点的位置量化为M个取值,M为≧1的整数。In one or more embodiments of the present invention, the biometric sample includes a fingerprint feature sample; and quantifying feature points of the fingerprint feature sample includes: quantifying a grain direction of feature points of the fingerprint feature sample to be equally spaced In the N directions, N is an integer of ≧1; the position of the feature point of the fingerprint feature sample is quantized into M values with respect to the position of the singular point, and M is an integer of ≧1.
在本发明的一个或者多个实施例中,所述指纹特征样本的特征点包括:纹路的端点和/或纹路的分叉点。In one or more embodiments of the present invention, the feature points of the fingerprint feature sample include: endpoints of the texture and/or bifurcation points of the texture.
在本发明的一个或者多个实施例中,所述基于量化后的所述生物特征样本的特征点计算密钥包括:将量化后的所述生物特征样本的特征点转换为数值;计算所述数值的散列值或者签名值;以所述散列值或者所述签名值为所述密钥。In one or more embodiments of the present invention, the calculating a key based on the quantized feature points of the biometric sample comprises: converting the quantized feature points of the biometric sample into a numerical value; A hash value of the value or a signature value; the hash value or the signature value is the key.
在本发明的一个或者多个实施例中,所述标识所述生物特征样本的奇异点包括:标识所述生物特征样本的中心点和/或三角点为奇异点。In one or more embodiments of the present invention, the identifying the singular point of the biometric sample comprises: identifying a center point and/or a triangle point of the biometric sample as a singular point.
在本发明的一个或者多个实施例中,所述基于所述奇异点计算辅助对齐参 数包括:基于所述奇异点,计算所述生物特征样本的特征点的分布范围;以计算得出的所述生物特征样本的特征点的分布范围为所述辅助对齐参数。In one or more embodiments of the present invention, the calculating the auxiliary alignment parameter based on the singular point The number includes: calculating a distribution range of feature points of the biometric sample based on the singular point; and calculating a distribution range of feature points of the biometric sample as the auxiliary alignment parameter.
本发明的一个或者多个实施例还公开了一种基于生物特征的认证方法,应用于第二认证装置,包括:接收第一认证装置发出的辅助对齐参数以及加密后的第一验证码;调取预置的生物特征模板,根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点;基于所述生物特征模板中对应位置的特征点计算密钥;使用所述密钥对所述加密后的第一验证码进行解密,以得到第二验证码;向所述第一认证装置发送所述第二验证码;当所述第二验证码通过所述第一认证装置的认证时,所述第二认证装置的所述生物特征模板通过认证。One or more embodiments of the present invention also disclose a biometric-based authentication method, which is applied to a second authentication device, including: receiving an auxiliary alignment parameter sent by a first authentication device and an encrypted first verification code; Obtaining a preset biometric template, acquiring a feature point of a corresponding position in the biometric template according to the auxiliary alignment parameter; calculating a key based on a feature point of a corresponding position in the biometric template; using the key pair Decrypting the encrypted first verification code to obtain a second verification code; transmitting the second verification code to the first authentication device; and when the second verification code passes the authentication of the first authentication device And the biometric template of the second authentication device passes the authentication.
在本发明的一个或者多个实施例中,所述方法还包括:量化所述生物特征模板的特征点。In one or more embodiments of the invention, the method further comprises quantifying feature points of the biometric template.
在本发明的一个或者多个实施例中,所述辅助对齐参数为:所述第一认证装置基于标识在生物特征样本的奇异点,计算得出的生物特征样本的特征点的分布范围;所述根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点包括:将所述生物特征样本的特征点的分布范围标识到所述生物特征模板;获取所述生物特征模板上所述生物特征样本的特征点的分布范围内对应位置的特征点。In one or more embodiments of the present invention, the auxiliary alignment parameter is: the first authentication device calculates a distribution range of feature points of the biometric sample based on the singular point of the biometric sample; Acquiring a feature point of the corresponding position in the biometric template according to the auxiliary alignment parameter includes: identifying a distribution range of feature points of the biometric sample to the biometric template; and acquiring the biometric template A feature point of a corresponding position within a distribution range of feature points of the biometric sample.
本发明的一个或者多个实施例还公开了一种第一认证装置,包括:第一采集模块,用于采集生物特征样本;第一量化模块,用于量化所述生物特征样本的特征点;第一密钥模块,用于基于量化后的所述生物特征样本的特征点计算密钥;第一奇异点模块,用于标识所述生物特征样本的奇异点;第一辅助对齐参数模块,用于基于所述奇异点计算辅助对齐参数;第一验证码模块,用于生成第一验证码;第一加密模块,用于使用所述密钥对所述第一验证码进行加密; 第一收发模块,用于向第二认证装置发送所述辅助对齐参数以及加密后的所述第一验证码;第一比对模块,当接收到所述第二认证装置回传的第二验证码时,比对所述第二验证码与所述第一验证码,若所述第二验证码与所述第一验证码一致,则所述第一认证装置的生物特征样本通过认证。One or more embodiments of the present invention further disclose a first authentication device, including: a first acquisition module, configured to collect biometric samples; and a first quantization module, configured to quantize feature points of the biometric samples; a first key module, configured to calculate a key based on the quantized feature points of the biometric sample; a first singular point module, configured to identify a singular point of the biometric sample; and a first auxiliary alignment parameter module, Calculating the auxiliary alignment parameter based on the singular point; the first verification code module is configured to generate a first verification code; and the first encryption module is configured to encrypt the first verification code by using the key; a first transceiver module, configured to send the auxiliary alignment parameter and the encrypted first verification code to a second authentication device; and the first comparison module receives a second verification returned by the second authentication device And determining, by the second verification code and the first verification code, if the second verification code is consistent with the first verification code, the biometric sample of the first authentication device passes the authentication.
在本发明的一个或者多个实施例中,所述第一认证装置还包括:第一预处理模块,用于对所述生物特征样本进行信号预处理;第一提取模块,用于提取经信号预处理后的生物特征样本的特征点。In one or more embodiments of the present invention, the first authentication device further includes: a first pre-processing module, configured to perform signal pre-processing on the biometric sample; and a first extraction module, configured to extract a signal Feature points of the pre-processed biometric samples.
在本发明的一个或者多个实施例中,所述第一量化模块用于量化指纹特征样本的特征点,包括:将所述指纹特征样本的特征点的纹路方向量化为等间距的N个方向,N为≧1的整数;将所述指纹特征样本的特征点相对于奇异点的位置量化为M个取值,M为≧1的整数。In one or more embodiments of the present invention, the first quantization module is configured to quantize feature points of the fingerprint feature samples, including: quantizing a texture direction of the feature points of the fingerprint feature samples into N directions of equal intervals , N is an integer of ≧1; the position of the feature point of the fingerprint feature sample is quantized to M values with respect to the position of the singular point, and M is an integer of ≧1.
在本发明的一个或者多个实施例中,所述第一密钥模块基于量化后的所述生物特征样本的特征点计算密钥包括:将量化后的所述生物特征样本的特征点转换为数值;计算所述数值的散列值或者签名值;以所述散列值或者所述签名值为所述密钥。In one or more embodiments of the present invention, the first key module calculates a key based on the quantized feature points of the biometric sample, including: converting the quantized feature points of the biometric sample into a value; a hash value or a signature value of the value is calculated; the hash value or the signature value is the key.
在本发明的一个或者多个实施例中,所述第一奇异点模块标识所述生物特征样本的奇异点包括:标识所述生物特征样本的中心点和/或三角点为奇异点。In one or more embodiments of the present invention, the first singular point module identifying the singular point of the biometric sample comprises: identifying a center point and/or a triangle point of the biometric sample as a singular point.
在本发明的一个或者多个实施例中所述第一辅助对齐参数模块基于所述奇异点计算辅助对齐参数包括:基于所述奇异点,计算所述生物特征样本的特征点的分布范围;以计算得出的所述生物特征样本的特征点的分布范围为所述辅助对齐参数。In one or more embodiments of the present invention, the first auxiliary alignment parameter module calculates an auxiliary alignment parameter based on the singular point, including: calculating a distribution range of feature points of the biometric sample based on the singular point; The calculated distribution range of the feature points of the biometric sample is the auxiliary alignment parameter.
本发明的一个或者多个实施例还公开了一种第二认证装置,包括:第二收 发模块,用于接收第一认证装置发出的辅助对齐参数以及加密后的第一验证码;第二特征点模块,用于调取预置的生物特征模板,根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点;第二密钥模块,用于基于所述生物特征模板中对应位置的特征点计算密钥;第二解密模块,用于使用所述密钥对所述加密后的第一验证码进行解密,以得到第二验证码;所述第二收发模块还用于向所述第一认证装置发送所述第二验证码。One or more embodiments of the present invention also disclose a second authentication apparatus, including: a sending module, configured to receive the auxiliary alignment parameter sent by the first authentication device and the encrypted first verification code; the second feature point module is configured to retrieve the preset biometric template, and obtain the a feature point corresponding to the location in the biometric template; a second key module, configured to calculate a key based on a feature point of the corresponding location in the biometric template; and a second decryption module, configured to encrypt the encryption using the key The first first verification code is decrypted to obtain a second verification code; the second transceiver module is further configured to send the second verification code to the first authentication device.
在本发明的一个或者多个实施例中,所述第二认证装置还包括:所述装置还包括:第二量化模块,用于量化所述生物特征模板的特征点。In one or more embodiments of the present invention, the second authenticating apparatus further includes: the apparatus further comprising: a second quantization module, configured to quantize feature points of the biometric template.
在本发明的一个或者多个实施例中,所述辅助对齐参数为:所述第一认证装置基于标识在生物特征样本的奇异点,计算得出的生物特征样本的特征点的分布范围;所述第二特征点模块根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点包括:将所述生物特征样本的特征点的分布范围标识到所述生物特征模板;获取所述生物特征模板上所述生物特征样本的特征点的分布范围内对应位置的特征点。In one or more embodiments of the present invention, the auxiliary alignment parameter is: the first authentication device calculates a distribution range of feature points of the biometric sample based on the singular point of the biometric sample; Acquiring the feature points of the corresponding positions in the biometric template according to the auxiliary alignment parameters includes: identifying a distribution range of the feature points of the biometric samples to the biometric template; acquiring the biological A feature point of a corresponding position within a distribution range of feature points of the biometric sample on the feature template.
与现有技术相比,本发明公开的技术方案主要有以下有益效果:Compared with the prior art, the technical solution disclosed by the present invention mainly has the following beneficial effects:
在本发明的实施例中,第一认证装置基于量化后的所述生物特征样本的特征点计算密钥,以计算得出的所述密钥对生成的所述第一验证码进行加密,然后将加密后的所述第一验证码以及所述辅助对齐参数发送到第二认证装置。第二认证装置根据接收的所述辅助对齐参数从预置的量化后的生物特征模板获取量化后的生物特征样本的特征点,然后根据获取的量化后的生物特征样本的特征点计算密钥。因此,第一认证装置与第二认证装置能够各自计算得出所述密钥,也即第一认证装置与第二认证装置能够以非提前协商的方式获得所述密钥。此外,由于第一认证装置发送给第二认证装置的是加密后的所述第一验证码, 而非量化后的所述生物特征样本的特征点,因而第一认证装置能够间接的认证第二认证装置是否拥有正确的生物特征模板。In an embodiment of the present invention, the first authentication device calculates a key based on the feature point of the quantized biometric sample, encrypts the first verification code generated by the calculated key pair, and then encrypts And transmitting the encrypted first verification code and the auxiliary alignment parameter to the second authentication device. The second authenticating device acquires the feature points of the quantized biometric samples from the preset quantized biometric template according to the received auxiliary alignment parameters, and then calculates a key according to the acquired feature points of the quantized biometric samples. Therefore, the first authentication device and the second authentication device can each calculate the key, that is, the first authentication device and the second authentication device can obtain the key in a non-advance negotiation manner. In addition, since the first authentication device sends the encrypted first authentication code to the second authentication device, Rather than the quantified feature points of the biometric sample, the first authentication device can indirectly authenticate whether the second authentication device has the correct biometric template.
附图说明DRAWINGS
为了更清楚地说明本发明实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其它的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention. One of ordinary skill in the art can also obtain other drawings based on these drawings without paying for inventive labor.
图1为本发明的一实施例中基于生物特征的认证方法的流程图;1 is a flowchart of a biometric-based authentication method according to an embodiment of the present invention;
图2为本发明的一实施例中量化生物特征样本的特征点的示意图;2 is a schematic diagram of quantizing feature points of a biometric sample in an embodiment of the present invention;
图3为本发明的一实施例中量化后的生物特征样本与量化后的生物特征模板在四边形区域对齐的示意图;3 is a schematic diagram showing alignment of a quantized biometric sample and a quantized biometric template in a quadrilateral region according to an embodiment of the present invention;
图4为本发明的一实施例中量化后的生物特征样本与量化后的生物特征模板在圆形区域对齐的示意图;4 is a schematic diagram showing alignment of a quantized biometric sample and a quantized biometric template in a circular area according to an embodiment of the present invention;
图5为本发明的另一实施例中电子设备X与电子设备Y进行相互认证的工作流程简图;FIG. 5 is a schematic diagram of a workflow of mutual authentication between an electronic device X and an electronic device Y according to another embodiment of the present invention; FIG.
图6为本发明的又一实施例中电子设备1与电子设备2进行相互认证的工作流程简图;FIG. 6 is a schematic diagram of a workflow for mutually authenticating an electronic device 1 and an electronic device 2 according to still another embodiment of the present invention; FIG.
图7为本发明的一实施例中基于生物特征的第一认证装置的示意图;FIG. 7 is a schematic diagram of a biometric-based first authentication device according to an embodiment of the present invention; FIG.
图8为本发明的一实施例中基于生物特征的第二认证装置的示意图;FIG. 8 is a schematic diagram of a biometric-based second authentication device according to an embodiment of the present invention; FIG.
图9为本发明的另一实施例中电子设备的示意图。 FIG. 9 is a schematic diagram of an electronic device according to another embodiment of the present invention.
具体实施方式detailed description
为了便于理解本发明,下面将参照相关附图对本发明进行更全面的描述。附图中给出了本发明的较佳实施例。但是,本发明可以以许多不同的形式来实现,并不限于本文所描述的实施例。相反地,提供这些实施例的目的是使对本发明的公开内容的理解更加透彻全面。In order to facilitate the understanding of the present invention, the present invention will be described more fully hereinafter with reference to the accompanying drawings. Preferred embodiments of the invention are shown in the drawings. However, the invention may be embodied in many different forms and is not limited to the embodiments described herein. Rather, these embodiments are provided so that the understanding of the present disclosure will be more fully understood.
除非另有定义,本文所使用的所有的技术和科学术语与属于本发明的技术领域的技术人员通常理解的含义相同。本文中在本发明的说明书中所使用的术语只是为了描述具体的实施例的目的,不是旨在于限制本发明。本发明的权利要求书、说明书以及说明书附图中的术语“第一”、“第二”、“第三”等是用于区别不同对象,而不是用于描述特定顺序。All technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. The terminology used in the description of the present invention is for the purpose of describing particular embodiments and is not intended to limit the invention. The terms "first", "second", "third" and the like in the claims, the description and the drawings of the invention are used to distinguish different objects, and are not intended to describe a particular order.
参考图1,其为本发明的一实施例中基于生物特征的认证方法的流程图。所述基于生物特征的认证方法应用于智能手机、平板电脑、笔记本电脑等其他具有无线和/或有线通信功能的电子设备。Referring to FIG. 1, a flowchart of a biometric-based authentication method in accordance with an embodiment of the present invention. The biometric-based authentication method is applied to other electronic devices having wireless and/or wired communication functions, such as smart phones, tablets, and notebook computers.
以智能手机与笔记本电脑建立蓝牙通信数据传输之前的身份认证为例,所述智能手机执行的步骤包括但不限于以下内容:For example, an identity authentication before a Bluetooth communication data transmission is established between a smartphone and a laptop, and the steps performed by the smartphone include but are not limited to the following:
步骤101:智能手机采集生物特征样本。Step 101: The smartphone collects biometric samples.
在这一阶段,智能手机采集的生物特征样本包括但不限于指纹和/或人脸和/或虹膜等。At this stage, biometric samples collected by the smartphone include, but are not limited to, fingerprints and/or faces and/or irises.
步骤102:智能手机量化所述生物特征样本的特征点;然后基于量化后的所述生物特征样本的特征点计算密钥。Step 102: The smartphone quantizes feature points of the biometric sample; and then calculates a key based on the quantized feature points of the biometric sample.
步骤103:智能手机标识所述生物特征样本的奇异点;然后基于所述奇异点 计算辅助对齐参数。Step 103: The smartphone identifies a singular point of the biometric sample; and then based on the singular point Calculate the auxiliary alignment parameters.
其中,所述辅助对齐参数用于笔记本电脑根据生物特征模板获取量化后的生物特征样本的特征点。The auxiliary alignment parameter is used by the notebook computer to acquire feature points of the quantized biometric sample according to the biometric template.
步骤104:智能手机生成第一验证码;然后使用所述密钥对所述第一验证码进行加密。Step 104: The smart phone generates a first verification code; and then encrypts the first verification code by using the key.
步骤105:智能手机向笔记本电脑发送所述辅助对齐参数以及加密后的所述第一验证码;当智能手机接收到所述笔记本电脑回传的第二验证码时,比对所述第二验证码与所述第一验证码,若所述第二验证码与所述第一验证码一致,则所述智能手机采集的生物特征样本通过认证。所述第二验证码与所述第一验证码一致可以是所述第二验证码与所述第一验证码相同。例如,所述第二验证码与所述第一验证码均为123456。Step 105: The smart phone sends the auxiliary alignment parameter and the encrypted first verification code to the laptop; and when the smart phone receives the second verification code returned by the laptop, comparing the second verification And the first verification code, if the second verification code is consistent with the first verification code, the biometric sample collected by the smart phone passes the authentication. The second verification code is consistent with the first verification code, and the second verification code is the same as the first verification code. For example, the second verification code and the first verification code are both 123456.
在本发明的一些实施例中,所述量化所述生物特征样本的特征点包括:对所述生物特征样本进行信号预处理;提取经信号预处理后的生物特征样本的特征点。其中,所述对所述生物特征样本进行信号预处理包括:去除生物特征样本中的干扰信息,加强生物特征样本中的有用信息。In some embodiments of the present invention, the quantizing the feature points of the biometric sample comprises: performing signal preprocessing on the biometric sample; and extracting feature points of the signal preprocessed biometric sample. The performing signal preprocessing on the biometric sample includes: removing interference information in the biometric sample, and enhancing useful information in the biometric sample.
在本发明的一些实施例中,所述生物特征样本包括但不限于指纹特征样本;量化所述指纹特征样本的特征点包括:将所述指纹特征样本的特征点的纹路方向量化为等间距的N个方向,N为≧1的整数;将所述指纹特征样本的特征点相对于奇异点的位置量化为M个取值,M为≧1的整数。所述指纹特征样本的特征点包括:纹路的端点和/或纹路的分叉点。所述标识所述生物特征样本的奇异点包括:标识所述生物特征样本的中心点和/或三角点为奇异点。In some embodiments of the present invention, the biometric sample includes, but is not limited to, a fingerprint feature sample; quantifying feature points of the fingerprint feature sample includes: quantifying a grain direction of feature points of the fingerprint feature sample to be equally spaced In the N directions, N is an integer of ≧1; the position of the feature point of the fingerprint feature sample is quantized into M values with respect to the position of the singular point, and M is an integer of ≧1. The feature points of the fingerprint feature sample include: endpoints of the texture and/or bifurcation points of the texture. The identifying the singular point of the biometric sample comprises: identifying a center point and/or a triangle point of the biometric sample as a singular point.
参考图2,其为本发明的一实施例中量化生物特征样本的特征点的示意图。 量化生物特征样本的特征点的过程简要概述如下:以合适的间距量化(数字化)生物特征样本的特征空间。对生物特征样本的特征点进行采样。采样得到的生物特征样本的特征点将被强制取值到离它最近的量化点上。上述量化过程能够保证对于同一用户的生物特征样本的特征点,经多次采样量化后得到的生物特征样本特征点的向量集合总是相同的。Referring to FIG. 2, a schematic diagram of quantizing feature points of a biometric sample in an embodiment of the present invention. The process of quantifying the feature points of a biometric sample is briefly summarized as follows: The feature space of the biometric sample is quantized (digitized) at an appropriate spacing. The feature points of the biometric sample are sampled. The feature points of the sampled biometric samples will be forced to the nearest quantization point. The above quantization process can ensure that the feature points of the biometric sample feature points of the same user are always the same.
所述基于量化后的所述生物特征样本的特征点计算密钥包括:将量化后的所述生物特征样本的特征点转换为数值;计算所述数值的散列值或者签名值;以所述散列值或者所述签名值为所述密钥。当所述生物特征样本为指纹特征样本时,将量化后的所述指纹特征样本的特征点转换为数值。当所述生物特征样本为人脸特征样本或者虹膜特征样本时,将量化后的人脸特征样本或者虹膜特征样本转换为数值。然后将转换后的数值计算获得散列值或者签名值。例如,将转换后的数值按照哈希(Hash)算法计算获得散列值。The calculating a feature point based on the quantized feature points of the biometric sample includes: converting the quantized feature points of the biometric sample into a numerical value; calculating a hash value or a signature value of the numerical value; The hash value or the signature value is the key. When the biometric sample is a fingerprint feature sample, the quantized feature points of the fingerprint feature sample are converted into numerical values. When the biometric sample is a face feature sample or an iris feature sample, the quantized face feature sample or the iris feature sample is converted into a numerical value. The converted value is then calculated to obtain a hash value or a signature value. For example, the converted value is calculated according to a hash algorithm to obtain a hash value.
所述基于所述奇异点计算辅助对齐参数包括:基于所述奇异点,计算所述生物特征样本的特征点的分布范围;以计算得出的所述生物特征样本的特征点的分布范围为所述辅助对齐参数。The calculating the auxiliary alignment parameter based on the singular point includes: calculating a distribution range of the feature points of the biometric sample based on the singular point; and calculating a distribution range of the feature points of the biometric sample as a Said auxiliary alignment parameters.
上述方法中的智能手机基于量化后的所述生物特征样本的特征点计算密钥,以计算得出的所述密钥对生成的所述第一验证码进行加密,然后将加密后的所述第一验证码以及所述辅助对齐参数发送到笔记本电脑。笔记本电脑根据接收的所述辅助对齐参数从预置的量化后的生物特征模板获取量化后的生物特征样本的特征点,然后根据获取的量化后的生物特征样本的特征点计算密钥。因此,智能手机与笔记本电脑能够各自计算得出所述密钥,也即智能手机与笔记本电脑能够以非提前协商的方式获得所述密钥。The smart phone in the above method calculates a key based on the feature points of the quantized biometric samples, encrypts the first verification code generated by the calculated key pair, and then encrypts the encrypted The first verification code and the auxiliary alignment parameters are sent to the laptop. The notebook computer acquires the feature points of the quantized biometric samples from the preset quantized biometric template according to the received auxiliary alignment parameters, and then calculates a key according to the acquired feature points of the quantized biometric samples. Thus, the smartphone and the laptop can each calculate the key, ie the smartphone and the laptop can obtain the key in a non-advanced negotiation.
此外,由于智能手机发送给笔记本电脑的是加密后的所述第一验证码,而 非量化后的所述生物特征样本的特征点,因而笔记本电脑只有在拥有正确的生物特征模板时才能认证智能手机采集的生物特征样本。也即,当智能手机采集到的生物特征样本正确,而笔记本电脑没有正确的生物特征模板时(或者例如该笔记本电脑不是与该智能手机匹配的合法的笔记本电脑),智能手机将接收不到所述笔记本电脑回传的第二验证码,或者智能手机接收到的第二验证码与所述第一验证码不一致。因此,智能手机也能间接的认证笔记本电脑是否拥有正确的生物特征模板。In addition, since the smart phone sends to the notebook computer, the encrypted first verification code is The non-quantized feature points of the biometric sample, so that the notebook can only authenticate the biometric samples collected by the smartphone when it has the correct biometric template. That is, when the biometric sample collected by the smartphone is correct and the laptop does not have the correct biometric template (or for example, the laptop is not a legitimate laptop that matches the smartphone), the smartphone will not receive the The second verification code returned by the laptop, or the second verification code received by the smart phone is inconsistent with the first verification code. Therefore, the smartphone can also indirectly authenticate whether the laptop has the correct biometric template.
在智能手机与笔记本电脑建立蓝牙通信数据传输之前的身份认证过程中,笔记本电脑执行的步骤包括但不限于以下内容:In the identity authentication process before the Bluetooth communication data transmission between the smartphone and the laptop is established, the steps performed by the laptop include but are not limited to the following:
步骤201:笔记本电脑接收智能手机发出的辅助对齐参数以及加密后的第一验证码。Step 201: The notebook computer receives the auxiliary alignment parameter sent by the smart phone and the encrypted first verification code.
步骤202:笔记本电脑调取预置的生物特征模板,根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点。Step 202: The notebook computer retrieves a preset biometric template, and acquires feature points of corresponding positions in the biometric template according to the auxiliary alignment parameter.
步骤203:笔记本电脑基于所述生物特征模板中对应位置的特征点计算密钥。Step 203: The notebook computer calculates a key based on feature points of corresponding positions in the biometric template.
步骤204:笔记本电脑使用所述密钥对所述加密后的第一验证码进行解密,以得到第二验证码。Step 204: The notebook computer decrypts the encrypted first verification code by using the key to obtain a second verification code.
步骤205:笔记本电脑向所述智能手机发送所述第二验证码。Step 205: The notebook computer sends the second verification code to the smart phone.
当所述第二验证码通过所述智能手机的认证时,所述笔记本电脑的所述生物特征模板通过认证。When the second verification code passes the authentication of the smart phone, the biometric template of the notebook computer passes the authentication.
在本发明的一些实施例中,所述方法还包括:量化所述生物特征模板的特征点。 In some embodiments of the invention, the method further comprises quantifying feature points of the biometric template.
在本发明的一些实施例中,所述辅助对齐参数为:所述第一认证装置基于标识在生物特征样本的奇异点,计算得出的生物特征样本的特征点的分布范围;所述根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点包括:将所述生物特征样本的特征点的分布范围标识到所述生物特征模板;获取所述生物特征模板上所述生物特征样本的特征点的分布范围内对应位置的特征点。In some embodiments of the present invention, the auxiliary alignment parameter is: the first authentication device calculates a distribution range of feature points of the biometric sample based on the singular point of the biometric sample; Acquiring the feature points of the corresponding positions in the biometric template includes: identifying a distribution range of feature points of the biometric sample to the biometric template; and acquiring the biometric sample on the biometric template Feature points of corresponding locations within the distribution of feature points.
在本发明的一些实施例中,上述将所述生物特征样本的特征点的分布范围标识到所述生物特征模板包括:将量化后的生物特征样本与量化后的生物特征模板进行对齐。In some embodiments of the present invention, the identifying the distribution range of the feature points of the biometric sample to the biometric template comprises: aligning the quantized biometric sample with the quantized biometric template.
参考图3,其为本发明的一实施例中量化后的生物特征样本与量化后的生物特征模板在四边形区域对齐的示意图。参考图4,其为本发明的一实施例中量化后的生物特征样本与量化后的生物特征模板在圆形区域对齐的示意图。所述量化后的生物特征样本与所述量化后的生物特征模板对齐的过程,简要概述如下:识别所述量化后的生物特征样本的奇异点,将所述奇异点标识到所述量化后的生物特征模板。根据辅助对齐参数,计算量化后的生物特征样本的特征点,并将所述特征点标识到所述量化后的生物特征模板。例如,图3中所展示的,将量化后的生物特征样本的奇异点和特征点标识到abcd区域。还可以是图4中所展示的,将量化后的生物特征样本的奇异点和特征点标识到半径为R的圆形区域。Referring to FIG. 3, it is a schematic diagram of a quantized biometric sample aligned with a quantized biometric template in a quadrilateral region according to an embodiment of the invention. Referring to FIG. 4, it is a schematic diagram of a quantized biometric sample aligned with a quantized biometric template in a circular area according to an embodiment of the invention. The process of aligning the quantized biometric sample with the quantized biometric template is briefly summarized as follows: identifying a singular point of the quantized biometric sample, and identifying the singular point to the quantized Biometric template. The feature points of the quantized biometric samples are calculated according to the auxiliary alignment parameters, and the feature points are identified to the quantized biometric template. For example, as shown in FIG. 3, the singular points and feature points of the quantized biometric samples are identified to the abcd region. It is also possible to identify the singular points and feature points of the quantized biometric samples to a circular area of radius R as shown in FIG.
以上量化后的生物特征样本与量化后的生物特征模板对齐的过程,通过在量化后的生物特征模板标识所述量化后的生物特征样本的奇异点以及所述量化后的生物特征样本的特征点,因而能够将量化后的生物特征样本与量化后的生物特征模板对齐。The process of aligning the quantized biometric sample with the quantized biometric template, identifying the singular point of the quantized biometric sample and the feature point of the quantized biometric sample by using the quantized biometric template Thus, the quantized biometric sample can be aligned with the quantized biometric template.
由于上述方法中的笔记本电脑没有直接获得量化后的生物特征样本的特征 点,而是根据接收到的所述辅助对齐参数,从预置的所述量化后的生物特征模板获取量化后的生物特征样本的特征点。所以如果上述方法中的笔记本电脑没有正确的量化后的生物特征模板,则不能获取所述量化后的生物特征样本的特征点,也就不能计算得出所述密钥。所以对于智能手机而言,在与笔记本电脑建立蓝牙通信数据传输之前的身份认证过程中,如果笔记本电脑没有返回正确的第二验证码,那么所述笔记本电脑将很有可能没有正确的生物特征模板。智能手机的持有者将可以操作智能手机拒绝与所述笔记本电脑建立蓝牙通信。Since the notebook computer in the above method does not directly obtain the characteristics of the quantized biometric sample Point, but acquiring the feature points of the quantized biometric samples from the preset quantized biometric template according to the received auxiliary alignment parameters. Therefore, if the notebook computer in the above method does not have the correct quantized biometric template, the feature points of the quantized biometric sample cannot be obtained, and the key cannot be calculated. So for a smart phone, in the identity authentication process before the Bluetooth communication data transmission with the laptop, if the laptop does not return the correct second verification code, the laptop will most likely not have the correct biometric template. . The holder of the smartphone will be able to operate the smartphone to refuse to establish Bluetooth communication with the laptop.
为了将上述实施例中所述的基于生物特征的认证方法解释得更为清楚,下面将举例说明。In order to explain the biometric-based authentication method described in the above embodiments more clearly, the following will be exemplified.
参考图5,其为本发明的另一实施例中电子设备X与电子设备Y进行相互认证的工作流程简图。假定电子设备X需要向电子设备Y转入一定数额的货币,为了交易的安全性,电子设备X与电子设备Y需要进行交易安全认证。Referring to FIG. 5, it is a schematic diagram of a workflow for mutual authentication between an electronic device X and an electronic device Y according to another embodiment of the present invention. Assuming that the electronic device X needs to transfer a certain amount of money to the electronic device Y, the electronic device X and the electronic device Y need to perform transaction security authentication for the security of the transaction.
其中,电子设备X通过采集等步骤获得了量化后的生物特征样本,电子设备Y预置有量化后的生物特征模板。The electronic device X obtains the quantized biometric sample by the steps of collecting and the like, and the electronic device Y presets the quantized biometric template.
电子设备X通过基于量化后的所述生物特征样本的特征点计算密钥,然后生成第一验证码并使用所述密钥对生成的所述第一验证码进行加密,计算基于所述奇异点的辅助对齐参数。电子设备X将所述辅助对齐参数以及加密后的所述第一验证码发送给电子设备Y。The electronic device X calculates a key based on the quantized feature points of the biometric sample, and then generates a first verification code and encrypts the generated first verification code using the key, and calculates a singularity based on the singularity Auxiliary alignment parameters. The electronic device X transmits the auxiliary alignment parameter and the encrypted first verification code to the electronic device Y.
电子设备Y调取量化后的生物特征模板,根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点。然后基于所述生物特征模板中对应位置的特征点计算密钥。电子设备Y使用所述密钥对所述加密后的所述第一验证码进行解密,得到第二验证码。 The electronic device Y retrieves the quantized biometric template, and acquires feature points of corresponding positions in the biometric template according to the auxiliary alignment parameter. A key is then calculated based on feature points of corresponding locations in the biometric template. The electronic device Y decrypts the encrypted first verification code by using the key to obtain a second verification code.
电子设备Y将所述第二验证码发送给电子设备X。电子设备X比对所述第二验证码与所述第一验证码。当所述第二验证码与所述第一验证码一致时,电子设备X采集的所述生物特征样本通过了电子设备Y的认证。此外,电子设备X也间接的认证了电子设备Y是否拥有正确的生物特征模板,有利于提高电子设备X与电子设备Y之间的交易安全性。The electronic device Y transmits the second verification code to the electronic device X. The electronic device X compares the second verification code with the first verification code. When the second verification code is consistent with the first verification code, the biometric sample collected by the electronic device X passes the authentication of the electronic device Y. In addition, the electronic device X also indirectly verifies whether the electronic device Y has the correct biometric template, which is beneficial to improve transaction security between the electronic device X and the electronic device Y.
参考图6,其为本发明的又一实施例中电子设备1与电子设备2进行相互认证的工作流程简图。假定电子设备1既可以从电子设备2拷贝一份机密文件,又可以将一份机密文件存入电子设备2,此时为了信息的安全,电子设备1与电子设备2需要进行相互的认证。Referring to FIG. 6, which is a schematic diagram of a workflow for mutually authenticating an electronic device 1 and an electronic device 2 according to still another embodiment of the present invention. It is assumed that the electronic device 1 can copy a confidential file from the electronic device 2 and store a confidential file into the electronic device 2. At this time, for the security of the information, the electronic device 1 and the electronic device 2 need to perform mutual authentication.
其中,电子设备2通过采集等步骤获得了量化后的生物特征样本,电子设备1预置有量化后的生物特征模板。The electronic device 2 obtains the quantized biometric sample by the steps of collecting and the like, and the electronic device 1 presets the quantized biometric template.
基于上述各个实施例的描述,电子设备1与电子设备2进行相互认证的工作流程简要概述如下:Based on the description of the various embodiments described above, the workflow of mutual authentication between the electronic device 1 and the electronic device 2 is briefly summarized as follows:
假定电子设备2进行了上述实施例中的有关步骤之后得到了验证码B1和加密后的验证码B2。电子设备2将辅助对齐参数以及加密后的验证码B2发送给电子设备1。电子设备1对加密后的验证码B2进行解密,得到了验证码B3,然后向电子设备2反馈验证码B3。电子设备2比对验证码B3是否与验证码B1一致,当验证码B3与验证码B1一致时,电子设备2的量化后的生物特征样本通过验证。It is assumed that the electronic device 2 obtains the verification code B1 and the encrypted verification code B2 after performing the relevant steps in the above embodiment. The electronic device 2 transmits the auxiliary alignment parameter and the encrypted verification code B2 to the electronic device 1. The electronic device 1 decrypts the encrypted verification code B2, obtains the verification code B3, and then feeds back the verification code B3 to the electronic device 2. The electronic device 2 compares the verification code B3 with the verification code B1. When the verification code B3 coincides with the verification code B1, the quantized biometric sample of the electronic device 2 passes the verification.
虽然电子设备2接收到了电子设备1反馈的验证码B3,且验证码B3与验证码B1一致,但是电子设备1获得验证码B3的过程并非一定是符合预设的,因此有必要电子设备1主动发起对量化后的生物特征模板的认证。其过程简要概述如下: Although the electronic device 2 receives the verification code B3 fed back by the electronic device 1, and the verification code B3 is consistent with the verification code B1, the process of obtaining the verification code B3 by the electronic device 1 is not necessarily consistent with the preset, so it is necessary for the electronic device 1 to take the initiative. Initiate authentication of the quantified biometric template. A brief overview of the process is as follows:
假定电子设备1进行了上述实施例中的有关生步骤之后得到了验证码A1和加密后的验证码A2。电子设备1向电子设备2发送加密后的验证码A2。电子设备2对加密后的验证码A2进行解密,得到了验证码A3,然后向电子设备1反馈验证码A3。电子设备1比对验证码A3是否与验证码A1一致,当验证码A3与验证码A1一致时,电子设备1的量化后的生物特征模板通过验证。It is assumed that the electronic device 1 obtains the verification code A1 and the encrypted verification code A2 after performing the relevant steps in the above embodiment. The electronic device 1 transmits the encrypted verification code A2 to the electronic device 2. The electronic device 2 decrypts the encrypted verification code A2, obtains the verification code A3, and then feeds back the verification code A3 to the electronic device 1. The electronic device 1 compares the verification code A3 with the verification code A1. When the verification code A3 coincides with the verification code A1, the quantized biometric template of the electronic device 1 passes the verification.
依据上述实施例中的基于生物特征的认证方法,电子设备1在没有所述量化后的生物特征模板的情况下将不能生成新的密钥,也即电子设备1如果没有所述量化后的生物特征模板将不能得到有效的所述加密后的验证码A2。所以上述实施例中电子设备1与电子设备2进行相互认证的方法提高了电子设备1与电子设备2之间的通信安全。According to the biometric-based authentication method in the above embodiment, the electronic device 1 will not be able to generate a new key without the quantized biometric template, that is, if the electronic device 1 does not have the quantized creature The feature template will not be able to obtain the valid verification code A2. Therefore, the method for mutual authentication between the electronic device 1 and the electronic device 2 in the above embodiment improves the communication security between the electronic device 1 and the electronic device 2.
参考图7,其为本发明的另一实施例中基于生物特征的第一认证装置的示意图。Referring to FIG. 7, which is a schematic diagram of a biometric-based first authentication device in another embodiment of the present invention.
所述基于生物特征的第一认证装置包括:The biometric-based first authentication device includes:
第一采集模块701,用于采集生物特征样本;The first collection module 701 is configured to collect biometric samples;
第一量化模块702,用于量化所述生物特征样本的特征点;a first quantization module 702, configured to quantize feature points of the biometric sample;
第一密钥模块703,用于基于量化后的所述生物特征样本的特征点计算密钥;a first key module 703, configured to calculate a key based on the quantized feature points of the biometric sample;
第一奇异点模块704,用于标识所述生物特征样本的奇异点;a first singular point module 704, configured to identify a singular point of the biometric sample;
第一辅助对齐参数模块705,用于基于所述奇异点计算辅助对齐参数;a first auxiliary alignment parameter module 705, configured to calculate an auxiliary alignment parameter based on the singular point;
第一验证码模块706,用于生成第一验证码;a first verification code module 706, configured to generate a first verification code;
第一加密模块707,用于使用所述密钥对所述第一验证码进行加密;a first encryption module 707, configured to encrypt the first verification code by using the key;
第一收发模块708,用于向第二认证装置发送所述辅助对齐参数以及加密后 的所述第一验证码;The first transceiver module 708 is configured to send the auxiliary alignment parameter to the second authentication device and after the encryption The first verification code;
第一比对模块709,用于当接收到所述第二认证装置回传的第二验证码时,比对所述第二验证码与所述第一验证码,若所述第二验证码与所述第一验证码一致,则所述第一认证装置采集的生物特征样本通过认证。a first comparison module 709, configured to compare the second verification code with the first verification code, if the second verification code is received when the second verification code returned by the second authentication device is received Consistent with the first verification code, the biometric samples collected by the first authentication device pass the authentication.
所述装置还包括:第一预处理模块,用于对所述生物特征样本进行信号预处理;第一提取模块,用于提取经信号预处理后的生物特征样本的特征点。The device further includes: a first pre-processing module for performing signal pre-processing on the biometric sample; and a first extracting module, configured to extract feature points of the signal-preprocessed biometric sample.
所述第一量化模块702用于量化指纹特征样本的特征点,包括:将所述指纹特征样本的特征点的纹路方向量化为等间距的N个方向,N为≧1的整数;将所述指纹特征样本的特征点相对于奇异点的位置量化为M个取值,M为≧1的整数。The first quantization module 702 is configured to quantize the feature points of the fingerprint feature samples, including: quantizing the texture direction of the feature points of the fingerprint feature samples into N directions of equal intervals, where N is an integer of ≧1; The position of the feature point of the fingerprint feature sample is quantized into M values with respect to the position of the singular point, and M is an integer of ≧1.
所述第一密钥模块703基于量化后的所述生物特征样本的特征点计算密钥包括:将量化后的所述生物特征样本的特征点转换为数值;计算所述数值的散列值或者签名值;以所述散列值或者所述签名值为所述密钥。The calculating, by the first key module 703, the key based on the quantized feature points of the biometric sample includes: converting the quantized feature points of the biometric sample into a numerical value; calculating a hash value of the numerical value or a signature value; the key is the hash value or the signature value.
所述第一奇异点模块704标识所述生物特征样本的奇异点包括:标识所述生物特征样本的中心点和/或三角点为奇异点。The first singular point module 704 identifying the singular point of the biometric sample includes: identifying a center point and/or a triangle point of the biometric sample as a singular point.
所述第一辅助对齐参数模块705基于所述奇异点计算辅助对齐参数包括:基于所述奇异点,计算所述生物特征样本的特征点的分布范围;以计算得出的所述生物特征样本的特征点的分布范围为所述辅助对齐参数。The calculating, by the first auxiliary alignment parameter module 705, the auxiliary alignment parameter based on the singular point includes: calculating a distribution range of feature points of the biometric sample based on the singular point; and calculating the calculated biometric sample The distribution range of the feature points is the auxiliary alignment parameter.
所述基于生物特征的第一认证装置与所述基于生物特征的第二认证装置相互配合实施上述方法实施例中的基于生物特征的认证方法,有利于提高通信安全。The biometric-based first authentication device and the biometric-based second authentication device cooperate to implement the biometric-based authentication method in the foregoing method embodiments, which is beneficial to improving communication security.
参考图8,其为本发明的另一实施例中基于生物特征的第二认证装置的示意 图。所述基于生物特征的第二认证装置包括:Referring to FIG. 8, which is a schematic diagram of a biometric-based second authentication device according to another embodiment of the present invention. Figure. The biometric-based second authentication device includes:
第二收发模块801,用于接收第一认证装置发出的辅助对齐参数以及加密后的第一验证码;The second transceiver module 801 is configured to receive the auxiliary alignment parameter sent by the first authentication device and the encrypted first verification code;
第二特征点模块802,用于调取预置的生物特征模板,根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点;a second feature point module 802, configured to retrieve a preset biometric template, and acquire a feature point of a corresponding position in the biometric template according to the auxiliary alignment parameter;
第二密钥模块803,用于基于所述生物特征模板中对应位置的特征点计算密钥;a second key module 803, configured to calculate a key based on a feature point of a corresponding location in the biometric template;
第二解密模块804,用于使用所述密钥对所述加密后的第一验证码进行解密,当解密成功时,以得到第二验证码;a second decryption module 804, configured to decrypt the encrypted first verification code by using the key, and when the decryption is successful, to obtain a second verification code;
所述第二收发模块801还用于向所述第一认证装置发送所述第二验证码。The second transceiver module 801 is further configured to send the second verification code to the first authentication device.
所述装置还包括:第二量化模块,用于量化所述生物特征模板的特征点。The apparatus also includes a second quantization module for quantizing feature points of the biometric template.
所述辅助对齐参数为:所述第一认证装置基于标识在生物特征样本的奇异点,计算得出的生物特征样本的特征点的分布范围;所述第二特征点模块802根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点包括:将所述生物特征样本的特征点的分布范围标识到所述生物特征模板;获取所述生物特征模板上所述生物特征样本的特征点的分布范围内对应位置的特征点。The auxiliary alignment parameter is: the first authentication device calculates a distribution range of feature points of the biometric sample based on the singular point of the biometric sample; the second feature point module 802 is configured according to the auxiliary alignment Obtaining a feature point of the corresponding position in the biometric template includes: identifying a distribution range of feature points of the biometric sample to the biometric template; and acquiring feature points of the biometric sample on the biometric template The feature points of the corresponding locations within the distribution range.
所述基于生物特征的第二认证装置与所述基于生物特征的第一认证装置相互配合实施上述方法实施例中的基于生物特征的认证方法,有利于提高通信安全。The biometric-based second authentication device and the biometric-based first authentication device cooperate to implement the biometric-based authentication method in the foregoing method embodiments, which is beneficial to improving communication security.
参考图9,为本发明的另一实施例中电子设备的示意图。Referring to FIG. 9, a schematic diagram of an electronic device in another embodiment of the present invention.
一种电子设备,包括但不限于智能手机、平板电脑、笔记本电脑等其他具有无线和/或有线通信功能的电子设备,用于实现上述任意一种第一认证装置执 行的基于生物特征的认证方法。An electronic device, including but not limited to a smart phone, a tablet computer, a notebook computer, and the like, having other wireless and/or wired communication functions, for implementing any of the above-mentioned first authentication devices A biometric-based authentication method.
所述电子设备包括:至少一个第一处理器901,以及至少一个第一存储器902;所述至少一个第一处理器901与所述至少一个第一存储器902通信连接。本实施例中,图9所示的所述至少一个第一处理器901与所述至少一个第一存储器902通过第一总线903通信连接。The electronic device includes: at least one first processor 901, and at least one first memory 902; the at least one first processor 901 is communicatively coupled to the at least one first memory 902. In this embodiment, the at least one first processor 901 shown in FIG. 9 is communicably connected to the at least one first memory 902 via a first bus 903.
所述至少一个第一存储器902存储有可被所述至少一个第一处理器901执行的指令,以使所述电子设备用于执行上述任意一种第一认证装置执行的基于生物特征的认证方法。The at least one first memory 902 stores instructions executable by the at least one first processor 901 to cause the electronic device to perform a biometric-based authentication method performed by any one of the first authentication devices described above .
本发明的另一实施例公开另一种电子设备,用于实现上述任意一种第二认证装置执行的基于生物特征的认证方法。所述电子设备包括但不限于服务器、智能手机、平板电脑、笔记本电脑等其他具有无线和/或有线通信功能的电子设备。Another embodiment of the present invention discloses another electronic device for implementing a biometric-based authentication method performed by any of the above-described second authentication devices. The electronic device includes, but is not limited to, a server, a smart phone, a tablet, a notebook computer, and the like, and other electronic devices having wireless and/or wired communication functions.
所述电子设备包括:至少一个第二处理器,以及至少一个第二存储器;所述至少一个第二处理器与所述至少一个第二存储器通信连接。The electronic device includes: at least one second processor, and at least one second memory; the at least one second processor communicatively coupled to the at least one second memory.
所述至少一个第二存储器存储有可被所述至少一个第二处理器执行的指令,以使所述电子设备用于执行上述任意一种第二认证装置执行的基于生物特征的认证方法。The at least one second memory stores instructions executable by the at least one second processor to cause the electronic device to perform a biometric-based authentication method performed by any one of the second authentication devices described above.
本发明的另一实施例公开一种由主动笔和带有触摸屏的终端组成的操控***。其中,所述主动笔可执行上述任意一种第一认证装置执行的基于生物特征的认证方法,所述带有触摸屏的终端可执行上述任意一种第二认证装置执行的基于生物特征的认证方法。当用户需要使用所述主动笔对所述带有触摸屏的终端进行操控时,所述主动笔采集用户的生物特征样本(例如,指纹样本)。所 述带有触摸屏的终端依据预置的生物特征模板验证所述主动笔采集的生物特征样本,以确定所述主动笔是否有对所述带有触摸屏的终端进行操作的权限。当所述操控***支持多个用户通过所述主动笔对所述带有触摸屏的终端进行操作时,所述主动笔还可以验证所述带有触摸屏的终端中的生物特征模板。Another embodiment of the present invention discloses a steering system composed of an active pen and a terminal with a touch screen. The active pen may perform a biometric-based authentication method performed by any one of the first authentication devices, and the terminal with a touch screen may perform a biometric-based authentication method performed by any one of the foregoing second authentication devices. . When the user needs to manipulate the touch screen-equipped terminal using the active pen, the active pen collects a biometric sample (eg, a fingerprint sample) of the user. Place The terminal with the touch screen verifies the biometric sample collected by the active pen according to the preset biometric template to determine whether the active pen has the right to operate the terminal with the touch screen. The active pen can also verify the biometric template in the touch screen enabled terminal when the control system supports multiple users to operate the touch screen enabled terminal through the active pen.
本发明的另一实施例公开了一种非暂态计算机存储介质,所述计算机存储介质存储有计算机可执行指令,所述计算机可执行指令用于执行上述任意一种基于生物特征的认证方法。Another embodiment of the present invention discloses a non-transitory computer storage medium storing computer executable instructions for performing any of the above biometric-based authentication methods.
本领域普通技术人员应当理解到,上述实施例中的基于生物特征的认证方法、认证装置、非暂态计算机存储介质和电子设备等还可以通过其他方式实现。It should be understood by those skilled in the art that the biometric-based authentication method, the authentication device, the non-transitory computer storage medium, and the electronic device in the above embodiments may also be implemented in other manners.
当使用到软件实现时,可以将实现上述各个实施例的计算机指令和/或数据存储在计算机可读介质中或作为可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是计算机能够存储的任何可用介质。以此为例但不限于次:计算机可读介质可以包括RAM、ROM、EEPROM、CD-ROM或其他光盘存储、磁盘存储介质或者其他磁存储设备、或者能够携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质。此外,任何连接可以适当的成为计算机可读介质。例如,如果软件是使用同轴电缆、光钎光缆、双绞线、数字用户线(DSL)或者诸如红外线、无线电和微波之类的无线技术从网站、服务器或者其他远程源传输的,那么同轴电缆、光钎光缆、双绞线、DSL或者诸如红外线、无线和微波之类的无线技术包括在所属介质的定义中。When implemented in a software implementation, computer instructions and/or data for implementing the various embodiments described above may be stored in a computer readable medium or transmitted as one or more instructions or code on a readable medium. Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another. A storage medium can be any available media that can be stored by a computer. By way of example and not limitation, the computer readable medium can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage media or other magnetic storage device, or can be carried or stored in the form of an instruction or data structure. The desired program code and any other medium that can be accessed by the computer. Moreover, any connection can suitably be a computer readable medium. For example, if the software is transmitted from a website, server, or other remote source using coaxial cable, optical brazing, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then coaxial Cables, optical braces, twisted pairs, DSL, or wireless technologies such as infrared, wireless, and microwave are included in the definition of the medium to which they belong.
最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制。尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员 应当理解,其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换。而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。 Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and are not limited thereto. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art It should be understood that the technical solutions described in the foregoing embodiments may be modified, or some of the technical features may be equivalently replaced. The modifications and substitutions of the present invention do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (19)

  1. 一种基于生物特征的认证方法,应用于第一认证装置,其特征在于,包括:A biometric-based authentication method, applied to a first authentication device, comprising:
    采集生物特征样本;Collecting biometric samples;
    量化所述生物特征样本的特征点;Quantifying feature points of the biometric sample;
    基于量化后的所述生物特征样本的特征点计算密钥;Calculating a key based on the quantized feature points of the biometric sample;
    标识所述生物特征样本的奇异点;Identifying a singular point of the biometric sample;
    基于所述奇异点计算辅助对齐参数;Calculating an auxiliary alignment parameter based on the singular point;
    生成第一验证码;Generating a first verification code;
    使用所述密钥对所述第一验证码进行加密;Encrypting the first verification code using the key;
    向第二认证装置发送所述辅助对齐参数以及加密后的所述第一验证码;Sending the auxiliary alignment parameter and the encrypted first verification code to the second authentication device;
    当接收到所述第二认证装置回传的第二验证码时,比对所述第二验证码与所述第一验证码,若所述第二验证码与所述第一验证码一致,则所述第一认证装置采集的生物特征样本通过认证。When receiving the second verification code returned by the second authentication device, comparing the second verification code with the first verification code, if the second verification code is consistent with the first verification code, Then, the biometric sample collected by the first authentication device passes the authentication.
  2. 根据权利要求1所述基于生物特征的认证方法,其特征在于,所述量化所述生物特征样本的特征点包括:对所述生物特征样本进行信号预处理;提取经信号预处理后的生物特征样本的特征点。The biometric-based authentication method according to claim 1, wherein the quantifying feature points of the biometric sample comprises: performing signal preprocessing on the biometric sample; and extracting biometrics after signal preprocessing The feature points of the sample.
  3. 根据权利要求1或2所述基于生物特征的认证方法,其特征在于,所述生物特征样本包括指纹特征样本;The biometric-based authentication method according to claim 1 or 2, wherein the biometric sample comprises a fingerprint feature sample;
    量化所述指纹特征样本的特征点包括:Quantifying feature points of the fingerprint feature sample includes:
    将所述指纹特征样本的特征点的纹路方向量化为等间距的N个方向,N为≧1的整数;And quantizing the texture direction of the feature points of the fingerprint feature sample into N directions of equal intervals, where N is an integer of ≧1;
    将所述指纹特征样本的特征点相对于奇异点的位置量化为M个取值,M为 ≧1的整数。And quantizing the position of the feature point of the fingerprint feature sample relative to the position of the singular point into M values, where M is An integer of ≧1.
  4. 根据权利要求3所述基于生物特征的认证方法,其特征在于,所述指纹特征样本的特征点包括:纹路的端点和/或纹路的分叉点。The biometric-based authentication method according to claim 3, wherein the feature points of the fingerprint feature sample comprise: end points of the texture and/or bifurcation points of the texture.
  5. 根据权利要求1或2所述基于生物特征的认证方法,其特征在于,所述基于量化后的所述生物特征样本的特征点计算密钥包括:The biometric-based authentication method according to claim 1 or 2, wherein the calculating a feature point based on the quantized feature points of the biometric sample comprises:
    将量化后的所述生物特征样本的特征点转换为数值;Converting the quantized feature points of the biometric sample into numerical values;
    计算所述数值的散列值或者签名值;Calculating a hash value or a signature value of the value;
    以所述散列值或者所述签名值为所述密钥。The hash value or the signature value is the key.
  6. 根据权利要求1或2所述基于生物特征的认证方法,其特征在于,所述标识所述生物特征样本的奇异点包括:The biometric-based authentication method according to claim 1 or 2, wherein the singular point identifying the biometric sample comprises:
    标识所述生物特征样本的中心点和/或三角点为奇异点。The center point and/or the triangle point identifying the biometric sample is a singular point.
  7. 根据权利要求1或2所述基于生物特征的认证方法,其特征在于,所述基于所述奇异点计算辅助对齐参数包括:The biometric-based authentication method according to claim 1 or 2, wherein the calculating the auxiliary alignment parameter based on the singular point comprises:
    基于所述奇异点,计算所述生物特征样本的特征点的分布范围;Calculating a distribution range of feature points of the biometric sample based on the singular point;
    以计算得出的所述生物特征样本的特征点的分布范围为所述辅助对齐参数。The calculated distribution range of the feature points of the biometric sample is the auxiliary alignment parameter.
  8. 一种基于生物特征的认证方法,应用于第二认证装置,其特征在于,包括:A biometric-based authentication method, applied to a second authentication device, comprising:
    接收第一认证装置发出的辅助对齐参数以及加密后的第一验证码;Receiving an auxiliary alignment parameter sent by the first authentication device and the encrypted first verification code;
    调取预置的生物特征模板,根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点;And acquiring a preset biometric template, and acquiring a feature point of the corresponding position in the biometric template according to the auxiliary alignment parameter;
    基于所述生物特征模板中对应位置的特征点计算密钥; Calculating a key based on feature points of corresponding locations in the biometric template;
    使用所述密钥对所述加密后的第一验证码进行解密,以得到第二验证码;Decrypting the encrypted first verification code by using the key to obtain a second verification code;
    向所述第一认证装置发送所述第二验证码;Sending the second verification code to the first authentication device;
    当所述第二验证码通过所述第一认证装置的认证时,所述第二认证装置的所述生物特征模板通过认证。When the second verification code passes the authentication of the first authentication device, the biometric template of the second authentication device passes the authentication.
  9. 根据权利要求8所述基于生物特征的认证方法,其特征在于:A biometric-based authentication method according to claim 8, wherein:
    所述辅助对齐参数为:所述第一认证装置基于标识在生物特征样本的奇异点,计算得出的生物特征样本的特征点的分布范围;The auxiliary alignment parameter is: the first authentication device calculates a distribution range of feature points of the biometric sample based on the singular point of the biometric sample;
    所述根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点包括:将所述生物特征样本的特征点的分布范围标识到所述生物特征模板;获取所述生物特征模板上所述生物特征样本的特征点的分布范围内对应位置的特征点。And acquiring, according to the auxiliary alignment parameter, the feature point of the corresponding position in the biometric template includes: identifying a distribution range of feature points of the biometric sample to the biometric template; and acquiring the biometric template A feature point of a corresponding position within a distribution range of feature points of the biometric sample.
  10. 一种第一认证装置,其特征在于,包括:A first authentication device, comprising:
    第一采集模块,用于采集生物特征样本;a first acquisition module, configured to collect biometric samples;
    第一量化模块,用于量化所述生物特征样本的特征点;a first quantization module, configured to quantize feature points of the biometric sample;
    第一密钥模块,用于基于量化后的所述生物特征样本的特征点计算密钥;a first key module, configured to calculate a key based on the quantized feature points of the biometric sample;
    第一奇异点模块,用于标识所述生物特征样本的奇异点;a first singular point module for identifying a singular point of the biometric sample;
    第一辅助对齐参数模块,用于基于所述奇异点计算辅助对齐参数;a first auxiliary alignment parameter module, configured to calculate an auxiliary alignment parameter based on the singular point;
    第一验证码模块,用于生成第一验证码;a first verification code module, configured to generate a first verification code;
    第一加密模块,用于使用所述密钥对所述第一验证码进行加密;a first encryption module, configured to encrypt the first verification code by using the key;
    第一收发模块,用于向第二认证装置发送所述辅助对齐参数以及加密后的所述第一验证码;a first transceiver module, configured to send the auxiliary alignment parameter and the encrypted first verification code to the second authentication device;
    第一比对模块,当接收到所述第二认证装置回传的第二验证码时,比对所 述第二验证码与所述第一验证码,若所述第二验证码与所述第一验证码一致,则所述第一认证装置采集的生物特征样本通过认证。a first comparison module, when receiving the second verification code returned by the second authentication device, the comparison And the second verification code and the first verification code, if the second verification code is consistent with the first verification code, the biometric sample collected by the first authentication device passes the authentication.
  11. 根据权利要求10所述的第一认证装置,其特征在于,所述装置还包括:The first authentication device according to claim 10, wherein the device further comprises:
    第一预处理模块,用于对所述生物特征样本进行信号预处理;a first pre-processing module, configured to perform signal pre-processing on the biometric sample;
    第一提取模块,用于提取经信号预处理后的生物特征样本的特征点。The first extraction module is configured to extract feature points of the signal-preprocessed biometric samples.
  12. 根据权利要求10或11所述的第一认证装置,其特征在于,所述第一量化模块用于量化指纹特征样本的特征点,包括:The first authentication device according to claim 10 or 11, wherein the first quantization module is configured to quantize feature points of the fingerprint feature samples, including:
    将所述指纹特征样本的特征点的纹路方向量化为等间距的N个方向,N为≧1的整数;And quantizing the texture direction of the feature points of the fingerprint feature sample into N directions of equal intervals, where N is an integer of ≧1;
    将所述指纹特征样本的特征点相对于奇异点的位置量化为M个取值,M为≧1的整数。The position of the feature point of the fingerprint feature sample relative to the position of the singular point is quantized into M values, and M is an integer of ≧1.
  13. 根据权利要求10或11所述的第一认证装置,其特征在于,所述第一密钥模块基于量化后的所述生物特征样本的特征点计算密钥包括:The first authentication device according to claim 10 or 11, wherein the calculating, by the first key module, the key based on the quantized feature points of the biometric sample comprises:
    将量化后的所述生物特征样本的特征点转换为数值;Converting the quantized feature points of the biometric sample into numerical values;
    计算所述数值的散列值或者签名值;Calculating a hash value or a signature value of the value;
    以所述散列值或者所述签名值为所述密钥。The hash value or the signature value is the key.
  14. 根据权利要求10或11所述的第一认证装置,其特征在于,所述第一奇异点模块标识所述生物特征样本的奇异点包括:The first authentication device according to claim 10 or 11, wherein the first singular point module identifies the singular point of the biometric sample comprises:
    标识所述生物特征样本的中心点和/或三角点为奇异点。The center point and/or the triangle point identifying the biometric sample is a singular point.
  15. 根据权利要求10或11所述的第一认证装置,其特征在于,所述第一辅助对齐参数模块基于所述奇异点计算辅助对齐参数包括:The first authentication device according to claim 10 or 11, wherein the first auxiliary alignment parameter module calculates the auxiliary alignment parameter based on the singular point:
    基于所述奇异点,计算所述生物特征样本的特征点的分布范围; Calculating a distribution range of feature points of the biometric sample based on the singular point;
    以计算得出的所述生物特征样本的特征点的分布范围为所述辅助对齐参数。The calculated distribution range of the feature points of the biometric sample is the auxiliary alignment parameter.
  16. 一种第二认证装置,其特征在于,包括:A second authentication device, comprising:
    第二收发模块,用于接收第一认证装置发出的辅助对齐参数以及加密后的第一验证码;a second transceiver module, configured to receive an auxiliary alignment parameter sent by the first authentication device and the encrypted first verification code;
    第二特征点模块,用于调取预置的生物特征模板,根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点;a second feature point module, configured to retrieve a preset biometric template, and acquire a feature point of a corresponding position in the biometric template according to the auxiliary alignment parameter;
    第二密钥模块,用于基于所述生物特征模板中对应位置的特征点计算密钥;a second key module, configured to calculate a key based on a feature point of a corresponding location in the biometric template;
    第二解密模块,用于使用所述密钥对所述加密后的第一验证码进行解密,以得到第二验证码;a second decrypting module, configured to decrypt the encrypted first verification code by using the key to obtain a second verification code;
    所述第二收发模块还用于向所述第一认证装置发送所述第二验证码。The second transceiver module is further configured to send the second verification code to the first authentication device.
  17. 根据权利要求16所述的第二认证装置,其特征在于,所述辅助对齐参数为:所述第一认证装置基于标识在生物特征样本的奇异点,计算得出的生物特征样本的特征点的分布范围;The second authentication device according to claim 16, wherein the auxiliary alignment parameter is: the first authentication device calculates a feature point of the biometric sample based on the singular point of the biometric sample. distribution range;
    所述第二特征点模块根据所述辅助对齐参数获取所述生物特征模板中对应位置的特征点包括:将所述生物特征样本的特征点的分布范围标识到所述生物特征模板;获取所述生物特征模板上所述生物特征样本的特征点的分布范围内对应位置的特征点。And acquiring, by the second feature point module, the feature point of the corresponding position in the biometric template according to the auxiliary alignment parameter, including: identifying a distribution range of feature points of the biometric sample to the biometric template; acquiring the A feature point of a corresponding position within a distribution range of feature points of the biometric sample on the biometric template.
  18. 一种电子设备,其特征在于,包括:至少一个第一处理器,以及至少一个第一存储器;An electronic device, comprising: at least one first processor, and at least one first memory;
    所述至少一个第一处理器与所述至少一个第一存储器通信连接;The at least one first processor is communicatively coupled to the at least one first memory;
    所述至少一个第一存储器存储有可被所述至少一个第一处理器执行的指 令,以使所述电子设备用于执行权利要求1-7任意一项所述基于生物特征的认证方法。The at least one first memory stores a finger executable by the at least one first processor To enable the electronic device to perform the biometric-based authentication method of any of claims 1-7.
  19. 一种电子设备,其特征在于,包括:至少一个第二处理器,以及至少一个第二存储器;An electronic device, comprising: at least one second processor, and at least one second memory;
    所述至少一个第二处理器与所述至少一个第二存储器通信连接;The at least one second processor is communicatively coupled to the at least one second memory;
    所述至少一个第二存储器存储有可被所述至少一个第二处理器执行的指令,以使所述电子设备用于执行权利要求8-9任意一项所述基于生物特征的认证方法。 The at least one second memory stores instructions executable by the at least one second processor to cause the electronic device to perform the biometric-based authentication method of any of claims 8-9.
PCT/CN2017/073167 2017-02-09 2017-02-09 Authentication method based on biological features, authentication apparatus, and electronic device WO2018145286A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201780000076.6A CN107077558B (en) 2017-02-09 2017-02-09 Authentication method and authentication device based on biological characteristics and electronic equipment
PCT/CN2017/073167 WO2018145286A1 (en) 2017-02-09 2017-02-09 Authentication method based on biological features, authentication apparatus, and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/073167 WO2018145286A1 (en) 2017-02-09 2017-02-09 Authentication method based on biological features, authentication apparatus, and electronic device

Publications (1)

Publication Number Publication Date
WO2018145286A1 true WO2018145286A1 (en) 2018-08-16

Family

ID=59613779

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/073167 WO2018145286A1 (en) 2017-02-09 2017-02-09 Authentication method based on biological features, authentication apparatus, and electronic device

Country Status (2)

Country Link
CN (1) CN107077558B (en)
WO (1) WO2018145286A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109344593B (en) * 2018-10-24 2021-01-26 三星(中国)半导体有限公司 Biological information verification method, verification server and entry and verification client
WO2020150892A1 (en) * 2019-01-22 2020-07-30 深圳市汇顶科技股份有限公司 Biometric identification system and method, and terminal device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030046589A1 (en) * 1997-06-11 2003-03-06 Gregg Richard L. System and method for securing transactions and computer resources with an untrusted network
CN101282217A (en) * 2007-04-05 2008-10-08 华为技术有限公司 Method, apparatus and system for protecting biological attribute data
CN101770567A (en) * 2008-12-31 2010-07-07 杭州中正生物认证技术有限公司 Method for identifying biological features
CN103377333A (en) * 2012-04-25 2013-10-30 宋嘉佑 Virtual and real identity verification circuit, system and electronic consumption method
CN105225359A (en) * 2015-09-15 2016-01-06 中国联合网络通信集团有限公司 Nothing based on Quick Response Code blocks withdraw the money method and finger print identifying server

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1980374A (en) * 2005-12-01 2007-06-13 中国科学技术大学 Information enciphering and deciphering method based on biological characteristic
JP4565015B2 (en) * 2008-05-15 2010-10-20 シャープ株式会社 Image processing apparatus, image forming apparatus, image processing system, image processing program, and recording medium thereof
CN105024819B (en) * 2015-05-29 2019-02-12 北京中亦安图科技股份有限公司 A kind of multiple-factor authentication method and system based on mobile terminal
CN105553926A (en) * 2015-06-30 2016-05-04 宇龙计算机通信科技(深圳)有限公司 Authentication method, server, and terminal
CN106027501B (en) * 2016-05-06 2017-08-01 北京芯盾时代科技有限公司 A kind of system and method for being traded safety certification in a mobile device
CN106302539A (en) * 2016-10-12 2017-01-04 广州市芯德电子技术有限公司 A kind of embedded type WEB safety certifying method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030046589A1 (en) * 1997-06-11 2003-03-06 Gregg Richard L. System and method for securing transactions and computer resources with an untrusted network
CN101282217A (en) * 2007-04-05 2008-10-08 华为技术有限公司 Method, apparatus and system for protecting biological attribute data
CN101770567A (en) * 2008-12-31 2010-07-07 杭州中正生物认证技术有限公司 Method for identifying biological features
CN103377333A (en) * 2012-04-25 2013-10-30 宋嘉佑 Virtual and real identity verification circuit, system and electronic consumption method
CN105225359A (en) * 2015-09-15 2016-01-06 中国联合网络通信集团有限公司 Nothing based on Quick Response Code blocks withdraw the money method and finger print identifying server

Also Published As

Publication number Publication date
CN107077558A (en) 2017-08-18
CN107077558B (en) 2020-03-31

Similar Documents

Publication Publication Date Title
CN107113315B (en) Identity authentication method, terminal and server
CN107079034B (en) Identity authentication method, terminal equipment, authentication server and electronic equipment
US9189612B2 (en) Biometric verification with improved privacy and network performance in client-server networks
US9218473B2 (en) Creation and authentication of biometric information
EP3132368B1 (en) Method and apparatus of verifying usability of biological characteristic image
EP3257194A1 (en) Systems and methods for securely managing biometric data
US11947650B2 (en) Biometric data security system and method
WO2018148900A1 (en) Fingerprint identification-based authentication method and device, and transaction system
CN104751154A (en) Fingerprint safe encryption method based on intelligent mobile information device
CN113971274B (en) Identity recognition method and device
WO2017000356A1 (en) Permission management method, terminal, device and system
KR20200119788A (en) Update biometric template protection key
WO2018145286A1 (en) Authentication method based on biological features, authentication apparatus, and electronic device
US11586717B2 (en) Method and electronic device for authenticating a user
CN108989331B (en) Use authentication method of data storage device, device and storage medium thereof
WO2017016039A1 (en) Method and device for transferring business data between accounts
CN113205342A (en) User identity authentication method and device based on multi-terminal payment
CN109768969B (en) Authority control method, Internet of things terminal and electronic equipment
CN111275855A (en) Door lock control method, device and system, electronic equipment and storage medium
TWI675579B (en) Network authentication system and method
KR101500947B1 (en) Creation and authentication of biometric information
CN114245374B (en) Security authentication method, system and related equipment
US11496469B2 (en) Apparatus and method for registering biometric information, apparatus and method for biometric authentication
WO2016150023A1 (en) Fingerprint decrypting method and system
CN113079017B (en) Fingerprint real-name authentication method and system for electronic signature

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17896297

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17896297

Country of ref document: EP

Kind code of ref document: A1