CN104794430A - Fingerprint decryption method and system - Google Patents
Fingerprint decryption method and system Download PDFInfo
- Publication number
- CN104794430A CN104794430A CN201510133060.5A CN201510133060A CN104794430A CN 104794430 A CN104794430 A CN 104794430A CN 201510133060 A CN201510133060 A CN 201510133060A CN 104794430 A CN104794430 A CN 104794430A
- Authority
- CN
- China
- Prior art keywords
- data
- decrypted
- security module
- module
- fingerprint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000005540 biological transmission Effects 0.000 claims description 10
- 238000004891 communication Methods 0.000 description 25
- 238000012795 verification Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
Landscapes
- Engineering & Computer Science (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Physics & Mathematics (AREA)
- Bioinformatics & Computational Biology (AREA)
- General Physics & Mathematics (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Artificial Intelligence (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Collating Specific Patterns (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a fingerprint decryption method. The fingerprint decryption method includes: acquiring a user's fingerprint through a fingerprint recognition module; sending the user's fingerprint to a safety module; checking the user's fingerprint according to a preset checking fingerprint through the safety module, wherein the checking fingerprint is stored in the safety module; when checking is successful, decrypting data to be decrypted. Comparison checking is performed between the checking fingerprint preset in the safety module and the user's fingerprint sent by the fingerprint recognition module, when the checking is successful, the data to be decrypted are decrypted, risk that the preset checking fingerprinted is modified is lowered, and safety of the data is improved.
Description
Technical field
The present invention relates to field of data encryption, particularly relate to the method and system of a kind of fingerprint deciphering.
Background technology
Along with the development of science and technology, a large amount of data need transmission and store.Causing to ensure data to prevent other people from stealing in the process transmitted or store secret to be revealed, often needing to be encrypted these data.At present, the mode of data encryption is more and more diversified, such as, and fingerprint recognition, personal recognition, iris recognition, face recognition etc.
Fingerprint refers to the streakline that the recessed injustice of the finger tips of people positive surface skin epirelief produces.The regular arrangement of streakline forms different line types.The starting point of streakline, terminal, binding site and bifurcation, be called the details of fingerprint.Fingerprint has been born with and has spent the remaining years till death constant in a people sky.Encrypting fingerprint is because having higher confidentiality, and more is applied in encrypting and deciphering system.
At present, in existing encrypting and deciphering system, application processor passes through to be decrypted process afterwards in fingerprint recognition, and application processor is when carrying out fingerprint recognition, need respectively from the checking fingerprint that other disparate modules obtain user fingerprints and prestore, application processor obtains the process of checking fingerprint from other modules, and checking fingerprint often has by the risk of distorting, and reduces the security of data.
Summary of the invention
Embodiment of the present invention technical matters to be solved is, the method and system that a kind of fingerprint is deciphered is provided, by security module the user fingerprints that the checking fingerprint be pre-stored in security module and fingerprint identification module send compared and verify, when being verified, to decrypt data to be decrypted, reduce the checking fingerprint that prestores by the risk of distorting, improve the security of data.
In order to solve the problems of the technologies described above, embodiment of the present invention first aspect discloses a kind of fingerprint decryption method, comprising:
User fingerprints is obtained by fingerprint identification module;
Send described user fingerprints to security module;
Carry out authentication of users fingerprint by described security module according to the checking fingerprint preset, described checking fingerprint storage is in described security module;
When being verified, to decrypt data to be decrypted.
Embodiment of the present invention second aspect discloses a kind of fingerprint decryption system, comprising:
Fingerprint acquisition module, for obtaining user fingerprints by fingerprint identification module;
First sending module, for sending the described user fingerprints of described fingerprint acquisition module acquisition to security module;
Authentication module, for verifying according to the checking fingerprint preset the described user fingerprints that described first sending module sends by described security module, described checking fingerprint storage is in described security module;
Deciphering module, for when described authentication module is verified, to decrypt data to be decrypted.
Implement the embodiment of the present invention, by security module the user fingerprints that the checking fingerprint be pre-stored in security module and fingerprint identification module send compared and verify, when being verified, to decrypt data to be decrypted.The embodiment of the present invention has following beneficial effect:
1, the checking fingerprint storage prestored, in security module, carries out fingerprint comparison checking by security module, reduces the checking fingerprint that prestores by the risk of distorting; Avoid and to be sent to by the checking fingerprint prestored in security module other modules to carry out in the process of fingerprint comparison, by the risk of distorting, solving in prior art and verifying fingerprint in the process of transmission by the technical matters of distorting;
2, key storage is in security module, by security module to the decrypt data to be decrypted received, avoids key in the process of transmission by the risk revealed;
3, when other modules except security module are by Virus entry, can not obtain the key stored in security module, the checking fingerprint prestored of can not distorting, improves data security.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of a kind of embodiment of fingerprint decryption method that the embodiment of the present invention provides;
Fig. 2 is the schematic flow sheet of another embodiment of fingerprint decryption method provided by the invention;
Fig. 3 is the schematic flow sheet of the another embodiment of fingerprint decryption method provided by the invention;
Fig. 4 is the structural representation of a kind of embodiment of fingerprint decryption system that the embodiment of the present invention provides;
Fig. 5 is the structural representation of another embodiment of fingerprint decryption system provided by the invention;
Fig. 6 is the structural representation of the another embodiment of fingerprint decryption system provided by the invention;
Fig. 7 is the structural representation of a kind of embodiment of fingerprint decryption device that the embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
It should be noted that, the term used in embodiments of the present invention is only for the object describing specific embodiment, and not intended to be limiting the present invention." one ", " described " and " being somebody's turn to do " of the singulative used in the embodiment of the present invention and appended claims is also intended to comprise most form, unless context clearly represents other implications.It is also understood that term "and/or" used herein refer to and comprise one or more project of listing be associated any or all may combine.
See Fig. 1, be the schematic flow sheet of a kind of embodiment of fingerprint decryption method that the embodiment of the present invention provides, the method comprises:
Step S102: obtain user fingerprints by fingerprint identification module;
Particularly, fingerprint identification module (Finger Print Verification, FP), including but not limited to scratch type, push type, can collect the fingerprint of user by fingerprint identification module.Such as, when user A can contact fingerprint identification module by modes such as touches, fingerprint identification module can gather the fingerprint getting user A.
Step S104: send described user fingerprints to security module;
Particularly, the user fingerprints that step S102 gets is sent to security module (Secure Element, SE).Security module can be carried out communication by communication interface with fingerprint identification module and is connected.Such as, the user fingerprints collected can be sent to security module by SPI interface by fingerprint identification module.
It should be noted that, the communication interface in each embodiment of the present invention is including but not limited to SPI interface, SDIO interface, MIPI interface etc.
Step S106: carry out authentication of users fingerprint by described security module according to the checking fingerprint preset, described checking fingerprint storage is in described security module;
Particularly, security module can receive the checking fingerprint that user pre-enters, and security module also can be the checking fingerprint obtained from other modules, and checking fingerprint can store by security module.The user fingerprints that step S104 can receive by security module and the checking fingerprint prestored are compared.When the user fingerprints that security module receives is with when the checking fingerprint prestored is identical or part is identical, can thinks and be verified.Such as, security module can prestore the checking fingerprint that user A inputs, when security module receives the user fingerprints of fingerprint identification module transmission, user fingerprints and checking fingerprint can be compared by security module, when user fingerprints and checking fingerprint identical time or have 98% identical time, can think and be verified.
When checking is obstructed out-of-date, can current operation be terminated, can be different in practical application, do not limit here.When being verified, step S108 can be performed.
Step S108: when being verified, to decrypt data to be decrypted;
Particularly, when step S106 verifies that fingerprint passes through, system can to the decrypt data to be decrypted obtained from storer.Store key in security module, key is corresponding with data to be decrypted.When needing decrypt data to be decrypted, key can be obtained from security module, data decryption can be treated and be decrypted, the data after deciphering can be obtained.
See Fig. 2, be the schematic flow sheet of another embodiment of fingerprint decryption method provided by the invention, the method comprises:
Step S202: obtain described data to be decrypted from storer;
Particularly, data to be decrypted are stored in storer.System can get data to be decrypted from storer.
Step S204: send data to be decrypted to security module;
Particularly, the data to be decrypted that get of step S202 can be sent to application processor (Application Processor, AP), application processor can by described data retransmission to be decrypted to security module.Can be communicated to connect by communication interface between module.Such as, data to be decrypted can be sent to application processor by SDIO interface by storer, and data to be decrypted are sent to security module by SPI interface or SDIO interface by application processor.
Step S206: obtain user fingerprints by fingerprint identification module;
Particularly, fingerprint identification module (Finger Print Verification, FP), including but not limited to scratch type, push type, can collect the fingerprint of user by fingerprint identification module.Such as, when user A can contact fingerprint identification module by modes such as touches, fingerprint identification module can gather the fingerprint getting user A.
Step S208: send described user fingerprints to security module;
Particularly, the user fingerprints that step S206 gets is sent to security module (Secure Element, SE).Security module can be carried out communication by communication interface with fingerprint identification module and is connected.Such as, by SPI interface, the user fingerprints got by fingerprint identification module is sent to security module.
Step S210: carry out authentication of users fingerprint by described security module according to the checking fingerprint preset, described checking fingerprint storage is in described security module;
Particularly, security module can receive the checking fingerprint that user pre-enters, and security module also can be the checking fingerprint obtained from other modules, and checking fingerprint can store by security module.The user fingerprints that step S208 can receive by security module and the checking fingerprint prestored are compared.When the user fingerprints that security module receives is with when the checking fingerprint prestored is identical or part is identical, can thinks and be verified.Such as, security module can prestore the checking fingerprint that user A inputs, when security module receives the user fingerprints of fingerprint identification module transmission, user fingerprints and checking fingerprint can be compared by security module, when user fingerprints and checking fingerprint identical time or have 98% identical time, can think and be verified.
When checking is obstructed out-of-date, can current operation be terminated, can be different in practical application, do not limit here.When being verified, step S212 can be performed.
Step S212: by the decrypt data that described security module is to be decrypted according to the double secret key prestored, described key storage is in described security module;
Particularly, when step S210 verifies that fingerprint passes through, system can to the decrypt data to be decrypted obtained from storer.Store key in security module, key is corresponding with data to be decrypted.When needing decrypt data to be decrypted, key can be obtained from security module, and by described double secret key decrypt data to be decrypted, obtain the data after deciphering.
Such as, in security module, store the corresponding key " 0x28a246d3 " of data " hello ", or in security module, store the corresponding key " 0x6a43ad90 " of data " hello ".After user rs authentication fingerprint passes through, security module can be treated data decryption " hello " according to the key " 0x28a246d3 " stored and be decrypted.Or after user rs authentication fingerprint passes through, security module can be treated data decryption " hello " according to the key " 0x6a43ad90 " stored and be decrypted.
Be understandable that, security module is to before decrypt data, and security module can produce in advance, storage key.Such as, when being encrypted data, security module can get be-encrypted data, and security module can read random number and generate key, and the key of generation can store by security module.Such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x28a246d3 ", the key of data " hello " " 0x28a246d3 " can store by security module, and the data " hello " after encryption can be " 0x456f04d ".Again such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x6a43ad90 ", the key of data " hello " " 0x6a43ad90 " can store by security module, and the data " hello " after encryption can be " 0x4b50e7a6 ".
Step S214: the data after deciphering are sent to application processor by described security module;
Particularly, the data after acquisition after decrypt data to be decrypted being deciphered according to step S212 security module.Data after deciphering can be sent to application processor by communication interface by security module.Such as, the data after deciphering can be sent to application processor by SPI interface or SDIO interface by security module.
Data after deciphering can be exported by communication interface by application processor.Such as, the data " hello " after deciphering can be exported by terminal display by application processor.Described terminal is including but not limited to electronic equipments such as mobile phone, computing machine, PC, wrist-watches.
See Fig. 3, be the schematic flow sheet of the another embodiment of fingerprint decryption method provided by the invention, the method comprises:
Step S302: obtain described data to be decrypted from storer;
Particularly, data to be decrypted are stored in storer.System can get data to be decrypted from storer.
Step S304: obtain user fingerprints by fingerprint identification module;
Particularly, fingerprint identification module (Finger Print Verification, FP), including but not limited to scratch type, push type, can collect the fingerprint of user by fingerprint identification module.Such as, when user A can contact fingerprint identification module by modes such as touches, fingerprint identification module can gather the fingerprint getting user A.
Step S306: send described user fingerprints to security module;
Particularly, the user fingerprints that step S304 gets is sent to security module (Secure Element, SE).Security module can be carried out communication by communication interface with fingerprint identification module and is connected.Such as, by SPI interface, the user fingerprints got by fingerprint identification module is sent to security module.
Step S308: carry out authentication of users fingerprint by described security module according to the checking fingerprint preset, described checking fingerprint storage is in described security module;
Particularly, security module can receive the checking fingerprint that user pre-enters, and security module also can be the checking fingerprint obtained from other modules, and checking fingerprint can store by security module.The user fingerprints that step S306 can receive by security module and the checking fingerprint prestored are compared.When the user fingerprints that security module receives is with when the checking fingerprint prestored is identical or part is identical, can thinks and be verified.Such as, security module can prestore the checking fingerprint that user A inputs, when security module receives the user fingerprints of fingerprint identification module transmission, user fingerprints and checking fingerprint can be compared by security module, when user fingerprints and checking fingerprint identical time or have 98% identical time, can think and be verified.
When checking is obstructed out-of-date, can current operation be terminated, can be different in practical application, do not limit here.When being verified, step S310 can be performed.
Step S310: the key of storage is sent to application processor by described security module;
Particularly, store key in security module, key is corresponding with data to be decrypted.When needing decrypt data to be decrypted, application processor first can obtain the data to be decrypted that storer sends, application processor can send obtain data key to be decrypted request to security module, security module can send the key of data to be decrypted to application processor according to described request.Application processor by described double secret key decrypt data to be decrypted, can obtain the data after deciphering.Corresponding for data to be decrypted key can be sent to application processor (Application Processor, AP) by communication interface by security module.Such as, the data to be decrypted " hello " that application processor can be sent by SDIO interface storer, application processor can send the request of the key obtaining data to be decrypted " hello " to security module by SPI interface or SDIO interface, and corresponding for data " hello " to be decrypted key " 0x728a246d " can be sent to application processor according to described request by SPI interface or SDIO interface by security module.
Be understandable that, security module is to before decrypt data, and security module can produce in advance, storage key.Such as, when being encrypted data, security module can get be-encrypted data, and security module can read random number and generate key, and the key of generation can store by security module.Such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x28a246d3 ", the key of data " hello " " 0x28a246d3 " can store by security module, and the data " hello " after encryption can be " 0x456f04d ".Again such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x6a43ad90 ", the key of data " hello " " 0x6a43ad90 " can store by security module, and the data " hello " after encryption can be " 0x4b50e7a6 ".
Step S312: described application processor according to described key, by the decrypt data described to be decrypted obtained from storer;
Particularly, the key that application processor can obtain according to step S310, to the decrypt data to be decrypted obtained from storer.Such as, application processor can be treated data decryption " hello " according to key " 0x28a246d3 " and be decrypted, and obtains the data " hello " after deciphering; Again such as, application processor can be treated data decryption " hello " according to key " 0x6a43ad90 " and be decrypted, and obtains the data " hello " after deciphering.
Data after deciphering can be exported by communication interface by application processor.Such as, the data " hello " after deciphering can be exported by terminal display by application processor.Described terminal is including but not limited to electronic equipments such as mobile phone, computing machine, PC, wrist-watches.
See Fig. 4, the structural representation of a kind of embodiment of fingerprint decryption system that the embodiment of the present invention provides, wherein, as shown in Figure 4, this fingerprint decryption system 50 can comprise: fingerprint acquisition module 502, first sending module 504, authentication module 506, deciphering module 508, wherein
Fingerprint acquisition module 502, for obtaining user fingerprints by fingerprint identification module; Fingerprint identification module (Finger Print Verification, FP), including but not limited to scratch type, push type, can collect the fingerprint of user by fingerprint identification module.Such as, when user A can contact fingerprint identification module by modes such as touches, fingerprint identification module can gather the fingerprint getting user A.
First sending module 504, for sending the described user fingerprints of described fingerprint acquisition module 502 acquisition to security module; The user fingerprints that fingerprint acquisition module 502 gets can be sent to security module (SecureElement, SE).Security module can be carried out communication by communication interface with fingerprint identification module and is connected.Such as, the user fingerprints collected can be sent to security module by SPI interface by fingerprint identification module.
Authentication module 506, for verifying according to the checking fingerprint preset the described user fingerprints that described first sending module sends by described security module; Security module can receive the checking fingerprint that user pre-enters, and security module also can be get checking fingerprint from other modules, and checking fingerprint can store by security module.The user fingerprints received by the first sending module 504 and the checking fingerprint prestored can be compared by security module.When the user fingerprints that security module receives is with when the checking fingerprint prestored is identical or part is identical, can thinks and be verified.Such as, security module can prestore the checking fingerprint that user A inputs, when security module receives the user fingerprints of fingerprint identification module transmission, user fingerprints and checking fingerprint can be compared by security module, when user fingerprints and checking fingerprint identical time or have 98% identical time, can think and be verified.
When checking is obstructed out-of-date, can current operation be terminated, can be different in practical application, do not limit here.When being verified, deciphering module 508 can be triggered.
Deciphering module 508, for when described authentication module 506 is verified, to decrypt data to be decrypted.Store key in security module, key is corresponding with data to be decrypted.When needing decrypt data to be decrypted, key can be obtained from security module, data decryption can be treated and be decrypted, the data after deciphering can be obtained.Such as, in security module, store the corresponding key " 0x28a246d3 " of data " hello ", or in security module, store the corresponding key " 0x6a43ad90 " of data " hello ".After user rs authentication fingerprint passes through, the key " 0x28a246d3 " of data to be decrypted " hello " can be obtained from security module, treat data decryption " hello " by key " 0x28a246d3 " and be decrypted.Or after user rs authentication fingerprint passes through, the key " 0x6a43ad90 " of data to be decrypted " hello " can be obtained from security module, treat data decryption " hello " by key " 0x6a43ad90 " and be decrypted.
Be understandable that, security module is to before decrypt data, and security module can produce in advance, storage key.Such as, when being encrypted data, security module can get be-encrypted data, and security module can read random number and generate key, and the key of generation can store by security module.Such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x28a246d3 ", the key of data " hello " " 0x28a246d3 " can store by security module, and the data " hello " after encryption can be " 0x456f04d ".Again such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x6a43ad90 ", the key of data " hello " " 0x6a43ad90 " can store by security module, and the data " hello " after encryption can be " 0x4b50e7a6 ".
See Fig. 5, it is the structural representation of another embodiment of fingerprint decryption system provided by the invention, wherein, as shown in Figure 5, this fingerprint decryption system 50 comprises outside fingerprint acquisition module 502, first sending module 504, authentication module 506, deciphering module 508, acquisition module 510, second sending module 512, the 3rd sending module 514 can also be comprised, wherein:
Acquisition module 510, for before described deciphering module is to decrypt data to be decrypted, obtains described data to be decrypted from storer; Data to be decrypted are stored in storer.System can get data to be decrypted from storer.
Second sending module 512, for sending the data described to be decrypted extremely described security module that described acquisition module 510 obtains.
Further, described second sending module can comprise the first transmitting element and the second transmitting element, wherein:
First transmitting element, for being sent to application processor by described data to be decrypted.Acquisition module 510 can be sent to application processor (Application Processor by the data to be decrypted that storer gets by the first transmitting element, AP), can be communicated to connect by communication interface between storer and application processor.Such as, data to be decrypted can be sent to application processor by SDIO interface by storer.
Described data to be decrypted are sent to described security module for described application processor by the second transmitting element.Application processor by described data retransmission to be decrypted to security module, can be communicated to connect by communication interface between storer and security module.Such as, data to be decrypted can be sent to security module by SPI interface or SDIO interface by application processor.
Data after deciphering, for after described deciphering module 508 is to decrypt data to be decrypted, are sent to application processor by described security module by the 3rd sending module 514.Deciphering module 508 by security module to after decrypt data to be decrypted obtain deciphering after data.Data after deciphering can be sent to application processor by communication interface by security module.Such as, the data after deciphering can be sent to application processor by SPI interface or SDIO interface by security module.
Be understandable that, the data after deciphering can be exported by communication interface by application processor.Such as, the data " hello " after deciphering can be exported by terminal display by application processor.Described terminal is including but not limited to electronic equipments such as mobile phone, computing machine, PC, wrist-watches.
See Fig. 6, be the structural representation of the another embodiment of fingerprint decryption system provided by the invention, wherein, as shown in Figure 6, this fingerprint decryption system 50 comprises fingerprint acquisition module 502, first sending module 504, authentication module 506, deciphering module 508, wherein
Described deciphering module 508 can comprise the 3rd transmitting element and decryption unit, wherein:
3rd transmitting element, is sent to application processor for described security module by the key of storage; Store key in security module, key is corresponding with data to be decrypted.When needing decrypt data to be decrypted, application processor first can obtain the data to be decrypted that storer sends, application processor can send obtain data key to be decrypted request to security module, security module can send the key of data to be decrypted to application processor according to described request.Application processor by described double secret key decrypt data to be decrypted, can obtain the data after deciphering.Corresponding for data to be decrypted key can be sent to application processor (Application Processor, AP) by communication interface by security module.Such as, the data to be decrypted " hello " that application processor can be sent by SDIO interface storer, application processor can send the request of the key obtaining data to be decrypted " hello " to security module by SPI interface or SDIO interface, and corresponding for data " hello " to be decrypted key " 0x28a246d3 " can be sent to application processor according to described request by SPI interface or SDIO interface by security module.Be understandable that, security module is to before decrypt data, and security module can produce in advance, storage key.Such as, when being encrypted data, security module can get be-encrypted data, and security module can read random number and generate key, and the key of generation can store by security module.Such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x28a246d3 ", the key of data " hello " " 0x28a246d3 " can store by security module.Again such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x6a43ad90 ", the key of data " hello " " 0x6a43ad90 " can store by security module.
Decryption unit, for described application processor according to described key, by the decrypt data described to be decrypted obtained from storer.The key that application processor can obtain according to the 3rd transmitting element, to the decrypt data to be decrypted obtained from storer.Such as, application processor can be treated data decryption " hello " according to key " 0x28a246d3 " and be decrypted, and obtains the data " hello " after deciphering.
Be understandable that, the data after deciphering can be exported by communication interface by application processor.Such as, the data " hello " after deciphering can be exported by terminal display by application processor.Described terminal is including but not limited to electronic equipments such as mobile phone, computing machine, PC, wrist-watches.
See Fig. 7, it is the structural representation of a kind of embodiment of fingerprint decryption device that the embodiment of the present invention provides.Wherein, as shown in Figure 7, this equipment can comprise: fingerprint identification module 702, security module 704, application processor 706, storer 708, input equipment 710, output device 712, wherein:
Input equipment 710 is including but not limited to keyboard, touch screen etc.User can input triggering command by input equipment 701.Such as, user can by the instruction etc. of touch-screen input data decryption.Again such as, user can click picture to be decrypted by keyboard, and trigger equipment is decrypted described picture to be decrypted.
Application processor 706 can obtain the data through encryption from storer 708.The enciphered data of acquisition can be sent in security module 704 by communication interface by application processor 706.It should be noted that, the communication interface in each embodiment of the present invention is including but not limited to SPI interface, SDIO interface, MIPI interface etc.Such as, application processor 706 can obtain the data of passing through encryption by SDIO interface from storer 708, and by SPI interface or SDIO interface, the data through encryption is sent to security module 704.
Application processor 706 can send fingerprint collecting instruction to fingerprint identification module 702 (Finger PrintVerification, FP), and fingerprint identification module 702 can according to the fingerprint of fingerprint collecting instruction acquisition to user; Fingerprint identification module 702 is including but not limited to scratch type, push type.
Security module 704 can receive by communication interface the fingerprint that fingerprint identification module 702 collects user.It should be noted that, the communication interface in each embodiment of the present invention is including but not limited to SPI interface, SDIO interface, MIPI interface etc.Such as, security module 704 can collect the fingerprint of user by SPI interface fingerprint identification module 702.Security module 704 can have memory function, and the user fingerprints collected from fingerprint identification module 702 can store by security module 704.The user fingerprints collected from fingerprint identification module 702 and the checking prestored fingerprint can be compared by security module 704, and after fingerprint comparison success, security module 704 can extract the double secret key prestored decrypt data to be decrypted.
Application processor 706 can receive the data after security module 704 deciphering by communication interface.Such as, application processor 706 can by the data after SPI interface or the deciphering of SDIO interface security module 704.
Application processor 706 can trigger output device 712 and the data after deciphering be exported.Output device 712 is including but not limited to display, loudspeaker etc.Such as, by the data after mobile phone screen display deciphering.Again such as, the voice etc. after deciphering are exported by mobile phone speaker.
It should be noted that, the embodiment of the present embodiment with reference to above-mentioned Fig. 1 to Fig. 6 embodiment, can repeat no more here.
In sum, by implementing the embodiment of the present invention, providing the method and system that a kind of fingerprint is deciphered, by security module the user fingerprints that the checking fingerprint be pre-stored in security module and fingerprint identification module send being compared and verifying, when being verified, to decrypt data to be decrypted.The embodiment of the present invention has following beneficial effect:
1, the checking fingerprint storage prestored, in security module, carries out fingerprint comparison checking by security module, reduces the checking fingerprint that prestores by the risk of distorting; Avoid and to be sent to by the checking fingerprint prestored in security module other modules to carry out in the process of fingerprint comparison, by the risk of distorting, solving in prior art and verifying fingerprint in the process of transmission by the technical matters of distorting;
2, key storage is in security module, by security module to the decrypt data to be decrypted received, avoids key in the process of transmission by the risk revealed;
3, when other modules except security module are by Virus entry, can not obtain the key stored in security module, the checking fingerprint prestored of can not distorting, improves data security.
One of ordinary skill in the art will appreciate that all or part of flow process realized in above-described embodiment method, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process of the embodiment as above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc.
Above disclosedly be only a kind of preferred embodiment of the present invention, certainly the interest field of the present invention can not be limited with this, one of ordinary skill in the art will appreciate that all or part of flow process realizing above-described embodiment, and according to the equivalent variations that the claims in the present invention are done, still belong to the scope that invention is contained.
Claims (12)
1. a fingerprint decryption method, is characterized in that, comprising:
User fingerprints is obtained by fingerprint identification module;
Send described user fingerprints to security module;
Carry out authentication of users fingerprint by described security module according to the checking fingerprint preset, described checking fingerprint storage is in described security module;
When being verified, to decrypt data to be decrypted.
2. the method for claim 1, is characterized in that, described data to be decrypted are stored in storer, described to before decrypt data to be decrypted, also comprises:
Described data to be decrypted are obtained from described storer;
Send described data to be decrypted to described security module.
3. method as claimed in claim 2, is characterized in that, the described data to be decrypted of described transmission, to described security module, comprising:
Described data to be decrypted are sent to application processor;
Described data to be decrypted are sent to described security module by described application processor.
4. the method as described in any one of claim 1-3, is characterized in that, described to decrypt data to be decrypted, comprising:
By the decrypt data that described security module is to be decrypted according to the double secret key prestored, described key storage is in described security module.
5. method as claimed in claim 4, is characterized in that, described to after decrypt data to be decrypted, also comprises:
By described security module, the data after deciphering are sent to application processor.
6. the method for claim 1, is characterized in that, described to decrypt data to be decrypted, comprising:
The key of storage is sent to application processor by described security module;
Described application processor according to described key, by the decrypt data described to be decrypted obtained from storer.
7. a fingerprint decryption system, is characterized in that, comprising:
Fingerprint acquisition module, for obtaining user fingerprints by fingerprint identification module;
First sending module, for sending the described user fingerprints of described fingerprint acquisition module acquisition to security module;
Authentication module, for verifying according to the checking fingerprint preset the described user fingerprints that described first sending module sends by described security module, described checking fingerprint storage is in described security module;
Deciphering module, for when described authentication module is verified, to decrypt data to be decrypted.
8. system as claimed in claim 7, it is characterized in that, described system also comprises:
Acquisition module, for before described deciphering module is to decrypt data to be decrypted, obtains described data to be decrypted from storer;
Second sending module, for sending the data described to be decrypted extremely described security module that described acquisition module obtains.
9. system as claimed in claim 8, it is characterized in that, described second sending module comprises:
First transmitting element, for being sent to application processor by described data to be decrypted;
Described data to be decrypted are sent to described security module for described application processor by the second transmitting element.
10. the system as described in any one of claim 7-9, is characterized in that, described deciphering module specifically comprises:
By the decrypt data that described security module is to be decrypted according to the double secret key prestored, described key storage is in described security module.
11. systems as claimed in claim 10, it is characterized in that, described system also comprises:
Data after deciphering, for after described deciphering module is to decrypt data to be decrypted, are sent to application processor by described security module by the 3rd sending module.
12. systems as claimed in claim 7, it is characterized in that, described deciphering module comprises:
3rd transmitting element, is sent to application processor for described security module by the key of storage;
Decryption unit, for described application processor according to described key, by the decrypt data described to be decrypted obtained from storer.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510133060.5A CN104794430B (en) | 2015-03-25 | 2015-03-25 | A kind of method and system of fingerprint decryption |
PCT/CN2015/082993 WO2016150023A1 (en) | 2015-03-25 | 2015-06-30 | Fingerprint decrypting method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510133060.5A CN104794430B (en) | 2015-03-25 | 2015-03-25 | A kind of method and system of fingerprint decryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104794430A true CN104794430A (en) | 2015-07-22 |
CN104794430B CN104794430B (en) | 2019-04-12 |
Family
ID=53559218
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510133060.5A Active CN104794430B (en) | 2015-03-25 | 2015-03-25 | A kind of method and system of fingerprint decryption |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN104794430B (en) |
WO (1) | WO2016150023A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106295368A (en) * | 2016-08-17 | 2017-01-04 | 四川长虹通信科技有限公司 | The data security protection method of a kind of mobile terminal and system |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114598466A (en) * | 2022-03-08 | 2022-06-07 | 山东云海国创云计算装备产业创新中心有限公司 | Production data processing method and device, computer equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1885315A (en) * | 2006-05-26 | 2006-12-27 | 上海一维科技有限公司 | Embedded single secure chip biological fingerprint recognition system and method thereof |
WO2009083528A1 (en) * | 2007-12-21 | 2009-07-09 | Thales | Method and system for generating stable biometric data |
CN202045900U (en) * | 2010-12-07 | 2011-11-23 | 东莞宝元数控科技有限公司 | Positioning mechanism of machine tool |
CN102273128A (en) * | 2008-12-08 | 2011-12-07 | 茂福公司 | Identification or authorisation method, and associated system and secure module |
CN202433919U (en) * | 2011-12-06 | 2012-09-12 | 四川久远新方向智能科技有限公司 | High-accuracy fingerprint identifier |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202049500U (en) * | 2011-05-12 | 2011-11-23 | 国民技术股份有限公司 | Fingerprint identification system based on TCM (trusted cryptography module) |
-
2015
- 2015-03-25 CN CN201510133060.5A patent/CN104794430B/en active Active
- 2015-06-30 WO PCT/CN2015/082993 patent/WO2016150023A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1885315A (en) * | 2006-05-26 | 2006-12-27 | 上海一维科技有限公司 | Embedded single secure chip biological fingerprint recognition system and method thereof |
WO2009083528A1 (en) * | 2007-12-21 | 2009-07-09 | Thales | Method and system for generating stable biometric data |
CN102273128A (en) * | 2008-12-08 | 2011-12-07 | 茂福公司 | Identification or authorisation method, and associated system and secure module |
CN202045900U (en) * | 2010-12-07 | 2011-11-23 | 东莞宝元数控科技有限公司 | Positioning mechanism of machine tool |
CN202433919U (en) * | 2011-12-06 | 2012-09-12 | 四川久远新方向智能科技有限公司 | High-accuracy fingerprint identifier |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106295368A (en) * | 2016-08-17 | 2017-01-04 | 四川长虹通信科技有限公司 | The data security protection method of a kind of mobile terminal and system |
Also Published As
Publication number | Publication date |
---|---|
WO2016150023A1 (en) | 2016-09-29 |
CN104794430B (en) | 2019-04-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
ES2687191T3 (en) | Network authentication method for secure electronic transactions | |
CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
CN101334884B (en) | Improve the method and system of account transfer safety | |
CN102542449B (en) | A kind of radio communication device and payment authentication method | |
CN105373924B (en) | System for providing safe payment function for terminal equipment | |
CN106899551B (en) | Authentication method, authentication terminal and system | |
CN112232814B (en) | Encryption and decryption methods of payment key, payment authentication method and terminal equipment | |
CN111431719A (en) | Mobile terminal password protection module, mobile terminal and password protection method | |
CN101488111A (en) | Identification authentication method and system | |
CN104915584A (en) | Intelligent mobile terminal random encryption and decryption system based on fingerprint characteristics | |
CN107818253B (en) | Face template data entry control method and related product | |
CN103701977A (en) | Portable electronic device, communication system and information authentication method | |
CN102710611A (en) | Network security authentication method and system | |
CN107864124A (en) | A kind of end message method for security protection, terminal and bluetooth lock | |
CN104751105A (en) | Fingerprint data verification method, fingerprint data verification device, related equipment and system | |
CN109005144B (en) | Identity authentication method, equipment, medium and system | |
CN108401494B (en) | Method and system for transmitting data | |
JP6294203B2 (en) | Authentication system | |
CN113872989B (en) | SSL protocol-based authentication method, SSL protocol-based authentication device, computer equipment and storage medium | |
CN107104968A (en) | Safety certifying method, system, terminal and the storage medium of portable finance device | |
CN114329541A (en) | Data encryption method, device, equipment and storage medium | |
CN103873521A (en) | Cloud architecture-based mobile phone privacy file protection system and method | |
CN104794430A (en) | Fingerprint decryption method and system | |
CN104010306A (en) | Mobile device user identity authentication system and method | |
KR101500947B1 (en) | Creation and authentication of biometric information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |