CN104794430A - Fingerprint decryption method and system - Google Patents

Fingerprint decryption method and system Download PDF

Info

Publication number
CN104794430A
CN104794430A CN201510133060.5A CN201510133060A CN104794430A CN 104794430 A CN104794430 A CN 104794430A CN 201510133060 A CN201510133060 A CN 201510133060A CN 104794430 A CN104794430 A CN 104794430A
Authority
CN
China
Prior art keywords
data
decrypted
security module
module
fingerprint
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510133060.5A
Other languages
Chinese (zh)
Other versions
CN104794430B (en
Inventor
吴炽强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Coolpad Software Technology Shenzhen Co Ltd
Original Assignee
Coolpad Software Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Coolpad Software Technology Shenzhen Co Ltd filed Critical Coolpad Software Technology Shenzhen Co Ltd
Priority to CN201510133060.5A priority Critical patent/CN104794430B/en
Priority to PCT/CN2015/082993 priority patent/WO2016150023A1/en
Publication of CN104794430A publication Critical patent/CN104794430A/en
Application granted granted Critical
Publication of CN104794430B publication Critical patent/CN104794430B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition

Landscapes

  • Engineering & Computer Science (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • General Physics & Mathematics (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a fingerprint decryption method. The fingerprint decryption method includes: acquiring a user's fingerprint through a fingerprint recognition module; sending the user's fingerprint to a safety module; checking the user's fingerprint according to a preset checking fingerprint through the safety module, wherein the checking fingerprint is stored in the safety module; when checking is successful, decrypting data to be decrypted. Comparison checking is performed between the checking fingerprint preset in the safety module and the user's fingerprint sent by the fingerprint recognition module, when the checking is successful, the data to be decrypted are decrypted, risk that the preset checking fingerprinted is modified is lowered, and safety of the data is improved.

Description

A kind of method and system of fingerprint deciphering
Technical field
The present invention relates to field of data encryption, particularly relate to the method and system of a kind of fingerprint deciphering.
Background technology
Along with the development of science and technology, a large amount of data need transmission and store.Causing to ensure data to prevent other people from stealing in the process transmitted or store secret to be revealed, often needing to be encrypted these data.At present, the mode of data encryption is more and more diversified, such as, and fingerprint recognition, personal recognition, iris recognition, face recognition etc.
Fingerprint refers to the streakline that the recessed injustice of the finger tips of people positive surface skin epirelief produces.The regular arrangement of streakline forms different line types.The starting point of streakline, terminal, binding site and bifurcation, be called the details of fingerprint.Fingerprint has been born with and has spent the remaining years till death constant in a people sky.Encrypting fingerprint is because having higher confidentiality, and more is applied in encrypting and deciphering system.
At present, in existing encrypting and deciphering system, application processor passes through to be decrypted process afterwards in fingerprint recognition, and application processor is when carrying out fingerprint recognition, need respectively from the checking fingerprint that other disparate modules obtain user fingerprints and prestore, application processor obtains the process of checking fingerprint from other modules, and checking fingerprint often has by the risk of distorting, and reduces the security of data.
Summary of the invention
Embodiment of the present invention technical matters to be solved is, the method and system that a kind of fingerprint is deciphered is provided, by security module the user fingerprints that the checking fingerprint be pre-stored in security module and fingerprint identification module send compared and verify, when being verified, to decrypt data to be decrypted, reduce the checking fingerprint that prestores by the risk of distorting, improve the security of data.
In order to solve the problems of the technologies described above, embodiment of the present invention first aspect discloses a kind of fingerprint decryption method, comprising:
User fingerprints is obtained by fingerprint identification module;
Send described user fingerprints to security module;
Carry out authentication of users fingerprint by described security module according to the checking fingerprint preset, described checking fingerprint storage is in described security module;
When being verified, to decrypt data to be decrypted.
Embodiment of the present invention second aspect discloses a kind of fingerprint decryption system, comprising:
Fingerprint acquisition module, for obtaining user fingerprints by fingerprint identification module;
First sending module, for sending the described user fingerprints of described fingerprint acquisition module acquisition to security module;
Authentication module, for verifying according to the checking fingerprint preset the described user fingerprints that described first sending module sends by described security module, described checking fingerprint storage is in described security module;
Deciphering module, for when described authentication module is verified, to decrypt data to be decrypted.
Implement the embodiment of the present invention, by security module the user fingerprints that the checking fingerprint be pre-stored in security module and fingerprint identification module send compared and verify, when being verified, to decrypt data to be decrypted.The embodiment of the present invention has following beneficial effect:
1, the checking fingerprint storage prestored, in security module, carries out fingerprint comparison checking by security module, reduces the checking fingerprint that prestores by the risk of distorting; Avoid and to be sent to by the checking fingerprint prestored in security module other modules to carry out in the process of fingerprint comparison, by the risk of distorting, solving in prior art and verifying fingerprint in the process of transmission by the technical matters of distorting;
2, key storage is in security module, by security module to the decrypt data to be decrypted received, avoids key in the process of transmission by the risk revealed;
3, when other modules except security module are by Virus entry, can not obtain the key stored in security module, the checking fingerprint prestored of can not distorting, improves data security.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of a kind of embodiment of fingerprint decryption method that the embodiment of the present invention provides;
Fig. 2 is the schematic flow sheet of another embodiment of fingerprint decryption method provided by the invention;
Fig. 3 is the schematic flow sheet of the another embodiment of fingerprint decryption method provided by the invention;
Fig. 4 is the structural representation of a kind of embodiment of fingerprint decryption system that the embodiment of the present invention provides;
Fig. 5 is the structural representation of another embodiment of fingerprint decryption system provided by the invention;
Fig. 6 is the structural representation of the another embodiment of fingerprint decryption system provided by the invention;
Fig. 7 is the structural representation of a kind of embodiment of fingerprint decryption device that the embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
It should be noted that, the term used in embodiments of the present invention is only for the object describing specific embodiment, and not intended to be limiting the present invention." one ", " described " and " being somebody's turn to do " of the singulative used in the embodiment of the present invention and appended claims is also intended to comprise most form, unless context clearly represents other implications.It is also understood that term "and/or" used herein refer to and comprise one or more project of listing be associated any or all may combine.
See Fig. 1, be the schematic flow sheet of a kind of embodiment of fingerprint decryption method that the embodiment of the present invention provides, the method comprises:
Step S102: obtain user fingerprints by fingerprint identification module;
Particularly, fingerprint identification module (Finger Print Verification, FP), including but not limited to scratch type, push type, can collect the fingerprint of user by fingerprint identification module.Such as, when user A can contact fingerprint identification module by modes such as touches, fingerprint identification module can gather the fingerprint getting user A.
Step S104: send described user fingerprints to security module;
Particularly, the user fingerprints that step S102 gets is sent to security module (Secure Element, SE).Security module can be carried out communication by communication interface with fingerprint identification module and is connected.Such as, the user fingerprints collected can be sent to security module by SPI interface by fingerprint identification module.
It should be noted that, the communication interface in each embodiment of the present invention is including but not limited to SPI interface, SDIO interface, MIPI interface etc.
Step S106: carry out authentication of users fingerprint by described security module according to the checking fingerprint preset, described checking fingerprint storage is in described security module;
Particularly, security module can receive the checking fingerprint that user pre-enters, and security module also can be the checking fingerprint obtained from other modules, and checking fingerprint can store by security module.The user fingerprints that step S104 can receive by security module and the checking fingerprint prestored are compared.When the user fingerprints that security module receives is with when the checking fingerprint prestored is identical or part is identical, can thinks and be verified.Such as, security module can prestore the checking fingerprint that user A inputs, when security module receives the user fingerprints of fingerprint identification module transmission, user fingerprints and checking fingerprint can be compared by security module, when user fingerprints and checking fingerprint identical time or have 98% identical time, can think and be verified.
When checking is obstructed out-of-date, can current operation be terminated, can be different in practical application, do not limit here.When being verified, step S108 can be performed.
Step S108: when being verified, to decrypt data to be decrypted;
Particularly, when step S106 verifies that fingerprint passes through, system can to the decrypt data to be decrypted obtained from storer.Store key in security module, key is corresponding with data to be decrypted.When needing decrypt data to be decrypted, key can be obtained from security module, data decryption can be treated and be decrypted, the data after deciphering can be obtained.
See Fig. 2, be the schematic flow sheet of another embodiment of fingerprint decryption method provided by the invention, the method comprises:
Step S202: obtain described data to be decrypted from storer;
Particularly, data to be decrypted are stored in storer.System can get data to be decrypted from storer.
Step S204: send data to be decrypted to security module;
Particularly, the data to be decrypted that get of step S202 can be sent to application processor (Application Processor, AP), application processor can by described data retransmission to be decrypted to security module.Can be communicated to connect by communication interface between module.Such as, data to be decrypted can be sent to application processor by SDIO interface by storer, and data to be decrypted are sent to security module by SPI interface or SDIO interface by application processor.
Step S206: obtain user fingerprints by fingerprint identification module;
Particularly, fingerprint identification module (Finger Print Verification, FP), including but not limited to scratch type, push type, can collect the fingerprint of user by fingerprint identification module.Such as, when user A can contact fingerprint identification module by modes such as touches, fingerprint identification module can gather the fingerprint getting user A.
Step S208: send described user fingerprints to security module;
Particularly, the user fingerprints that step S206 gets is sent to security module (Secure Element, SE).Security module can be carried out communication by communication interface with fingerprint identification module and is connected.Such as, by SPI interface, the user fingerprints got by fingerprint identification module is sent to security module.
Step S210: carry out authentication of users fingerprint by described security module according to the checking fingerprint preset, described checking fingerprint storage is in described security module;
Particularly, security module can receive the checking fingerprint that user pre-enters, and security module also can be the checking fingerprint obtained from other modules, and checking fingerprint can store by security module.The user fingerprints that step S208 can receive by security module and the checking fingerprint prestored are compared.When the user fingerprints that security module receives is with when the checking fingerprint prestored is identical or part is identical, can thinks and be verified.Such as, security module can prestore the checking fingerprint that user A inputs, when security module receives the user fingerprints of fingerprint identification module transmission, user fingerprints and checking fingerprint can be compared by security module, when user fingerprints and checking fingerprint identical time or have 98% identical time, can think and be verified.
When checking is obstructed out-of-date, can current operation be terminated, can be different in practical application, do not limit here.When being verified, step S212 can be performed.
Step S212: by the decrypt data that described security module is to be decrypted according to the double secret key prestored, described key storage is in described security module;
Particularly, when step S210 verifies that fingerprint passes through, system can to the decrypt data to be decrypted obtained from storer.Store key in security module, key is corresponding with data to be decrypted.When needing decrypt data to be decrypted, key can be obtained from security module, and by described double secret key decrypt data to be decrypted, obtain the data after deciphering.
Such as, in security module, store the corresponding key " 0x28a246d3 " of data " hello ", or in security module, store the corresponding key " 0x6a43ad90 " of data " hello ".After user rs authentication fingerprint passes through, security module can be treated data decryption " hello " according to the key " 0x28a246d3 " stored and be decrypted.Or after user rs authentication fingerprint passes through, security module can be treated data decryption " hello " according to the key " 0x6a43ad90 " stored and be decrypted.
Be understandable that, security module is to before decrypt data, and security module can produce in advance, storage key.Such as, when being encrypted data, security module can get be-encrypted data, and security module can read random number and generate key, and the key of generation can store by security module.Such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x28a246d3 ", the key of data " hello " " 0x28a246d3 " can store by security module, and the data " hello " after encryption can be " 0x456f04d ".Again such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x6a43ad90 ", the key of data " hello " " 0x6a43ad90 " can store by security module, and the data " hello " after encryption can be " 0x4b50e7a6 ".
Step S214: the data after deciphering are sent to application processor by described security module;
Particularly, the data after acquisition after decrypt data to be decrypted being deciphered according to step S212 security module.Data after deciphering can be sent to application processor by communication interface by security module.Such as, the data after deciphering can be sent to application processor by SPI interface or SDIO interface by security module.
Data after deciphering can be exported by communication interface by application processor.Such as, the data " hello " after deciphering can be exported by terminal display by application processor.Described terminal is including but not limited to electronic equipments such as mobile phone, computing machine, PC, wrist-watches.
See Fig. 3, be the schematic flow sheet of the another embodiment of fingerprint decryption method provided by the invention, the method comprises:
Step S302: obtain described data to be decrypted from storer;
Particularly, data to be decrypted are stored in storer.System can get data to be decrypted from storer.
Step S304: obtain user fingerprints by fingerprint identification module;
Particularly, fingerprint identification module (Finger Print Verification, FP), including but not limited to scratch type, push type, can collect the fingerprint of user by fingerprint identification module.Such as, when user A can contact fingerprint identification module by modes such as touches, fingerprint identification module can gather the fingerprint getting user A.
Step S306: send described user fingerprints to security module;
Particularly, the user fingerprints that step S304 gets is sent to security module (Secure Element, SE).Security module can be carried out communication by communication interface with fingerprint identification module and is connected.Such as, by SPI interface, the user fingerprints got by fingerprint identification module is sent to security module.
Step S308: carry out authentication of users fingerprint by described security module according to the checking fingerprint preset, described checking fingerprint storage is in described security module;
Particularly, security module can receive the checking fingerprint that user pre-enters, and security module also can be the checking fingerprint obtained from other modules, and checking fingerprint can store by security module.The user fingerprints that step S306 can receive by security module and the checking fingerprint prestored are compared.When the user fingerprints that security module receives is with when the checking fingerprint prestored is identical or part is identical, can thinks and be verified.Such as, security module can prestore the checking fingerprint that user A inputs, when security module receives the user fingerprints of fingerprint identification module transmission, user fingerprints and checking fingerprint can be compared by security module, when user fingerprints and checking fingerprint identical time or have 98% identical time, can think and be verified.
When checking is obstructed out-of-date, can current operation be terminated, can be different in practical application, do not limit here.When being verified, step S310 can be performed.
Step S310: the key of storage is sent to application processor by described security module;
Particularly, store key in security module, key is corresponding with data to be decrypted.When needing decrypt data to be decrypted, application processor first can obtain the data to be decrypted that storer sends, application processor can send obtain data key to be decrypted request to security module, security module can send the key of data to be decrypted to application processor according to described request.Application processor by described double secret key decrypt data to be decrypted, can obtain the data after deciphering.Corresponding for data to be decrypted key can be sent to application processor (Application Processor, AP) by communication interface by security module.Such as, the data to be decrypted " hello " that application processor can be sent by SDIO interface storer, application processor can send the request of the key obtaining data to be decrypted " hello " to security module by SPI interface or SDIO interface, and corresponding for data " hello " to be decrypted key " 0x728a246d " can be sent to application processor according to described request by SPI interface or SDIO interface by security module.
Be understandable that, security module is to before decrypt data, and security module can produce in advance, storage key.Such as, when being encrypted data, security module can get be-encrypted data, and security module can read random number and generate key, and the key of generation can store by security module.Such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x28a246d3 ", the key of data " hello " " 0x28a246d3 " can store by security module, and the data " hello " after encryption can be " 0x456f04d ".Again such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x6a43ad90 ", the key of data " hello " " 0x6a43ad90 " can store by security module, and the data " hello " after encryption can be " 0x4b50e7a6 ".
Step S312: described application processor according to described key, by the decrypt data described to be decrypted obtained from storer;
Particularly, the key that application processor can obtain according to step S310, to the decrypt data to be decrypted obtained from storer.Such as, application processor can be treated data decryption " hello " according to key " 0x28a246d3 " and be decrypted, and obtains the data " hello " after deciphering; Again such as, application processor can be treated data decryption " hello " according to key " 0x6a43ad90 " and be decrypted, and obtains the data " hello " after deciphering.
Data after deciphering can be exported by communication interface by application processor.Such as, the data " hello " after deciphering can be exported by terminal display by application processor.Described terminal is including but not limited to electronic equipments such as mobile phone, computing machine, PC, wrist-watches.
See Fig. 4, the structural representation of a kind of embodiment of fingerprint decryption system that the embodiment of the present invention provides, wherein, as shown in Figure 4, this fingerprint decryption system 50 can comprise: fingerprint acquisition module 502, first sending module 504, authentication module 506, deciphering module 508, wherein
Fingerprint acquisition module 502, for obtaining user fingerprints by fingerprint identification module; Fingerprint identification module (Finger Print Verification, FP), including but not limited to scratch type, push type, can collect the fingerprint of user by fingerprint identification module.Such as, when user A can contact fingerprint identification module by modes such as touches, fingerprint identification module can gather the fingerprint getting user A.
First sending module 504, for sending the described user fingerprints of described fingerprint acquisition module 502 acquisition to security module; The user fingerprints that fingerprint acquisition module 502 gets can be sent to security module (SecureElement, SE).Security module can be carried out communication by communication interface with fingerprint identification module and is connected.Such as, the user fingerprints collected can be sent to security module by SPI interface by fingerprint identification module.
Authentication module 506, for verifying according to the checking fingerprint preset the described user fingerprints that described first sending module sends by described security module; Security module can receive the checking fingerprint that user pre-enters, and security module also can be get checking fingerprint from other modules, and checking fingerprint can store by security module.The user fingerprints received by the first sending module 504 and the checking fingerprint prestored can be compared by security module.When the user fingerprints that security module receives is with when the checking fingerprint prestored is identical or part is identical, can thinks and be verified.Such as, security module can prestore the checking fingerprint that user A inputs, when security module receives the user fingerprints of fingerprint identification module transmission, user fingerprints and checking fingerprint can be compared by security module, when user fingerprints and checking fingerprint identical time or have 98% identical time, can think and be verified.
When checking is obstructed out-of-date, can current operation be terminated, can be different in practical application, do not limit here.When being verified, deciphering module 508 can be triggered.
Deciphering module 508, for when described authentication module 506 is verified, to decrypt data to be decrypted.Store key in security module, key is corresponding with data to be decrypted.When needing decrypt data to be decrypted, key can be obtained from security module, data decryption can be treated and be decrypted, the data after deciphering can be obtained.Such as, in security module, store the corresponding key " 0x28a246d3 " of data " hello ", or in security module, store the corresponding key " 0x6a43ad90 " of data " hello ".After user rs authentication fingerprint passes through, the key " 0x28a246d3 " of data to be decrypted " hello " can be obtained from security module, treat data decryption " hello " by key " 0x28a246d3 " and be decrypted.Or after user rs authentication fingerprint passes through, the key " 0x6a43ad90 " of data to be decrypted " hello " can be obtained from security module, treat data decryption " hello " by key " 0x6a43ad90 " and be decrypted.
Be understandable that, security module is to before decrypt data, and security module can produce in advance, storage key.Such as, when being encrypted data, security module can get be-encrypted data, and security module can read random number and generate key, and the key of generation can store by security module.Such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x28a246d3 ", the key of data " hello " " 0x28a246d3 " can store by security module, and the data " hello " after encryption can be " 0x456f04d ".Again such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x6a43ad90 ", the key of data " hello " " 0x6a43ad90 " can store by security module, and the data " hello " after encryption can be " 0x4b50e7a6 ".
See Fig. 5, it is the structural representation of another embodiment of fingerprint decryption system provided by the invention, wherein, as shown in Figure 5, this fingerprint decryption system 50 comprises outside fingerprint acquisition module 502, first sending module 504, authentication module 506, deciphering module 508, acquisition module 510, second sending module 512, the 3rd sending module 514 can also be comprised, wherein:
Acquisition module 510, for before described deciphering module is to decrypt data to be decrypted, obtains described data to be decrypted from storer; Data to be decrypted are stored in storer.System can get data to be decrypted from storer.
Second sending module 512, for sending the data described to be decrypted extremely described security module that described acquisition module 510 obtains.
Further, described second sending module can comprise the first transmitting element and the second transmitting element, wherein:
First transmitting element, for being sent to application processor by described data to be decrypted.Acquisition module 510 can be sent to application processor (Application Processor by the data to be decrypted that storer gets by the first transmitting element, AP), can be communicated to connect by communication interface between storer and application processor.Such as, data to be decrypted can be sent to application processor by SDIO interface by storer.
Described data to be decrypted are sent to described security module for described application processor by the second transmitting element.Application processor by described data retransmission to be decrypted to security module, can be communicated to connect by communication interface between storer and security module.Such as, data to be decrypted can be sent to security module by SPI interface or SDIO interface by application processor.
Data after deciphering, for after described deciphering module 508 is to decrypt data to be decrypted, are sent to application processor by described security module by the 3rd sending module 514.Deciphering module 508 by security module to after decrypt data to be decrypted obtain deciphering after data.Data after deciphering can be sent to application processor by communication interface by security module.Such as, the data after deciphering can be sent to application processor by SPI interface or SDIO interface by security module.
Be understandable that, the data after deciphering can be exported by communication interface by application processor.Such as, the data " hello " after deciphering can be exported by terminal display by application processor.Described terminal is including but not limited to electronic equipments such as mobile phone, computing machine, PC, wrist-watches.
See Fig. 6, be the structural representation of the another embodiment of fingerprint decryption system provided by the invention, wherein, as shown in Figure 6, this fingerprint decryption system 50 comprises fingerprint acquisition module 502, first sending module 504, authentication module 506, deciphering module 508, wherein
Described deciphering module 508 can comprise the 3rd transmitting element and decryption unit, wherein:
3rd transmitting element, is sent to application processor for described security module by the key of storage; Store key in security module, key is corresponding with data to be decrypted.When needing decrypt data to be decrypted, application processor first can obtain the data to be decrypted that storer sends, application processor can send obtain data key to be decrypted request to security module, security module can send the key of data to be decrypted to application processor according to described request.Application processor by described double secret key decrypt data to be decrypted, can obtain the data after deciphering.Corresponding for data to be decrypted key can be sent to application processor (Application Processor, AP) by communication interface by security module.Such as, the data to be decrypted " hello " that application processor can be sent by SDIO interface storer, application processor can send the request of the key obtaining data to be decrypted " hello " to security module by SPI interface or SDIO interface, and corresponding for data " hello " to be decrypted key " 0x28a246d3 " can be sent to application processor according to described request by SPI interface or SDIO interface by security module.Be understandable that, security module is to before decrypt data, and security module can produce in advance, storage key.Such as, when being encrypted data, security module can get be-encrypted data, and security module can read random number and generate key, and the key of generation can store by security module.Such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x28a246d3 ", the key of data " hello " " 0x28a246d3 " can store by security module.Again such as, after security module receives be-encrypted data " hello ", read random number and generate key " 0x6a43ad90 ", the key of data " hello " " 0x6a43ad90 " can store by security module.
Decryption unit, for described application processor according to described key, by the decrypt data described to be decrypted obtained from storer.The key that application processor can obtain according to the 3rd transmitting element, to the decrypt data to be decrypted obtained from storer.Such as, application processor can be treated data decryption " hello " according to key " 0x28a246d3 " and be decrypted, and obtains the data " hello " after deciphering.
Be understandable that, the data after deciphering can be exported by communication interface by application processor.Such as, the data " hello " after deciphering can be exported by terminal display by application processor.Described terminal is including but not limited to electronic equipments such as mobile phone, computing machine, PC, wrist-watches.
See Fig. 7, it is the structural representation of a kind of embodiment of fingerprint decryption device that the embodiment of the present invention provides.Wherein, as shown in Figure 7, this equipment can comprise: fingerprint identification module 702, security module 704, application processor 706, storer 708, input equipment 710, output device 712, wherein:
Input equipment 710 is including but not limited to keyboard, touch screen etc.User can input triggering command by input equipment 701.Such as, user can by the instruction etc. of touch-screen input data decryption.Again such as, user can click picture to be decrypted by keyboard, and trigger equipment is decrypted described picture to be decrypted.
Application processor 706 can obtain the data through encryption from storer 708.The enciphered data of acquisition can be sent in security module 704 by communication interface by application processor 706.It should be noted that, the communication interface in each embodiment of the present invention is including but not limited to SPI interface, SDIO interface, MIPI interface etc.Such as, application processor 706 can obtain the data of passing through encryption by SDIO interface from storer 708, and by SPI interface or SDIO interface, the data through encryption is sent to security module 704.
Application processor 706 can send fingerprint collecting instruction to fingerprint identification module 702 (Finger PrintVerification, FP), and fingerprint identification module 702 can according to the fingerprint of fingerprint collecting instruction acquisition to user; Fingerprint identification module 702 is including but not limited to scratch type, push type.
Security module 704 can receive by communication interface the fingerprint that fingerprint identification module 702 collects user.It should be noted that, the communication interface in each embodiment of the present invention is including but not limited to SPI interface, SDIO interface, MIPI interface etc.Such as, security module 704 can collect the fingerprint of user by SPI interface fingerprint identification module 702.Security module 704 can have memory function, and the user fingerprints collected from fingerprint identification module 702 can store by security module 704.The user fingerprints collected from fingerprint identification module 702 and the checking prestored fingerprint can be compared by security module 704, and after fingerprint comparison success, security module 704 can extract the double secret key prestored decrypt data to be decrypted.
Application processor 706 can receive the data after security module 704 deciphering by communication interface.Such as, application processor 706 can by the data after SPI interface or the deciphering of SDIO interface security module 704.
Application processor 706 can trigger output device 712 and the data after deciphering be exported.Output device 712 is including but not limited to display, loudspeaker etc.Such as, by the data after mobile phone screen display deciphering.Again such as, the voice etc. after deciphering are exported by mobile phone speaker.
It should be noted that, the embodiment of the present embodiment with reference to above-mentioned Fig. 1 to Fig. 6 embodiment, can repeat no more here.
In sum, by implementing the embodiment of the present invention, providing the method and system that a kind of fingerprint is deciphered, by security module the user fingerprints that the checking fingerprint be pre-stored in security module and fingerprint identification module send being compared and verifying, when being verified, to decrypt data to be decrypted.The embodiment of the present invention has following beneficial effect:
1, the checking fingerprint storage prestored, in security module, carries out fingerprint comparison checking by security module, reduces the checking fingerprint that prestores by the risk of distorting; Avoid and to be sent to by the checking fingerprint prestored in security module other modules to carry out in the process of fingerprint comparison, by the risk of distorting, solving in prior art and verifying fingerprint in the process of transmission by the technical matters of distorting;
2, key storage is in security module, by security module to the decrypt data to be decrypted received, avoids key in the process of transmission by the risk revealed;
3, when other modules except security module are by Virus entry, can not obtain the key stored in security module, the checking fingerprint prestored of can not distorting, improves data security.
One of ordinary skill in the art will appreciate that all or part of flow process realized in above-described embodiment method, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process of the embodiment as above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc.
Above disclosedly be only a kind of preferred embodiment of the present invention, certainly the interest field of the present invention can not be limited with this, one of ordinary skill in the art will appreciate that all or part of flow process realizing above-described embodiment, and according to the equivalent variations that the claims in the present invention are done, still belong to the scope that invention is contained.

Claims (12)

1. a fingerprint decryption method, is characterized in that, comprising:
User fingerprints is obtained by fingerprint identification module;
Send described user fingerprints to security module;
Carry out authentication of users fingerprint by described security module according to the checking fingerprint preset, described checking fingerprint storage is in described security module;
When being verified, to decrypt data to be decrypted.
2. the method for claim 1, is characterized in that, described data to be decrypted are stored in storer, described to before decrypt data to be decrypted, also comprises:
Described data to be decrypted are obtained from described storer;
Send described data to be decrypted to described security module.
3. method as claimed in claim 2, is characterized in that, the described data to be decrypted of described transmission, to described security module, comprising:
Described data to be decrypted are sent to application processor;
Described data to be decrypted are sent to described security module by described application processor.
4. the method as described in any one of claim 1-3, is characterized in that, described to decrypt data to be decrypted, comprising:
By the decrypt data that described security module is to be decrypted according to the double secret key prestored, described key storage is in described security module.
5. method as claimed in claim 4, is characterized in that, described to after decrypt data to be decrypted, also comprises:
By described security module, the data after deciphering are sent to application processor.
6. the method for claim 1, is characterized in that, described to decrypt data to be decrypted, comprising:
The key of storage is sent to application processor by described security module;
Described application processor according to described key, by the decrypt data described to be decrypted obtained from storer.
7. a fingerprint decryption system, is characterized in that, comprising:
Fingerprint acquisition module, for obtaining user fingerprints by fingerprint identification module;
First sending module, for sending the described user fingerprints of described fingerprint acquisition module acquisition to security module;
Authentication module, for verifying according to the checking fingerprint preset the described user fingerprints that described first sending module sends by described security module, described checking fingerprint storage is in described security module;
Deciphering module, for when described authentication module is verified, to decrypt data to be decrypted.
8. system as claimed in claim 7, it is characterized in that, described system also comprises:
Acquisition module, for before described deciphering module is to decrypt data to be decrypted, obtains described data to be decrypted from storer;
Second sending module, for sending the data described to be decrypted extremely described security module that described acquisition module obtains.
9. system as claimed in claim 8, it is characterized in that, described second sending module comprises:
First transmitting element, for being sent to application processor by described data to be decrypted;
Described data to be decrypted are sent to described security module for described application processor by the second transmitting element.
10. the system as described in any one of claim 7-9, is characterized in that, described deciphering module specifically comprises:
By the decrypt data that described security module is to be decrypted according to the double secret key prestored, described key storage is in described security module.
11. systems as claimed in claim 10, it is characterized in that, described system also comprises:
Data after deciphering, for after described deciphering module is to decrypt data to be decrypted, are sent to application processor by described security module by the 3rd sending module.
12. systems as claimed in claim 7, it is characterized in that, described deciphering module comprises:
3rd transmitting element, is sent to application processor for described security module by the key of storage;
Decryption unit, for described application processor according to described key, by the decrypt data described to be decrypted obtained from storer.
CN201510133060.5A 2015-03-25 2015-03-25 A kind of method and system of fingerprint decryption Active CN104794430B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510133060.5A CN104794430B (en) 2015-03-25 2015-03-25 A kind of method and system of fingerprint decryption
PCT/CN2015/082993 WO2016150023A1 (en) 2015-03-25 2015-06-30 Fingerprint decrypting method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510133060.5A CN104794430B (en) 2015-03-25 2015-03-25 A kind of method and system of fingerprint decryption

Publications (2)

Publication Number Publication Date
CN104794430A true CN104794430A (en) 2015-07-22
CN104794430B CN104794430B (en) 2019-04-12

Family

ID=53559218

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510133060.5A Active CN104794430B (en) 2015-03-25 2015-03-25 A kind of method and system of fingerprint decryption

Country Status (2)

Country Link
CN (1) CN104794430B (en)
WO (1) WO2016150023A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106295368A (en) * 2016-08-17 2017-01-04 四川长虹通信科技有限公司 The data security protection method of a kind of mobile terminal and system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114598466A (en) * 2022-03-08 2022-06-07 山东云海国创云计算装备产业创新中心有限公司 Production data processing method and device, computer equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1885315A (en) * 2006-05-26 2006-12-27 上海一维科技有限公司 Embedded single secure chip biological fingerprint recognition system and method thereof
WO2009083528A1 (en) * 2007-12-21 2009-07-09 Thales Method and system for generating stable biometric data
CN202045900U (en) * 2010-12-07 2011-11-23 东莞宝元数控科技有限公司 Positioning mechanism of machine tool
CN102273128A (en) * 2008-12-08 2011-12-07 茂福公司 Identification or authorisation method, and associated system and secure module
CN202433919U (en) * 2011-12-06 2012-09-12 四川久远新方向智能科技有限公司 High-accuracy fingerprint identifier

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202049500U (en) * 2011-05-12 2011-11-23 国民技术股份有限公司 Fingerprint identification system based on TCM (trusted cryptography module)

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1885315A (en) * 2006-05-26 2006-12-27 上海一维科技有限公司 Embedded single secure chip biological fingerprint recognition system and method thereof
WO2009083528A1 (en) * 2007-12-21 2009-07-09 Thales Method and system for generating stable biometric data
CN102273128A (en) * 2008-12-08 2011-12-07 茂福公司 Identification or authorisation method, and associated system and secure module
CN202045900U (en) * 2010-12-07 2011-11-23 东莞宝元数控科技有限公司 Positioning mechanism of machine tool
CN202433919U (en) * 2011-12-06 2012-09-12 四川久远新方向智能科技有限公司 High-accuracy fingerprint identifier

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106295368A (en) * 2016-08-17 2017-01-04 四川长虹通信科技有限公司 The data security protection method of a kind of mobile terminal and system

Also Published As

Publication number Publication date
WO2016150023A1 (en) 2016-09-29
CN104794430B (en) 2019-04-12

Similar Documents

Publication Publication Date Title
ES2687191T3 (en) Network authentication method for secure electronic transactions
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
CN101334884B (en) Improve the method and system of account transfer safety
CN102542449B (en) A kind of radio communication device and payment authentication method
CN105373924B (en) System for providing safe payment function for terminal equipment
CN106899551B (en) Authentication method, authentication terminal and system
CN112232814B (en) Encryption and decryption methods of payment key, payment authentication method and terminal equipment
CN111431719A (en) Mobile terminal password protection module, mobile terminal and password protection method
CN101488111A (en) Identification authentication method and system
CN104915584A (en) Intelligent mobile terminal random encryption and decryption system based on fingerprint characteristics
CN107818253B (en) Face template data entry control method and related product
CN103701977A (en) Portable electronic device, communication system and information authentication method
CN102710611A (en) Network security authentication method and system
CN107864124A (en) A kind of end message method for security protection, terminal and bluetooth lock
CN104751105A (en) Fingerprint data verification method, fingerprint data verification device, related equipment and system
CN109005144B (en) Identity authentication method, equipment, medium and system
CN108401494B (en) Method and system for transmitting data
JP6294203B2 (en) Authentication system
CN113872989B (en) SSL protocol-based authentication method, SSL protocol-based authentication device, computer equipment and storage medium
CN107104968A (en) Safety certifying method, system, terminal and the storage medium of portable finance device
CN114329541A (en) Data encryption method, device, equipment and storage medium
CN103873521A (en) Cloud architecture-based mobile phone privacy file protection system and method
CN104794430A (en) Fingerprint decryption method and system
CN104010306A (en) Mobile device user identity authentication system and method
KR101500947B1 (en) Creation and authentication of biometric information

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant